Fortinet FortiGate FortiGate-3000 Install Manual
Fortios 3.0mr4
Hide thumbs
Also See for FortiGate FortiGate-3000:
- Administration manual (398 pages) ,
- Installation manual (56 pages) ,
- Quick start manual (2 pages)
Related Manuals for Fortinet FortiGate FortiGate-3000
Summary of Contents for Fortinet FortiGate FortiGate-3000
- Page 1 I N S T A L L G U I D E FortiGate-3000 and FortiGate-3600 FortiOS 3.0MR4 www.fortinet.com...
- Page 2 FortiOS 3.0MR4 15 February 2007 01-30004-0270-20070215 © Copyright 2007 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.
-
Page 3: Table Of Contents
FortiManager ... 10 About this document... 10 Document conventions... 10 FortiGate documentation ... 11 Fortinet Tools and Documentation CD ... 12 Fortinet Knowledge Center ... 12 Comments on Fortinet technical documentation ... 12 Customer service and technical support ... 13 Installing the FortiGate unit ... - Page 4 Factory defaults ... 25 Configuring the FortiGate unit... 31 System Dashboard ... 22 Connecting to the CLI ... 22 LCD front control buttons... 23 Using the front control buttons and LCD... 23 Factory default NAT/Route mode network configuration ... 26 Factory default Transparent mode network configuration...
- Page 5 Contents Using the command line interface ... 46 Connecting the FortiGate unit to your network... 47 Next steps... 48 Set the date and time ... 48 Updating antivirus and IPS signatures ... 49 FortiGate Firmware ... 53 Upgrading to a new firmware version... 53 Upgrading the firmware using the web-based manager ...
- Page 6 Contents FortiGate-3000 and FortiGate-3600 FortiOS 3.0MR4 Install Guide 01-30004-0270-20070215...
-
Page 7: Introduction
Introduction Introduction Welcome and thank you for selecting Fortinet products for your real-time network protection. The FortiGate™ Unified Threat Management System improves network security, reduces network misuse and abuse, and helps you use communications resources more efficiently without compromising the performance of your network. -
Page 8: Fortigate-3600
(Antivirus, Intrusion Detection, etc.) and will also ensure your access to technical support. Fortinet offers a family of products that includes both software and hardware appliances, for a complete network security solution including mail, logging, reporting, network management, and security along with FortiGate Unified Threat Management Systems. -
Page 9: Forticlient
FortiMail unit has reliable, high performance features for detecting and blocking malicious attachments such as Distributed Checksum Clearinghouse (DCC) scanning and Bayesian scanning. Built on Fortinet’s award winning FortiOS and FortiASIC technology, FortiMail antivirus technology extends full content inspection capabilities to detect the most advanced email threats. -
Page 10: Fortibridge
About this document FortiBridge FortiManager About this document Document conventions FortiBridge™ products are designed to provide enterprise organizations with continuous network traffic flow in the event of a power outage or a FortiGate system failure. The FortiBridge unit bypasses the FortiGate unit to make sure that the network can continue processing traffic. -
Page 11: Typographic Conventions
CLI command syntax Document names Menu commands Program output Variables FortiGate documentation The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com. The following • FortiGate QuickStart Guide Provides basic information about connecting and installing a FortiGate unit. -
Page 12: Fortinet Tools And Documentation Cd
Transparent mode. Includes detailed examples. All Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current at shipping time. For up-to-date versions of Fortinet documentation see the Fortinet Technical Documentation web site at http://docs.forticare.com. -
Page 13: Customer Service And Technical Support
Introduction Customer service and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and operate reliably in your network. Please visit the Fortinet Technical Support web site at to learn about the technical support services that Fortinet provides. - Page 14 Customer service and technical support Introduction FortiGate-3000 and FortiGate-3600 FortiOS 3.0MR4 Install Guide 01-30004-0270-20070215...
