Fortinet FortiGate FortiGate-200A Install Manual

Fortios 3.0 mr4

Hide thumbs Also See for FortiGate FortiGate-200A:

Administration manual (392 pages)

Install manual (56 pages)

Quick start manual (2 pages)

Table Of Contents

Table of Contents

Quick Links

Need help?

Do you have a question about the FortiGate FortiGate-200A and is the answer not in the manual?

Questions and answers

Summary of Contents for Fortinet FortiGate FortiGate-200A

Page 1 I N S T A L L G U I D E FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 www.fortinet.com...
Page 2 FortiOS 3.0 MR4 12 July 2007 01-30004-0268-20070712 © Copyright 2007 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.
Page 3: Table Of Contents
Document conventions... 10 Fortinet documentation ... 11 Fortinet documentation CDs ... 12 Fortinet Knowledge Center ... 12 Comments on Fortinet technical documentation ... 13 Customer service and technical support ... 13 Installing the FortiGate unit ... 15 Package Contents... 15 FortiGate-200A...
Page 4 Factory defaults ... 27 Configuring the FortiGate unit... 31 FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide Connecting to the FortiGate unit ... 21 Web-based manager ... 21 Front control buttons and LCD ... 21 Command line interface ... 21 Connecting to the web-based manager ...
Page 5 Contents Transparent mode installation ... 42 Preparing to configure Transparent mode ... 42 Using the web-based manager ... 43 Using the front control buttons and LCD ... 43 Using the command line interface ... 44 Connecting the FortiGate unit to your network... 46 Next Steps ...
Page 6 Contents FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide 01-30004-0268-20070712...
Page 7: Introduction
Introduction Introduction Welcome and thank you for selecting Fortinet products for your real-time network protection. The FortiGate™ Unified Threat Management System improves network security, reduces network misuse and abuse, and helps you use communications resources more efficiently without compromising the performance of your network.
Page 8: Fortigate-400A
(Antivirus, Intrusion Detection, etc.) and will also ensure your access to technical support. Fortinet offers a family of products that includes both software and hardware appliances for a complete network security solution including mail, logging, reporting, network management, and security along with FortiGate Unified Threat Management Systems.
Page 9: Forticlient
Distributed Checksum Clearinghouse (DCC) scanning and Bayesian scanning. Built on Fortinet’s award winning FortiOS and FortiASIC technology, FortiMail antivirus technology extends full content inspection capabilities to detect the most advanced email threats.
Page 10: Fortireporter
About this document FortiReporter FortiBridge FortiManager About this document Document conventions FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide FortiReporter™ Security Analyzer software generates easy-to-understand reports and can collect logs from any FortiGate unit, as well as over 30 network and security devices from third-party vendors.
Page 11: Typographic Conventions
CLI command syntax Document names Menu commands Program output Variables Fortinet documentation The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com. The following • FortiGate QuickStart Guide Provides basic information about connecting and installing a FortiGate unit.
Page 12: Fortinet Documentation Cds
Transparent mode. Includes detailed examples. All Fortinet documentation is available from the Fortinet documentation CD shipped with your Fortinet product. The documents on this CD are current at shipping time. For up-to-date versions of Fortinet documentation, see the Fortinet Knowledge Center.
Page 13: Comments On Fortinet Technical Documentation
Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com. Customer service and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and operate reliably in your network.
Page 14 Customer service and technical support Introduction FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide 01-30004-0268-20070712...
Page 15: Installing The Fortigate Unit
Q u i c k S t a r t G u i d e USER MANUAL Power CONSOLE INTERNAL DMZ1 DMZ2 WAN1 WAN2 Enter Switch FortiGate-200A Copyright 2006 Fortinet Incorporated. All rights reserved. Trademarks Products mentioned in this document are trademarks. Documentation...
Page 16: Mounting
Q u i c k S t a r t G u i d e USER MANUAL Power Power CONSOLE INTERNAL Enter Connection Switch FortiGate-300A Copyright 2006 Fortinet Incorporated. All rights reserved. Trademarks Products mentioned in this document are trademarks. Documentation 01-30004-0268-20070712 DMZ1 DMZ2 WAN1 WAN2...
