Fortinet FortiGate FortiGate-4000 Installation Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate FortiGate-4000
  6. Installation manual
Fortinet FortiGate FortiGate-4000 Installation Manual

Fortinet FortiGate FortiGate-4000 Installation Manual

Fortinet fortigate fortigate-4000: install guide
Hide thumbs Also See for FortiGate FortiGate-4000:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual
FortiGate 4000

Installation Guide

KVM/ACCESS
KVM/ACCESS
KVM ACCESS
KVM/ACCESS
KVM/ACCESS
PWR/KVM STATUS
PWR/KVM STATUS
PWR/KVM STATUS
PWR/KVM STATUS
PWR/KVM STATUS
LAN 1
LAN 2
LAN 1
LAN 2
LAN 1
LAN 2
LAN 1
LAN 2
LAN 1
LAN 2
POWER ON/OFF
POWER ON/OFF
POWER ON/OFF
POWER ON/OFF
POWER ON/OFF
Version 2.80 MR4
30 August 2004
01-28004-0028-20040830
KVM/ACCESS
KVM/ACCESS
KVM/ACCESS
KVM/ACCESS
KVM/ACCESS
PWR/KVM STATUS
PWR/KVM STATUS
PWR/KVM STATUS
PWR/KVM STATUS
PWR/KVM STATUS
LAN 1
LAN 2
LAN 1
LAN 2
LAN 1
LAN 2
LAN 1
LAN 2
LAN 1
LAN 2
POWER ON/OFF
POWER ON/OFF
POWER ON/OFF
POWER ON/OFF
POWER ON/OFF
ALARM
KVM

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate FortiGate-4000

Summary of Contents for Fortinet FortiGate FortiGate-4000

  • Page 1: Installation Guide

    FortiGate 4000 KVM/ACCESS PWR/KVM STATUS LAN 1 LAN 2 POWER ON/OFF Installation Guide KVM/ACCESS KVM ACCESS KVM/ACCESS KVM/ACCESS KVM/ACCESS KVM/ACCESS KVM/ACCESS PWR/KVM STATUS PWR/KVM STATUS PWR/KVM STATUS PWR/KVM STATUS PWR/KVM STATUS PWR/KVM STATUS PWR/KVM STATUS LAN 1 LAN 2 LAN 1 LAN 2 LAN 1 LAN 2...
  • Page 2 CAUTION: RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. For technical support, please visit http://www.fortinet.com. Send information about errors or omissions in this document or any Fortinet technical documentation to techdoc@fortinet.com.

  • Page 3: Table Of Contents

    Command line interface ... 9 Setup wizard ... 9 Document conventions ... 9 Fortinet documentation ... 11 Comments on Fortinet technical documentation... 11 Customer service and technical support... 12 Getting started ... 13 Warnings and cautions ... 14 Warning... 14 Package contents ...
  • Page 4 Configuring the networks ... 56 Next steps ... 56 Transparent mode installation... 59 Preparing to configure Transparent mode ... 59 Out of band management interface ... 60 Using the web-based manager ... 60 Reconnecting to the web-based manager ... 61 01-28004-0028-20040830 Fortinet Inc.
  • Page 5 Using the command line interface... 61 Configure the out of band management interface... 63 Using the setup wizard... 64 Reconnecting to the web-based manager ... 64 Connecting the FortiGate unit to your network ... 65 Next steps ... 65 High availability installation... 67 Priorities of heartbeat device and monitor priorities ...
  • Page 6 Contents 01-28004-0028-20040830 Fortinet Inc.

  • Page 7: Introduction

    • • The FortiGate Antivirus Firewall uses Fortinet’s Accelerated Behavior and Content Analysis System (ABACAS™) technology, which leverages breakthroughs in chip design, networking, security, and content analysis. The unique ASIC-based architecture analyzes content and behavior in real-time, enabling key applications to be deployed right at the network edge where they are most effective at protecting your networks.

  • Page 8: Secure Installation, Configuration, And Management

    The saved configuration can be restored at any time. Figure 1: FortiGate web-based manager and setup wizard the web-based manager, the command line interface (CLI), or the setup wizard. 01-28004-0028-20040830 Introduction Fortinet Inc.

  • Page 9: Command Line Interface

    Introduction Command line interface You can access the FortiGate command line interface (CLI) by connecting a management computer serial port to the FortiGate RS-232 serial console connector. You can also use Telnet or a secure SSH connection to connect to the CLI from any network that is connected to the FortiGate unit, including the Internet.
  • Page 10 In most cases to make changes to lists that contain options separated by spaces, you need to retype the whole list including all the options you want to apply and excluding all the options you want to remove. 01-28004-0028-20040830 Introduction Fortinet Inc.

