Fortigate New Firewall setup

2nd February 2024

Mostly for me to remember what to do

Plug laptop into Lan1, surf to https://192.168.1.99

login with admin and NO PASSWORD, should be prompted to change the password
Login again and set the time zone
Create a 2nd account & record the password in BitWarden

System, Firmware, Upgrade
if FG displays error “Image Upgrade Failed”
Network, Wan1, DNS, change the first DNS server to 8.8.8.8

Create 2 Interface Groups named Private and Public
Add interfaces to them so the rule set can be simple and not full of duplicate entries
To avoid locking yourself out, set the DMZ port to be LAN +DHCP and allow HTTP config
move all rules from an interface to an Interface Group BEFORE being able move the Interface to an Interface Group

Create Geo groups for NorthAmerica and BadGeo (Russia, China, N.Korea)
Create rules that Block BadGeo, do minimal filtering for NorthAmerica, Normal Web filters for the default.