Page 17: Mounting
Q u i c k S t a r t G u i d e USER MANUAL Power Power CONSOLE INTERNAL DMZ1 DMZ2 WAN1 WAN2 Enter Switch FortiGate-400A Copyright 2006 Fortinet Incorporated. All rights reserved. Trademarks Products mentioned in this document are trademarks. Documentation...
Page 18: Mounting
Q u i c k S t a r t G u i d e USER MANUAL Power Power Enter Connection Switch Copyright 2006 Fortinet Incorporated. All rights reserved. Trademarks Products mentioned in this document are trademarks. Documentation 01-30004-0268-20070712 CONSOLE INTERNAL...
Page 19: Mounting
Installing the FortiGate unit Mounting The FortiGate-500A can be installed on any stable surface. The FortiGate-500A unit can also be mounted on a standard 19-inch rack. It requires 1 U of vertical space in the rack. Table 4: Technical Specifications Dimensions Weight Power Requirements Power consumption: 140W...
Page 20: Powering Off The Fortigate Unit
Powering on the FortiGate unit Powering off the FortiGate unit FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide After a few seconds, SYSTEM STARTING appears on the LCD. The main menu setting appears on the LCD when the system is running. Menu [ Fortigat ->...
Page 21: Connecting To The Fortigate Unit
Installing the FortiGate unit Connecting to the FortiGate unit There are three methods of connecting and configuring the basic FortiGate settings: • the web-based manager • the front control buttons and LCD • the command line interface (CLI) Web-based manager You can configure and manage the FortiGate unit using HTTP or a secure HTTPS connection from any computer running Microsoft Internet Explorer 6.0 or recent browser.
Page 22 Connecting to the FortiGate unit FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide Start Internet Explorer and browse to the address https://192.168.1.99. (remember to include the “s” in https://). To support a secure HTTPS authentication method, the FortiGate unit ships with a self-signed security certificate, and is offered to remote clients whenever they initiate a HTTPS connection to the FortiGate unit.
Page 23: System Dashboard
Installing the FortiGate unit System Dashboard After logging into the web-based manager, the web browser displays the system dashboard. The dashboard provides you with all system status information in one location. For details on the information displayed on the dashboard, see the FortiGate Administration Command line interface You can access the FortiGate command line interface (CLI) by connecting a...
Page 24: Lcd Front Control Buttons
LCD front control buttons LCD front control buttons FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide Type admin and press Enter twice. The following prompt is displayed. Welcome! Type ? to list available commands. For information about how to use the CLI, see FortiGate CLI Reference.
Page 25: Using The Front Control Buttons And Lcd
Installing the FortiGate unit Down Using the front control buttons and LCD When the LCD displays the main menu, you can begin to configure the IP addresses, netmasks, default gateways, and if required, change the operating mode. Use the following procedures as a guide when configuring your FortiGate unit in To enter an IP address Press Enter to select the interfaces.
Page 26 LCD front control buttons Installing the FortiGate unit FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide 01-30004-0268-20070712...
Page 27: Factory Defaults
Factory defaults Factory defaults The FortiGate unit ships with a factory default configuration. The default configuration allows you to connect to and use the FortiGate web-based manager to configure the FortiGate unit onto the network. To configure the FortiGate unit to the network, you add an administrator password, change the network interface IP addresses, add DNS server IP addresses, and, if required, configure basic routing.
Page 28: Factory Default Transparent Mode Network Configuration
Factory default Transparent mode network configuration FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide Table 8: Factory default NAT/Route mode network configuration User name: Administrator account Password: Port 1 Netmask: Administrative Access: Port 2 Netmask: WAN1 (200A) Administrative Access: Port 4 Netmask: DMZ (200A)
Page 29: Factory Default Firewall Configuration
Factory defaults Factory default firewall configuration FortiGate firewall policies control how all traffic is processed by the FortiGate unit. Until firewall policies are added, no traffic can be accepted by or pass through the FortiGate unit. To allow traffic through the FortiGate unit, you can add firewall policies.
Page 30: Restoring The Default Settings
