1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate 50A
  6. Installation manual

Fortinet FortiGate 50A Installation Manual

Hide thumbs Also See for FortiGate 50A:
Table of Contents

Advertisement

Quick Links

Download this manual
FortiGate 50A
Installation Guide
PWR
STATUS
INTERNAL
A
LINK 100
Version 2.80 MR5
01 November 2004
01-28005-0017-20041101
EXTERNAL
LINK 100

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate 50A

Summary of Contents for Fortinet FortiGate 50A

  • Page 1 Installation Guide FortiGate 50A STATUS INTERNAL EXTERNAL LINK 100 LINK 100 Version 2.80 MR5 01 November 2004 01-28005-0017-20041101...
  • Page 2 CAUTION: RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. For technical support, please visit http://www.fortinet.com. Send information about errors or omissions in this document or any Fortinet technical documentation to techdoc@fortinet.com.

  • Page 3: Table Of Contents

    Command line interface ....................6 Setup wizard ........................7 Document conventions ....................... 7 Fortinet documentation ....................... 8 Comments on Fortinet technical documentation............. 8 Customer service and technical support................9 Getting started ..................... 11 Package contents ......................11 Mounting ........................... 12 Turning the FortiGate unit power on and off ..............
  • Page 4 Reconnecting to the web-based manager ..............37 Using the command line interface..................37 Using the setup wizard...................... 39 Reconnecting to the web-based manager ..............39 Connecting the FortiGate unit to your network ..............40 Next steps ......................... 41 Index ........................43 01-28005-0017-20041101 Fortinet Inc.

  • Page 5: Introduction

    • network-level services such as firewall, intrusion detection, VPN, and traffic shaping. The FortiGate Antivirus Firewall uses Fortinet’s Accelerated Behavior and Content Analysis System (ABACAS™) technology, which leverages breakthroughs in chip design, networking, security, and content analysis. The unique ASIC-based...

  • Page 6: Web-Based Manager

    This Installation Guide contains information about basic and advanced CLI commands. For a more complete description about connecting to and using the FortiGate CLI, see the FortiGate CLI Reference Guide. 01-28005-0017-20041101 Fortinet Inc.

  • Page 7: Setup Wizard

    Introduction Document conventions Setup wizard The FortiGate setup wizard provides an easy way to configure the basic initial settings for the FortiGate unit. The wizard walks through the configuration of a new administrator password, FortiGate interfaces, DHCP server settings, internal servers (web, FTP, etc.), and basic antivirus settings.

  • Page 8: Fortinet Documentation

    FortiGate unit. For a complete list of FortiGate documentation visit Fortinet Technical Support at http://support.fortinet.com. Comments on Fortinet technical documentation You can send information about errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com. 01-28005-0017-20041101...

  • Page 9: Customer Service And Technical Support

    Fortinet technical support web site at http://support.fortinet.com. You can also register FortiGate Antivirus Firewalls from http://support.fortinet.com and change your registration information at any time. Fortinet email support is available from the following addresses: amer_support@fortinet.com For customers in the United States, Canada, Mexico, Latin...
  • Page 10 Customer service and technical support Introduction 01-28005-0017-20041101 Fortinet Inc.

  • Page 11: Getting Started

    FortiGate-50A Installation Guide Version 2.80 MR5 Getting started This section describes unpacking, setting up, and powering on a FortiGate Antivirus Firewall unit. This section includes: • Package contents • Mounting • Turning the FortiGate unit power on and off • Connecting to the web-based manager •...

  • Page 12: Mounting

    STATUS External Internal LINK 100 LINK 100 QuickStart Guide Internal Power Copyright 2004 Fortinet Incorporated. All rights reserved. Trademarks Products mentioned in this document are trademarks. External Documentation RJ-45 Serial Connection Mounting The FortiGate-50A unit can be installed on any stable surface. Make sure that the unit has at least 1.5 in.

  • Page 13: Turning The Fortigate Unit Power On And Off

    Getting started Turning the FortiGate unit power on and off Turning the FortiGate unit power on and off To power on the FortiGate unit Connect the AC adapter to the power connection on the back of the FortiGate-50 unit. Connect the AC adapter to a power outlet. The FortiGate-50A unit starts.

  • Page 14: Connecting To The Command Line Interface (Cli)

    Type admin in the Name field and select Login. The Register Now window is displayed. It is important to register the Fortigate unit so that Fortinet can contact the unit for firmware updates. You must register to receive updates to the FortiGate antivirus and attack definitions.

