Fortinet FortiGate FortiGate-60 Quick Start Manual

LED State
Green
Power
Off
Green/Flashing
Green
Status
Off
Green
Link
(Internal, DMZ,
Flashing Green
WAN1, WAN2)
Off
100 Green
(Internal, DMZ,
WAN1, WAN2)
Checking the Package Contents
Connector Type Speed
Internal RJ-45 10/100 Base-T
WAN1 and RJ-45 10/100 Base-T
WAN2
DMZ RJ-45 10/100 Base-T
Console RJ-45 9600 Bps
USB USB
Connecting
Connect the FortiGate unit to a power outlet and to the internal and external networks.
• Place the unit on a stable surface. It requires 1.5 inches (3.75 cm) clearance above and
on each side to allow for cooling.
• Plug in power cable to unit before connecting power.
• The Status light flashes while the unit is starting up and turns off when the system is up
and running.

Planning the Configuration

Before beginning to configure the FortiGate unit, you need to plan how to integrate the unit into your network. Your configuration plan depends on the operating mode you select: NAT/Route
mode (the default) or Transparent mode.
Quick configuration using the default settings
You can quickly set up your FortiGate unit for a home or small office using the web-based
manager and the default settings in NAT/Route mode.
All you need to do is set your network computers to use DHCP, access the web-based
manager, and configure the required settings for the external interface. You can also
configure DNS and a default route if needed. The FortiGate unit automatically assigns IP
addresses for up to 100 computers in the internal network.
1. Connect the FortiGate unit to the network.
2. Set the all the network computers to use DHCP to automatically obtain an IP address.
The FortiGate internal interface acts as a DHCP server for the internal network and assigns
IP addresses to all computers in the range 192.168.1.110 –192.168.1.210.
3. From the management computer browse to https://192.168.1.99. The FortiGate
web-based manager appears.
4. Go to System > Network > Interface and select Edit for the External interface.
NAT/Route mode
In NAT/Route mode, each FortiGate unit is visible to the network that it is connected to. All of
its interfaces are on different subnets. Each interface that is connected to a network must be
Internal
192.168.1.99
WAN1
204.23.1.5
Internet
Router
NAT mode policies controlling
traffic between internal
and external networks.
the FortiGate unit until you add firewall policies. In NAT/Route mode, firewall policies can
operate in NAT mode or in Route mode. In NAT mode, the FortiGate unit performs network
address translation before IP packets are sent to the destination network. In Route mode, no
translation takes place.
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, FortiGuard, Web content filtering, Spam filtering,
intrusion prevention (IPS), and virtual private networking (VPN).
Description
The FortiGate unit is on.
The FortiGate unit is off.
The FortiGate unit is starting up.
The FortiGate unit is running normally.
The correct cable is in use and the connected
equipment has power.
Network activity at this interface.
No link established.
The interface is connected at 100Mbps.
Protocol Description
Ethernet A 4-port switch connection for up to four devices or
the internal network.
Ethernet Redundant connections to the Internet.
Ethernet Optional connection to a DMZ network or to other
FortiGate-60 units for high availability (HA). For
details, see the Documentation CD-ROM.
RS-232 Optional connection to the management computer.
Provides access to the command line interface
(CLI).
USB Optional connection for the FortiUSB key, modem or
backup operation.
configured with an IP
Internal Network address that is valid for
that network.
You would typically use
192.168.1.3
NAT/Route mode when the
Routing policies controlling
FortiGate unit is deployed
traffic between internal
networks.
as a gateway between pri-
Internal
DMZ
network vate and public networks.
10.10.10.1
In its default NAT/Route
mode configuration, the
unit functions as a firewall.
10.10.10.2
Firewall policies control
communications through
the FortiGate unit. No
traffic can pass through
PWR STATUS
© Copyright 2007 Fortinet Incorporated. All rights reserved.
Products mentioned in this document are trademarks or registered trade-
marks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
1 March 2007
Front
PWR STATUS 1
LINK 100
Power Status
LED LED
DC+12V
Modem Console USB WAN2
WAN2
Power
USB
Connection
RJ-45 Serial
Connection
Power cable connects to power supply
Optional RJ-45 to DB-9 serial cable connects to management computer
DC+12V
Modem Console USB
Optional connection to a serial modem
(serial to USB adapter required)
Optional redundant connection to Internet
Straight-through Ethernet cable connects
to Internet (public switch, router or modem)
5. Select one of the following Addressing modes
• Manual: enter a static IP address and netmask, select OK, and go to step 6
• DHCP: to get an IP address from the ISP select DHCP and go to step 9
• PPPoE: to get an IP address from the ISP select PPPoE and go to step 9
6. Go to System > Network > DNS.
7. Select one of the following DNS settings
• Obtain DNS server address automatically: select to get the DNS addresses from the
ISP, select Apply
• Use the following DNS server addresses: select and enter the DNS server
addresses given to you by the ISP, select Apply
8. Go to Router > Static, select Create New, enter the default gateway address and select
OK. Network configuration is complete. Proceed to part 7 of this Quick Start Guide.
9. Select Retrieve default gateway from server and Override internal DNS options if your
ISP supports them, select OK, and proceed to part 7 of this Quick Start Guide.
Go to step 6 if you are not selecting these options.

Transparent mode

In Transparent mode, the FortiGate unit is invisible to the network. All of its interfaces are on
the same subnet. You only have to configure a management IP address so that you can make
Gateway to public network
204.23.1.5 10.10.10.2
WAN1
Internet
Router
You can connect up to four network segments to the FortiGate unit to control traffic between
these network segments.
INTERNAL
1 2 3 4 DMZ WAN1 WAN2
LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100
FortiGate-60
01-30002-0032-20070301
INTERNAL
2 3 4 DMZ WAN1 WAN2
LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100
Internal DMZ WAN 1,2
Interface Interface Interface
Back
Power Cable Power Supply
4 3 2 1
Internal
WAN1 DMZ
DMZ
WAN1 Internal Interface,
switch connectors
1,2,3,4
Documentation
4 3 2 1
Internal
WAN2 WAN1 DMZ
Ethernet cables connect
Straight-through
to computers on internal network
Optional connection to DMZ network
configuration changes.
You would typically use the
Internal
FortiGate unit in Transparent
network
Hub
mode on a private network
or switch
Internal
behind an existing firewall or
behind a router. In its default
Transparent mode configura-
tion, the unit functions as a
10.10.10.3
firewall. No traffic can pass
through the FortiGate unit until
you add firewall policies.
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
RJ-45 to
DB-9 Serial Cable
Q u i c k S t a r t G u i d e
INTERNAL
PWR STATUS 1 2 3 4 DMZ WAN1 WAN2
LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100
FortiGate-60
Copyright 2006 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.