Fortinet FortiGate 60 Installation Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Network Router
  5. FortiGate 60
  6. Installation manual

Fortinet FortiGate 60 Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Installation Guide

FortiGate 60
INTERNAL
PWR
STATUS
1
2
3
4
DMZ
WAN1
WAN2
LINK 100
LINK 100
LINK 100
LINK 100
LINK 100
LINK 100
LINK 100
Version 2.80 MR8
28 January 2005
01-28008-0018-20050128

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate 60

Summary of Contents for Fortinet FortiGate 60

  • Page 1: Installation Guide

    Installation Guide FortiGate 60 INTERNAL STATUS WAN1 WAN2 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Version 2.80 MR8 28 January 2005 01-28008-0018-20050128...
  • Page 2 Products mentioned in this document are trademarks or registered trademarks of their respective holders. Regulatory Compliance FCC Class A Part 15 CSA/CUS For technical support, please visit http://www.fortinet.com. Send information about errors or omissions in this document or any Fortinet technical documentation to techdoc@fortinet.com.

  • Page 3: Table Of Contents

    Command line interface ....................6 Setup wizard ........................7 Document conventions ....................... 7 FortiGate documentation ....................8 Fortinet Knowledge Center ..................... 9 Comments on Fortinet technical documentation............. 9 Related documentation ....................... 9 FortiManager documentation ..................9 FortiClient documentation ....................9 FortiMail documentation....................10 FortiLog documentation ....................
  • Page 4 Standalone mode configuration ..................56 Configuring modem settings ..................... 57 Connecting and disconnecting the modem in Standalone mode........58 Defining a Ping Server ...................... 59 Dead gateway detection ....................59 Adding firewall policies for modem connections ............... 60 Index ........................61 01-28008-0018-20050128 Fortinet Inc.

  • Page 5: Introduction

    • network-level services such as firewall, intrusion detection, VPN, and traffic shaping. The FortiGate Antivirus Firewall uses Fortinet’s Accelerated Behavior and Content Analysis System (ABACAS™) technology, which leverages breakthroughs in chip design, networking, security, and content analysis. The unique ASIC-based...

  • Page 6: Web-Based Manager

    This Installation Guide contains information about basic and advanced CLI commands. For a more complete description about connecting to and using the FortiGate CLI, see the FortiGate CLI Reference Guide. 01-28008-0018-20050128 Fortinet Inc.

  • Page 7: Setup Wizard

    Introduction Document conventions Setup wizard The FortiGate setup wizard provides an easy way to configure the basic initial settings for the FortiGate unit. The wizard walks through the configuration of a new administrator password, FortiGate interfaces, DHCP server settings, internal servers (web, FTP, etc.), and basic antivirus settings.

  • Page 8: Fortigate Documentation

    Describes the structure of FortiGate log messages and provides information about the log messages that are generated by FortiGate units. • FortiGate High Availability Guide Contains in-depth information about the FortiGate high availability feature and the FortiGate clustering protocol. 01-28008-0018-20050128 Fortinet Inc.

  • Page 9: Fortinet Knowledge Center

    The most recent Fortinet technical documentation is available from the Fortinet Knowledge Center. The knowledge center contains short how-to articles, FAQs, technical notes, product and feature guides, and much more. Visit the Fortinet Knowledge Center at http://kc.forticare.com. Comments on Fortinet technical documentation Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com.

  • Page 10: Fortimail Documentation

    Fortinet technical support web site at http://support.fortinet.com. You can also register FortiGate Antivirus Firewalls from http://support.fortinet.com and change your registration information at any time. Fortinet email support is available from the following addresses: amer_support@fortinet.com For customers in the United States, Canada, Mexico, Latin...
  • Page 11 Introduction Customer service and technical support For information on Fortinet telephone support, see http://support.fortinet.com. When requesting technical support, please provide the following information: • Your name • Company name • Location • Email address • Telephone number • FortiGate unit serial number •...
  • Page 12 Customer service and technical support Introduction 01-28008-0018-20050128 Fortinet Inc.

  • Page 13: Getting Started

    FortiGate-60 Installation Guide Version 2.80 MR8 Getting started This section describes unpacking, setting up, and powering on a FortiGate Antivirus Firewall unit. This section includes: • Package contents • Mounting • Turning the FortiGate unit power on and off • Connecting to the web-based manager •...

  • Page 14: Package Contents

    (Fortinet part number CC300248) • one gray regular ethernet cable (Fortinet part number CC300249) • one RJ-45 to DB-9 modem cable (Fortinet part number CC300302) • FortiGate-60 Quick Start Guide • CD containing the FortiGate user documentation •...

