Fortinet FortiGate FortiGate-4000 Quick Start Manual

FortiGate-4000 LED Indicators
Components LED State
Blue
PWR/KVM
Green
Off
STATUS
Red
Green
FortiBlade-4010
LAN 1 and
LAN 2
Flashing
ALARM Off
KVM switch Red
module
KVM Green
1
Checking the package contents
Checking the package contents
The FortiGate-4000 package consists of two or more packages. One or more of the packages
contains two FortiBlade-4010 modules.
The other package contains:
• FortiGate-4000 chassis which includes the following components (already installed):
1 KVM switch module, 10 FortiGate-4000 empty slot covers, 1 management module, 7 power
supply modules, 4 cooling fan trays, 2 pass-through interface modules with ten 1000Base-T
connectors (FortiGate-4000P), or 2 switched interface modules with two 1000Base-T or SFP
(FortiGate-4000S) connectors, one 10/100 out of band management module with two
10/100Base-T connectors.
• Three power cables,
• One RJ-45 to DB-9 serial cable (only the black header works with the FortiGate-4000),
• One FortiGate-4000 QuickStart Guide,
• One Documentation CD-ROM containing Fortinet user documentation.
2
Connecting the FortiGate-4000
See the "Getting Started" chapter of the FortiGate-4000 Installation and
Configuration Guide for details about how to perform the following steps.
1. Mount the FortiGate-4000 chassis with the mounting rail in a rack or
cabinet with a depth of more than 700 mm, excluding the front door depth.
2. Connect the network cables.
3. Connect the power cables to power outlets.
4. Turn on all FortiGate-4000 power switches.
5. Turn on each FortiBlade-4010.
3

Planning the configuration

NAT/Route mode
In NAT/Route mode, the FortiGate-4000 is visible to the network. The Internal and
external interfaces are on different subnets. Each interface must be configure with an
IP address that is valid for the network that it is connected to.
You would typically use NAT/Route mode when the FortiGate-400 unit is deployed as a
gateway between private and public networks. In its default NAT/Route mode
configuration, the module functions as a firewall. Firewall policies control
communications through the FortiGate-400 unit. No traffic can pass through the
FortiGate-4000 unit until you add firewall policies.
FortiGate-4000 unit
in NAT/Route mode
External
204.23.1.5
Internet
NAT mode policies controlling
traffic between internal and
external networks.
In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In
NAT mode, the FortiGate-400 unit performs network address translation before IP
packets are sent to the destination network. In Route mode, no translation takes place.
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, Web content filtering, Spam filtering, intrusion
prevention (IPS), and virtual private networking (VPN).
4

Choosing a configuration tool

Web-based
manager &
Setup Wizard
The FortiGate web-based
manager Setup Wizard
guides you through the
initial configuration steps.
Use it to configure the administrator password, the
interface addresses, the default gateway address, and
the DNS server addresses. Optionally, use the Setup
Wizard to configure the internal server settings for
NAT/Route mode.
Requirements:
• The Ethernet connection between the FortiGate-
4000 and management computer.
• Internet Explorer version 4.0 or higher on the
management computer.
Description
The FortiBlade-4010 module is powered on.
KVM access to this FortiBlade-4010 is enabled.
Normal operation.
System Fault.
The correct cable is connected to the internal
(or external for LAN 2) interface of this
FortiBlade-4010 module and the connected
equipment has power.
Network activity at the internal (or external for
LAN 2) interface of this FortiBlade-4010
module.
Normal operation.
FortiGate-4000 power fault resulting from a
failed power supply.
KVM switch module is powered on.
Internal network
Internal
KVM/ACCESS
192.168.1.99
PWR/KVM STATUS
192.168.1.3
LAN 1 LAN 2
POWER ON/OFF
4000
configure advanced settings, see the "Getting Started"
chapter in Documentation CD-ROM.
Requirements:
• The serial connection between the FortiGate-4000
and management computer.
• A terminal emulation application (HyperTerminal for
Windows) on the management computer.
FortiGate-4000
KVM/ACCESS KVM/ACCESS KVM ACCESS
PWR/KVM STATUS PWR/KVM STATUS PWR/KVM STATUS
LAN 1 LAN 2 LAN 1 LAN 2 LAN 1 LAN 2
POWER ON/OFF POWER ON/OFF POWER ON/OFF

QuickStart Guide

© Copyright 2004 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
03 November 2004
For technical support please visit http://www.fortinet.com.
Check that the package contents are complete.
FortiGate-4000 Chassis (front view)
KVM/ACCESS KVM/ACCESS
PWR/KVM STATUS PWR/KVM STATUS
LAN 1 LAN 2 LAN 1 LAN 2
POWER ON/OFF POWER ON/OFF
FortiBlade-4010 modules
Mounting rail and rail mounting locations
Connect the FortiGate-4000 unit to a power outlet and to the internal and external networks.
FortiGate-4000P rear panel
Default IP Addresses (Nat/Route mode)
Internal 192.168.1.99
External 192.168.100.99
Out of band 172.16.1.2
ERR ERR
LAN 10 LAN 9 LAN 8 LAN 7 LAN 6 LAN 5 LAN 4 LAN 3 LAN 2 LAN 1
Default IP Addresses (Transparent mode)
Management IP 10.10.10.1
Out of band 172.16.1.2
Ethernet cables connect FortiGate-4000
external interfaces to the Internet
RJ-45 to DB-9 cable connects to
management computer
Before beginning to configure the FortiGate-4000 unit, you need to plan how to integrate the unit
into your network. Your configuration plan is dependent upon the operating mode that you select:
NAT/Route mode (the default) or Transparent mode.

