Deploy a FortiGate 60F in 1 hour flat for a 20-person SME

You've just received your FortiGate 60F and you have 1 hour before the end of the day. It's doable. Here's the sequence we apply in the field to have a functional and reasonably secure firewall in 60 minutes.

Prerequisites (5 min)

• FortiGate 60F unboxed and powered up
• RJ45 cable on WAN1 port to the ISP gateway
• RJ45 cable on LAN port to internal switch
• Laptop connected to LAN with DHCP IP by default (192.168.1.x)
• FortiCloud account created (free, required for license)

Step 1 — First login + reset password (5 min)

• Navigate to https://192.168.1.99 from the laptop
• Login: admin / no password by default
• Set a strong admin password (16+ characters)
• Immediately enable 2FA via FortiToken Mobile (free)

Step 2 — License registration + updates (10 min)

• System > FortiGuard: register the device on FortiCloud with the serial
• Verify that FortiGuard services appear green (AV, IPS, Web Filter)
• System > Firmware: move to latest stable LTS version if needed (reboot ~3 min)

Step 3 — WAN configuration (5 min)

• Network > Interfaces > wan1: DHCP if ISP gateway provides an IP, otherwise Manual with IP/gateway/DNS
• Verify internet connectivity: Diagnostics > Ping to 1.1.1.1

Step 4 — LAN configuration (5 min)

• Network > Interfaces > internal: 192.168.10.1/24 (change from default 192.168.1.x to avoid conflict with other networks)
• Enable DHCP server: pool 192.168.10.100-199, DNS 192.168.10.1 (FortiGate acts as DNS)
• Reconnect the laptop, wait for new IP

Step 5 — Basic security policy (15 min)

Policy & Objects > Firewall Policy. Create 3 minimum rules:

• LAN → WAN: Source internal, Destination wan1, Service ALL, Action ACCEPT, Inspection: AV + IPS + Web Filter + Application Control + DNS Filter enabled
• WAN → LAN: no rule (everything is blocked by default, perfect)
• LAN → LAN segments: if separate VLAN servers, create strict inter-VLAN rules

Step 6 — Web filtering + block risky categories (5 min)

• Security Profiles > Web Filter: block Adult, Gambling, Malware, Phishing, Cryptomining, Unrated
• Enable SafeSearch on Google/YouTube (option at bottom)
• Link this profile to the LAN → WAN rule

Step 7 — SSL VPN for remote work (10 min)

• VPN > SSL-VPN Settings: interface wan1, port 10443 (not 443 to avoid conflict), initial self-signed certificate authentication
• Create a "remote-users" user group + test users
• Create firewall policy ssl.root → internal for the group
• Test from FortiClient on smartphone 4G

Step 8 — Logging + alerting (5 min)

• Log & Report > Log Settings: send to FortiCloud Free (free 7-day logs)
• Enable email alerts for: admin login, critical IPS, critical AV, discovered vulnerability
• Test alert with failed admin login

Summary: 60 minutes for what?

You now have: firewall with strict rules, IPS + AV + web filter active, functional SSL VPN, cloud logging, email alerts, admin 2FA, strong password. This is well above the security level of 80% of French SMEs.

What remains to be done next week

• Replace self-signed certificate with Let's Encrypt
• Segment into VLANs (servers / workstations / IoT / guests)
• Enable SD-WAN if multiple internet links
• Document in a runbook (who changes what, how to restore config)
• Backup FortiGate config to external cloud (encrypted config)

Conclusion

A well-configured FortiGate 60F in 1 hour is a massive security leap for an SME. If you don't have the time or inclination, KOLOSALTech deploys this type of configuration in 1/2 day including documentation and end-user training.