1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate Voice Series
  6. Install manual

Fortinet FortiGate Series Install Manual

Hide thumbs Also See for FortiGate Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual
FortiGate
®
Version 4.0
Desktop Install Guide

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate Series

Summary of Contents for Fortinet FortiGate Series

  • Page 1 FortiGate ® Version 4.0 Desktop Install Guide...
  • Page 2 FortiGuard-Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager, Fortinet®, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

  • Page 3: Table Of Contents

    Introduction ....................3 Registering your Fortinet product................. 3 Customer service and technical support..............3 Fortinet documentation ....................4 Fortinet Tools and Documentation CD ............... 4 Fortinet Knowledge Center ..................4 Comments on Fortinet technical documentation ............4 Conventions ........................4 IP addresses.......................
  • Page 4 Backup and Restore from a USB key ............... 42 Using the USB Auto-Install ..................42 Additional CLI Commands for a USB key..............43 Testing new firmware before installing............... 43 Index......................1 FortiGate Version 4.0 Desktop Install Guide 01-400-95522-20090501 http://docs.fortinet.com/ • Feedback...

  • Page 5: Introduction

    • Conventions Registering your Fortinet product Before you begin, take a moment to register your Fortinet product at the Fortinet Technical Support web site, https://support.fortinet.com. Many Fortinet customer services, such as firmware updates, technical support, and FortiGuard Antivirus and other FortiGuard services, require product registration.

  • Page 6: Fortinet Documentation

    Fortinet Tools and Documentation CD Many Fortinet publications are available on the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current at shipping time. For current versions of Fortinet documentation, visit the Fortinet Technical Documentation web site, http://docs.fortinet.com.

  • Page 7: Typographical Conventions

    Caution: Warns you about commands or procedures that could have unexpected or undesirable results including loss of data or damage to equipment. Typographical conventions Fortinet documentation uses the following typographical conventions: Table 1: Typographical conventions in Fortinet technical documentation Convention Example Button, menu, text box, From Minimum log level, select Notification.
  • Page 8 Conventions Introduction FortiGate Version 4.0 Desktop Install Guide 01-400-95522-20090501 http://docs.fortinet.com/ • Feedback...

  • Page 9: Installing

    • Operating temperature: 32 to 104°F (0 to 40°C) If you install the Fortinet unit in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient temperature. Therefore, make sure to install the equipment in an environment compatible with the manufacturer's maximum rated ambient temperature.

  • Page 10: Cautions And Warnings

    (e.g. use of power strips). Mounting If required to fit into a rack unit, remove the rubber feet from the bottom of the Fortinet unit. Place the FortiGate unit on any flat, stable surface. Ensure the unit has sufficient clearance on each side to ensure adequate airflow for cooling.

  • Page 11: Plugging In The Fortigate Unit

    Using the supplied Ethernet cable, connect one end of the cable to your router or modem, whatever the connection is to the Internet. Connect the other end to the Fortinet unit. Connect to either the External, WAN port, or port 1. Connect additional cable to the Internal port or port 2 and your internal hub or switch.
  • Page 12 Turning off the Fortinet unit Installing FortiGate Version 4.0 Desktop Install Guide 01-400-95522-20090501 http://docs.fortinet.com/ • Feedback...

  • Page 13: Configuring

    NAT mode In NAT/Route mode, the Fortinet unit is visible to the network. Like a router, all its interfaces are on different subnets. In NAT mode, each port is on a different subnet, enabling you to have a single IP address available to the public Internet.

  • Page 14: Transparent Mode

    Configuring Transparent mode In transparent mode, the Fortinet unit is invisible to the network. Similar to a network bridge, all FortiGate interfaces must be on the same subnet. You only have to configure a management IP address to make configuration changes. The management IP address is also used for antivirus and attack definition updates.

  • Page 15: Connecting To The Cli

    Configuring Configuring NAT mode The first warning prompts you to accept and optionally install the Fortinet unit’s self- signed security certificate. If you do not accept the certificate, the Fortinet unit refuses the connection. If you accept the certificate, the FortiGate login page appears. The credentials entered are encrypted before they are sent to the Fortinet unit.

