FortiGate Installation and Initial Configuration Guide (2026)
FortiGate installation consists of physically placing the device, gaining first access through the default management interface, configuring WAN/LAN interfaces, creating your first firewall policy, and hardening admin accounts. Done in the right order, the base setup usually takes under an hour.
Pre-Installation Preparation
Pre-installation preparation covers mounting, power and console cabling, the IP plan, and the firmware version decision. Good preparation dramatically shortens deployment time.
Mount the device in a rack or on a desk, connect redundant power supplies to two separate feeds if present, and have a console (RJ45/USB) cable ready for management. Draw up an IP addressing plan: define WAN, LAN, DMZ, and management segments in advance.
Decide which FortiOS version you will run beforehand. For production, prefer a stable build the vendor marks as mature rather than the very latest feature release. As of 2026 the 7.6 family is the current stable option.
If you are unsure which model fits your throughput and session needs, review the model-selection section of our what is FortiGate guide.
First Access and Login
First access begins by connecting to the default management interface and logging in through the web GUI or CLI. On most models the factory IP is 192.168.1.99.
Connect your computer to the FortiGate's internal (internal/port1) interface and give yourself an IP from the 192.168.1.x block. Browse to https://192.168.1.99; the default user is 'admin' with a blank password.
On the first session the system prompts you to change the password. Set a strong, unique admin password. For console access, connect with a terminal program at 9600 baud.
| Parameter | Default value |
|---|---|
| Management IP | 192.168.1.99 |
| Interface | internal / port1 |
| Username | admin |
| Password | (blank) |
| HTTPS port | 443 |
Basic System Configuration
Basic configuration covers hostname, system time (NTP), DNS, management access protocols, and assigning interface IP addresses.
Under System > Settings, give the device a meaningful hostname and select the correct time zone. Accurate time is critical for log correlation and certificate validation; define an NTP server.
Under Network > DNS, enter primary and secondary DNS servers. Under Network > Interfaces, assign the LAN interface an address that fits your corporate IP plan and enable the DHCP server if needed.
- Set hostname and time zone.
- Enable automatic time sync via NTP.
- Define DNS servers.
- Assign an IP to the LAN interface and enable DHCP if required.
- Leave management access (HTTPS, SSH) only on trusted interfaces.
Internet Connectivity and the First Policy
Internet connectivity is set on the WAN interface via static IP, DHCP, or PPPoE; then a NAT-enabled first policy from LAN to WAN provides outbound access.
Apply your ISP's method on the WAN interface. With a static IP, enter the IP, mask, and default gateway; then define a default route for 0.0.0.0/0 via WAN under Network > Static Routes.
Under Policy & Objects > Firewall Policy, create a new rule: source LAN interface, destination WAN, source/destination address 'all', service allowed, NAT enabled. This is the minimum policy that lets internal users reach the internet.
Once the first rule works, enrich your policies with security profiles by moving on to our FortiGate firewall policy management guide and our UTM security profiles article.
Hardening, Firmware, and Backup
Hardening covers restricting admin access, disabling unnecessary services, updating firmware, and taking a configuration backup; it must be completed before production.
Limit admin access to trusted source addresses (trusted hosts), add two-factor authentication where possible, and disable management access on the WAN interface. Turn off unused protocols such as HTTP and Telnet.
Update the device to the recommended stable build under System > Firmware; always take a configuration backup before updating. Export the backup encrypted under System > Configuration > Backup and store it securely.
In environments that need uninterrupted service, plan high availability (HA) configuration right after setup and activate your licenses per the FortiGuard subscriptions guide.
Frequently Asked Questions
What is the default IP address of a FortiGate?
On most FortiGate models the factory management IP is 192.168.1.99, reachable over https from the internal/port1 interface. The username is 'admin' with a blank password.
What if it does not ask for a password on first setup?
The default admin password is blank; on first login the system asks you to set a new one. Do not skip this and use a strong, unique password.
Should I update firmware before or after setup?
Ideally update to the recommended stable build after configuring basic networking and taking a backup, but before going to production. For big version jumps, follow the intermediate releases.
Which method should I choose for the WAN connection?
Choose static IP, DHCP, or PPPoE based on what your ISP provides. With a static IP, remember to also add a default route via the WAN interface.
What should the first firewall policy contain?
At its simplest, a rule from LAN to WAN with source/destination 'all', an allowed service, and NAT enabled is enough. In production you should tighten it with security profiles and narrower address objects.
How do I back up the configuration?
You can export the configuration encrypted under System > Configuration > Backup. Taking a backup before and after every major change is recommended.
Conclusion
FortiGate installation is completed securely and quickly by disciplined execution of preparation, first access, basic system settings, internet egress, and hardening. A configuration backup and firmware update are the final checkpoints before production.
For end-to-end support from setup to production, talk to the Sora Yazılım network team.