  • Page 11: Fortinet Documentation

    FortiGate unit. For a complete list of FortiGate documentation visit Fortinet Technical Support at http://support.fortinet.com. Comments on Fortinet technical documentation You can send information about errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com. FortiGate-4000 Installation Guide...

  • Page 12: Customer Service And Technical Support

    Fortinet technical support web site at http://support.fortinet.com. You can also register FortiGate Antivirus Firewalls from http://support.fortinet.com and change your registration information at any time. Fortinet email support is available from the following addresses: amer_support@fortinet.com For customers in the United States, Canada, Mexico, Latin...

  • Page 13: Getting Started

    Getting started This chapter describes unpacking, setting up, and powering on a FortiGate-4000 Antivirus Firewall. When you have completed the procedures in this chapter, you can proceed to one of the following: • • • This chapter describes: • • •...

  • Page 14: Warnings And Cautions

    Use appropriate equipment nameplate ratings to address this concern. Make sure that the FortiGate-4000 unit has reliable earthing. Fortinet recommends direct connections to the branch circuit. If you install the FortiGate-4000 unit in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient.
  • Page 15 Three power cables, One RJ-45 to DB-9 serial cable (only the black header works with the FortiGate- 4000 unit), One mounting rail kit, One FortiGate-4000 QuickStart Guide, One documentation CD containing Fortinet user documentation. FortiGate-4000 Chassis (front view) KVM/ACCESS KVM/ACCESS PWR/KVM STATUS...

  • Page 16: Physical Description

    Temperature: -20 to 80°C Relative humidity: 10% to 90% (Non-condensing) Minimum: 1050 watts Maximum: 2100 watts 100 ~ 230 VAC input AC inlet x 3 Minimum: 1.3 KVA (3+1 redundancy) Maximum: 2.6 KVA (6+1 redundancy) 01-28004-0028-20040830 Getting started Fortinet Inc.

  • Page 17: Front Panel Features

    Getting started Front panel features Figure 3 The front panel contains and provides access to up to 10 FortiBlade-4010 modules and the KVM switch module. Figure 3: FortiGate-4000 chassis front panel Note: Do not operate the FortiGate-4000 chassis with open slots on the front panel. For optimum cooling performance, all front panel slots must either contain a FortiBlade-4010 module or be covered by an empty slot cover.
  • Page 18 LAN 2 LEDs Not used Power button POWER ON/OFF Module lock and handle Description Press and hold for approximately 5 seconds for KVM access to a FortiBlade-4010 module. Power the FortiBlade-4010 module on or off. 01-28004-0028-20040830 Getting started Fortinet Inc.

  • Page 19: Kvm Switch Module

    Getting started Table 3: FortiBlade-4010 module front panel LEDs PWR/KVM STATUS LAN 1 LAN 2 KVM switch module Use the KVM switch module to switch serial connections to the CLI of each FortiBlade-4010 module installed in the FortiGate-4000 chassis. To access the CLI, connect the RJ-45 to DB-9 serial cable to the management module (see “Management module”...

  • Page 20: Rear Panel Features

    LAN 6 LAN 5 LAN 4 LAN 3 LAN 1 LAN 2 Power supply modules (7) Getting started Chassis Power switch Power connectors LAN 2 LAN 1 External ethernet pass-through interface module 10/100 out of ban management module Fortinet Inc.

  • Page 21: Power Supplies And Power Connections

    Getting started Figure 7: FortiGate-4000S rear panel External ethernet switched interface modue Power supplies and power connections The FortiGate-4000 chassis contains 7 power supply modules. Each power supply can provide a maximum of 350 watts for a total of 2100 watts, in 6+1 hot-swap redundant configuration that includes load balancing.

  • Page 22: Cooling Fan Trays

    Power on LED Power supply Power switch modules (7) Fan housing Locking handle illustrates a cooling fan tray. Fan handle “KVM switch module” on page 01-28004-0028-20040830 Getting started Locking screw 19) to select the FortiBlade-4010 module Power connectors Fortinet Inc.

  • Page 23: 10/100 Out Of Band Management Module

    CLI of each FortiBlade-4010 module. Set to 0. Serial connection to the CLI of each FortiBlade-4010 module. State Description Normal operation. Yellow System fault. Contact Fortinet Technical Support. 01-28004-0028-20040830 Rear panel features Not used...