  • Page 16: Configure The Interfaces

    Configuring Configure the interfaces When shipped, the Fortinet unit has a default address of 192.168.1.99 and a netmask of 255.255.255.0. for either the Port 1 or Internal interface. You need to configure this and other ports for use on your network.
  • Page 17 Enable to use the DNS addresses retrieved from the DHCP server instead of the DNS server IP addresses on the DNS page on System > Network > Options. On Fortinet-100 units and lower, you should also enable Obtain DNS server address automatically in System > Network >...

  • Page 18: Configure A Dns Server

    (DNS server) implements the protocol. In simple terms, it acts as a phone book for the Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet.

  • Page 19: Add A Default Route And Gateway

    <dns_ipv4> Add a default route and gateway A route provides the Fortinet unit with the information it needs to forward a packet to a particular destination. A static route causes packets to be forwarded to a destination other than the default gateway.

  • Page 20: Add Firewall Policies

    For the initial installation, a single firewall policy that enables all traffic to flow through will enable you to verify your configuration is working. On lower-end units such a default firewall policy is already in place. For the high-end Fortinet units, you need to add a firewall policy.
  • Page 21 Select the port connected to the Internet. Source Address Destination Interface Select the port connected to the network. Destination Address All Schedule always Service Action Accept Figure 8: Creating an incoming firewall policy FortiGate Version 4.0 Desktop Install Guide 01-400-95522-20090501 http://docs.fortinet.com/ • Feedback...

  • Page 22: Configuring Transparent Mode

    When configuring transparent mode, you need to switch to transparent mode and configure the management IP address, default routes, and simple firewall policies. You can use the web-based manager or the CLI to configure the Fortinet unit in transparent mode.

  • Page 23: Configure A Dns Server

    For the initial installation, a single firewall policy that enables all traffic through will enable you to verify your configuration is working. On lower-end units such a default firewall policy is already in place. For the higher end Fortinet units, you will need to add a firewall policy.
  • Page 24 Configuring transparent mode Configuring The following steps add two policies that allows all traffic through the Fortinet unit, to enable you to continue testing the configuration on the network. To add an outgoing traffic firewall policy - web-based manager 1 Go to Firewall > Policy.

  • Page 25: Verifying The Configuration

    Remember to verify the firewall policies. The firewall policies control the flow of information through the Fortinet unit. If the policies are not set up correctly, or are too restrictive, they can prohibit network traffic.

  • Page 26: Restoring A Configuration

    1 Go to System > Maintenance > Backup & Restore. 2 Select to back up to your Local PC or to a USB key. The USB Disk option will be grayed out if the Fortinet unit supports USB disks but none are connected.

  • Page 27: Additional Configuration

    For effective scheduling and logging, the FortiGate system date and time must be accurate. You can either manually set the system date and time or configure the Fortinet unit to automatically keep its time correct by synchronizing with a Network Time Protocol (NTP) server.

  • Page 28: Set The Administrator Password

    Set the Administrator password The Fortinet unit ships with a default empty password. You will want to apply a password to prevent anybody logging into the Fortinet unit and changing configuration options.

  • Page 29: Configuring Fortiguard

    The FDN is a world-wide network of FortiGuard Distribution Servers (FDS). When the Fortinet unit connects to the FDN, it connects to the nearest FDS. To do this, all Fortinet units are programmed with a list of FDS addresses sorted by nearest time zone according to the time zone configured for the Fortinet unit.
  • Page 30 Additional configuration Configuring FortiGate Version 4.0 Desktop Install Guide 01-400-95522-20090501 http://docs.fortinet.com/ • Feedback...

  • Page 31: Advanced Configuration

    The Fortinet unit is pre configured with four default protection profiles. In many cases you can use these default protection profiles, use them just as they are or as a starting point to create your own.

  • Page 32: Firewall Policies

    Fortinet unit will act on the general policy, having calculated that the policy has been matched, and then stop. The second policy will be ignored and the Fortinet unit will let the URLs or IPs you wanted blocked get through.

  • Page 33: Configuring Firewall Policies

    • File pattern - The Fortinet will check the file against the file pattern setting you have configured. You can set which file names or file types the Fortinet unit looks for in the incoming traffic. • Virus scan - The virus definitions are kept up to date through the FortiNet Distribution Network.

  • Page 34: Antispam Options

    FortiGuard antivirus services. To configure the file patterns that the Fortinet scans, go to UTM > AntiVirus > File Filter. To enable grayware blocking, go to UTM > AntiVirus > Grayware.