Restoring the default settings Restoring the default settings Restoring the default settings using the web-based manager Restoring the default settings using the CLI FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide The FortiGate unit comes preconfigured with four protection profiles. Strict To apply maximum protection to HTTP, FTP, IMAP, POP3, and SMTP traffic.
Page 31: Configuring The Fortigate Unit
You can also configure the FortiGate unit and the network it protects using the default settings. NAT/Route mode In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its interfaces are on different subnets. The following interfaces are available in NAT/Route mode:...
Page 32: Nat/Route Mode With Multiple External Network Connections
Planning the FortiGate configuration NAT/Route mode with multiple external network connections FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide You can add firewall policies to control whether communications through the FortiGate unit operates in NAT or Route mode. Firewall policies control the flow of traffic based on the source address, destination address, and service of each packet.
Page 33: Transparent Mode
You typically use the FortiGate unit in Transparent mode on a private network behind an existing firewall or behind a router. The FortiGate unit performs firewall functions, IPSec VPN, virus scanning, IPS web content filtering, and Spam filtering.
Page 34: Nat/Route Mode Installation
NAT/Route mode installation NAT/Route mode installation Preparing to configure the FortiGate unit in NAT/Route mode FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide For the most secure operation, you should change the configuration of the external interface so that it does not respond to ping requests. Not responding to ping requests makes it more difficult for a potential attacker to detect your FortiGate unit from the Internet.
Page 35: Dhcp Or Pppoe Configuration
Configuring the FortiGate unit • The front control buttons and LCD provide access to basic settings. See “Using the front control buttons and LCD” on page • The command line interface (CLI) is a complete text-based interface for configuring all settings. See The method you choose depends on the complexity of the configuration, access and equipment, and the type of interface you are most comfortable using.
Page 36: Adding A Default Route
DHCP or PPPoE. To add a default route Go to Router > Static. If the Static Route table contains a default route (IP and Mask set to 0.0.0.0), select the Delete icon to delete this route.
Page 37: Verifying The Web-Based Manager Configuration
Verify the connection To verify your connection, try the following: • browse to www.fortinet.com • retrieve or send email from your email account If you cannot browse to the web site or retrieve/send email from your account, review the previous steps to ensure all information was entered correctly and try again.
Page 38: Adding A Default Gateway Using The Front Control Buttons And Lcd
LCD should be displayed. Verify the connection To verify your connection, try the following: • browse to www.fortinet.com • retrieve or send email from your email account If you cannot browse to the web site or retrieve/send email from your account, review the previous steps to ensure all information was entered correctly and try again.
Page 39 Configuring the FortiGate unit To configure interface Log into the CLI. Set the IP address and netmask of the internal interface to the internal IP address and netmask you recorded in config system interface Example config system interface Set the IP address and netmask of the external interface to the external IP address and netmask you recorded in config system interface Example...
Page 40: Adding A Default Route
DHCP or PPPoE. To add a default route Set the default route to the Default Gateway IP address. Enter: config router static edit <seq_num> set dst <class_ip&net_netmask> set gateway <gateway_IP>...
Page 41: Connecting The Fortigate Unit To The Network(S)
Connect the External interface to the Internet. Connect to the public switch or router provided by your ISP. If you are a DSL or cable subscriber, connect the External interface to the internal or LAN connection of your DSL or cable modem.
Page 42: Transparent Mode Installation
The management IP address and netmask must be valid for the network from which you will manage the FortiGate unit. Add a default gateway if the FortiGate unit must connect to a router to reach the management computer. Primary DNS Server:...
Page 43: Using The Web-Based Manager
