Fortinet FortiGate FortiGate-400 Installation Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate FortiGate-400
  6. Installation manual
Fortinet FortiGate FortiGate-400 Installation Manual

Fortinet FortiGate FortiGate-400 Installation Manual

Fortinet fortigate fortigate-400: install guide
Hide thumbs Also See for FortiGate FortiGate-400:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual, Installation Manual

Installation Guide

FortiGate 400
CONSOLE
1
2
3
4 / HA
Esc
Enter
Version 2.80 MR4
30 August 2004
01-28004-0022-20040830

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FortiGate FortiGate-400 and is the answer not in the manual?

Questions and answers

Related Manuals for Fortinet FortiGate FortiGate-400

Summary of Contents for Fortinet FortiGate FortiGate-400

  • Page 1: Installation Guide

    Installation Guide FortiGate 400 CONSOLE 4 / HA Enter Version 2.80 MR4 30 August 2004 01-28004-0022-20040830...
  • Page 2 CAUTION: RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. For technical support, please visit http://www.fortinet.com. Send information about errors or omissions in this document or any Fortinet technical documentation to techdoc@fortinet.com.

  • Page 3: Table Of Contents

    Command line interface ... 6 Setup wizard ... 7 Document conventions ... 7 Fortinet documentation ... 8 Comments on Fortinet technical documentation... 9 Customer service and technical support... 10 Getting started ... 11 Package contents ... 12 Mounting ... 12 Turning the FortiGate unit power on and off ...
  • Page 4 High availability configuration settings ... 47 Configuring FortiGate units for HA using the web-based manager ... 49 Configuring FortiGate units for HA using the CLI... 50 Connecting the cluster to your networks... 51 Installing and configuring the cluster... 53 Index ... 55 01-28004-0022-20040830 Fortinet Inc.

  • Page 5: Introduction

    • • The FortiGate Antivirus Firewall uses Fortinet’s Accelerated Behavior and Content Analysis System (ABACAS™) technology, which leverages breakthroughs in chip design, networking, security, and content analysis. The unique ASIC-based architecture analyzes content and behavior in real-time, enabling key applications to be deployed right at the network edge where they are most effective at protecting your networks.

  • Page 6: Web-Based Manager

    This Installation Guide contains information about basic and advanced CLI commands. For a more complete description about connecting to and using the FortiGate CLI, see the FortiGate CLI Reference Guide. 01-28004-0022-20040830 Introduction Fortinet Inc.

  • Page 7: Setup Wizard

    Introduction Setup wizard The FortiGate setup wizard provides an easy way to configure the basic initial settings for the FortiGate unit. The wizard walks through the configuration of a new administrator password, FortiGate interfaces, DHCP server settings, internal servers (web, FTP, etc.), and basic antivirus settings. Document conventions This guide uses the following conventions to describe command syntax.

  • Page 8: Fortinet Documentation

    Fortinet documentation • Fortinet documentation Information about FortiGate products is available from the following FortiGate User Manual volumes: • • • • • • A space to separate options that can be entered in any combination and must be separated by spaces.

  • Page 9: Comments On Fortinet Technical Documentation

    FortiGate unit. For a complete list of FortiGate documentation visit Fortinet Technical Support at http://support.fortinet.com. Comments on Fortinet technical documentation You can send information about errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com. FortiGate-400 Installation Guide...

  • Page 10: Customer Service And Technical Support

    Fortinet technical support web site at http://support.fortinet.com. You can also register FortiGate Antivirus Firewalls from http://support.fortinet.com and change your registration information at any time. Fortinet email support is available from the following addresses: amer_support@fortinet.com For customers in the United States, Canada, Mexico, Latin...

  • Page 11: Getting Started

    Getting started This section describes unpacking, setting up, and powering on a FortiGate Antivirus Firewall unit. This section includes: • • • • • • • • FortiGate-400 Installation Guide FortiGate-400 Installation Guide Version 2.80 MR4 Package contents Mounting Turning the FortiGate unit power on and off Connecting to the web-based manager Connecting to the command line interface (CLI) Factory default FortiGate configuration settings...

