Fortinet FortiGate FortiGate-100 Quick Start Manual

LED State
Green
Power
Off
Flashing Green
Green
Status
Off
Green
Internal Flashing Green
External (front)
DMZ (front and back) Flashing Amber
(back)
Off
Checking the Package Contents
Connector Type Speed
Internal RJ-45 10/100 Base-T
External RJ-45 10/100 Base-T
DMZ RJ-45 10/100 Base-T
Console DB-9 9600 Bps
Connecting
Connect the FortiGate unit to a power outlet and to the internal and external networks.
• Place the unit on a stable surface. It requires 1.5 inches (3.75 cm) clearance above and
on each side to allow for cooling.
• Plug in power cable to unit before connecting power.
• The Status light flashes while the unit is starting up and turns off when the system is up
and running.

Planning the Configuration

Before beginning to configure the FortiGate unit, you need to plan how to integrate the unit into your network. Your configuration plan depends on the operating mode you select: NAT/Route
mode (the default) or Transparent mode.
NAT/Route mode
In NAT/Route mode, each FortiGate unit is visible to the network that it is connected to. All
of its interfaces are on different subnets. Each interface that is connected to a network must
Internal
External
204.23.1.5
Internet
DMZ
Router
NAT mode polices controlling
traffic between internal networks
tions through the FortiGate unit. No traffic can pass through the FortiGate unit until you add
firewall policies. In NAT/Route mode, firewall policies can operate in NAT mode or in Route
mode. In NAT mode, the FortiGate unit performs network address translation before IP
packets are sent to the destination network. In Route mode, no translation takes place.
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, FortiGuard, Web content filtering, Spam filtering,
intrusion prevention (IPS), and virtual private networking (VPN).

Choosing a Configuration Tool

Web-based manager
The FortiGate web-based manager is an easy to use management tool. Use it to configure
the administrator password, the interface and default gateway addresses, and the DNS
server addresses.
Requirements:
• An Ethernet connection between the FortiGate unit and management computer.
• Internet Explorer 6.0 or higher on the management computer.
Description
The FortiGate unit is on.
The FortiGate unit is off.
The FortiGate unit is starting up.
The FortiGate unit is running normally.
The FortiGate unit is powered off.
The correct cable is in use and the connected
equipment has power.
Network activity at this interface.
No link established.
Protocol Description
Ethernet Connection to the internal network.
Ethernet Connection to the Internet.
Ethernet Optional connection to a DMZ network, or other
FortiGate-100 units for high availability (HA). For
details, see the Documentation CD-ROM.
RS-232 Optional connection to the management computer.
Provides access to the command line interface
(CLI).
be configured with an IP
Internal
address that is valid for
network
192.168.1.99 that network.
You would typically use
NAT/Route mode when
192.168.1.3
the FortiGate unit is
Route mode policies
deployed as a gateway
controlling traffic
between internal networks.
between private and
public networks. In its
DMZ
network
default NAT/Route
.
10.10.10.1
mode configuration,
the unit functions as a
10.10.10.2
firewall. Firewall policies
control communica-
© Copyright 2006 Fortinet Incorporated. All rights reserved.
Products mentioned in this document are trademarks or registered trade-
marks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
5 July 2006
Front
Internal, External, DMZ
Back
DMZ External
DC +12V 5A Console
Power RS-232 Serial DMZ, External, Internal
Connection Connection
Interfaces
Power cable connects to power supply
DC +12V 5A Console
Optional straight-through Ethernet cable connects to DMZ network
Straight-through Ethernet cable connects to Internet (public switch, router or modem)

Transparent mode

In Transparent mode, the FortiGate unit is invisible to the network. All of its interfaces are on
the same subnet. You only have to configure a management IP address so that you can make
Gateway to public network
Internal
External
204.23.1.5 192.168.1.1
Internet
Router
192.168.1.2
Management IP
Transparent mode policies controlling
traffic between internal and
external networks.
You can connect up to four network segments to the FortiGate unit to control traffic between
these network segments.AAA
Command Line Interface (CLI)
The CLI is a full-featured management tool. Use it to configure the administrator password,
the interface addresses, the default gateway address, and the DNS server addresses. To
configure advanced settings, see the Documentation CD-ROM.
Requirements:
• The DB-9 serial connection between the FortiGate unit and management computer.
• A terminal emulation application (HyperTerminal for Windows) on the management
computer.
POWER
INTERNAL EXTERNAL DMZ
STATUS
FortiGate-100
01-30002-0033-20060705
POWER
INTERNAL EXTERNAL DMZ
STATUS
Status Power
Interfaces LED LED
Power Cable Power Supply
Internal
Documentation
Optional null modem cable connects to serial port on management computer
External Internal
DMZ
or
Crossover Ethernet cable connects to management computer on internal network
Straight-through Ethernet cable connects to LAN or switch on internal network
configuration changes.
You would typically use the
FortiGate unit in Trans-
Internal
parent mode on a private
network
network behind an existing
firewall or behind a router.
In its default Transparent
mode configuration, the unit
192.168.1.3
functions as a firewall. No
traffic can pass through the
FortiGate unit until you add
firewall policies.
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
Null-Modem Cable
(RS-232)
Q u i c k S t a r t G u i d e
INTERNAL EXTERNAL DMZ POWER
STATUS
FortiGate-100
Copyright 2006 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.