1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate-100
  6. Installation manual

Fortinet FortiGate FortiGate-100 Installation Manual

Fortinet fortigate fortigate-100: install guide
Hide thumbs Also See for FortiGate FortiGate-100:
Table of Contents

Advertisement

Quick Links

See also: Administration Manual , Installation Manual
FortiGate 100

Installation Guide

INTERNAL
EXTERNAL
DMZ
Version 2.80 MR4
30 August 2004
01-28004-0019-20040830
POWER
STATUS

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate FortiGate-100

Summary of Contents for Fortinet FortiGate FortiGate-100

  • Page 1: Installation Guide

    FortiGate 100 Installation Guide POWER INTERNAL EXTERNAL STATUS Version 2.80 MR4 30 August 2004 01-28004-0019-20040830...
  • Page 2 Products mentioned in this document are trademarks or registered trademarks of their respective holders. Regulatory Compliance FCC Class A Part 15 CSA/CUS For technical support, please visit http://www.fortinet.com. Send information about errors or omissions in this document or any Fortinet technical documentation to techdoc@fortinet.com.

  • Page 3: Table Of Contents

    Command line interface ... 6 Setup wizard ... 7 Document conventions ... 7 Fortinet documentation ... 8 Comments on Fortinet technical documentation... 9 Customer service and technical support... 10 Getting started ... 11 Package contents ... 12 Mounting ... 12 Turning the FortiGate unit power on and off ...
  • Page 4 High availability configuration settings ... 45 Configuring FortiGate units for HA using the web-based manager ... 47 Configuring FortiGate units for HA using the CLI... 48 Connecting the cluster to your networks... 49 Installing and configuring the cluster... 51 Index ... 53 01-28004-0019-20040830 Fortinet Inc.

  • Page 5: Introduction

    • • The FortiGate Antivirus Firewall uses Fortinet’s Accelerated Behavior and Content Analysis System (ABACAS™) technology, which leverages breakthroughs in chip design, networking, security, and content analysis. The unique ASIC-based architecture analyzes content and behavior in real-time, enabling key applications to be deployed right at the network edge where they are most effective at protecting your networks.

  • Page 6: Web-Based Manager

    This Installation Guide contains information about basic and advanced CLI commands. For a more complete description about connecting to and using the FortiGate CLI, see the FortiGate CLI Reference Guide. 01-28004-0019-20040830 Introduction Fortinet Inc.

  • Page 7: Setup Wizard

    Introduction Setup wizard The FortiGate setup wizard provides an easy way to configure the basic initial settings for the FortiGate unit. The wizard walks through the configuration of a new administrator password, FortiGate interfaces, DHCP server settings, internal servers (web, FTP, etc.), and basic antivirus settings. Document conventions This guide uses the following conventions to describe command syntax.

  • Page 8: Fortinet Documentation

    Setup wizard • Fortinet documentation Information about FortiGate products is available from the following FortiGate User Manual volumes: • • • • • • A space to separate options that can be entered in any combination and must be separated by spaces.

  • Page 9: Comments On Fortinet Technical Documentation

    FortiGate unit. For a complete list of FortiGate documentation visit Fortinet Technical Support at http://support.fortinet.com. Comments on Fortinet technical documentation You can send information about errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com. FortiGate-100 Installation Guide...

  • Page 10: Customer Service And Technical Support

    Fortinet technical support web site at http://support.fortinet.com. You can also register FortiGate Antivirus Firewalls from http://support.fortinet.com and change your registration information at any time. Fortinet email support is available from the following addresses: amer_support@fortinet.com For customers in the United States, Canada, Mexico, Latin...

  • Page 11: Getting Started

    Getting started This section describes unpacking, setting up, and powering on a FortiGate Antivirus Firewall unit. This section includes: • • • • • • • • FortiGate-100 Installation Guide FortiGate-100 Installation Guide Version 2.80 MR4 Package contents Mounting Turning the FortiGate unit power on and off Connecting to the web-based manager Connecting to the command line interface (CLI) Factory default FortiGate configuration settings...