-
Page 15: Installing The Fortigate Unit
The FortiGate-3000 package contains the following items: • FortiGate-3000 Unified Threat Management System • one orange crossover Ethernet cable (Fortinet part number CC300248) • one gray straight-through Ethernet cable (Fortinet part number CC300249) • one null-modem cable (Fortinet part number CC300247) •... -
Page 16: Mounting
Use appropriate equipment nameplate ratings to address this concern. • Make sure the FortiGate-3000 unit has reliable grounding. Fortinet recommends direct connection to the branch circuit. Environmental Operating temperature: 32 to 104 F (0 to 40 C) -
Page 17: Mounting
Use appropriate equipment nameplate ratings to address this concern. • Make sure the FortiGate-3600 unit has reliable grounding. Fortinet recommends direct connection to the branch circuit. Operating temperature: 32 to 104 F (0 to 40 C) - Page 18 Powering on the FortiGate unit After a few seconds, SYSTEM STARTING appears on the LCD. The main menu setting appears on the LCD when the system is running. Menu [ Fortigat -> ] NAT, Standalone The FortiGate unit starts and the Power LEDs light up. Table 3: LED indicators State Description...
-
Page 19: Powering Off The Fortigate Unit
Installing the FortiGate unit Powering off the FortiGate unit Always shut down the FortiGate operating system properly before turning off the power switch to avoid potential hardware problems. To power off the FortiGate unit From the web-based manager, go to System > Status. In the Unit Operation display, select Shutdown, or from the CLI enter: execute shutdown Disconnect the power cables from the power supply. -
Page 20: Connecting To The Web-Based Manager
Connecting the FortiGate unit Connecting to the web-based manager Use the following procedure to connect to the web-based manager for the first time. Configuration changes made with the web-based manager are effective immediately, without resetting the firewall or interrupting service. To connect to the web-based manager, you require: •... -
Page 21: Connecting To The Web-Based Manager Using The Internal Interface
Installing the FortiGate unit Connecting to the web-based manager using the internal interface The FortiGate-3000 can connect to an optical network using the internal interface to browse to the web-based manager. Use the following procedure for the FortiGate-3600. To connect to the web-based manager using the internal interface Set the IP address of the computer with an Ethernet connection to the static IP address 192.168.1.2 with a netmask of 255.255.255.0. -
Page 22: System Dashboard
Connecting the FortiGate unit Connecting to the CLI System Dashboard After logging into the web-based manager, the web browser displays the system dashboard. The dashboard provides you with all system status information in one location. For details on the information displayed on the dashboard, see the FortiGate Administration Guide. -
Page 23: Lcd Front Control Buttons
Installing the FortiGate unit LCD front control buttons You can use the front control buttons and LCD to configure the basic settings on your FortiGate unit. This configuration method provides an easy and fast method to configure your FortiGate unit. You can configure: •... - Page 24 LCD front control buttons To enter an IP address Press Enter to select the interfaces. Press the up and down buttons to highlight the interface you want to configure an IP address for, and then press Enter. Press Enter for the IP address. Press the up and down buttons to increase or decrease the number.
-
Page 25: Factory Defaults
Factory defaults Factory defaults The FortiGate unit ships with a factory default configuration. The default configuration allows you to connect to and use the FortiGate web-based manager to configure the FortiGate unit onto the network. To configure the FortiGate unit on to the network you add an administrator password, change the network interface IP addresses, add DNS server IP addresses, and, if required, configure basic routing. -
Page 26: Factory Default Nat/Route Mode Network Configuration
Factory default NAT/Route mode network configuration When the FortiGate unit is first powered on, it is running in NAT/Route mode and has the basic network configuration listed in configuration enables you to connect to the FortiGate unit web-based manager and establish the configuration required to connect the FortiGate unit to the network. -
Page 27: Factory Default Transparent Mode Network Configuration
Factory defaults Factory default Transparent mode network configuration In Transparent mode, the FortiGate unit has the default network configuration listed in Table 7: Factory default Transparent mode network configuration Administrator account Management IP Administrative access Factory default firewall configuration FortiGate firewall policies control how all traffic is processed by the FortiGate unit. Until firewall policies are added, no traffic can be accepted by or pass through the FortiGate unit. -
Page 28: Factory Default Protection Profiles
Restoring the default settings Factory default protection profiles Restoring the default settings Use protection profiles to apply different protection settings for traffic controlled by firewall policies. You can use protection profiles to: • configure antivirus protection for HTTP, FTP, IMAP, POP3, and SMTP firewall policies •... -
Page 29: Restoring The Default Settings Using The Web-Based Manager
Factory defaults Restoring the default settings using the web-based manager To reset the default settings Go to System > Status. In the Unit Operation display, select Reset. Restoring the default settings using the CLI To reset the default settings enter the following command: execute factoryreset Note: If you want to restore factory default settings using the front control buttons and LCD, “LCD front control buttons”... - Page 30 Restoring the default settings Factory defaults FortiGate-3000 and FortiGate-3600 FortiOS 3.0MR4 Install Guide 01-30004-0270-20070215...