  • Page 24: Pass-Through Interface Module

    POWER ON/OFF POWER ON/OFF POWER ON/OFF POWER ON/OFF POWER ON/OFF POWER ON/OFF LAN 5 LAN 4 LAN 3 LAN 2 LAN 1 Mounting Knot Getting started Mounting Knot ALARM KVM/ACCESS PWR/KVM STATUS LAN 1 LAN 2 POWER ON/OFF Fortinet Inc.

  • Page 25: Switched Interface Module

    Getting started Table 9: Pass-through interface module LEDs Interface LEDs Switched interface module Two switched interface modules are installed on the FortiGate-4000S. Each switched interface module contains two gigabit copper ethernet connectors. You can also purchase and install optical connectors into the switched interface module small form factor pluggable (SFP) interfaces.

  • Page 26: Installing Hardware

    Network activity at this interface. Amber Green The interface is connected at up to 1000 Mbps. Green System fault. Contact Fortinet technical support. Choosing a suitable environment Choosing a rack Attaching the mounting rail Installing FortiBlade-4010 modules FortiGate-4000P network connections...

  • Page 27: Attaching The Mounting Rail

    Getting started Attaching the mounting rail You can attach a mounting rail to the FortiGate-4000 chassis so that you can slide the chassis out from the rack for maintenance. There are 11 mounting holes on the FortiGate-4000 chassis that match different manufacturer mounting rails. shows the mounting locations to install the FortiGate-4000 mounting rail.

  • Page 28: Fortigate-4000P Network Connections

    FortiGate-4000 chassis and the interfaces on the pass-through interface module. Figure 6 on page Figure 6 on page 01-28004-0028-20040830 “Planning the FortiGate configuration” on 20). Figure 12 on page 24 20). Figure 12 on page 24 Getting started for the for the Fortinet Inc.

  • Page 29: Fortigate-4000S Network Connections

    Getting started FortiGate-4000S network connections Use the following steps to connect your internal and external networks to the FortiGate-4000S switched interface modules. This is a general connection procedure only. For information about how to connect the FortiGate-4000 unit for different network configurations, see Connect your internal network to the internal switched interface module.

  • Page 30: Turning Fortigate-4000 Chassis Power On And Off

    Turning on FortiGate-4000 chassis power Turning off FortiGate-4000 chassis power Power switch on each power supply module Chassis power switch on the power connector module On/off switch on the management module On/off switch on the switched interface module (FortiGate-4000S) 01-28004-0028-20040830 Getting started Fortinet Inc.

  • Page 31: Turning Off Fortigate-4000 Chassis Power

    Getting started Turning off FortiGate-4000 chassis power Always shut down the FortiGate-4000 operating system properly before turning off the power switch. Turn off the FortiGate-4000 chassis power in the reverse order from turning power on. Note: Always wait at least five seconds after turning off FortiGate-4000 chassis power before turning it back on.

  • Page 32: Hot Swapping Cooling Fan Trays

    Note: If you press the chassis power supply switch for more than four seconds, the entire FortiGate-4000 unit turns off. for more information. “Rear panel features” on page 01-28004-0028-20040830 “Cooling fan trays” on Figure 8 on page Getting started Fortinet Inc.

  • Page 33: Hot Swapping Interface Modules

    Getting started Hot swapping interface modules This procedure describes how to hot swap a pass-through interface module or a switched interface module. For more information on these modules, see page 24 From the rear panel of the FortiGate-4000 chassis, loosen the two mounting knots that fasten the pass-through interface module or the switched interface module that you want to replace.

  • Page 34: Hot Swapping The Kvm Switch Module

    Internet Explorer version 4.0 or higher running on the management computer. Connecting to the FortiGate-4000 internal interface module Connecting to the FortiGate-4000 10/100 out of band management module Connecting to the Command Line Interface (CLI) 01-28004-0028-20040830 Getting started “KVM switch module” on Fortinet Inc.

  • Page 35: Connecting To The Fortigate-4000 10/100 Out Of Band Management Module

    Getting started To connect to the web-based manager Connect the internal interface module to your network. • • Power on the FortiGate-4000 unit that you want to connect to. Note: When first installed, all FortiGate-4000 units installed in the FortiGate-4000 chassis have the same internal, external, and out of band management IP addresses.