  • Page 15: Quick Installation Using Factory Defaults

    Getting started Quick installation using factory defaults To connect to the FortiGate CLI, you need: • a computer with an available communications port, • the RJ-45 to DB-9 cable included in your FortiGate package, • terminal emulation software such as HyperTerminal for Windows. Note: The following procedure describes how to connect to the CLI using Windows HyperTerminal software.
  • Page 16 “Next steps” on page Select Retrieve default gateway from server and Override internal DNS options if your ISP supports them, select OK, and proceed to “Next steps” on page Go to step if you are not selecting these options. 01-28005-0017-20041101 Fortinet Inc.

  • Page 17: Factory Default Fortigate Configuration Settings

    Getting started Factory default FortiGate configuration settings Factory default FortiGate configuration settings The FortiGate unit is shipped with a factory default configuration. The default configuration allows you to connect to and use the FortiGate web-based manager to configure the FortiGate unit onto the network. To configure the FortiGate unit onto the network you add an administrator password, change network interface IP addresses, add DNS server IP addresses, and configure basic routing, if required.

  • Page 18: Factory Default Nat/Route Mode Network Configuration

    In Transparent mode, the FortiGate unit has the default network configuration listed in Table Table 4: Factory default Transparent mode network configuration Administrator User name: admin account Password: (none) 10.10.10.1 Management IP Netmask: 255.255.255.0 Primary DNS Server: 207.194.200.1 Secondary DNS Server: 207.194.200.129 Internal HTTPS, Ping Administrative access External Ping 01-28005-0017-20041101 Fortinet Inc.

  • Page 19: Factory Default Firewall Configuration

    Getting started Factory default FortiGate configuration settings Factory default firewall configuration FortiGate firewall policies control how all traffic is processed by the FortiGate unit. Until firewall policies are added, no traffic can be accepted by or pass through the FortiGate unit. The factory default configuration contains one firewall policy that allows all traffic originating on the internal network to access the Internet.

  • Page 20: Planning The Fortigate Configuration

    Your configuration plan depends on the operating mode that you select. The FortiGate unit can be configured in one of two modes: NAT/Route mode (the default) or Transparent mode. You can also configure the FortiGate unit and the network it protects using the default settings. 01-28005-0017-20041101 Fortinet Inc.

  • Page 21: Nat/Route Mode

    Getting started Planning the FortiGate configuration NAT/Route mode In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its interfaces are on different subnets. The following interfaces are available in NAT/Route mode: • External is the interface to the external network (usually the Internet). •...

  • Page 22: Configuration Options

    If you are configuring the FortiGate unit to operate in Transparent mode, you can switch to Transparent mode from the web-based manager and then use the setup wizard to add the administration password, the management IP address and gateway, and the DNS server addresses. 01-28005-0017-20041101 Fortinet Inc.

  • Page 23: Next Steps

    Getting started Next steps Next steps Now that your FortiGate unit is operating, you can proceed to configure it to connect to networks: • If you are going to operate the FortiGate unit in NAT/Route mode, go to “NAT/Route mode installation” on page •...
  • Page 24 Next steps Getting started 01-28005-0017-20041101 Fortinet Inc.

  • Page 25: Nat/Route Mode Installation

    FortiGate-50A Installation Guide Version 2.80 MR5 NAT/Route mode installation This chapter describes how to install the FortiGate unit in NAT/Route mode. For information about installing a FortiGate unit in Transparent mode, see “Transparent mode installation” on page 35. For more information about installing the FortiGate unit in NAT/Route mode, see “Planning the FortiGate configuration”...

  • Page 26: Dhcp Or Pppoe Configuration

    You can use the web-based manager for the initial configuration of the FortiGate unit. You can also continue to use the web-based manager for all FortiGate unit settings. For information about connecting to the web-based manager, see “Connecting to the web-based manager” on page 01-28005-0017-20041101 Fortinet Inc.

  • Page 27: Configuring Basic Settings

    NAT/Route mode installation Using the web-based manager Configuring basic settings After connecting to the web-based manager you can use the following procedures to complete the basic configuration of the FortiGate unit. To add/change the administrator password Go to System > Admin > Administrators. Select the Change Password icon for the admin administrator.