  • Page 15: Turning The Fortigate Unit Power On And Off

    Getting started Turning the FortiGate unit power on and off Power requirements • DC input voltage: 12 V • DC input current: 3 A Environmental specifications • Operating temperature: 32 to 104°F (0 to 40°C) • Storage temperature: -13 to 158°F (-25 to 70°C) •...

  • Page 16: Connecting To The Web-Based Manager

    Start Internet Explorer and browse to the address https://192.168.1.99. (remember to include the “s” in https://). The FortiGate login is displayed. Figure 3: FortiGate login Type admin in the Name field and select Login. 01-28008-0018-20050128 Fortinet Inc.

  • Page 17: Connecting To The Command Line Interface (Cli)

    Getting started Connecting to the command line interface (CLI) Connecting to the command line interface (CLI) As an alternative to the web-based manager, you can install and configure the FortiGate unit using the CLI. Configuration changes made with the CLI are effective immediately without resetting the firewall or interrupting service.

  • Page 18: Quick Installation Using Factory Defaults

    DHCP: to get an IP address from the ISP select DHCP and go to step • PPPoE: to get an IP address from the ISP select PPPoE and go to step Go to System > Network > DNS. 01-28008-0018-20050128 Fortinet Inc.

  • Page 19: Factory Default Fortigate Configuration Settings

    Getting started Factory default FortiGate configuration settings Select one of the following DNS settings • Obtain DNS server address automatically: select to get the DNS addresses from the ISP, select Apply • Use the following DNS server addresses: select and enter the DNS server addresses given to you by the ISP, select Apply Go to Router >...

  • Page 20: Factory Default Nat/Route Mode Network Configuration

    Administrative Access: HTTP, HTTPS, Ping 192.168.100.99 WAN1 interface Netmask: 255.255.255.0 Administrative Access: Ping 192.168.101.99 WAN2 interface Netmask: 255.255.255.0 Administrative Access: Ping 10.10.10.1 DMZ interface Netmask: 255.255.255.0 Administrative Access: HTTPS, Ping 0.0.0.0 Modem interface Netmask: 0.0.0.0 Administrative Access: 01-28008-0018-20050128 Fortinet Inc.

  • Page 21: Factory Default Transparent Mode Network Configuration

    Getting started Factory default FortiGate configuration settings Table 3: Factory default NAT/Route mode network configuration (Continued) Default Gateway (for default route) 192.168.100.1 Interface connected to external network wan1 (for default route) Default Route A default route consists of a default gateway and the name of Network Settings the interface connected to the external network (usually the Internet).

  • Page 22: Factory Default Protection Profiles

    You may not use the strict protection profile under normal circumstances but it is available if you have problems with viruses and require maximum screening. Scan To apply antivirus scanning and file quarantining to HTTP, FTP, IMAP, POP3, and SMTP content traffic. 01-28008-0018-20050128 Fortinet Inc.

  • Page 23: Planning The Fortigate Configuration

    Getting started Planning the FortiGate configuration To apply antivirus scanning and web content blocking to HTTP content traffic. You can add this protection profile to firewall policies that control HTTP traffic. Unfiltered To apply no scanning, blocking or IPS. Use if you do not want to apply content protection to content traffic.

  • Page 24: Nat/Route Mode With Multiple External Network Connections

    • Internal is the interface to the internal network. You must configure routing to support redundant Internet connections. Routing can be used to automatically redirect connections from an interface if its connection to the external network fails. 01-28008-0018-20050128 Fortinet Inc.

  • Page 25: Transparent Mode

    Getting started Planning the FortiGate configuration Otherwise, security policy configuration is similar to a NAT/Route mode configuration with a single Internet connection. You would create NAT mode firewall policies to control traffic flowing between the internal, private network and the external, public network (usually the Internet).

  • Page 26: Configuration Options

    If you are going to operate the FortiGate unit in Transparent mode, go to “Transparent mode installation” on page • If you are going to operate two or more FortiGate units in HA mode, go to “High availability installation” on page 01-28008-0018-20050128 Fortinet Inc.

  • Page 27: Nat/Route Mode Installation

    FortiGate-60 Installation Guide Version 2.80 MR8 NAT/Route mode installation This chapter describes how to install the FortiGate unit in NAT/Route mode. For information about installing a FortiGate unit in Transparent mode, see “Transparent mode installation” on page 39. For information about installing two or more FortiGate units in HA mode, see “High availability installation”...

  • Page 28: Dhcp Or Pppoe Configuration

    You can use the web-based manager for the initial configuration of the FortiGate unit. You can also continue to use the web-based manager for all FortiGate unit settings. For information about connecting to the web-based manager, see “Connecting to the web-based manager” on page 01-28008-0018-20050128 Fortinet Inc.

  • Page 29: Configuring Basic Settings

    NAT/Route mode installation Using the web-based manager Configuring basic settings After connecting to the web-based manager you can use the following procedures to complete the basic configuration of the FortiGate unit. To add/change the administrator password Go to System > Admin > Administrators. Select the Change Password icon for the admin administrator.