Configuring the FortiGate unit Using the web-based manager Use the web-based manager to complete the initial configuration of the FortiGate unit. You can continue to use the web-based manager for all FortiGate unit settings. For information about connecting to the web-based manager, see the web-based manager”...
Page 44: Adding A Default Gateway Using The Front Control Buttons And Lcd
LCD should be displayed. Verify the connection To verify your connection, try the following: • browse to www.fortinet.com • retrieve or send email from your email account If you cannot browse to the web site or retrieve/send email from your account, review the previous steps to ensure all information was entered correctly and try again.
Page 45: Reconnecting To The Web-Based Manager
IP address. Browse to https:// followed by the new IP address. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field.
Page 46: Connecting The Fortigate Unit To Your Network
Connect the External interface to network segment connected to the external firewall or router. Connect to the public switch or router provided by your ISP. Optionally connect the port or other interface that connects to other networks. Figure 12: FortiGate-500A Transparent mode connections...
Page 47: Set The Date And Time
You can update your antivirus and IPS signatures using the web-based manager or the CLI. Before you can begin receiving updates, you must register your FortiGate unit from the Fortinet web page. Note: Update AV and IPS signatures on a regular basis. If you do not update AV and IPS signatures regularly, the FortiGate unit can become vulnerable to new viruses.
Page 48: Updating Antivirus And Ips Signatures From The Web-Based Manager
Next Steps FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide After registering your FortiGate unit, verify the FortiGate unit can connect to the FDN: • Check that the FortiGate unit’s system time is correct. • From the web-based manager, select refresh from the FortiGuard Center. If you cannot connect to the FDN, follow the procedure for registering your FortiGate unit and try again or see “Adding an override server”...
Page 49: Scheduling Antivirus And Ips Updates
Configuring the FortiGate unit Scheduling antivirus and IPS updates You can schedule regular, automatic updates of antivirus and IPS signatures, either from the web-based manager or the CLI. To enable schedule updates from the web-based manager Go to System > Maintenance > FortiGuard Center. Select the blue arrow for AntiVirus and IPS Downloads to expand the options.
Page 50 Next Steps FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide Type the fully qualified domain name or IP address of a FortiGuard server. Select Apply. The FortiGate unit tests the connection to the override server. If the FDN setting changes to available, the FortiGate unit has successfully connected to the override server.
Page 51: Fortigate Firmware
FortiGate Firmware FortiGate Firmware Fortinet periodically updates the FortiGate firmware to include enhancements and address issues. After you have registered your FortiGate unit, FortiGate firmware is available for download at the support web site, http://support.fortinet.com. Only the FortiGate administrators (whose access profiles contain system configuration read and write privileges) and a FortiGate admin user can change the FortiGate firmware.
Page 52: Upgrading The Firmware Using The Cli
Upgrading to a new firmware version Upgrading the firmware using the CLI FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide Select OK. The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, restarts, and displays the FortiGate login. This process takes a few minutes.
Page 53: Reverting To A Previous Firmware Version
FortiGate Firmware To confirm the firmware image is successfully installed, enter: get system status Update antivirus and attack definitions (see the or from the CLI, enter: execute update-now Reverting to a previous firmware version Use the web-based manager or CLI procedure to revert to a previous firmware version.
Page 54: Reverting To A Previous Firmware Version Using The Cli
Reverting to a previous firmware version Reverting to a previous firmware version using the CLI FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide Go to System > Status and check the Firmware Version to confirm the firmware is successfully installed. Restore your configuration.
Page 55 FortiGate Firmware Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit: execute restore image <name_str> <tftp_ipv4> Where <name_str> is the name of the firmware image file and <tftp_ip> is the IP address of the TFTP server. For example, if the firmware image file name is v280image.out and the IP address of the TFTP server is 192.168.1.168, enter: execute restore image v2.80image.out 192.168.1.168 The FortiGate unit responds with this message:...
