Fortinet FortiGate FortiGate-1000 Install Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate FortiGate-1000
  6. Install manual
Fortinet FortiGate FortiGate-1000 Install Manual

Fortinet FortiGate FortiGate-1000 Install Manual

Fortios 3.0 mr4
Hide thumbs Also See for FortiGate FortiGate-1000:
Table of Contents

Advertisement

Quick Links

See also: Administration Manual , Installation Manual
I N S T A L L G U I D E
FortiGate-200,
FortiGate-300,
FortiGate-400,
FortiGate-500, and
FortiGate-1000
FortiOS 3.0 MR4
www.fortinet.com

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate FortiGate-1000

Summary of Contents for Fortinet FortiGate FortiGate-1000

  • Page 1 I N S T A L L G U I D E FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500, and FortiGate-1000 FortiOS 3.0 MR4 www.fortinet.com...
  • Page 2 FortiOS 3.0 MR4 15 February 2007 01-30004-0267-20070215 © Copyright 2007 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.

  • Page 3: Table Of Contents

    FortiManager ... 10 About this document... 10 Document conventions... 11 Fortinet documentation ... 11 Fortinet Tools and Documentation CD ... 13 Fortinet Knowledge Center ... 13 Comments on Fortinet technical documentation ... 13 Customer service and technical support ... 13 Installing the FortiGate unit ...
  • Page 4 Factory defaults ... 27 Configuring the FortiGate unit... 31 FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide Powering on the FortiGate unit ... 20 Powering off the FortiGate unit ... 21 Connecting the FortiGate unit... 22 Web-based manager ... 22 Front control buttons and LCD ...
  • Page 5 Contents Transparent mode installation ... 43 Preparing to configure Transparent mode ... 43 Using the web-based manager ... 43 Using the front control buttons and LCD ... 44 Using the command line interface ... 45 Connecting the FortiGate unit to your network... 46 Next steps...
  • Page 6 Contents FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide 01-30004-0267-20070215...

  • Page 7: Introduction

    Introduction Introduction Welcome and thank you for selecting Fortinet products for your real-time network protection. The FortiGate™ Unified Threat Management System improves network security, reduces network misuse and abuse, and helps you use communications resources more efficiently without compromising the performance of your network.

  • Page 8: Fortigate-300

    By registering your FortiGate unit, you will receive updates to threat detection and prevention databases (Antivirus, Intrusion Detection, etc.) and will also ensure your access to technical support. Introduction Enter CONSOLE 4 / HA Enter INTERNAL EXTERNAL Enter Enter 4 / HA INTERNAL http://support.fortinet.com and select 01-30004-0267-20070215 EXTERNAL...

  • Page 9: Fortinet Family Products

    Introduction Fortinet Family Products Fortinet offers a family of products that includes both software and hardware appliances, for a complete network security solution including mail, logging, reporting, network management, and security along with FortiGate Unified Threat Management Systems. For more information on the Fortinet product family, go to www.fortinet.com/products.

  • Page 10: Fortianalyzer

    About this document FortiAnalyzer FortiReporter FortiBridge FortiManager About this document FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide FortiAnalyzer™ provides network administrators with the information they need to enable the best protection and security for their networks against attacks and vulnerabilities.

  • Page 11: Document Conventions

    Menu commands Program output Variables Fortinet documentation The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com. The following FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide 01-30004-0267-20070215 –...
  • Page 12 Fortinet documentation FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide • FortiGate QuickStart Guide Provides basic information about connecting and installing a FortiGate unit. • FortiGate Install Guide Describes how to install a FortiGate unit. Includes a hardware reference, default configuration information, installation procedures, connection procedures, and basic configuration procedures.

  • Page 13: Fortinet Tools And Documentation Cd

    Fortinet Tools and Documentation CD All Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current at shipping time. For up-to-date versions of Fortinet documentation see the Fortinet Technical Documentation web site at http://docs.forticare.com.
  • Page 14 Customer service and technical support Introduction FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide 01-30004-0267-20070215...

  • Page 15: Installing The Fortigate Unit

    The FortiGate-200 package contains the following items: • FortiGate-200 Unified Threat Management System • one orange crossover Ethernet cable (Fortinet part number CC300248) • one grey straight-through Ethernet cable (Fortinet part number CC300249) • one null-modem cable (Fortinet part number CC300247) •...

  • Page 16: Mounting

    The FortiGate-300 package contains the following items: • FortiGate-300 Unified Threat Management System • one orange crossover Ethernet cable (Fortinet part number CC300248) • one gray straight-through Ethernet cable (Fortinet part number CC300249) • one null-modem cable (Fortinet part number CC300247) •...