-
Page 31: Configuring The Fortigate Unit
You can also configure the FortiGate unit and the network it protects using the default settings. NAT/Route mode In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its interfaces are on different subnets. The following interfaces are available in NAT/Route mode:... -
Page 32: Nat/Route Mode With Multiple External Network Connections
Planning the FortiGate configuration NAT/Route mode with multiple external network connections You typically use NAT/Route mode when the FortiGate unit is operating as a gateway between private and public networks. In this configuration, you would create NAT mode firewall policies to control traffic flowing between the internal, private network and the external, public network (usually the Internet). -
Page 33: Transparent Mode
IP address is also used for antivirus and attack definition updates. You typically use the FortiGate unit in Transparent mode on a private network behind an existing firewall or behind a router. The FortiGate unit performs firewall functions, IPSec VPN, virus scanning, IPS web filtering, and Spam filtering. -
Page 34: Preventing The Public Fortigate Interface From Responding To Ping Requests
Preventing the public FortiGate interface from responding to ping requests Preventing the public FortiGate interface from responding to ping requests The factory default configuration of your FortiGate unit allows the default public interface to respond to ping requests. The default public interface is also called the default external interface, and is the interface of the FortiGate unit that is usually connected to the Internet. -
Page 35: Nat/Route Mode Installation
Configuring the FortiGate unit NAT/Route mode installation This section describes how to install the FortiGate unit in NAT/Route mode. This section includes the following topics: • Preparing to configure the FortiGate unit in NAT/Route mode • DHCP or PPPoE configuration •... -
Page 36: Dhcp Or Pppoe Configuration
NAT/Route mode installation DHCP or PPPoE configuration Table 11: NAT/Route mode settings Administrator Password: Internal Netmask: External Netmask: Port 1 Netmask: Port 2 Netmask: Port 3 Netmask: Port 4 Netmask: Port 4/HA Netmask: Port 5/HA Netmask: Default Gateway: (Interface connected to external network) A default route consists of a default gateway and the name of the Network settings... -
Page 37: Using The Web-Based Manager
Configuring the FortiGate unit Using the web-based manager You can use the web-based manager for the initial configuration of the FortiGate unit and all FortiGate unit settings. For information about connecting to the web- based manager, see Configuring basic settings After connecting to the web-based manager, use the following procedures to complete the basic configuration of the FortiGate unit. -
Page 38: Adding A Default Route
Verify the connection To verify your connection, try the following: • browse to www.fortinet.com • retrieve or send email from your email account If you cannot browse to the web site or retrieve/send email from your account, review the previous steps to ensure all information was entered correctly and try again. -
Page 39: Adding A Default Gateway Using The Lcd
Configuring the FortiGate unit When you configure interfaces using the control buttons and LCD, the interfaces are always named internal, external, and DMZ. The interface names on the LCD correspond as follows to the FortiGate interfaces. Table 13: FortiGate unit interfaces control buttons and LCD interface name FortiGate unit interface name Internal Port External Port... -
Page 40: Verifying The Front Control Buttons And Lcd Configuration
LCD should be displayed. Verify the connection To verify your connection, try the following: • browse to www.fortinet.com • retrieve or send email from your email account If you cannot browse to the web site or retrieve/send email from your account, review the previous steps to ensure all information was entered correctly and try again. - Page 41 Configuring the FortiGate unit Set the IP address and netmask of the external interface to the external IP address and netmask you recorded in config system interface Example config system interface To set the external interface to use DHCP config system interface To set the external interface to use PPPoE config system interface Use the same syntax to set the IP address of each FortiGate interface as...
