1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate-50A
  6. Installation manual

Fortinet FortiGate FortiGate-50A Installation Manual

Antivirus firewalls
Hide thumbs Also See for FortiGate FortiGate-50A:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual, Installation Manual
FortiGate 50A

Installation Guide

PWR
STATUS
INTERNAL
A
LINK 100
Version 2.80 MR8
28 January 2005
01-28008-0017-20050128
EXTERNAL
LINK 100

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate FortiGate-50A

Summary of Contents for Fortinet FortiGate FortiGate-50A

  • Page 1: Installation Guide

    FortiGate 50A Installation Guide STATUS INTERNAL EXTERNAL LINK 100 LINK 100 Version 2.80 MR8 28 January 2005 01-28008-0017-20050128...
  • Page 2 CAUTION: RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. For technical support, please visit http://www.fortinet.com. Send information about errors or omissions in this document or any Fortinet technical documentation to techdoc@fortinet.com.

  • Page 3: Table Of Contents

    Command line interface ... 6 Setup wizard ... 7 Document conventions ... 7 FortiGate documentation ... 8 Fortinet Knowledge Center ... 9 Comments on Fortinet technical documentation... 9 Related documentation ... 9 FortiManager documentation ... 9 FortiClient documentation ... 9 FortiMail documentation... 10 FortiLog documentation ...
  • Page 4 Standalone mode configuration ... 46 Configuring modem settings ... 47 Connecting and disconnecting the modem in Standalone mode... 48 Defining a Ping Server ... 49 Dead gateway detection ... 49 Adding firewall policies for modem connections ... 50 Index ... 51 01-28008-0017-20050128 Fortinet Inc.

  • Page 5: Introduction

    • • The FortiGate Antivirus Firewall uses Fortinet’s Accelerated Behavior and Content Analysis System (ABACAS™) technology, which leverages breakthroughs in chip design, networking, security, and content analysis. The unique ASIC-based architecture analyzes content and behavior in real-time, enabling key applications to be deployed right at the network edge where they are most effective at protecting your networks.

  • Page 6: Web-Based Manager

    This Installation Guide contains information about basic and advanced CLI commands. For a more complete description about connecting to and using the FortiGate CLI, see the FortiGate CLI Reference Guide. 01-28008-0017-20050128 Introduction Fortinet Inc.

  • Page 7: Setup Wizard

    Introduction Setup wizard The FortiGate setup wizard provides an easy way to configure the basic initial settings for the FortiGate unit. The wizard walks through the configuration of a new administrator password, FortiGate interfaces, DHCP server settings, internal servers (web, FTP, etc.), and basic antivirus settings. Document conventions This guide uses the following conventions to describe command syntax.

  • Page 8: Fortigate Documentation

    FortiGate clustering protocol. FortiGate IPS Guide Describes how to configure the FortiGate Intrusion Prevention System settings and how the FortiGate IPS deals with some common attacks. FortiGate VPN Guide Explains how to configure VPNs using the web-based manager. 01-28008-0017-20050128 Introduction Fortinet Inc.

  • Page 9: Fortinet Knowledge Center

    The most recent Fortinet technical documentation is available from the Fortinet Knowledge Center. The knowledge center contains short how-to articles, FAQs, technical notes, product and feature guides, and much more. Visit the Fortinet Knowledge Center at http://kc.forticare.com. Comments on Fortinet technical documentation Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com.

  • Page 10: Fortimail Documentation

    Fortinet technical support web site at http://support.fortinet.com. You can also register FortiGate Antivirus Firewalls from http://support.fortinet.com and change your registration information at any time. Fortinet email support is available from the following addresses: amer_support@fortinet.com For customers in the United States, Canada, Mexico, Latin...
  • Page 11 Introduction When requesting technical support, please provide the following information: • • • • • • • • • FortiGate-50A Installation Guide Your name Company name Location Email address Telephone number FortiGate unit serial number FortiGate model FortiGate FortiOS firmware version Detailed description of the problem 01-28008-0017-20050128 Customer service and technical support...
  • Page 12 Customer service and technical support Introduction 01-28008-0017-20050128 Fortinet Inc.