  • Page 12: Package Contents

    Power requirements • • FortiGate-100 Antivirus Firewall one orange crossover ethernet cable (Fortinet part number CC300248) one gray regular ethernet cable (Fortinet part number CC300249) one null modem cable (Fortinet part number CC300247) FortiGate-100 Quick Start Guide CD containing the FortiGate user documentation...

  • Page 13: Turning The Fortigate Unit Power On And Off

    Getting started Environmental specifications • • • Turning the FortiGate unit power on and off To power on the FortiGate unit Connect the AC adapter to the power connection at the back of the FortiGate-100 unit. Connect the AC adapter to the power cable. Connect the power cable to a power outlet.

  • Page 14: Connecting To The Web-Based Manager

    FortiGate unit using the CLI. Configuration changes made with the CLI are effective immediately without resetting the firewall or interrupting service. a computer with an ethernet connection, Internet Explorer version 4.0 or higher, a crossover cable or an ethernet hub and two ethernet cables. 01-28004-0019-20040830 Getting started Fortinet Inc.
  • Page 15 Getting started To connect to the FortiGate CLI, you need: • • • Note: The following procedure describes how to connect to the CLI using Windows HyperTerminal software. You can use any terminal emulation program. To connect to the CLI Connect the null modem cable to the communications port of your computer and to the FortiGate Console port.

  • Page 16: Factory Default Fortigate Configuration Settings

    Factory default Transparent mode network configuration Factory default firewall configuration Factory default protection profiles User name: Password: 01-28004-0019-20040830 Table 2. This configuration allows you to Table 2, HTTPS admin (none) 192.168.1.99 Netmask: 255.255.255.0 Administrative Access: HTTP, HTTPS, Ping Getting started Fortinet Inc.

  • Page 17: Factory Default Transparent Mode Network Configuration

    Getting started Table 2: Factory default NAT/Route mode network configuration (Continued) External interface DMZ interface Network Settings Factory default Transparent mode network configuration In Transparent mode, the FortiGate unit has the default network configuration listed in Table Table 3: Factory default Transparent mode network configuration Administrator account Management IP...

  • Page 18: Factory Default Protection Profiles

    Select from any of the 50 pre-defined services to control traffic through the FortiGate unit that uses that service. The recurring schedule is valid at any time. Control how the FortiGate unit applies virus scanning, web content filtering, spam filtering, and IPS. Fortinet Inc.

  • Page 19: Planning The Fortigate Configuration

    Getting started The FortiGate unit comes preconfigured with four protection profiles. Strict Scan Unfiltered Figure 4: Web protection profile settings Planning the FortiGate configuration Before you configure the FortiGate unit, you need to plan how to integrate the unit into the network.

  • Page 20: Nat/Route Mode

    NAT/Route mode NAT/Route mode In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its interfaces are on different subnets. The following interfaces are available in NAT/Route mode: • • • You can add firewall policies to control whether communications through the FortiGate unit operate in NAT or Route mode.

  • Page 21: Transparent Mode

    The management IP address is also used for antivirus and attack definition updates. You typically use the FortiGate unit in Transparent mode on a private network behind an existing firewall or behind a router. The FortiGate unit performs firewall functions, IPSec VPN, virus scanning, IPS, web content filtering, and Spam filtering.

  • Page 22: Configuration Options

    DNS server IP addresses add the DHCP server settings and IP addresses add various internal server IP addresses including web, IMAP, POP3, SMTP, and FTP servers set the antivirus protection to high, medium, or none 01-28004-0019-20040830 Getting started Fortinet Inc.