-
Page 42: Adding A Default Route
DHCP or PPPoE. To add a default route Set the default route to the Default Gateway IP address. Enter: config router static edit <seq_num> set dst <class_ip&net_netmask> set gateway <gateway_IP>... -
Page 43: Connecting The Fortigate Unit To The Network(S)
Connect the External interface to the Internet. Connect to the public switch or router provided by your ISP. If you are a DSL or cable subscriber, connect the External interface to the internal or LAN connection of your DSL or cable modem. -
Page 44: Transparent Mode Installation
The management IP address and netmask must be valid for the network from which you will manage the FortiGate unit. Add a default gateway if the FortiGate unit must connect to a router to reach the management computer. Primary DNS Server:... -
Page 45: Using The Front Control Buttons And Lcd
Configuring the FortiGate unit For more information about connecting to the web-based manager, see “Connecting to the web-based manager” on page the FortiGate unit, it is configured to run in NAT/Route mode. To switch to Transparent mode using the web-based manager Go to System >... -
Page 46: Adding A Default Gateway Using The Lcd
LCD should be displayed. Verify connection To verify your connection, try the following: • browse to www.fortinet.com • retrieve or send email from your email account If you cannot browse the website or retrieve/send email from your account, review the previous steps to ensure all information was entered correctly and try again. -
Page 47: Reconnecting To The Web-Based Manager
IP address. Browse to https:// followed by the new IP address. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field. -
Page 48: Verify The Connection
Select Refresh to display the current FortiGate system date and time. Select your Time Zone from the list. FortiGate-3000 and FortiGate-3600 FortiOS 3.0MR4 Install Guide Configuring the FortiGate unit Internal network Switch or router Internal External Other network Port 1 Switch... -
Page 49: Updating Antivirus And Ips Signatures
You can update your antivirus and IPS signatures using the web-based manager or the CLI. Before you can begin receiving updates, you must register your FortiGate unit from the Fortinet web page. Note: Update AV and IPS signatures on a regular basis. If you do not update AV and IPS signatures regularly, the FortiGate unit can become vulnerable to new viruses. -
Page 50: Updating Antivirus And Ips Signatures From The Web-Based Manager
Next steps Updating antivirus and IPS signatures from the web-based manager After you have registered your FortiGate unit, you can update antivirus and IPS signatures using the web-based manager. The FortiGuard Center enables you to receive push updates, allow push update to a specific IP address, and schedule updates for daily, weekly, or hourly intervals. -
Page 51: Adding An Override Server
Configuring the FortiGate unit Select the Scheduled Update check box. Select one of the following to check for and download updates. Every Daily Weekly Select Apply. The FortiGate unit starts the next scheduled update according to the new update schedule. Whenever the FortiGate unit runs a scheduled update, the event is recorded in the FortiGate event log. - Page 52 Next steps If the FDN setting changes to available, the FortiGate unit has successfully connected to the override server. If the FDN stays set to not available, the FortiGate unit cannot connect to the override server. Check the FortiGate configuration and network configuration for settings that would prevent the FortiGate unit from connecting to the override FortiGuard server.