Transparent mode

In Transparent mode, the FortiGate-4000 unit is invisible to the network. All of its
interfaces are on the same subnet. You only have to configure a management IP
address so that you can make configuration changes.
You would typically use the FortiGate-4000 unit in Transparent mode on a private
network behind an existing firewall or behind a router. In its default Transparent mode
configuration, the unit functions as a firewall. No traffic can pass through the
FortiGate-4000 unit until you add firewall policies.
Gateway to
public newtwork
204.23.1.5
Internet
(Firewall, router)
You can connect two network segments to the FortiGate-4000 unit to control traffic
between these network segments.
Choose among three different tools to configure the FortiGate-4000.
Command Line
Interface (CLI)
The CLI is a full-featured
management tool.
Use it to configure the
administrator password,
the interface addresses,
the default gateway
address, and the DNS
server addresses. To
KVM/ACCESS KVM/ACCESS KVM/ACCESS KVM/ACCESS KVM/ACCESS KVM/ACCESS
PWR/KVM STATUS PWR/KVM STATUS PWR/KVM STATUS PWR/KVM STATUS PWR/KVM STATUS PWR/KVM STATUS
LAN 1 LAN 2 LAN 1 LAN 2 LAN 1 LAN 2 LAN 1 LAN 2 LAN 1 LAN 2 LAN 1
POWER ON/OFF POWER ON/OFF POWER ON/OFF POWER ON/OFF POWER ON/OFF POWER ON/OFF
01-28005-0042-20041103
ALARM
KVM
ERR ERR
LAN 10 LAN 9 LAN 8 LAN 7 LAN 6 LAN 5 LAN 4 LAN 3 LAN 2 LAN 1 LAN 10 LAN 9 LAN 8 LAN 7 LAN 6 LAN 5 LAN 4 LAN 3 LAN 2 LAN 1
LAN 1 LAN 2
FortiGate-4000P Chassis (back view)
ERR ERR
FortiGate-4000
KVM ALARM
QuickStart Guide
Trademarks Copyright 2003 Fortinet Incorporated. All rights reserved. COM LAN 2 LAN 1 COM LAN 2 LAN 1
Products mentioned in this document are trademarks.
SFP SFP HiGig OUT HiGig IN ON OFF SFP SFP HiGig OUT HiGig IN ON OFF
LAN 1 LAN 2
Documentation
(CD and QuickStart Guide)
FortiGate-4000S Chassis (back view)
RJ-45 to DB-9
serial cable
Power Cables (3)
FortiGate-4000S rear panel
ERR ERR
Power cables
connect to
LAN 10 LAN 9 LAN 8 LAN 7 LAN 6 LAN 5 LAN 4 LAN 3 LAN 2 LAN 1 COM LAN 2 LAN 1
power outlets
SFP SFP HiGig OUT
LAN 1 LAN 2
Ethernet cables connect
FortiGate-4000 internal interfaces
to LAN or switch on internal network Ethernet or fibre optic cables connect
FortiGate-4000 external interfaces
Ethernet cable connect to out of to the Internet
band management network
RJ-45 to DB-9 cable connects to
management computer
FortiGate-4000 unit
in Transparent mode
KVM/ACCESS
192.168.1.1
PWR/KVM STATUS
LAN 1 LAN 2
Internal
External
POWER ON/OFF
192.168.1.2
Management IP
Transparent mode policies controlling
traffic between internal and
external networks.
Out of band management module
You can manage FortiGate-4000 units by connecting to
the 10/100 out of band management module, which
provides out of band ethernet management connections
for all of the FortiGate-4000 units installed in the
FortiGate-4000 chassis.
LAN 2
LAN 1
Mounting Knot
LAN 1 LAN 2
Requirements:
• A computer with an ethernet connection.
• Internet Explorer version 4.0 or higher.
• A crossover cable or an ethernet hub and two
ethernet cables.
ALARM
KVM
LAN 2
Power cables
connect to
COM LAN 2 LAN 1
power outlets
ON OFF ON OFF
HiGig IN SFP SFP HiGig OUT HiGig IN
LAN 1 LAN 2
Ethernet or fibre optic cables
connect FortiGate-4000 internal
interfaces to LAN or switch on
internal network
Ethernet cable connect to out of
band management network
Internal network
192.168.1.3
Mounting Knot