  • Page 30: Using The Command Line Interface

    Set the IP address and netmask of the internal interface to the internal IP address and netmask that you recorded in Table 6 on page 28. Enter: config system interface edit internal set mode static set ip <address_ip> <netmask> 01-28008-0018-20050128 Fortinet Inc.
  • Page 31 NAT/Route mode installation Using the command line interface Example config system interface edit internal set mode static set ip <192.168.120.99> <255.255.255.0> Set the IP address and netmask of the WAN1 interface to the IP address and netmask that you recorded in Table 6 on page To set the static IP address and netmask, enter: config system interface...

  • Page 32: Using The Setup Wizard

    Using the setup wizard From the web-based manager, you can use the setup wizard to complete the initial configuration of the FortiGate unit. For information about connecting to the web-based manager, see “Connecting to the web-based manager” on page 01-28008-0018-20050128 Fortinet Inc.
  • Page 33 NAT/Route mode installation Using the setup wizard If you are configuring the FortiGate unit to operate in NAT/Route mode (the default), you can use the setup wizard to: • add the administration password • configure the internal interface address • choose either a manual (static) or a dynamic (DHCP or PPPoE) address for the external interface •...

  • Page 34: Starting The Setup Wizard

    • One WAN1 port for connecting to your public switch or router and the Internet, • One WAN2 port for connecting to a second public switch or router and the Internet for a redundant Internet connection, 01-28008-0018-20050128 Fortinet Inc.
  • Page 35 NAT/Route mode installation Connecting the FortiGate unit to the network(s) • One DMZ port for connecting to a DMZ network. • Modem is the interface for connecting an external modem to the FortiGate-60. See “Configuring the Modem interface” on page 36 Note: You can also connect the WAN1 and WAN2 interfaces to different Internet connections to provide a redundant connection to the Internet.

  • Page 36: Configuring The Networks

    You can use the following information to configure FortiGate system time, to register the FortiGate unit, and to configure antivirus and attack definition updates. Refer to the FortiGate Administration Guide for complete information on configuring, monitoring, and maintaining the FortiGate unit. 01-28008-0018-20050128 Fortinet Inc.
  • Page 37 After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.
  • Page 38 Select Scheduled Update and configure a schedule for receiving antivirus and attack definition updates. Select Apply. You can also select Update Now to receive the latest virus and attack definition updates. For more information about FortiGate settings see the FortiGate Online Help or the FortiGate Administration Guide. 01-28008-0018-20050128 Fortinet Inc.

  • Page 39: Transparent Mode Installation

    FortiGate-60 Installation Guide Version 2.80 MR8 Transparent mode installation This chapter describes how to install a FortiGate unit in Transparent mode. If you want to install the FortiGate unit in NAT/Route mode, see “NAT/Route mode installation” on page 27. If you want to install two or more FortiGate units in HA mode, see “High availability installation”...

  • Page 40: Using The Web-Based Manager

    To change the Management IP Go to System > Network > Management. Enter the management IP address and netmask that you recorded in Table 9 on page Select access methods and logging for any interfaces as required. Select Apply. 01-28008-0018-20050128 Fortinet Inc.

  • Page 41: Reconnecting To The Web-Based Manager

    Transparent mode installation Using the command line interface To configure DNS server settings Go to System > Network > DNS. Enter the IP address of the primary DNS server. Enter the IP address of the secondary DNS server. Select OK. To configure the default gateway Go to System >...
  • Page 42 Make sure that you are logged into the CLI. Set the default route to the default gateway that you recorded in Table 9 on page Enter: config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway <address_gateway> set device <interface> 01-28008-0018-20050128 Fortinet Inc.

  • Page 43: Using The Setup Wizard

    Transparent mode installation Using the setup wizard Example If the default gateway IP is 204.23.1.2 and this gateway is connected to port 2: config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway 204.23.1.2 set device port2 Using the setup wizard From the web-based manager, you can use the setup wizard to begin the initial configuration of the FortiGate unit.

  • Page 44: Connecting The Fortigate Unit To Your Network

    Figure 11: FortiGate-60 Transparent mode connections Internal Network Other Network Hub or Switch Internal Hub or Switch FortiGate-60 INTERNAL STATUS WAN1 WAN2 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 WAN1 Public Switch or Router Internet 01-28008-0018-20050128 Fortinet Inc.

  • Page 45: Next Steps

    After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.
  • Page 46 If FortiProtect Distribution Network changes to Available, then the FortiGate unit can connect to the FDN. Select Scheduled Update and configure a schedule for receiving antivirus and attack definition updates. Select Apply. You can also select Update Now to receive the latest virus and attack definition updates. 01-28008-0018-20050128 Fortinet Inc.