  • Page 35: Web Filtering

    (white list) or don’t want (black list) to receive email from. You can add or remove addresses from lists as required. The Fortinet unit uses both an IP address list and an email address list to filter incoming email, if enabled in the protection profile.

  • Page 36: Data Leak Prevention

    Using this information, you can then take the corrective action necessary to resolve any problems before they become major problems. With alert email, you can configure the Fortinet unit to send alert messages, when specific events occur with specific frequency. By logging to a FortiAnalyzer unit, you can run over 400 reports on various network traffic.

  • Page 37: Fortigate Firmware

    1 Log into the site using your user name and password. 2 Go to Firmware Images > FortiGate. 3 Select the most recent FortiOS version. 4 Locate the firmware for your Fortinet unit, right-click the link and select the Download option for your browser. Note: Always review the Release Notes for a new firmware release before installing.

  • Page 38: Using The Web-Based Manager

    5 Type the path and filename of the firmware image file, or select Browse and locate the file. 6 Select OK. The Fortinet unit uploads the firmware image file, reverts to the old firmware version, resets the configuration, restarts, and displays the Fortinet login. This process takes a few minutes.

  • Page 39: Backup And Restore From A Usb Key

    Note: You need an unencrypted configuration file for this feature. Also the default files, image.out and system.conf, must be in the root directory of the USB key. Note: Make sure at least FortiOS v3.0MR1 is installed on the Fortinet unit before installing. To configure the USB Auto-Install 1 Go to System >...

  • Page 40: Using The Cli

    CLI command execute update-now to update the antivirus and attack definitions. For more information, see the FortiGate Administration Guide. Before you begin, ensure you have a TFTP server running and accessible to the Fortinet unit. To upgrade the firmware using the CLI 1 Make sure the TFTP server is running.
  • Page 41 Note: To use this procedure, you must log in using the admin administrator account, or an administrator account that has system configuration read and write privileges. To use the following procedure, you must have a TFTP server the Fortinet unit can connect to.

  • Page 42: Installing Firmware From A System Reboot Using The Cli

    You can use this procedure to upgrade to a new firmware version, revert to an older firmware version, or re-install the current firmware. To use this procedure, you must connect to the CLI using the Fortinet console port and a RJ-45 to DB-9, or null modem cable.

  • Page 43: Restoring The Previous Configuration

    The following message appears: Enter Local Address [192.168.1.188]: 10 Type an IP address the Fortinet unit can use to connect to the TFTP server. The IP address can be any IP address that is valid for the network the interface is connected to.

  • Page 44: Backup And Restore From A Usb Key

    Note: You need an unencrypted configuration file for this feature. Also the default files, image.out and system.conf, must be in the root directory of the USB key. Note: Make sure at least FortiOS v3.0MR1 is installed on the Fortinet unit before installing. To configure the USB Auto-Install using the CLI 1 Log into the CLI.

  • Page 45: Additional Cli Commands For A Usb Key

    “Upgrading the firmware” on page To use this procedure, you must connect to the CLI using the Fortinet console port and a RJ-45 to DB-9 or null modem cable. This procedure temporarily installs a new firmware image using your current configuration.
  • Page 46 The following message appears: Enter Local Address [192.168.1.188]: 10 Type an IP address of the Fortinet unit to connect to the TFTP server. The IP address must be on the same network as the TFTP server, but make sure you do not use the IP address of another device on the network.

  • Page 47: Index

    CLI upgrade with web-based manager backing up upgrading using the CLI FortiGate documentation commenting on certificate, security FortiGuard Fortinet customer service upgrading the firmware Fortinet documentation comments, documentation Fortinet Knowledge Center configure backup gateway FortiGuard...
  • Page 48 CLI signatures, update static route auto-install system reboot, installing CLI commands technical support web filtering TFTP server web-based manager time and date FortiGate Version 4.0 Desktop Install Guide 01-400-95522-20090501 http://docs.fortinet.com/ • Feedback...
  • Page 49 Index FortiGate Version 4.0 Desktop Install Guide 01-400-95522-20090501 http://docs.fortinet.com/ • Feedback...
  • Page 50 www.fortinet.com...
  • Page 51 www.fortinet.com...

Table of Contents