  • Page 17: Mounting

    The FortiGate-400 package contains the following items: • FortiGate-400 Antivirus Firewall • one orange crossover Ethernet cable (Fortinet part number CC300248) • one gray straight-through Ethernet cable (Fortinet part number CC300249) • one null modem cable (Fortinet part number CC300247) •...

  • Page 18: Mounting

    The FortiGate-500 package contains the following items: • FortiGate-500 Unified Threat Management System • one orange crossover Ethernet cable (Fortinet part number CC300248) • one gray straight-through Ethernet cable (Fortinet part number CC300249) • one null-modem cable (Fortinet part number CC300247) •...

  • Page 19: Fortigate-1000

    The FortiGate-1000 package contains the following items: • FortiGate-1000 Unified Threat Management System • two orange crossover Ethernet cables (Fortinet part number CC300248) • two gray straight-through Ethernet cables (Fortinet part number CC300249) • one null-modem cable (Fortinet part number CC300247) •...

  • Page 20: Air Flow

    Use appropriate equipment nameplate ratings to address this concern. • Make sure the FortiGate-1000 unit has reliable grounding. Fortinet recommends direct connection to the branch circuit. Environmental Operating temperature: 32 to 104 F (0 to 40 C)

  • Page 21: Powering Off The Fortigate Unit

    Installing the FortiGate unit After a few seconds, SYSTEM STARTING appears on the LCD. The main menu setting appears on the LCD when the system is running. Menu [ Fortigat -> ] NAT, Standalone The FortiGate unit starts and the Power and Status LEDs light up. The Status LED flashes while the FortiGate unit starts up, and remains off when the system is running.

  • Page 22: Connecting The Fortigate Unit

    Connecting the FortiGate unit Connecting the FortiGate unit Web-based manager Front control buttons and LCD Command line interface Connecting to the web-based manager FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide There are three methods of connecting and configuring the basic FortiGate settings: •...

  • Page 23: System Dashboard

    Installing the FortiGate unit Start Internet Explorer and browse to the address https://192.168.1.99. (remember to include the “s” in https://) To support a secure HTTPS authentication method, the FortiGate unit ships with a self-signed security certificate, and is offered to remote clients whenever they initiate a HTTPS connection to the FortiGate unit.

  • Page 24: Lcd Front Control Buttons

    LCD front control buttons LCD front control buttons FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide To connect to the FortiGate CLI you require: • a computer with an available communications port • the null-modem cable included in your FortiGate package •...

  • Page 25: Using The Front Control Buttons And Lcd

    Installing the FortiGate unit The LCD provides information on the FortiGate unit’s operating modes and whether or not it is part of a High Availability (HA) cluster. default LCD main menu setting of a FortiGate unit, operating in NAT/Route mode and not connected to a HA cluster.
  • Page 26 LCD front control buttons FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide To change the operating mode Make sure the LCD displays the main menu setting. Press Enter to select the interfaces. Press the up and down buttons to highlight the menu Change to bridge mod. Press Enter to change to Transparent mode.

  • Page 27: Factory Defaults

    Factory defaults Factory defaults The FortiGate unit ships with a factory default configuration. The default configuration allows you to connect to and use the FortiGate web-based manager to configure the FortiGate unit onto the network. To configure the FortiGate unit on to the network you add an administrator password, change the network interface IP addresses, add DNS server IP addresses, and, if required, configure basic routing.

  • Page 28: Factory Default Transparent Mode Network Configuration

    Factory default Transparent mode network configuration Factory default firewall configuration FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide Table 9: Factory default NAT/Route mode network configuration User name: Administrator account Password: Internal interface Netmask: Administrative Access: External interface Netmask: Port 2 (FortiGate-400) Administrative Access:...

  • Page 29: Factory Default Protection Profiles

    Factory defaults Table 11: Factory default firewall configuration Configuration setting Name Firewall address Pre-defined service Recurring schedule Protection Profiles The factory default firewall configuration is the same in NAT/Route mode and Transparent mode. Factory default protection profiles Use protection profiles to apply different protection settings for traffic controlled by firewall policies.

  • Page 30: Restoring The Default Settings

    Restoring the default settings Restoring the default settings Restoring the default settings using the web-based manager Restoring the default settings using the CLI FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide You can revert to factory default settings and start over again if you mistakenly change a network setting and are unable to recover from it.

  • Page 31: Configuring The Fortigate Unit

    You can also configure the FortiGate unit and the network it protects using the default settings. NAT/Route mode In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its interfaces are on different subnets. The following interfaces are available in NAT/Route mode:...