  • Page 13: Getting Started

    Getting started This section describes unpacking, setting up, and powering on a FortiGate Antivirus Firewall unit. This section includes: • • • • • • • • • FortiGate-50A Installation Guide FortiGate-50A Installation Guide Version 2.80 MR8 Package contents Mounting Turning the FortiGate unit power on and off Connecting to the web-based manager Connecting to the command line interface (CLI)

  • Page 14: Package Contents

    FortiGate-50A Antivirus Firewall one orange crossover ethernet cable (Fortinet part number CC300248) one gray regular ethernet cable (Fortinet part number CC300249) one RJ-45 to DB-9 modem cable (Fortinet part number CC300302) FortiGate-50A QuickStart Guide A CD containing the FortiGate user documentation...

  • Page 15: Turning The Fortigate Unit Power On And Off

    Getting started Environmental specifications • • • Turning the FortiGate unit power on and off To power on the FortiGate unit Connect the AC adapter to the power connection on the back of the FortiGate-50A unit. Connect the AC adapter to a power outlet. The FortiGate-50A unit starts.

  • Page 16: Connecting To The Web-Based Manager

    Figure 3: FortiGate login Type admin in the Name field and select Login. a computer with an ethernet connection, Internet Explorer version 6.0 or higher, a crossover cable or an ethernet hub and two ethernet cables. 01-28008-0017-20050128 Getting started Fortinet Inc.

  • Page 17: Connecting To The Command Line Interface (Cli)

    Getting started Connecting to the command line interface (CLI) As an alternative to the web-based manager, you can install and configure the FortiGate unit using the CLI. Configuration changes made with the CLI are effective immediately without resetting the firewall or interrupting service. To connect to the FortiGate CLI, you need: •...

  • Page 18: Quick Installation Using Factory Defaults

    FortiGate-50A Unit POWER STATUS INTERNAL EXTERNAL LINK 100 LINK 100 Internal interface 192.168.1.99 DHCP server and DNS server for the internal network “Factory default DHCP Getting started Internal network Obtain IP address and DNS server IP address automatically Fortinet Inc.

  • Page 19: Factory Default Fortigate Configuration Settings

    Select one of the following DNS settings • • Go to Router > Static, edit route #1 and change Gateway to the default gateway IP address from the ISP and select OK. Network configuration is complete. Proceed to Select Retrieve default gateway from server and Override internal DNS options if your...

  • Page 20: Factory Default Nat/Route Mode Network Configuration

    Table 3 on page 20. This configuration allows admin (none) 192.168.1.99 Netmask: 255.255.255.0 Administrative Access: HTTP, HTTPS, Ping 192.168.100.99 Netmask: 255.255.255.0 Administrative Access: Ping 0.0.0.0 Netmask: 0.0.0.0 Administrative Access: 192.168.100.1 external 207.192.200.1 207.192.200.129 Getting started Table 3 on Fortinet Inc.

  • Page 21: Factory Default Transparent Mode Network Configuration

    Getting started Factory default Transparent mode network configuration In Transparent mode, the FortiGate unit has the default network configuration listed in Table Table 4: Factory default Transparent mode network configuration Administrator account Management IP Administrative access Factory default firewall configuration FortiGate firewall policies control how all traffic is processed by the FortiGate unit.

  • Page 22: Factory Default Protection Profiles

    To apply no scanning, blocking or IPS. Use if you do not want to apply content protection to content traffic. You can add this protection profile to firewall policies for connections between highly trusted or highly secure networks where content does not need to be protected. 01-28008-0017-20050128 Getting started Fortinet Inc.

  • Page 23: Planning The Fortigate Configuration

    You can also configure the FortiGate unit and the network it protects using the default settings. NAT/Route mode In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its interfaces are on different subnets. The following interfaces are available in NAT/Route mode: •...

