Fortinet FortiGate FortiGate-1000 Installation Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate FortiGate-1000
  6. Installation manual
Fortinet FortiGate FortiGate-1000 Installation Manual

Fortinet FortiGate FortiGate-1000 Installation Manual

Fortinet fortigate fortigate-1000: install guide
Hide thumbs Also See for FortiGate FortiGate-1000:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual, Installation Manual

Installation Guide

FortiGate 1000
Esc
Enter
1
2
3
4 / HA
INTERNAL
EXTERNAL
Version 2.80 MR4
30 August 2004
01-28004-0025-20040830

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FortiGate FortiGate-1000 and is the answer not in the manual?

Questions and answers

Related Manuals for Fortinet FortiGate FortiGate-1000

Summary of Contents for Fortinet FortiGate FortiGate-1000

  • Page 1: Installation Guide

    Installation Guide FortiGate 1000 Enter 4 / HA INTERNAL EXTERNAL Version 2.80 MR4 30 August 2004 01-28004-0025-20040830...
  • Page 2 CAUTION: RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. For technical support, please visit http://www.fortinet.com. Send information about errors or omissions in this document or any Fortinet technical documentation to techdoc@fortinet.com.

  • Page 3: Table Of Contents

    Command line interface ... 7 Setup wizard ... 7 Document conventions ... 7 Fortinet documentation ... 9 Comments on Fortinet technical documentation... 9 Customer service and technical support... 10 Getting started ... 11 Package contents ... 12 Mounting ... 12 Turning the FortiGate unit power on and off ...
  • Page 4 High availability configuration settings ... 47 Configuring FortiGate units for HA using the web-based manager ... 49 Configuring FortiGate units for HA using the CLI... 50 Connecting the cluster to your networks... 51 Installing and configuring the cluster... 53 Index ... 55 01-28004-0025-20040830 Fortinet Inc.

  • Page 5: Introduction

    • • The FortiGate Antivirus Firewall uses Fortinet’s Accelerated Behavior and Content Analysis System (ABACAS™) technology, which leverages breakthroughs in chip design, networking, security, and content analysis. The unique ASIC-based architecture analyzes content and behavior in real-time, enabling key applications to be deployed right at the network edge where they are most effective at protecting your networks.

  • Page 6: Secure Installation, Configuration, And Management

    The saved configuration can be restored at any time. Figure 1: FortiGate web-based manager and setup wizard the web-based manager, the front panel control buttons and LCD, the command line interface (CLI), or the setup wizard. 01-28004-0025-20040830 Introduction Fortinet Inc.

  • Page 7: Command Line Interface

    Introduction Command line interface You can access the FortiGate command line interface (CLI) by connecting a management computer serial port to the FortiGate RS-232 serial console connector. You can also use Telnet or a secure SSH connection to connect to the CLI from any network that is connected to the FortiGate unit, including the Internet.
  • Page 8 In most cases to make changes to lists that contain options separated by spaces, you need to retype the whole list including all the options you want to apply and excluding all the options you want to remove. 01-28004-0025-20040830 Introduction Fortinet Inc.

  • Page 9: Fortinet Documentation

    FortiGate unit. For a complete list of FortiGate documentation visit Fortinet Technical Support at http://support.fortinet.com. Comments on Fortinet technical documentation You can send information about errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com. FortiGate-1000 Installation Guide...

  • Page 10: Customer Service And Technical Support

    Fortinet technical support web site at http://support.fortinet.com. You can also register FortiGate Antivirus Firewalls from http://support.fortinet.com and change your registration information at any time. Fortinet email support is available from the following addresses: amer_support@fortinet.com For customers in the United States, Canada, Mexico, Latin...

  • Page 11: Getting Started

    Getting started This section describes unpacking, setting up, and powering on a FortiGate Antivirus Firewall unit. This section includes: • • • • • • • • FortiGate-1000 Installation Guide FortiGate-1000 Installation Guide Version 2.80 MR4 Package contents Mounting Turning the FortiGate unit power on and off Connecting to the web-based manager Connecting to the command line interface (CLI) Factory default FortiGate configuration settings...