  • Page 32: Nat/Route Mode With Multiple External Network Connections

    Planning the FortiGate configuration NAT/Route mode with multiple external network connections FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide You can add firewall policies to control whether communications through the FortiGate unit operate in NAT or Route mode. Firewall policies control the flow of traffic based on the source address, destination address, and service of each packet.

  • Page 33: Transparent Mode

    You typically use the FortiGate unit in Transparent mode on a private network behind an existing firewall or behind a router. The FortiGate unit performs firewall functions, IPSec VPN, virus scanning, IPS web filtering, and Spam filtering. You can connect several network segments to the FortiGate unit to control traffic between these network segments.

  • Page 34: Preventing The Public Interface From Responding To Ping Requests

    Preventing the public interface from responding to ping requests Preventing the public interface from responding to ping requests FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide The factory default configuration of your FortiGate unit allows the default public interface to respond to ping requests.

  • Page 35: Nat/Route Mode Installation

    Configuring the FortiGate unit NAT/Route mode installation This section describes how to install the FortiGate unit in NAT/Route mode. This section includes the following topics: • Preparing to configure the FortiGate unit in NAT/Route mode • DHCP or PPPoE configuration •...

  • Page 36: Dhcp Or Pppoe Configuration

    NAT/Route mode installation DHCP or PPPoE configuration Using the web-based manager FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide You can configure any FortiGate interface to acquire its IP address from a DHCP or PPPoE server. Your Internet Service Provider (ISP) may provide IP addresses using one of these protocols.

  • Page 37: Adding A Default Route

    Verify the connection To verify your connection, try the following: • browse to www.fortinet.com • retrieve or send email from your email account If you cannot browse to the web site or retrieve/send email from your account, review the previous steps to ensure all information was entered correctly and try again.

  • Page 38: Using The Front Control Buttons And Lcd

    NAT/Route mode installation Using the front control buttons and LCD FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide Basic settings, including interface IP addresses, netmasks, default gateways, and the FortiGate operating mode can be configured using the front control buttons and LCD.

  • Page 39: Verifying The Front Control Buttons And Lcd Configuration

    LCD should be displayed. Verify the connection To verify your connection, try the following: • browse to www.fortinet.com • retrieve or send email from your email account If you cannot browse to the web site or retrieve/send email from your account, review the previous steps to ensure all information was entered correctly and try again.
  • Page 40 NAT/Route mode installation FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide Example config system interface edit internal set mode static set ip 192.168.120.99 255.255.255.0 Set the IP address and netmask of the external interface to the external IP address and netmask you recorded in config system interface edit <interface>...

  • Page 41: Adding A Default Route

    Connect the External interface to the Internet. Connect to the public switch or router provided by your ISP. If you are a DSL or cable subscriber, connect the External interface to the internal or LAN connection of your DSL or cable modem.

  • Page 42: Configuring The Networks

    NAT/Route mode installation Configuring the networks FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide You can use a DMZ network to provide access from the Internet to a web server or other server, without installing the servers on your internal network. Figure 12: FortiGate-400 NAT/Route mode connections.

  • Page 43: Transparent Mode Installation

    The management IP address and netmask must be valid for the network from which you will manage the FortiGate unit. Add a default gateway if the FortiGate unit must connect to a router to reach the management computer. Primary DNS Server: Secondary DNS Server: 22.

  • Page 44: Using The Front Control Buttons And Lcd

    Transparent mode installation Using the front control buttons and LCD FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide Select Apply. You do not have to reconnect to the web-based manager at this time. Once you select Apply, the changes are immediate, and you can go to the system dashboard to verify you have changed the FortiGate unit to Transparent mode.

  • Page 45: Verify The Connection

    Configuring the FortiGate unit Verify the connection To verify your connection, try the following: • browse to www.fortinet.com • retrieve or send email from your email account If you cannot browse to the web site or retrieve/send email from your account, review the previous steps to ensure all information was entered correctly and try again.

  • Page 46: Reconnecting To The Web-Based Manager

    IP address. Browse to https:// followed by the new IP address. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field.

  • Page 47: Next Steps

    Configuring the FortiGate unit Figure 13: FortiGate-1000 Transparent mode connections Next steps You can use the following information to configure FortiGate system time and to configure antivirus and attack definition updates. Refer to the configuring, monitoring, and maintaining your FortiGate unit. Set the date and time For effective scheduling and logging, the FortiGate system date and time must be accurate.

  • Page 48: Updating Antivirus And Ips Signatures

    You can update your antivirus and IPS signatures using the web-based manager or the CLI. Before you can begin receiving updates, you must register your FortiGate unit from the Fortinet web page. Note: Update AV and IPS signatures on a regular basis. If you do not update AV and IPS signatures regularly, the FortiGate unit can become vulnerable to new viruses.

