Fortinet FortiGate FortiGate-200 Quick Start Manual

LED State
Green
Power
Off
Flashing Green
Green
Status
Off
Green
Internal,
Flashing Green
External
DMZ
Flashing Amber
Off
Checking the Package Contents
Connector Type Speed
Internal RJ-45 10/100 Base-T
External RJ-45 10/100 Base-T
DMZ RJ-45 10/100 Base-T
Console DB-9 9600 Bps
Connecting
Connect the FortiGate unit to a power outlet and to the internal and external networks.
• Place the unit on a stable surface. It requires 1.5 inches (3.75 cm) clearance above and
on each side to allow for cooling.
• Plug in power cable to unit before connecting power.
• The Status light flashes while the unit is starting up and turns off when the system is up
and running.

Planning the Configuration

Before beginning to configure the FortiGate unit, you need to plan how to integrate the unit into your network. Your configuration plan depends on the operating mode you select: NAT/Route
mode (the default) or Transparent mode.
NAT/Route mode
In NAT/Route mode, each FortiGate unit is visible to the network that it is connected to. All of
its interfaces are on different subnets. Each interface that is connected to a network must be
Internal
192.168.1.99
External
204.23.1.5
Internet
DMZ
10.10.10.1
NAT policies controlling
traffic between internal
and external networks.
the FortiGate unit. No traffic can pass through the FortiGate unit until you add firewall poli-
cies. In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In
NAT mode, the FortiGate unit performs network address translation before IP packets are
sent to the destination network. In Route mode, no translation takes place.
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, FortiGuard, Web content filtering, Spam filtering,
intrusion prevention (IPS), and virtual private networking (VPN).
Description
The FortiGate unit is on.
The FortiGate unit is off.
The FortiGate unit is starting up.
The FortiGate unit is running normally.
The FortiGate unit is powered off.
The correct cable is in use and the connected
equipment has power.
Network activity at this interface.
Network activity at this interface.
No link established.
Protocol Description
Ethernet Connection to the internal network.
Ethernet Connection to the internet.
Ethernet Optional connection to a DMZ network, or to other
FortiGate-200 units for high availability. For details,
see the Documentation CD-ROM.
RS-232 Optional connection to the management computer.
Provides access to the command line interface
(CLI).
configured with an IP
address that is valid for
Internal
that network.
network
You would typically use
NAT/Route mode when
192.168.1.3
the FortiGate unit is
deployed as a gateway
Route mode policies
controlling traffic between
Internal networks.
between private and
DMZ
public networks. In its
network
default NAT/Route mode
configuration, the unit
functions as a firewall.
10.10.10.2
Firewall policies control
communications through
POWER STATUS INTERNAL EXTERNAL DMZ
© Copyright 2006 Fortinet Incorporated. All rights reserved.
Products mentioned in this document are trademarks or registered trade-
marks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
5 July 2006
Front
POWER STATUS INTERNAL EXTERNAL DMZ
Power Status Internal, External, RS-232 Serial
DMZ Interface LEDs Connection
LED LED
Back
Removable
Hard Drive
Optional null modem cable connects to serial port on management computer
POWER STATUS INTERNAL EXTERNAL DMZ
CONSOLE INTERNAL EXTERNAL DMZ
or
Straight-through Ethernet cable connects to Internet (public switch, router or modem)
Crossover Ethernet cable connects to management computer on internal network
Straight-through Ethernet cable connects to LAN or switch on internal network

Transparent mode

In Transparent mode, the FortiGate unit is invisible to the network. All of its interfaces are on
the same subnet. You only have to configure a management IP address so that you can make
Gateway to public network
204.23.1.5 10.10.10.2
External Internal
Internet
Router
10.10.10.1
Management IP
Transparent mode policies
controlling traffic between
internal and external networks
You can connect up to four network segments to the FortiGate unit to control traffic between
these network segments.
CONSOLE INTERNAL EXTERNAL DMZ
FortiGate-200
01-30002-0034-20060705
CONSOLE INTERNAL EXTERNAL DMZ
Internal External DMZ
Interface Interface Interface
Power Power
USER MANUAL
Switch Connection
Power cable connects to power outlet
Optional straight-through Ethernet cable connects to DMZ network
configuration changes.
You would typically use the
Internal
network
FortiGate unit in Transparent
mode on a private network
behind an existing firewall or
behind a router. In its default
Transparent mode configuration,
the unit functions as a firewall.
No traffic can pass through the
FortiGate unit until you add
firewall policies.
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
Null-Modem Cable
(RS-232)
Power Cable
Rack-Mount Brackets
FortiGate-200
POWER STATUS INTERNAL EXTERNAL DMZ CONSOLE INTERNAL EXTERNAL DMZ
QuickStart Guide
Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.
Documentation