  • Page 24: Nat/Route Mode With Multiple External Network Connections

    The management IP address is also used for antivirus and attack definition updates. You typically use the FortiGate unit in Transparent mode on a private network behind an existing firewall or behind a router. The FortiGate unit performs firewall functions, IPSec VPN, virus scanning, IPS, web content filtering, and Spam filtering.

  • Page 25: Configuration Options

    204.23.1.5 10.10.10.2 Internet External (firewall, router) Ethernet connection between the FortiGate unit and a management computer. Internet Explorer version 6.0 or higher on the management computer. Serial connection between the FortiGate unit and a management computer. A terminal emulation application on the management computer.

  • Page 26: Next Steps

    If you are going to operate the FortiGate unit in NAT/Route mode, go to “NAT/Route mode installation” on page If you are going to operate the FortiGate unit in Transparent mode, go to “Transparent mode installation” on page 01-28008-0017-20050128 Getting started Fortinet Inc.

  • Page 27: Nat/Route Mode Installation

    NAT/Route mode installation This chapter describes how to install the FortiGate unit in NAT/Route mode. For information about installing a FortiGate unit in Transparent mode, see mode installation” on page in NAT/Route mode, see This chapter describes: • • • •...

  • Page 28: Dhcp Or Pppoe Configuration

    (usually the Internet). The default gateway directs all non-local traffic to this interface and to the external network. Primary DNS Server: Secondary DNS Server: 01-28008-0017-20050128 NAT/Route mode installation _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ Table 7 “Connecting to the Fortinet Inc.
  • Page 29 The default route is not required if the interface connected to the external network is configured using DHCP or PPPoE. Go to System > Router > Static. If the Static Route table contains a default route (IP and Mask set to 0.0.0.0), select the Delete icon to delete this route.

  • Page 30: Using The Command Line Interface

    <address_ip> <netmask> config system interface edit internal set mode static set ip <192.168.120.99> <255.255.255.0> 01-28008-0017-20050128 NAT/Route mode installation “Connecting to the command line Table 6 on page 28 to complete the following 28. Enter: Table 6 on page Fortinet Inc.
  • Page 31 NAT/Route mode installation Example To set the external interface to use DHCP, enter: To set the external interface to use PPPoE, enter: Use the same syntax to set the IP address of each FortiGate interface as required. Confirm that the addresses are correct. Enter: The CLI lists the IP address, netmask, and other settings for each of the FortiGate interfaces.

  • Page 32: Using The Setup Wizard

    FTP servers set the antivirus protection to high, medium, or none lists the additional settings that you can configure with the setup Table 6 on page 28 01-28008-0017-20050128 NAT/Route mode installation Table 7 on page 28 for other settings. Fortinet Inc.

  • Page 33: Starting The Setup Wizard

    NAT/Route mode installation Table 8: Setup wizard settings Password Internal Interface External Interface DHCP server Internal servers Antivirus Starting the setup wizard In the web-based manager, select Easy Setup Wizard. Figure 9: Select the Easy Setup Wizard Follow the instructions on the wizard pages and use the information that you gathered Select the Next button to step through the wizard pages.

  • Page 34: Connecting The Fortigate Unit To The Network(S)

    Connect the Internal interface to the hub or switch connected to your internal network. Connect the External interface to the Internet. Connect to the public switch or router provided by your Internet Service Provider. If you are a DSL or cable subscriber, connect the External interface to the internal or LAN connection of your DSL or cable modem.

  • Page 35: Configuring The Networks

    NAT/Route mode installation Configuring the networks If you are running the FortiGate unit in NAT/Route mode, your networks must be configured to route all Internet traffic to the IP address of the FortiGate interface to which they are connected. • •...
  • Page 36 After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.

  • Page 37: Transparent Mode Installation

    Transparent mode installation This chapter describes how to install a FortiGate unit in Transparent mode. If you want to install the FortiGate unit in NAT/Route mode, see page This chapter describes: • • • • • • Preparing to configure Transparent mode settings.