  • Page 12: Package Contents

    Dimensions • Weight • FortiGate-400 Antivirus Firewall one orange crossover ethernet cable (Fortinet part number CC300248) one gray regular ethernet cable (Fortinet part number CC300249) one null modem cable (Fortinet part number CC300247) FortiGate-400 QuickStart Guide one power cable CD containing the FortiGate user documentation...

  • Page 13: Turning The Fortigate Unit Power On And Off

    Getting started Power requirements • • • • Environmental specifications • • • If you install the FortiGate-400 unit in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient. Make sure the operating ambient temperature does not exceed the manufacturer's maximum rated ambient temperature.

  • Page 14: Connecting To The Web-Based Manager

    The interface is connected at 100 Mbps. No link established. execute shutdown a computer with an ethernet connection, Internet Explorer version 4.0 or higher, a crossover cable or an ethernet hub and two ethernet cables. 01-28004-0022-20040830 Getting started Fortinet Inc.

  • Page 15: Connecting To The Command Line Interface (Cli)

    Getting started Figure 3: FortiGate login Type admin in the Name field and select Login. Connecting to the command line interface (CLI) As an alternative to the web-based manager, you can install and configure the FortiGate unit using the CLI. Configuration changes made with the CLI are effective immediately without resetting the firewall or interrupting service.
  • Page 16 Type admin and press Enter twice. The following prompt is displayed: Welcome ! Type ? to list available commands. For information about how to use the CLI, see the FortiGate CLI Reference Guide. None None 01-28004-0022-20040830 Getting started Fortinet Inc.

  • Page 17: Factory Default Fortigate Configuration Settings

    Getting started Factory default FortiGate configuration settings The FortiGate unit is shipped with a factory default configuration. The default configuration allows you to connect to and use the FortiGate web-based manager to configure the FortiGate unit onto the network. To configure the FortiGate unit onto the network you add an administrator password, change network interface IP addresses, add DNS server IP addresses, and configure basic routing, if required.

  • Page 18: Factory Default Transparent Mode Network Configuration

    User name: Password: Netmask: Primary DNS Server: Secondary DNS Server: Interface 1 Interface 2 Interface 3 Interface 4/HA 01-28004-0022-20040830 Getting started 0.0.0.0 0.0.0.0 Ping 192.168.100.1 port2 207.192.200.1 207.192.200.129 admin (none) 10.10.10.1 255.255.255.0 207.194.200.1 207.194.200.129 HTTPS, Ping Ping Ping Ping Fortinet Inc.

  • Page 19: Factory Default Protection Profiles

    Getting started Table 4: Default firewall configuration Configuration setting Name Firewall address Pre-defined service Recurring schedule Protection Profiles The factory default firewall configuration is the same in NAT/Route and Transparent mode. Factory default protection profiles Use protection profiles to apply different protection settings for traffic that is controlled by firewall policies.

  • Page 20: Planning The Fortigate Configuration

    To apply no scanning, blocking or IPS. Use if you do not want to apply content protection to content traffic. You can add this protection profile to firewall policies for connections between highly trusted or highly secure networks where content does not need to be protected. 01-28004-0022-20040830 Getting started Fortinet Inc.

  • Page 21: Nat/Route Mode

    Getting started NAT/Route mode In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its interfaces are on different subnets. The following interfaces are available in NAT/Route mode: • You can add firewall policies to control whether communications through the FortiGate unit operate in NAT or Route mode.

  • Page 22: Transparent Mode

    The management IP address is also used for antivirus and attack definition updates. You typically use the FortiGate unit in Transparent mode on a private network behind an existing firewall or behind a router. The FortiGate unit performs firewall functions, IPSec VPN, virus scanning, IPS, web content filtering, and Spam filtering.

  • Page 23: Configuration Options

    LCD to switch to Transparent mode. Then you can add the management IP address and default gateway. FortiGate-400 Installation Guide Port 1 can connect to the internal firewall or router. Port 2 can connect to the external network. Port 3 can connect to another network.

  • Page 24: Next Steps

    If you are going to operate the FortiGate unit in Transparent mode, go to “Transparent mode installation” on page If you are going to operate the or more FortiGate units in HA mode, go to availability installation” on page 01-28004-0022-20040830 Getting started “High Fortinet Inc.