Page 56: Installing Firmware Images From A System Reboot Using The Cli
Installing firmware images from a system reboot using the CLI Installing firmware images from a system reboot using the CLI FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide This procedure installs a specified firmware image and resets the FortiGate unit to default settings.
Page 57 FortiGate Firmware Enter the following command to restart the FortiGate unit. execute reboot The FortiGate unit responds with the following message: This operation will reboot the system! Do you want to continue? (y/n) Type y. As the FortiGate unit starts, a series of system startup messages is displayed. When one of the following messages appears: •...
Page 58: Restoring The Previous Configuration
If so, the FortiGate unit installs the configuration file and firmware image file directly from the key to the unit. Note: The FortiUSB key is purchased separately. The FortiGate unit only supports the FortiUSB key available from Fortinet. FortiGate Firmware FortiGate...
Page 59: Backup And Restore From The Fortiusb Key
FortiGate Firmware Backup and Restore from the FortiUSB key Use the FortiUSB key to either backup a configuration file or restore a configuration file. You should always make sure the FortiUSB key is properly install before proceeding since the FortiGate unit must recognize that the key is installed in its USB port.
Page 60: Additional Cli Commands For The Fortiusb Key
The FortiUSB key Additional CLI Commands for the FortiUSB key FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide The following procedures use both the web-based manager and the CLI. However, it is recommended you use the CLI since the login screen may appear before the installation is complete.
Page 61: Testing A New Firmware Image Before Installing It
FortiGate Firmware Note: If you are trying to delete a configuration file from the CLI command interface, and the filename contains spaces, you will need quotations around the filename before you can delete the file from the FortiUSB key. Testing a new firmware image before installing it You can test a new firmware image by installing the firmware image from a system reboot and saving it to system memory.
Page 62 Testing a new firmware image before installing it FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide Note: You have only 3 seconds to press any key. If you do not press a key soon enough, the FortiGate unit reboots and you must login and repeat the execute reboot command.
Page 63: Get System Status
FortiGate Firmware To confirm the new firmware image has been loaded, from the CLI enter: get system status You can test the new firmware image as required. FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide 01-30004-0268-20070712 Testing a new firmware image before installing it...
Page 64 Testing a new firmware image before installing it FortiGate Firmware FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide 01-30004-0268-20070712...
Page 65: Index
61 upgrading firmware version 51 upgrading using CLI 52 upgrading using web-based manager 51 FortiGate documentation commenting on 13 Fortinet customer service 13 Fortinet documentation 11 Fortinet Family Products 8 FortiBridge 10 FortiClient 9 FortiGuard 8 FortiLog 9...
Page 66 using the CLI 44 using web-based manager 43 updating adding override server 49 antivirus and IPS, web-based manager 48 IPS using CLI 48 scheduling updates 49 updating antivirus and IPS signatures 47 upgrading firmware using the CLI 52 firmware using web-based manager 51 USB Auto-Install 59 FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide using LCD, front control buttons 37, 43...
Page 67 www.fortinet.com...
Page 68 www.fortinet.com...

This manual is also suitable for:

Fortigate-300a Fortigate-400a Fortigate-500a

Fortinet FortiGate FortiGate-200A Install Manual

Contents

Introduction

About the Fortigate Units

Fortinet Family Products

About this Document

Fortinet Documentation

Customer Service and Technical Support

Installing the Fortigate Unit

Package Contents

Powering on the Fortigate Unit

Connecting to the Fortigate Unit

LCD Front Control Buttons

Factory Defaults

Restoring the Default Settings

Configuring the Fortigate Unit

Planning the Fortigate Configuration

Preventing the Public Fortigate Interface from Responding to Ping Requests

Nat/Route Mode Installation

Transparent Mode Installation

Next Steps

Fortigate Firmware

Upgrading to a New Firmware Version

Reverting to a Previous Firmware Version

Installing Firmware Images from a System Reboot Using the CLI

The Fortiusb Key

Testing a New Firmware Image before Installing It

Index