  • Page 12: Package Contents

    Dimensions • Weight • FortiGate-1000 Antivirus Firewall two orange crossover ethernet cables (Fortinet part number CC300248) two blue regular ethernet cables (Fortinet part number CC300249) one null modem cable (Fortinet part number CC300247) FortiGate-1000 QuickStart Guide power cable CD containing the FortiGate user documentation...

  • Page 13: Turning The Fortigate Unit Power On And Off

    The FortiGate-1000 unit may overload your supply circuit and impact your overcurrent protection and supply wiring. Use appropriate equipment nameplate ratings to address this concern. Make sure that the FortiGate-1000 unit has reliable earthing. Fortinet recommends direct connections to the branch circuit. Operating temperature: 32 to 104°F (0 to 40°C) Storage temperature: -13 to 158°F (-25 to 70°C)

  • Page 14: Connecting To The Web-Based Manager

    No link established. Amber The correct cable is in use, and the connected equipment has power. Flashing Network activity at this interface. amber Green The interface is connected at 1000 Mbps. No link established. execute shutdown 01-28004-0025-20040830 Getting started Fortinet Inc.

  • Page 15: Connecting To The Command Line Interface (Cli)

    Getting started To connect to the web-based manager, you need: • • • Note: You can use the web-based manager with recent versions of most popular web browsers. The web-based manager is fully supported for Internet Explorer version 4.0 or higher. To connect to the web-based manager Set the IP address of the computer with an ethernet connection to the static IP address 192.168.1.2 with a netmask of 255.255.255.0.
  • Page 16 Type admin and press Enter twice. The following prompt is displayed: Welcome ! Type ? to list available commands. For information about how to use the CLI, see the FortiGate CLI Reference Guide. None None 01-28004-0025-20040830 Getting started Fortinet Inc.

  • Page 17: Factory Default Fortigate Configuration Settings

    Getting started Factory default FortiGate configuration settings The FortiGate unit is shipped with a factory default configuration. The default configuration allows you to connect to and use the FortiGate web-based manager to configure the FortiGate unit onto the network. To configure the FortiGate unit onto the network you add an administrator password, change network interface IP addresses, add DNS server IP addresses, and configure basic routing, if required.

  • Page 18: Factory Default Transparent Mode Network Configuration

    External Port 1 Port 2 Port 3 Port 4/HA 01-28004-0025-20040830 Getting started 0.0.0.0 0.0.0.0 Ping 0.0.0.0 0.0.0.0 Ping 0.0.0.0 0.0.0.0 Ping 192.168.100.1 external 207.192.200.1 207.192.200.129 admin (none) 10.10.10.1 255.255.255.0 207.194.200.1 207.194.200.129 HTTPS, Ping Ping Ping Ping Ping Ping Fortinet Inc.

  • Page 19: Factory Default Firewall Configuration

    Getting started Factory default firewall configuration FortiGate firewall policies control how all traffic is processed by the FortiGate unit. Until firewall policies are added, no traffic can be accepted by or pass through the FortiGate unit. To allow traffic through the FortiGate unit you can add firewall policies. See the FortiGate Administration Guide for information about adding firewall policies.

  • Page 20: Planning The Fortigate Configuration

    To apply no scanning, blocking or IPS. Use if you do not want to apply content protection to content traffic. You can add this protection profile to firewall policies for connections between highly trusted or highly secure networks where content does not need to be protected. 01-28004-0025-20040830 Getting started Fortinet Inc.

  • Page 21: Nat/Route Mode

    Getting started NAT/Route mode In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its interfaces are on different subnets. The following interfaces are available in NAT/Route mode: • • • • • You can add firewall policies to control whether communications through the FortiGate unit operate in NAT or Route mode.

  • Page 22: Transparent Mode

    The management IP address is also used for antivirus and attack definition updates. You typically use the FortiGate unit in Transparent mode on a private network behind an existing firewall or behind a router. The FortiGate unit performs firewall functions, IPSec VPN, virus scanning, IPS, web content filtering, and Spam filtering.

  • Page 23: Configuration Options

    LCD to switch to Transparent mode. Then you can add the management IP address and default gateway. FortiGate-1000 Installation Guide External can connect to the external firewall or router. Internal can connect to the internal network. Port 1, 2, and 3 can connect to other network segments.