  • Page 36: Connecting To The Command Line Interface (Cli)

    The Register Now window is displayed. Use the information in this window to register your FortiGate unit so that Fortinet can contact you for firmware updates. You must also register to receive updates to the FortiGate virus and attack definitions.

  • Page 37: Factory Default Configuration

    Getting started Use the KVM select buttons on the KVM switch module to select the FortiGate-4000 unit that you want to connect to. On the front panel of the FortiGate-4000 unit you select, press and hold the KVM/Access button for approximately 5 seconds for CLI access to the module. The PWR/KVM LED turns green, and CLI access to the module is enabled.

  • Page 38: Factory Default Nat/Route Mode Network Configuration

    Netmask: 255.255.255.0 Management Access: HTTPS, Ping 192.168.100.99 Netmask: 255.255.255.0 Default Gateway: 192.168.100.1 Primary DNS Server: 207.194.200.1 Secondary DNS Server: 207.194.200.129 Management Access: Ping 172.16.1.2 Netmask: 255.255.255.0 Default Gateway: 172.16.1.1 Management Access: HTTPS, Ping admin (none) Getting started Table Fortinet Inc.

  • Page 39: Factory Default Firewall Configuration

    Getting started Table 13: Factory default Transparent mode network configuration (Continued) Management IP Management access Out of band management interface Factory default firewall configuration FortiGate firewall policies control how all traffic is processed by the FortiGate unit. Until firewall policies are added, no traffic can be accepted by or pass through the FortiGate unit.

  • Page 40: Factory Default Protection Profiles

    To apply no scanning, blocking or IPS. Use if you do not want to apply content protection to content traffic. You can add this protection profile to firewall policies for connections between highly trusted or highly secure networks where content does not need to be protected. 01-28004-0028-20040830 Getting started Fortinet Inc.

  • Page 41: Planning The Fortigate Configuration

    Getting started Planning the FortiGate configuration Before you configure the FortiGate-4000 units in the FortiGate-4000 chassis, you need to plan how to integrate them into your network. Among other things, you must decide whether you want the FortiGate-4000 units to be visible to the network, which firewall functions you want to provide, and how you want it to control the traffic flowing between FortiGate-4000 unit interfaces.

  • Page 42: Transparent Mode Standalone Configuration

    IP address. You typically use a FortiGate-4000 unit in Transparent mode on a private network behind an existing firewall or behind a router. The FortiGate-4000 unit performs firewall functions as well as antivirus and content scanning but not VPN.

  • Page 43: Fortigate-4000 Ha Configuration

    NAT mode policies controlling traffic between internal and external networks. HA cluster in Transparent mode Gateway to public newtwork 204.23.1.5 192.168.1.1 Internet External (Firewall, router) Transparent mode policies controlling 01-28004-0028-20040830 Planning the FortiGate configuration Internal ALARM 192.168.1.99 FortiGate-4000 units in a ALARM KVM/ACCESS...

  • Page 44: Fortigate-4000 Units With External Load Balancers

    KVM ACCESS PWR/KVM STATUS PWR/KVM STATUS PWR/KVM STATUS LAN 1 LAN 2 LAN 1 LAN 2 LAN 1 LAN 2 POWER ON/OFF POWER ON/OFF POWER ON/OFF 192.168.1.1 Hub or switch Internal Network 01-28004-0028-20040830 Getting started Hub or Switch Internet Fortinet Inc.

  • Page 45: Next Steps

    Getting started Figure 23: FortiGate-4000 configuration with load balancers Next steps Now that your FortiGate unit is operating, you can proceed to configure it to connect to networks: • • • FortiGate-4000 Installation Guide POWER KVM/ACCESS KVM/ACCESS KVM ACCESS FortiGate-4000 Unit PWR/KVM STATUS PWR/KVM STATUS PWR/KVM STATUS...
  • Page 46 Next steps Getting started 01-28004-0028-20040830 Fortinet Inc.

  • Page 47: Nat/Route Mode Installation

    NAT/Route mode installation This chapter describes how to install the FortiGate unit in NAT/Route mode. For information about installing a FortiGate unit in Transparent mode, see mode installation” on page units in HA mode, see about installing the FortiGate unit in NAT/Route mode, see configuration”...

  • Page 48: Dhcp Or Pppoe Configuration

    The default gateway directs all non-local traffic to this interface and to the external network. Primary DNS Server: Secondary DNS Server: 01-28004-0028-20040830 NAT/Route mode installation _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ Table 16 “Connecting to the Fortinet Inc.