  • Page 23: Next Steps

    Getting started Next steps Now that your FortiGate unit is operating, you can proceed to configure it to connect to networks: • • • FortiGate-100 Installation Guide If you are going to operate the FortiGate unit in NAT/Route mode, go to “NAT/Route mode installation”...
  • Page 24 Configuration options Getting started 01-28004-0019-20040830 Fortinet Inc.

  • Page 25: Nat/Route Mode Installation

    NAT/Route mode installation This chapter describes how to install the FortiGate unit in NAT/Route mode. For information about installing a FortiGate unit in Transparent mode, see mode installation” on page units in HA mode, see about installing the FortiGate unit in NAT/Route mode, see configuration”...

  • Page 26: Dhcp Or Pppoe Configuration

    The default gateway directs all non-local traffic to this interface and to the external network. Primary DNS Server: Secondary DNS Server: 01-28004-0019-20040830 NAT/Route mode installation _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ Table 6 “Connecting to the Fortinet Inc.

  • Page 27: Configuring Basic Settings

    NAT/Route mode installation Configuring basic settings After connecting to the web-based manager you can use the following procedures to complete the basic configuration of the FortiGate unit. To add/change the administrator password Go to System > Admin > Administrators. Select the Change Password icon for the admin administrator. Enter the new password and enter it again to confirm.

  • Page 28: Using The Command Line Interface

    The default route is not required if the interface connected to the external network is configured using DHCP or PPPoE. Go to System > Router > Static. If the Static Route table contains a default route (IP and Mask set to 0.0.0.0), select the Delete icon to delete this route.
  • Page 29 NAT/Route mode installation To configure interfaces Log in to the CLI. Set the IP address and netmask of the internal interface to the internal IP address and netmask that you recorded in Example Set the IP address and netmask of the external interface to the external IP address and netmask that you recorded in Example To set the external interface to use DHCP, enter:...
  • Page 30 Set the default route to the Default Gateway IP address. Enter: config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway <gateway_IP> set device <interface> config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway 204.23.1.2 set device external 01-28004-0019-20040830 NAT/Route mode installation Fortinet Inc.

  • Page 31: Using The Setup Wizard

    NAT/Route mode installation Using the setup wizard From the web-based manager, you can use the setup wizard to complete the initial configuration of the FortiGate unit. For information about connecting to the web-based manager, see If you are configuring the FortiGate unit to operate in NAT/Route mode (the default), you can use the setup wizard to: •...

  • Page 32: Starting The Setup Wizard

    Create a protection profile that enables virus scanning, for HTTP, FTP, IMAP, POP3, and SMTP (recommended). Add this protection profile to a default firewall policy. Do not configure antivirus protection. to fill in the wizard fields. Fortinet Inc.
  • Page 33 Connect the Internal interface to the hub or switch connected to your internal network. Connect the External interface to the Internet. Connect to the public switch or router provided by your Internet Service Provider. If you are a DSL or cable subscriber, connect the External interface to the internal or LAN connection of your DSL or cable modem.

  • Page 34: Configuring The Networks

    For the DMZ network, change the default gateway address of all computers and routers connected directly to your DMZ network to the IP address of the FortiGate DMZ interface. For the external network, route all packets to the FortiGate external interface. 01-28004-0019-20040830 NAT/Route mode installation Fortinet Inc.
  • Page 35 After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.
  • Page 36 Reconnecting to the web-based manager NAT/Route mode installation 01-28004-0019-20040830 Fortinet Inc.

  • Page 37: Transparent Mode Installation

    Transparent mode installation This chapter describes how to install a FortiGate unit in Transparent mode. If you want to install the FortiGate unit in NAT/Route mode, see page availability installation” on page FortiGate unit in Transparent mode, see page This chapter describes: •...

  • Page 38: Using The Web-Based Manager

    The management IP address and netmask must be valid for the network from which you will manage the FortiGate unit. Add a default gateway if the FortiGate unit must connect to a router to reach the management computer. Primary DNS Server: Secondary DNS Server: _____._____._____._____...