  • Page 25: Nat/Route Mode Installation

    NAT/Route mode installation This chapter describes how to install the FortiGate unit in NAT/Route mode. For information about installing a FortiGate unit in Transparent mode, see mode installation” on page units in HA mode, see about installing the FortiGate unit in NAT/Route mode, see configuration”...

  • Page 26: Dhcp Or Pppoe Configuration

    The default gateway directs all non-local traffic to this interface and to the external network. Primary DNS Server: Secondary DNS Server: 01-28004-0022-20040830 NAT/Route mode installation _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ Table 6 “Connecting to the Fortinet Inc.

  • Page 27: Configuring Basic Settings

    NAT/Route mode installation Configuring basic settings After connecting to the web-based manager you can use the following procedures to complete the basic configuration of the FortiGate unit. To add/change the administrator password Go to System > Admin > Administrators. Select the Change Password icon for the admin administrator. Enter the new password and enter it again to confirm.

  • Page 28: Using The Front Control Buttons And Lcd

    The default route is not required if the interface connected to the external network is configured using DHCP or PPPoE. Go to System > Router > Static. If the Static Route table contains a default route (IP and Mask set to 0.0.0.0), select the Delete icon to delete this route.

  • Page 29: Using The Command Line Interface

    NAT/Route mode installation After you set the last digit of the Netmask, press Enter. Press Esc to return to the Main Menu. To add a default gateway to an interface The default gateway is usually configured for the interface connected to the Internet. You can use the procedure below to configure a default gateway for any interface.
  • Page 30 204.23.1.5 255.255.255.0 config system interface edit port2 set mode dhcp config system interface edit port2 set mode pppoe set username user@domain.com set password mypass set connection enable 01-28004-0022-20040830 NAT/Route mode installation Fortinet Inc.

  • Page 31: Using The Setup Wizard

    <address_ip> config system dns set primary 293.44.75.21 set secondary 293.44.75.22 Set the default route to the Default Gateway IP address. Enter: config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway <gateway_IP> set device <interface> config router static edit 1 set dst 0.0.0.0 0.0.0.0...
  • Page 32 POP3 server IMAP server, or FTP server installed on an internal network, add the IP addresses of the servers here. 01-28004-0022-20040830 NAT/Route mode installation for other settings. Table 5 on page Table 5 on page _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ Fortinet Inc.

  • Page 33: Starting The Setup Wizard

    NAT/Route mode installation Table 7: Setup wizard settings Antivirus Starting the setup wizard In the web-based manager, select Easy Setup Wizard. Figure 8: Select the Easy Setup Wizard Follow the instructions on the wizard pages and use the information that you gathered Select the Next button to step through the wizard pages.
  • Page 34 To connect the FortiGate unit running in NAT/Route mode Connect interface 1 to the hub or switch connected to the internal network. Connect interface 2 to the public switch or router provided by your Internet Service Provider. Optionally connect interface 3 to the DMZ network.

  • Page 35: Configuring The Networks

    FortiGate unit. FortiGate-400 Installation Guide Internal Network Hub or Switch Port 1 Port 3 4 / HA Enter Port 2 Public Switch or Router Internet 01-28004-0022-20040830 Configuring the networks DMZ Network Web Server Mail Server Hub or Switch...
  • Page 36 After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.
  • Page 37 NAT/Route mode installation Select Apply. You can also select Update Now to receive the latest virus and attack definition updates. For more information about FortiGate settings please see the FortiGate Online Help or the FortiGate Administration Guide. FortiGate-400 Installation Guide 01-28004-0022-20040830 Next steps...
  • Page 38 Next steps NAT/Route mode installation 01-28004-0022-20040830 Fortinet Inc.

  • Page 39: Transparent Mode Installation

    Transparent mode installation This chapter describes how to install a FortiGate unit in Transparent mode. If you want to install the FortiGate unit in NAT/Route mode, see page availability installation” on page FortiGate unit in Transparent mode, see page This chapter describes: •...

