Fortinet FortiGate FortiGate-200A Quick Start Manual

LED State
Green
Power
Off
Amber
Internal
WAN1
Flashing Amber
WAN2
DMZ1
Green
DMZ2
Off
Checking the Package Contents
Connector Type Speed
Internal RJ-45 10/100 Base-T
WAN1 and RJ-45 10/100 Base-T
WAN2
DMZ1 and RJ-45 10/100 Base-T
DMZ2
Console RJ-45 9600 Bps
USB USB
Connecting
Connect the FortiGate unit to a power outlet and to the internal and external networks.
• Place the unit on a stable surface. It requires 1.5 inches (3.75 cm) clearance above and
on each side to allow for cooling.
• Make sure the power switch on the back of the unit is turned off before connecting the
power and network cables.
• The following is displayed on the LCD when the unit is up and running:
Menu [ Fortigat -> ]
NAT, Standalone

Planning the Configuration

Before beginning to configure the FortiGate unit, you need to plan how to integrate the unit into your network. Your configuration plan depends on the operating mode you select: NAT/Route
mode (the default) or Transparent mode.
NAT/Route mode
In NAT/Route mode, each FortiGate unit is visible to the network that it is connected to. All of
its interfaces are on different subnets. Each interface that is connected to a network must be
Internal
192.168.1.99
WAN1
204.23.1.5
Internet
Router
10.10.10.1
NAT/Route mode policies
controlling traffic between
internal and external networks
No traffic can pass through the FortiGate unit until you add firewall policies. In NAT/Route
mode, firewall policies can operate in NAT mode or in Route mode. In NAT mode, the
FortiGate unit performs network address translation before IP packets are sent to the
destination network. In Route mode, no translation takes place.
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, FortiGuard, Web content filtering, Spam filtering,
intrusion prevention (IPS), and virtual private networking (VPN).
Description
The FortiGate unit is on.
The FortiGate unit is off.
The correct cable is in use and the connected
equipment has power.
Network activity at this interface.
The interface is connected at 100Mbps.
No link established.
Protocol Description
Ethernet A 4-port switch connection for up to four network
devices or the internal network.
Ethernet Redundant connections to the Internet.
Ethernet Optional connections to one or two DMZ networks,
or to other FortiGate-200A units for high availability
(HA). For details, see the Documentation CD-ROM.
RS-232 Optional connection to the management computer.
Provides access to the command line interface
(CLI).
USB Optional connection for the FortiUSB key, modem or
backup operation.
configured with an IP
Internal
address that is valid for
network
that network.
192.168.1.3
You would typically use
NAT/Route mode when the
FortiGate unit is deployed
DMZ
Route mode policies as a gateway between pri-
controlling traffic
between internal networks
vate and public networks.
In its default NAT/Route
DMZ
network
mode configuration, the
unit functions as a firewall.
Hub or switch
Firewall policies control
10.10.10.2
communications through
the FortiGate unit.
Esc Enter
A
© Copyright 2006 Fortinet Incorporated. All rights reserved.
Products mentioned in this document are trademarks or registered trade-
marks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
5 July 2006
Front
Esc Enter
A
Control
LCD
Buttons
Back
Esc Enter
A
Optional RJ-45 serial cable connects to management computer
Straight-through Ethernet cables
connect to computers on internal network
Power cable connects to power outlet

Transparent mode

In Transparent mode, the FortiGate unit is invisible to the network. All of its interfaces are on
the same subnet. You only have to configure a management IP address so that you can make
Gateway to public networks
204.23.1.5 10.10.10.2
WAN1
Internet
Router
10.10.10.1
Management IP
Transparent mode policies
controlling traffic between
internal and external networks
You can connect up to four network segments to the FortiGate unit to control traffic between
these network segments.
CONSOLE USB INTERNAL DMZ1 DMZ2 WAN1 WAN2
1 2 3 4
FortiGate-200A
01-30002-0070-20060705
CONSOLE USB INTERNAL DMZ1 DMZ2 WAN1 WAN2
1 2 3 4
Serial Internal WAN
Port (4-port switch) 1, 2
USB DMZ Power
1, 2 LED
Rack-Mount Brackets
Power Power
Connection Switch
Documentation
CONSOLE USB INTERNAL DMZ1 DMZ2 WAN1 WAN2
1 2 3 4
Straight-through Ethernet cables connect
to Internet (public switch, router, or modem)
configuration changes.
Internal
You would typically use the
network
FortiGate unit in Transparent
mode on a private network
Internal
behind an existing firewall or
10.10.10.3
behind a router. In its default
Transparent mode configuration,
the unit functions as a firewall.
No traffic can pass through the
FortiGate unit until you add
firewall policies.
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
RJ-45 to
DB-9 Serial Cable
Power Cable
Q u i c k S t a r t G u i d e
CONSOLE USB INTERNAL DMZ1 DMZ2 WAN1 WAN2
Esc Enter 1 2 3 4
A
FortiGate-200A
Copyright 2006 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.