  • Page 38: Using The Web-Based Manager

    The management IP address and netmask must be valid for the network from which you will manage the FortiGate unit. Add a default gateway if the FortiGate unit must connect to a router to reach the management computer. Primary DNS Server: Secondary DNS Server: _____._____._____._____...

  • Page 39: Reconnecting To The Web-Based Manager

    Otherwise, you can reconnect to the web-based manager by browsing to https://10.10.10.1. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field.
  • Page 40 <address_ip> set secondary <address_ip> config system dns set primary 293.44.75.21 set secondary 293.44.75.22 config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway <address_gateway> set device <interface> 01-28008-0017-20050128 Transparent mode installation Table 9 on page Fortinet Inc.

  • Page 41: Using The Setup Wizard

    Otherwise, you can reconnect to the web-based manager by browsing to https://10.10.10.1. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field.

  • Page 42: Connecting The Fortigate Unit To Your Network

    Connect the Internal interface to the hub or switch connected to your internal network. Connect the External interface to network segment connected to the external firewall or router. Connect to the public switch or router provided by your Internet Service Provider. Figure 11: FortiGate-50A network connections Next steps You can use the following information to configure FortiGate system time, to register the FortiGate unit, and to configure antivirus and attack definition updates.
  • Page 43 After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.
  • Page 44 Next steps Transparent mode installation 01-28008-0017-20050128 Fortinet Inc.

  • Page 45: Configuring The Modem Interface

    Configuring the modem interface The FortiGate-50A includes the option of an external modem for use as either a redundant interface or a standalone interface in NAT/Route mode. • • When connecting to an ISP in either configuration, the modem can automatically dial up to three dialup accounts until the modem connects to an ISP.

  • Page 46: Standalone Mode Configuration

    Configure firewall policies for connections to the modem interface. “Defining a Ping Server” on page “Adding firewall policies for modem connections” on page “Configuring modem settings” on page “Adding firewall policies for modem connections” on page 01-28008-0017-20050128 Configuring the modem interface Fortinet Inc.

  • Page 47: Configuring Modem Settings

    Configuring the modem interface Select Dial Up. The FortiGate unit initiates dialing into each dialup account in turn until the modem connects to an ISP. Configuring modem settings Configure modem settings so that the FortiGate unit uses the modem to connect to your ISP dialup accounts.

  • Page 48: Connecting And Disconnecting The Modem In Standalone Mode

    The user name (maximum 63 characters) sent to the ISP. The password sent to the ISP. The modem interface is not connected to the ISP. The modem interface is attempting to connect to the ISP, or is connected to the ISP. 01-28008-0017-20050128 Configuring the modem interface Fortinet Inc.

  • Page 49: Defining A Ping Server

    To add a ping server to an interface Go to System > Network > Interface. Choose an interface and select Edit. Set Ping Server to the IP address of the next hop router on the network connected to the interface. Select the Enable check box.

  • Page 50: Adding Firewall Policies For Modem Connections

    You can configure firewall policies to control the flow of packets between the modem interface and the other interfaces on the FortiGate unit. For information about adding firewall policies, see the FortiGate Administration Guide. 01-28008-0017-20050128 Configuring the modem interface Fortinet Inc.

  • Page 51: Index

    47 environmental specifications 15 firewall policies modem 50 firewall setup wizard 6, 28, 32, 38, 41 starting 28, 33, 38, 41 Fortinet customer service 10 hang up 47 holddown timer 48 HTTPS 6 internal network configuring 35 FortiGate-50A Installation Guide FortiGate-50A Installation Guide Version 2.80 MR8...
  • Page 52 36, 43 Transparent mode changing to 39 configuring the default gateway 40 management IP address 40 web-based manager 6 connecting to 16 introduction 6 wizard setting up firewall 28, 32, 38, 41 starting 28, 33, 38, 41 01-28008-0017-20050128 Fortinet Inc.

This manual is also suitable for:

Fortigate 50a

Table of Contents