  • Page 24: Next Steps

    If you are going to operate the FortiGate unit in Transparent mode, go to “Transparent mode installation” on page If you are going to operate the or more FortiGate units in HA mode, go to availability installation” on page 01-28004-0025-20040830 Getting started “High Fortinet Inc.

  • Page 25: Nat/Route Mode Installation

    NAT/Route mode installation This chapter describes how to install the FortiGate unit in NAT/Route mode. For information about installing a FortiGate unit in Transparent mode, see mode installation” on page units in HA mode, see about installing the FortiGate unit in NAT/Route mode, see configuration”...

  • Page 26: Dhcp Or Pppoe Configuration

    The default gateway directs all non-local traffic to this interface and to the external network. Primary DNS Server: Secondary DNS Server: 01-28004-0025-20040830 NAT/Route mode installation _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ Table 6 Fortinet Inc.

  • Page 27: Using The Web-Based Manager

    NAT/Route mode installation Using the web-based manager You can use the web-based manager for the initial configuration of the FortiGate unit. You can also continue to use the web-based manager for all FortiGate unit settings. For information about connecting to the web-based manager, see web-based manager”...

  • Page 28: Using The Front Control Buttons And Lcd

    The default route is not required if the interface connected to the external network is configured using DHCP or PPPoE. Go to System > Router > Static. If the Static Route table contains a default route (IP and Mask set to 0.0.0.0), select the Delete icon to delete this route.

  • Page 29: Using The Command Line Interface

    NAT/Route mode installation After you set the last digit of the Netmask, press Enter. Press Esc to return to the Main Menu. To add a default gateway to an interface The default gateway is usually configured for the interface connected to the Internet. You can use the procedure below to configure a default gateway for any interface.
  • Page 30 <204.23.1.5> <255.255.255.0> config system interface edit external set mode dhcp config system interface edit external set mode pppoe set connection enable set username <name_str> set password <psswrd> get system interface 01-28004-0025-20040830 NAT/Route mode installation Table 5 on page Fortinet Inc.
  • Page 31 <address_ip> config system dns set primary 293.44.75.21 set secondary 293.44.75.22 Set the default route to the Default Gateway IP address. Enter: config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway <gateway_IP> set device <interface> config router static edit 1 set dst 0.0.0.0 0.0.0.0...

  • Page 32: Using The Setup Wizard

    POP3 server IMAP server, or FTP server installed on an internal network, add the IP addresses of the servers here. 01-28004-0025-20040830 NAT/Route mode installation for other settings. Table 5 on page Table 5 on page _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ Fortinet Inc.

  • Page 33: Starting The Setup Wizard

    Table 5 on page 26 Table 7 on page 32 Internal for connecting to the internal network, External for connecting to your public switch or router and the Internet. 01-28004-0025-20040830 Connecting the FortiGate unit to the network(s) Create a protection profile that enables virus scanning, file blocking, and blocking of oversize email for HTTP, FTP, IMAP, POP3, and SMTP.
  • Page 34 To connect the FortiGate-1000 unit running in NAT/Route mode Connect the Internal interface to the hub or switch connected to the internal network. Connect the External interface to your public switch or router. Optionally connect interfaces 1, 2, 3, and 4/HA to networks.

  • Page 35: Configuring The Networks

    NAT/Route mode installation Configuring the networks If you are running the FortiGate unit in NAT/Route mode, the networks must be configured to route all Internet traffic to the IP address of the FortiGate interface to which they are connected. If you are using the FortiGate unit as the DHCP server for your internal network, configure the computers on your internal network for DHCP.
  • Page 36 After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.

  • Page 37: Transparent Mode Installation

    Transparent mode installation This chapter describes how to install a FortiGate unit in Transparent mode. If you want to install the FortiGate unit in NAT/Route mode, see page availability installation” on page FortiGate unit in Transparent mode, see page This chapter describes: •...

  • Page 38: Using The Web-Based Manager

    The management IP address and netmask must be valid for the network from which you will manage the FortiGate unit. Add a default gateway if the FortiGate unit must connect to a router to reach the management computer. Primary DNS Server: Secondary DNS Server: _____._____._____._____...

