Fortinet FortiGate FortiGate-3000 Quick Start Manual

LED State
Green
Power
Off
Green
All ports
Flashing
Green
Off
Checking the Package Contents
Connector Type Speed
Internal SC 1000Base-SX
External SC 1000Base-SX
Ports 1 to 3 RJ-45 10/100Base-T
Port 4/HA RJ-45 1000Base-T
CONSOLE DB-9 9600 bps
Connecting
Connect the FortiGate unit to a power outlet and to the internal and external networks.
• Place the unit on a stable surface.
• The FortiGate unit requires 1.5 inches (3.75 cm) clearance above and on each side to allow for
cooling.
• Make sure the power switch on the back of the unit is turned off before connecting the power
and network cables.
• MAIN MENU appears when the unit is up and running.
• If only one power supply is connected, an audible alarm sounds to indicate a failed power sup-
ply. To stop this alarm, press the red alarm cancel button.

Planning the Configuration

Before beginning to configure the FortiGate unit, you need to plan how to integrate the unit into your network. Your configuration plan is dependent upon the operating mode that you select:
NAT/Route mode (the default) or Transparent mode. Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, FortiGuard,
Web content filtering, Spam filtering, intrusion prevention (IPS), and virtual private networking (VPN).
NAT/Route mode
In NAT/Route mode, each FortiGate unit is visible to the network that it is connected to. All
of its interfaces are on different subnets. Each interface connected to a network must be
configured with an IP address that is valid for that network.
You would typically use NAT/Route mode when the FortiGate unit is deployed as a gateway
between private and public networks. In its default NAT/Route mode configuration, the unit
functions as a firewall. Firewall policies control communications through the FortiGate unit.
No traffic can pass through the FortiGate unit until you add firewall policies.
In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In NAT
mode, the FortiGate unit performs network address translation before IP packets are sent to
the destination network. In Route mode, no translation takes place.
204.23.1.5
Internet
Router
Description
The FortiGate unit is on.
The FortiGate unit is off.
The correct cable is in use and the connected equip-
ment has power.
Ports 1, 2, or 3 connect at up to 100 Mbps.
Port 4/HA connected at up to 1000 Mbps.
Network activity at this interface.
No link established.
Protocol Description
Ethernet Multimode fiber optic connection to the
internal network.
Ethernet Multimode fiber optic connection to the
internet.
Ethernet Optional connections to other networks.
Ethernet Optional copper gigabit connection to
another network, or to other FortiGate-3000
units for high availability (HA).
RS-232 Optional connection to the management
serial computer. Provides access to the command
line interface (CLI).
Internal Network
Routing policies controlling
traffic between internal
networks.
Internal
Internal
192.168.1.99
Port 1
network
External 10.10.10.1
NAT mode policies controlling
traffic between internal
and external networks.
© Copyright 2006 Fortinet Incorporated. All rights reserved.
Products mentioned in this document are trademarks or registered trade-
marks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
5 July 2006

Transparent mode

In Transparent mode, the FortiGate unit is invisible to the network. All of its interfaces are on
the same subnet. You only have to configure a management IP address so that you can make
configuration changes.
You would typically use the FortiGate unit in Transparent mode on a private network behind
an existing firewall or behind a router. In its default Transparent mode configuration, the unit
functions as a firewall. No traffic can pass through the FortiGate unit until you add firewall
policies.
You can connect up to four network segments to the FortiGate unit to control traffic between
these network segments.
192.168.1.3
Internet
10.10.10.2
Esc Enter
1 2 3
Front
POWER
Esc Enter
Hi-Temp
1 2 3 4/HA
LCD Control 1, 2, 3, 4/HA Internal
Display Buttons Interface Interface
Back
Alarm
Cancel
Button
RS-232 Serial
Connection Connections
Esc Enter
1 2 3
Straight-through Ethernet cables
connect to other networks
SC fiber optic cable connects to internal network
Optional null modem cable connects
to serial port on management computer
External
Internal
Router
Hub or switch
POWER 1 2 3
Hi-Temp 4/HA INT EXT
4/HA INTERNAL EXTERNAL
FortiGate-3000
01-30002-0040-20060705
Ethernet Cables:
1 2 3
Orange - Crossover
4/HA INT EXT
Grey - Straight-through
INTERNAL EXTERNAL
Null-Modem Cable
(RS-232)
Power Cables (2)
External
Interface
Rack-Mount Brackets
Power
Supply
Q u i c k S t a r t G u i d e
LEDs
Esc Enter POWER 1 2 3
Hi-Temp 4/HA INT EXT
1 2 3 4/HA INTERNAL EXTERNAL
FortiGate-3000
Copyright 2006 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.
Power Documentation
POWER 1 2 3
Hi-Temp 4/HA INT EXT
4/HA INTERNAL EXTERNAL
SC fiber optic cable
connects to Internet
Power cables connect
to power outlets
Web Server
Mail Server
Port 1
Internal
network