  • Page 49: Updating The Ips Signatures From The Cli

    Configuring the FortiGate unit To update antivirus definitions and IPS signatures Go to System > Maintenance > FortiGuard Center. Select the blue arrow for AntiVirus and IPS Downloads to expand the options. Select Update Now to update the antivirus definitions. If the connection to the FDN is successful, the web-based manager displays a message similar to the following: After a few minutes, if an update is available, the System FortiGuard Center page...

  • Page 50: Adding An Override Server

    Next steps FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide Select Apply. The FortiGate unit starts the next scheduled update according to the new update schedule. Whenever the FortiGate unit runs a scheduled update, the event is recorded in the FortiGate event log.
  • Page 51 Configuring the FortiGate unit config system autoupdate override FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide 01-30004-0267-20070215 set address set status Next steps...
  • Page 52 Next steps Configuring the FortiGate unit FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide 01-30004-0267-20070215...

  • Page 53: Fortigate Firmware

    FortiGate Firmware FortiGate Firmware Fortinet periodically updates the FortiGate firmware to include enhancements and address issues. After you have registered your FortiGate unit, FortiGate firmware is available for download at the support web site, http://support.fortinet.com. Only FortiGate administrators (whose access profiles contain system read and write privileges) and the FortiGate admin user can change the FortiGate firmware.

  • Page 54: Upgrading The Firmware Using The Cli

    Upgrading to a new firmware version Upgrading the firmware using the CLI FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide Select OK. The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, restarts, and displays the FortiGate login. This process takes a few minutes.

  • Page 55: Reverting To A Previous Firmware Version

    FortiGate Firmware To confirm the firmware image is successfully installed, enter: get system status Update antivirus and attack definitions (see the or from the CLI, enter: execute update-now Reverting to a previous firmware version Use the web-based manager or CLI procedure to revert to a previous firmware version.

  • Page 56: Reverting To A Previous Firmware Version Using The Cli

    Reverting to a previous firmware version Reverting to a previous firmware version using the CLI FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide Log into the web-based manager. Go to System > Status and check the Firmware Version to confirm the firmware is successfully installed.

  • Page 57: Installing Firmware Images From A System Reboot Using The Cli

    FortiGate Firmware Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit: execute restore image <name_str> <tftp_ipv4> Where <name_str> is the name of the firmware image file and <tftp_ip> is the IP address of the TFTP server. For example, if the firmware image file name is v2.8image.out and the IP address of the TFTP server is 192.168.1.168, enter: execute restore image v2.8image.out 192.168.1.168 The FortiGate unit responds with this message:...
  • Page 58 Installing firmware images from a system reboot using the CLI FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide For this procedure you: • Access the CLI by connecting to the FortiGate console port using a null-modem cable. •...
  • Page 59 FortiGate Firmware Immediately press any key to interrupt the system startup. Note: You have only 3 seconds to press any key. If you do not press a key soon enough, the FortiGate unit reboots and you must log in and repeat the execute reboot command.

  • Page 60: Restoring The Previous Configuration

    Testing a new firmware image before installing it Restoring the previous configuration Testing a new firmware image before installing it FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide Change the internal interface address, if required. You can do this from the CLI using the following command: config system interface edit internal...
  • Page 61 FortiGate Firmware Enter the following command to restart the FortiGate unit: execute reboot As the FortiGate unit reboots, press any key to interrupt the system startup. As the FortiGate unit starts, a series of system startup messages are displayed. When one of the following messages appears: •...
  • Page 62 Testing a new firmware image before installing it FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide Enter the firmware image file name and press Enter. The TFTP server uploads the firmware image file to the FortiGate unit and messages similar to the following appear.

  • Page 63: Index

    55 testing new firmware 60 upgrading using the CLI 54 upgrading using the web-based manager 53 FortiGate documentation commenting on 13 Fortinet customer service 13 Fortinet documentation 11 Fortinet Family Products FortiBridge 10 FortiClient 9 FortiGuard 9...
  • Page 64 updating adding override server 50 antivirus and IPS, web-based manager 48 IPS using CLI 49 scheduling updates 49 upgrading firmware using the CLI 54 firmware using the web-based manager 53 using front control buttons and LCD 38, 44 using the web-based manager 36, 43 FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide verifying connection, LCD 39, 45...
  • Page 65 www.fortinet.com...
  • Page 66 www.fortinet.com...

This manual is also suitable for:

Fortigate-200Fortigate-300Fortigate-400Fortigate-500

Table of Contents