  • Page 49: Configuring Basic Settings

    NAT/Route mode installation Configuring basic settings After connecting to the web-based manager you can use the following procedures to complete the basic configuration of the FortiGate unit. To add/change the administrator password Go to System > Admin > Administrators. Select the Change Password icon for the admin administrator. Enter the new password and enter it again to confirm.

  • Page 50: Using The Command Line Interface

    The default route is not required if the interface connected to the external network is configured using DHCP or PPPoE. Go to System > Router > Static. If the Static Route table contains a default route (IP and Mask set to 0.0.0.0), select the Delete icon to delete this route.
  • Page 51 NAT/Route mode installation To configure interfaces Log in to the CLI. Set the IP address and netmask of the internal interface to the internal IP address and netmask that you recorded in Example Set the IP address and netmask of the external interface to the external IP address and netmask that you recorded in Example To set the external interface to use DHCP, enter:...
  • Page 52 192.168.1.23 255.255.255.0 get system interface Set the primary and secondary DNS server IP addresses. Enter config system dns set primary <address_ip> set secondary <address_ip> config system dns set primary 293.44.75.21 set secondary 293.44.75.22 01-28004-0028-20040830 NAT/Route mode installation Fortinet Inc.

  • Page 53: Using The Setup Wizard

    Configure the out of band management default gateway if you must connect to the out of band management interface through a router. Enter: Using the setup wizard From the web-based manager, you can use the setup wizard to complete the initial configuration of the FortiGate unit.
  • Page 54 Create a protection profile that enables virus scanning, for HTTP, FTP, IMAP, POP3, and SMTP (recommended). Add this protection profile to a default firewall policy. Do not configure antivirus protection. Fortinet Inc.

  • Page 55: Starting The Setup Wizard

    NAT/Route mode installation Starting the setup wizard In the web-based manager, select Easy Setup Wizard. Figure 24: Select the Easy Setup Wizard Follow the instructions on the wizard pages and use the information that you gathered Select the Next button to step through the wizard pages. Confirm the configuration settings, and then select Finish and Close.

  • Page 56: Configuring The Networks

    Enter the IP address or domain name of the NTP server that the FortiGate unit can use to set its time and date. Specify how often the FortiGate unit should synchronize its time with the NTP server. Select Apply. 01-28004-0028-20040830 NAT/Route mode installation Fortinet Inc.
  • Page 57 After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.
  • Page 58 Next steps NAT/Route mode installation 01-28004-0028-20040830 Fortinet Inc.

  • Page 59: Transparent Mode Installation

    Transparent mode installation This chapter describes how to install a FortiGate unit in Transparent mode. If you want to install the FortiGate unit in NAT/Route mode, see page availability installation” on page FortiGate unit in Transparent mode, see page This chapter describes: •...

  • Page 60: Out Of Band Management Interface

    The management IP address and netmask must be valid for the network from which you will manage the FortiGate unit. Add a default gateway if the FortiGate unit must connect to a router to reach the management computer. Primary DNS Server: Secondary DNS Server: _____._____._____._____...

  • Page 61: Reconnecting To The Web-Based Manager

    Otherwise, you can reconnect to the web-based manager by browsing to https://10.10.10.1. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field.
  • Page 62 <address_ip> <netmask> config system manageip set ip 10.10.10.2 255.255.255.0 get system manageip config system dns set primary <address_ip> set secondary <address_ip> config system dns set primary 293.44.75.21 set secondary 293.44.75.22 01-28004-0028-20040830 Transparent mode installation Fortinet Inc.

  • Page 63: To Configure The Default Gateway

    Set the out of band management IP address and netmask to the IP address and netmask that you recorded in Example Set the out of band management default gateway if you are connecting to the out of band management interface through a router. Enter: FortiGate-4000 Installation Guide config router static edit 1 set dst 0.0.0.0 0.0.0.0...

  • Page 64: Using The Setup Wizard

    Otherwise, you can reconnect to the web-based manager by browsing to https://10.10.10.1. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field.

  • Page 65: Connecting The Fortigate Unit To Your Network

    Transparent mode installation The IP address of the out of band management interface is not changed from the setup wizard. If you connected to the FortiGate unit using the out of band management interface you do not have to reconnect after completing the wizard. Connecting the FortiGate unit to your network After you complete the initial configuration, you can connect the FortiGate unit between your internal network and the Internet.
  • Page 66 After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.