  • Page 39: Reconnecting To The Web-Based Manager

    Otherwise, you can reconnect to the web-based manager by browsing to https://10.10.10.1. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field.
  • Page 40 <address_ip> set secondary <address_ip> config system dns set primary 293.44.75.21 set secondary 293.44.75.22 config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway <address_gateway> set device <interface> 01-28004-0019-20040830 Transparent mode installation Table 8 on page Fortinet Inc.

  • Page 41: Using The Setup Wizard

    Otherwise, you can reconnect to the web-based manager by browsing to https://10.10.10.1. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field.

  • Page 42: Connecting The Fortigate Unit To Your Network

    Connect the External interface to network segment connected to the external firewall or router. Connect to the public switch or router provided by your Internet Service Provider. Connect the DMZ interface to another network. Figure 10: FortiGate-100 Transparent mode connections...

  • Page 43: Next Steps

    After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.
  • Page 44 FDN. Select Scheduled Update and configure a schedule for receiving antivirus and attack definition updates. Select Apply. You can also select Update Now to receive the latest virus and attack definition updates. 01-28004-0019-20040830 Transparent mode installation Fortinet Inc.

  • Page 45: High Availability Installation

    High availability installation This chapter describes how to install two or more FortiGate units in an HA cluster. HA installation involves three basic steps: • • • For information about HA, see the FortiGate Administration Guide and the FortiOS High Availability technical note. Priorities of heartbeat device and monitor priorities The procedures in this chapter do not include steps for changing the priorities of heartbeat devices or for configuring monitor priorities settings.
  • Page 46 FortiGate unit with the highest serial number becomes the primary cluster unit. You can configure a FortiGate unit to always become the primary unit in the cluster by giving it a high priority and by selecting Override master. 01-28004-0019-20040830 High availability installation Fortinet Inc.

  • Page 47: Configuring Fortigate Units For Ha Using The Web-Based Manager

    High availability installation Table 9: High availability settings (Continued) Schedule Configuring FortiGate units for HA using the web-based manager Use the following procedure to configure each FortiGate unit for HA operation. To change the FortiGate unit host name Changing the host name is optional, but you can use host names to identify individual cluster units.

  • Page 48: Configuring Fortigate Units For Ha Using The Cli

    Connect to the CLI. Change the host name. “Connecting the cluster to your networks” on page “Connecting to the command line interface (CLI)” on page config system global set hostname <name_str> 01-28004-0019-20040830 High availability installation “Connecting the cluster to your networks” Fortinet Inc.

  • Page 49: Connecting The Cluster To Your Networks

    You must connect all matching interfaces in the cluster to the same hub or switch. Then you must connect these interfaces to their networks using the same hub or switch. Fortinet recommends using switches for all cluster connections for the best performance. FortiGate-100 Installation Guide...
  • Page 50 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Hub or Switch INTERNAL STATUS WAN1 WAN2 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Internal WAN1 Internet Router Fortinet Inc.

  • Page 51: Installing And Configuring The Cluster

    High availability installation Power on all the FortiGate units in the cluster. As the units start, they negotiate to choose the primary cluster unit and the subordinate units. This negotiation occurs with no user intervention and normally just takes a few seconds. Installing and configuring the cluster When negotiation is complete the you can configure the cluster as if it was a single FortiGate unit.
  • Page 52 Configuring FortiGate units for HA using the CLI High availability installation 01-28004-0019-20040830 Fortinet Inc.

  • Page 53: Index

    (Transparent mode) 40 environmental specifications 13 firewall setup wizard 6, 26, 31, 38, 41 starting 27, 32, 38, 41 Fortinet customer service 10 configuring FortiGate units for HA operation 45 connecting an HA cluster 49, 51 High availability 45...
  • Page 54 Index 01-28004-0019-20040830 Fortinet Inc.

This manual is also suitable for:

Fortigate 100

Table of Contents