  • Page 39: Reconnecting To The Web-Based Manager

    Otherwise, you can reconnect to the web-based manager by browsing to https://10.10.10.1. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field.

  • Page 40: Using The Command Line Interface

    Welcome ! get system status Operation mode: Transparent Table 8 on page 38. Enter: config system manageip set ip <address_ip> <netmask> 01-28004-0025-20040830 Transparent mode installation 15. Use the to complete the following Fortinet Inc.
  • Page 41 <address_ip> set secondary <address_ip> config system dns set primary 293.44.75.21 set secondary 293.44.75.22 config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway <address_gateway> set device <interface> config router static edit 1 set dst 0.0.0.0 0.0.0.0...

  • Page 42: Using The Setup Wizard

    Otherwise, you can reconnect to the web-based manager by browsing to https://10.10.10.1. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field.
  • Page 43 Connect the Internal interface to the hub or switch connected to your internal network. Connect the External interface to the network segment connected to the external firewall or router. Optionally connect interfaces 1 to 4/HA to hubs or switches connected to your other networks.

  • Page 44: Next Steps

    After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.
  • Page 45 Transparent mode installation To configure virus, attack, and spam definition updates You can configure the FortiGate unit to automatically receive new versions of the virus, attack, and spam definitions on a schedule through the web-based manager. You can also receive updates whenever a threat occurs by using Push Updates. Go to System >...
  • Page 46 Next steps Transparent mode installation 01-28004-0025-20040830 Fortinet Inc.

  • Page 47: High Availability Installation

    High availability installation This chapter describes how to install two or more FortiGate units in an HA cluster. HA installation involves three basic steps: • • • For information about HA, see the FortiGate Administration Guide and the FortiOS High Availability technical note. Priorities of heartbeat device and monitor priorities The procedures in this chapter do not include steps for changing the priorities of heartbeat devices or for configuring monitor priorities settings.
  • Page 48 FortiGate unit with the highest serial number becomes the primary cluster unit. You can configure a FortiGate unit to always become the primary unit in the cluster by giving it a high priority and by selecting Override master. 01-28004-0025-20040830 High availability installation Fortinet Inc.

  • Page 49: Configuring Fortigate Units For Ha Using The Web-Based Manager

    High availability installation Table 9: High availability settings (Continued) Schedule Configuring FortiGate units for HA using the web-based manager Use the following procedure to configure each FortiGate unit for HA operation. To change the FortiGate unit host name Changing the host name is optional, but you can use host names to identify individual cluster units.

  • Page 50: Configuring Fortigate Units For Ha Using The Cli

    Connect to the CLI. Change the host name. “Connecting the cluster to your networks” on page “Connecting to the command line interface (CLI)” on page config system global set hostname <name_str> 01-28004-0025-20040830 High availability installation “Connecting the cluster to your networks” Fortinet Inc.

  • Page 51: Connecting The Cluster To Your Networks

    You must connect all matching interfaces in the cluster to the same hub or switch. Then you must connect these interfaces to their networks using the same hub or switch. Fortinet recommends using switches for all cluster connections for the best performance. FortiGate-1000 Installation Guide...
  • Page 52 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Hub or Switch INTERNAL STATUS WAN1 WAN2 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Internal WAN1 Internet Router Fortinet Inc.

  • Page 53: Installing And Configuring The Cluster

    High availability installation Power on all the FortiGate units in the cluster. As the units start, they negotiate to choose the primary cluster unit and the subordinate units. This negotiation occurs with no user intervention and normally just takes a few seconds. Installing and configuring the cluster When negotiation is complete the you can configure the cluster as if it was a single FortiGate unit.
  • Page 54 Installing and configuring the cluster High availability installation 01-28004-0025-20040830 Fortinet Inc.

  • Page 55: Index

    (Transparent mode) 41 environmental specifications 13 firewall setup wizard 6, 27, 32, 38, 42 starting 27, 33, 38, 42 Fortinet customer service 10 front keypad and LCD configuring IP address 39 configuring FortiGate units for HA operation 47 connecting an HA cluster 51, 53...
  • Page 56 Index 01-28004-0025-20040830 Fortinet Inc.

This manual is also suitable for:

Fortigate 1000

Table of Contents