  • Page 67: High Availability Installation

    High availability installation This chapter describes how to install two or more FortiGate units in an HA cluster. HA installation involves three basic steps: • • • For information about HA, see the FortiGate Administration Guide and the FortiOS High Availability technical note. Priorities of heartbeat device and monitor priorities The procedures in this chapter do not include steps for changing the priorities of heartbeat devices or for configuring monitor priorities settings.
  • Page 68 FortiGate unit with the highest serial number becomes the primary cluster unit. You can configure a FortiGate unit to always become the primary unit in the cluster by giving it a high priority and by selecting Override master. 01-28004-0028-20040830 High availability installation Fortinet Inc.

  • Page 69: Configuring Fortigate Units For Ha Using The Web-Based Manager

    High availability installation Table 20: High availability settings (Continued) Schedule Configuring FortiGate units for HA using the web-based manager Use the following procedure to configure each FortiGate unit for HA operation. To change the FortiGate unit host name Changing the host name is optional, but you can use host names to identify individual cluster units.

  • Page 70: Configuring Fortigate Units For Ha Using The Cli

    Connect to the CLI. Change the host name. “Connecting the cluster to your networks” on page “Connecting to the Command Line Interface (CLI)” on page config system global set hostname <name_str> 01-28004-0028-20040830 High availability installation “Connecting the cluster to your networks” Fortinet Inc.

  • Page 71: Connecting The Cluster To Your Networks

    You must connect all matching interfaces in the cluster to the same hub or switch. Then you must connect these interfaces to their networks using the same hub or switch. Fortinet recommends using switches for all cluster connections for the best performance. FortiGate-4000 Installation Guide...
  • Page 72 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Hub or Switch INTERNAL STATUS WAN1 WAN2 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Internal WAN1 Internet Router Fortinet Inc.

  • Page 73: Installing And Configuring The Cluster

    High availability installation Power on all the FortiGate units in the cluster. As the units start, they negotiate to choose the primary cluster unit and the subordinate units. This negotiation occurs with no user intervention and normally just takes a few seconds. Installing and configuring the cluster When negotiation is complete the you can configure the cluster as if it was a single FortiGate unit.
  • Page 74 Installing and configuring the cluster High availability installation 01-28004-0028-20040830 Fortinet Inc.

  • Page 75: Switched Interface Configuration

    Switched interface configuration This chapter describes how to connect to the FortiGate-4000 switched interface CLI and describes the commands that are available from this CLI. You can use these commands to change switched interface port speed and VLAN configuration. Default configuration The FortiGate-4000 switched interface ships with a default configuration in which all interfaces are enabled and assigned to a default virtual LAN (VLAN) with a VLAN ID of 1.

  • Page 76: Cli Commands

    RJ-45 to DB-9 cable included in your FortiGate package, a VT100 terminal emulation software such as HyperTerminal for Windows. None None Ports connecting to FortiBlade-4010 modules in FortiGate-4000 slots 1 to 10. FortiGate-4000 switched interface LAN1 port. FortiGate-4000 switched interface LAN2 port. 01-28004-0028-20040830 Switched interface configuration Fortinet Inc.
  • Page 77 Switched interface configuration The following commands are available from the switched interface CLI: Display the link status of any switched interface port. Example Use the following command to display the link status the connection between the switched interface and the FortiBlade-4010 unit in slot 1 of the FortiGate-4000 chassis. Use this command to display the link status the connection between the switched interface and the LAN1 interface of the switched interface.
  • Page 78 0x100 check port 8 0x200 check port 9 0x400 check port 10 0x800 check port 11 0x003 check port 0 and 1 0x007 check port 0, 1, and 2 0x380 check ports 7, 8, 9 01-28004-0028-20040830 Switched interface configuration Fortinet Inc.
  • Page 79 Switched interface configuration Port mirroring allows mirroring one port to another for network monitoring and troubleshooting. Network packet analyzers can view traffic moving through the switch interface by providing a copy of the traffic that is currently passed through any other port.
  • Page 80 CLI commands Reset to the FortiGate-4000 switched interface to factory default configuration. Quit or exit from the FortiGate-4000 switched interface CLI. 01-28004-0028-20040830 Switched interface configuration Fortinet Inc.

  • Page 81: Index

    (Transparent mode) 63 firewall setup wizard 8, 48, 53, 60, 64 starting 49, 55, 61, 64 Fortinet customer service 12 configuring FortiGate units for HA operation 67 connecting an HA cluster 71, 73 High availability 67 HTTPS 8...
  • Page 82 Index 01-28004-0028-20040830 Fortinet Inc.

Table of Contents