  • Page 28: Using The Command Line Interface

    <psswrd> To configure interfaces Log in to the CLI. Set the IP address and netmask of the internal interface to the internal IP address and netmask that you recorded in Table 6 on page 26. Enter: 01-28005-0017-20041101 Fortinet Inc.
  • Page 29 NAT/Route mode installation Using the command line interface config system interface edit internal set mode static set ip <address_ip> <netmask> Example config system interface edit internal set mode static set ip <192.168.120.99> <255.255.255.0> Set the IP address and netmask of the external interface to the external IP address and netmask that you recorded in Table 6 on page config system external...
  • Page 30 <gateway_IP> set device <interface> Example If the default gateway IP is 204.23.1.2 and this gateway is connected to the external interface: config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway 204.23.1.2 set device external 01-28005-0017-20041101 Fortinet Inc.

  • Page 31: Using The Setup Wizard

    NAT/Route mode installation Using the setup wizard Using the setup wizard From the web-based manager, you can use the setup wizard to complete the initial configuration of the FortiGate unit. For information about connecting to the web-based manager, see “Connecting to the web-based manager” on page If you are configuring the FortiGate unit to operate in NAT/Route mode (the default), you can use the setup wizard to: •...

  • Page 32: Starting The Setup Wizard

    When you have completed the initial configuration, you can connect the FortiGate unit between your internal network and the Internet. There are two 10/100 BaseTX connectors on the FortiGate-50A: • Internal for connecting to your internal network, • External for connecting to the Internet. 01-28005-0017-20041101 Fortinet Inc.

  • Page 33: Configuring The Networks

    NAT/Route mode installation Configuring the networks To connect the FortiGate-50A unit: Connect the Internal interface to the hub or switch connected to your internal network. Connect the External interface to the Internet. Connect to the public switch or router provided by your Internet Service Provider. If you are a DSL or cable subscriber, connect the External interface to the internal or LAN connection of your DSL or cable modem.
  • Page 34 After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.

  • Page 35: Transparent Mode Installation

    FortiGate-50A Installation Guide Version 2.80 MR5 Transparent mode installation This chapter describes how to install a FortiGate unit in Transparent mode. If you want to install the FortiGate unit in NAT/Route mode, see “NAT/Route mode installation” on page 25. For more information about installing the FortiGate unit in NAT/Route mode, “Planning the FortiGate configuration”...

  • Page 36: Using The Web-Based Manager

    To change the Management IP Go to System > Network > Management. Enter the management IP address and netmask that you recorded in Table 9 on page Select access methods and logging for any interfaces as required. Select Apply. 01-28005-0017-20041101 Fortinet Inc.

  • Page 37: Reconnecting To The Web-Based Manager

    Transparent mode installation Using the command line interface To configure DNS server settings Go to System > Network > DNS. Enter the IP address of the primary DNS server. Enter the IP address of the secondary DNS server. Select OK. To configure the default gateway Go to System >...
  • Page 38 Make sure that you are logged into the CLI. Set the default route to the default gateway that you recorded in Table 9 on page Enter: config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway <address_gateway> set device <interface> 01-28005-0017-20041101 Fortinet Inc.

  • Page 39: Using The Setup Wizard

    Transparent mode installation Using the setup wizard Example If the default gateway IP is 204.23.1.2 and this gateway is connected to port2: config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway 204.23.1.2 set device port2 Using the setup wizard From the web-based manager, you can use the setup wizard to begin the initial configuration of the FortiGate unit.

  • Page 40: Connecting The Fortigate Unit To Your Network

    Connect to the public switch or router provided by your Internet Service Provider. Figure 10: FortiGate-50A network connections Internal Network Management Computer Hub, Switch or Router Internal STATUS INTERNAL EXTERNAL LINK 100 LINK 100 FortiGate-50A External Public Switch or Router Internet 01-28005-0017-20041101 Fortinet Inc.

  • Page 41: Next Steps

    After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.
  • Page 42 If FortiProtect Distribution Network changes to Available, then the FortiGate unit can connect to the FDN. Select Scheduled Update and configure a schedule for receiving antivirus and attack definition updates. Select Apply. You can also select Update Now to receive the latest virus and attack definition updates. 01-28005-0017-20041101 Fortinet Inc.

  • Page 43: Index

    IP DHCP 17 synchronize with NTP server 34, 41 firewall setup wizard 6, 26, 31, 36, 39 starting 27, 32, 36, 39 Fortinet customer service 9 technical support 9 time zone 34, 41 Transparent mode HTTPS 6 changing to 37...
  • Page 44 Index 01-28005-0017-20041101 Fortinet Inc.

Table of Contents