  • Page 47: High Availability Installation

    FortiGate-60 Installation Guide Version 2.80 MR8 High availability installation This chapter describes how to install two or more FortiGate units in an HA cluster. HA installation involves three basic steps: • Configuring FortiGate units for HA operation • Connecting the cluster to your networks •...
  • Page 48 FortiGate unit with the highest serial number becomes the primary cluster unit. Override You can configure a FortiGate unit to always become the primary unit in the cluster by giving it a high priority and by selecting Override master. Master 01-28008-0018-20050128 Fortinet Inc.

  • Page 49: Configuring Fortigate Units For Ha Using The Web-Based Manager

    High availability installation Configuring FortiGate units for HA operation Table 10: High availability settings (Continued) The schedule controls load balancing among the FortiGate units in the active-active HA cluster. The schedule must be the same for all FortiGate units in the HA cluster. None No load balancing.

  • Page 50: Configuring Fortigate Units For Ha Using The Cli

    To change the FortiGate unit host name Power on the FortiGate unit to be configured. Connect to the CLI. “Connecting to the command line interface (CLI)” on page Change the host name. config system global set hostname <name_str> 01-28008-0018-20050128 Fortinet Inc.

  • Page 51: Connecting The Cluster To Your Networks

    You must connect all matching interfaces in the cluster to the same hub or switch. Then you must connect these interfaces to their networks using the same hub or switch. Fortinet recommends using switches for all cluster connections for the best performance. FortiGate-60 Installation Guide...
  • Page 52 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Hub or Hub or Switch Switch Router INTERNAL STATUS WAN1 WAN2 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Internal WAN1 Internet 01-28008-0018-20050128 Fortinet Inc.

  • Page 53: Installing And Configuring The Cluster

    High availability installation Installing and configuring the cluster Power on all the FortiGate units in the cluster. As the units start, they negotiate to choose the primary cluster unit and the subordinate units. This negotiation occurs with no user intervention and normally just takes a few seconds.
  • Page 54 Installing and configuring the cluster High availability installation 01-28008-0018-20050128 Fortinet Inc.

  • Page 55: Configuring The Modem Interface

    FortiGate-60 Installation Guide Version 2.80 MR8 Configuring the modem interface The FortiGate-60 includes the option of an external modem for use as either a redundant interface or a standalone interface in NAT/Route mode. • In redundant mode, the modem interface automatically takes over from a selected ethernet interface when that ethernet interface is unavailable.

  • Page 56: Standalone Mode Configuration

    Note: Do not add firewall policies for connections between the ethernet interface that the modem replaces and other interfaces. To operate in standalone mode Go to System > Network > Modem. From the Redundant for list, select the ethernet interface that the modem is replacing. 01-28008-0018-20050128 Fortinet Inc.

  • Page 57: Configuring Modem Settings

    Configuring the modem interface Configuring modem settings Configure other modem settings as required. “Configuring modem settings” on page Make sure there is correct information in one or more Dialup Accounts. Configure firewall policies for connections to the modem interface. “Adding firewall policies for modem connections” on page Select Dial Up.

  • Page 58: Connecting And Disconnecting The Modem In Standalone Mode

    Connecting and disconnecting the modem in Standalone mode To connect to a dialup account Go to System > Network > Modem. Select Enable Modem. Make sure there is correct information in one or more Dialup Accounts. Select Apply if you make any configuration changes. 01-28008-0018-20050128 Fortinet Inc.

  • Page 59: Defining A Ping Server

    Configuring the modem interface Defining a Ping Server Select Dial Now. The FortiGate unit initiates dialing into each dialup account in turn until the modem connects to an ISP. Modem status is one of the following: not active The modem interface is not connected to the ISP. active The modem interface is attempting to connect to the ISP, or is connected to the ISP.

  • Page 60: Adding Firewall Policies For Modem Connections

    You can configure firewall policies to control the flow of packets between the modem interface and the other interfaces on the FortiGate unit. For information about adding firewall policies, see the FortiGate Administration Guide. 01-28008-0018-20050128 Fortinet Inc.

  • Page 61: Index

    60 power requirements 15 firewall setup wizard 6, 28, 32, 40, 43 powering on 15 starting 29, 34, 40, 43 Fortinet customer service 10 redial limit 58 redundant mode configuring 55 configuring FortiGate units for HA operation 47 connecting an HA cluster 51, 53...
  • Page 62 55, 56 starting IP web-based manager 6 DHCP 20 connecting to 16 synchronize with NTP server 37, 45 introduction 6 wizard setting up firewall 28, 32, 40, 43 technical support 10 starting 29, 34, 40, 43 01-28008-0018-20050128 Fortinet Inc.

Table of Contents