  • Page 40: Using The Web-Based Manager

    The management IP address and netmask must be valid for the network from which you will manage the FortiGate unit. Add a default gateway if the FortiGate unit must connect to a router to reach the management computer. Primary DNS Server: Secondary DNS Server: _____._____._____._____...

  • Page 41: Reconnecting To The Web-Based Manager

    Otherwise, you can reconnect to the web-based manager by browsing to https://10.10.10.1. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field.

  • Page 42: Using The Command Line Interface

    “Connecting to the command line interface (CLI)” on page Table 8 on page 40 config system global set opmode transparent Welcome ! get system status Operation mode: Transparent Table 8 on page 40. Enter: 01-28004-0022-20040830 Transparent mode installation 15. Use the to complete the following Fortinet Inc.
  • Page 43 <address_ip> set secondary <address_ip> config system dns set primary 293.44.75.21 set secondary 293.44.75.22 config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway <address_gateway> set device <interface> config router static edit 1 set dst 0.0.0.0 0.0.0.0...

  • Page 44: Using The Setup Wizard

    Otherwise, you can reconnect to the web-based manager by browsing to https://10.10.10.1. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field.

  • Page 45: Next Steps

    Select Refresh to display the current FortiGate system date and time. FortiGate-400 Installation Guide Internal Network Hub or Switch Port 1 Por t 3 4 / HA Enter Port 2 Public Switch or Router Internet 01-28004-0022-20040830 Next steps Other Network Hub or Switch...
  • Page 46 After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.

  • Page 47: High Availability Installation

    High availability installation This chapter describes how to install two or more FortiGate units in an HA cluster. HA installation involves three basic steps: • • • For information about HA, see the FortiGate Administration Guide and the FortiOS High Availability technical note. Priorities of heartbeat device and monitor priorities The procedures in this chapter do not include steps for changing the priorities of heartbeat devices or for configuring monitor priorities settings.
  • Page 48 FortiGate unit with the highest serial number becomes the primary cluster unit. You can configure a FortiGate unit to always become the primary unit in the cluster by giving it a high priority and by selecting Override master. 01-28004-0022-20040830 High availability installation Fortinet Inc.

  • Page 49: Configuring Fortigate Units For Ha Using The Web-Based Manager

    High availability installation Table 9: High availability settings (Continued) Schedule Configuring FortiGate units for HA using the web-based manager Use the following procedure to configure each FortiGate unit for HA operation. To change the FortiGate unit host name Changing the host name is optional, but you can use host names to identify individual cluster units.

  • Page 50: Configuring Fortigate Units For Ha Using The Cli

    Connect to the CLI. Change the host name. “Connecting the cluster to your networks” on page “Connecting to the command line interface (CLI)” on page config system global set hostname <name_str> 01-28004-0022-20040830 High availability installation “Connecting the cluster to your networks” Fortinet Inc.

  • Page 51: Connecting The Cluster To Your Networks

    You must connect all matching interfaces in the cluster to the same hub or switch. Then you must connect these interfaces to their networks using the same hub or switch. Fortinet recommends using switches for all cluster connections for the best performance. FortiGate-400 Installation Guide...
  • Page 52 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Hub or Switch INTERNAL STATUS WAN1 WAN2 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Internal WAN1 Internet Router Fortinet Inc.

  • Page 53: Installing And Configuring The Cluster

    High availability installation Power on all the FortiGate units in the cluster. As the units start, they negotiate to choose the primary cluster unit and the subordinate units. This negotiation occurs with no user intervention and normally just takes a few seconds. Installing and configuring the cluster When negotiation is complete the you can configure the cluster as if it was a single FortiGate unit.
  • Page 54 Installing and configuring the cluster High availability installation 01-28004-0022-20040830 Fortinet Inc.

  • Page 55: Index

    (Transparent mode) 43 environmental specifications 13 firewall setup wizard 6, 26, 31, 40, 44 starting 27, 33, 40, 44 Fortinet customer service 10 front keypad and LCD configuring IP address 41 configuring FortiGate units for HA operation 47 connecting an HA cluster 51, 53...
  • Page 56 Index 01-28004-0022-20040830 Fortinet Inc.

Table of Contents