-
Page 53: Fortigate Firmware
FortiGate Firmware FortiGate Firmware Fortinet periodically updates the FortiGate firmware to include enhancements and address issues. After you have registered your FortiGate unit, FortiGate firmware is available for download at the support web site, http://support.fortinet.com. Only FortiGate administrators (whose access profiles contain system read and write privileges) and the FortiGate admin user can change the FortiGate firmware. -
Page 54: Upgrading The Firmware Using The Cli
Upgrading to a new firmware version Upgrading the firmware using the CLI Go to System > Status and check the Firmware Version to confirm the firmware upgrade is successfully installed. Update antivirus and attack definitions. For information about updating antivirus and attack definitions, see the FortiGate Administration To use the following procedure, you must have a TFTP server the FortiGate unit... -
Page 55: Reverting To A Previous Firmware Version
FortiGate Firmware Reverting to a previous firmware version Use the following procedures to revert your FortiGate unit to a previous firmware version. This procedure reverts the FortiGate unit to its factory default configuration. Reverting to a previous firmware version using the web-based manager The following procedures revert the FortiGate unit to its factory default configuration and deletes IPS custom signatures, web content lists, email filtering lists, and changes to replacement messages. -
Page 56: Reverting To A Previous Firmware Version Using The Cli
Reverting to a previous firmware version Reverting to a previous firmware version using the CLI This procedure reverts the FortiGate unit to its factory default configuration and deletes IPS custom signatures, web content lists, email filtering lists, and changes to replacement messages. Before beginning this procedure, it is recommended that you: •... -
Page 57: Installing Firmware Images From A System Reboot Using The Cli
FortiGate Firmware Type y. The FortiGate unit uploads the firmware image file. After the file uploads, a message similar to the following is displayed: Get image from tftp server OK. Check image OK. This operation will downgrade the current firmware version! Do you want to continue? (y/n) Type y. - Page 58 Installing firmware images from a system reboot using the CLI If you are reverting to a previous FortiOS version (for example, reverting from FortiOS v3.0 to FortiOS v2.80), you might not be able to restore the previous configuration from the backup configuration file. Note: Installing firmware replaces your current antivirus and attack definitions, along with the definitions included with the firmware release you are installing.
-
Page 59: Restoring The Previous Configuration
FortiGate Firmware • FortiGate unit running v3.x BIOS [G]: Get firmware image from TFTP server. [F]: Format boot device. [Q]: Quit menu and continue to boot with default firmware. [H]: Display this list of options. Enter G, F, Q, or H: Type G to get to the new firmware image form the TFTP server. -
Page 60: Testing A New Firmware Image Before Installing It
Testing a new firmware image before installing it Testing a new firmware image before installing it After changing the interface address, you can access the FortiGate unit from the web-based manager and restore the configuration. For more information, see the FortiGate Administration If you are reverting to a previous FortiOS version (for example, reverting from FortiOS v3.0 to FortiOS v2.80), you might not be able to restore the previous... - Page 61 FortiGate Firmware As the FortiGate unit reboots, press any key to interrupt the system startup. As the FortiGate unit starts, a series of system startup messages are displayed. When one of the following messages appears: • FortiGate unit running v2.x BIOS Press Any Key To Download Boot Image.
- Page 62 Testing a new firmware image before installing it Enter the firmware image file name and press Enter. The TFTP server uploads the firmware image file to the FortiGate unit and messages similar to the following appear. • FortiGate unit running v2.x BIOS Do You Want To Save The Image? [Y/n] Type n.
-
Page 63: Index
37 NTP server synchronize 49 ping requests, preventing public FortiGate interface from responding to 34 PPPoE, configuration 36 products, fortinet family 8 protection profiles, default 28 registering FortiGate unit 8 restoring default settings 28 previous firmware configuration 59... - Page 64 connection, LCD 46 connection, LCD and front control buttons 40 connection, web-based manager 38 LCD front control buttons 40 web-based manager 38 web-based manager 19 connecting 20 FortiGate-3000 and FortiGate-3600 FortiOS 3.0MR4 Install Guide Index 01-30004-0270-20070215...
- Page 65 www.fortinet.com...
- Page 66 www.fortinet.com...
Need help?
Do you have a question about the FortiGate FortiGate-3000 and is the answer not in the manual?
Questions and answers