Fortinet FortiGate FortiGate-60M Installation Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate FortiGate-60M
  6. Installation manual
Fortinet FortiGate FortiGate-60M Installation Manual

Fortinet FortiGate FortiGate-60M Installation Manual

Antivirus firewalls
Hide thumbs Also See for FortiGate FortiGate-60M:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual

Installation Guide

FortiGate 60M
INTERNAL
1
2
3
4
DMZ
WAN1
WAN2
PWR
STATUS
LINK 100
LINK 100
LINK 100
LINK 100
LINK 100
LINK 100
LINK 100
Version 2.80 MR8
28 January 2005
01-28008-0111-20050128

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate FortiGate-60M

Summary of Contents for Fortinet FortiGate FortiGate-60M

  • Page 1: Installation Guide

    Installation Guide FortiGate 60M INTERNAL WAN1 WAN2 STATUS LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Version 2.80 MR8 28 January 2005 01-28008-0111-20050128...
  • Page 2 Products mentioned in this document are trademarks or registered trademarks of their respective holders. Regulatory Compliance FCC Class A Part 15 CSA/CUS For technical support, please visit http://www.fortinet.com. Send information about errors or omissions in this document or any Fortinet technical documentation to techdoc@fortinet.com.

  • Page 3: Table Of Contents

    Command line interface ... 7 Setup wizard ... 7 Document conventions ... 7 FortiGate documentation ... 8 Fortinet Knowledge Center ... 9 Comments on Fortinet technical documentation... 9 Related documentation ... 9 FortiManager documentation ... 9 FortiClient documentation ... 10 FortiMail documentation... 10 FortiLog documentation ...
  • Page 4 Standalone mode configuration ... 58 Configuring modem settings ... 59 Connecting and disconnecting the modem in Standalone mode... 60 Defining a Ping Server ... 61 Dead gateway detection ... 61 Adding firewall policies for modem connections ... 62 Index ... 63 01-28008-0111-20050128 Fortinet Inc.

  • Page 5: Introduction

    • • The FortiGate Antivirus Firewall uses Fortinet’s Accelerated Behavior and Content Analysis System (ABACAS™) technology, which leverages breakthroughs in chip design, networking, security, and content analysis. The unique ASIC-based architecture analyzes content and behavior in real-time, enabling key applications to be deployed right at the network edge where they are most effective at protecting your networks.

  • Page 6: Secure Installation, Configuration, And Management

    The saved configuration can be restored at any time. Figure 1: FortiGate web-based manager and setup wizard the web-based manager, the command line interface (CLI), or the setup wizard. 01-28008-0111-20050128 Introduction Fortinet Inc.

  • Page 7: Command Line Interface

    Introduction Command line interface You can access the FortiGate command line interface (CLI) by connecting a management computer serial port to the FortiGate RJ-45 serial console connector. You can also use Telnet or a secure SSH connection to connect to the CLI from any network that is connected to the FortiGate unit, including the Internet.

  • Page 8: Fortigate Documentation

    VPN. FortiGate online help Provides a context-sensitive and searchable version of the Administration Guide in HTML format. You can access online help from the web-based manager as you work. 01-28008-0111-20050128 Introduction Fortinet Inc.

  • Page 9: Fortinet Knowledge Center

    The most recent Fortinet technical documentation is available from the Fortinet Knowledge Center. The knowledge center contains short how-to articles, FAQs, technical notes, product and feature guides, and much more. Visit the Fortinet Knowledge Center at http://kc.forticare.com. Comments on Fortinet technical documentation Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com.

  • Page 10: Forticlient Documentation

    Fortinet technical support web site at http://support.fortinet.com. You can also register FortiGate Antivirus Firewalls from http://support.fortinet.com and change your registration information at any time. Fortinet email support is available from the following addresses:...
  • Page 11 Introduction amer_support@fortinet.com For customers in the United States, Canada, Mexico, Latin apac_support@fortinet.com For customers in Japan, Korea, China, Hong Kong, Singapore, eu_support@fortinet.com For information on Fortinet telephone support, see http://support.fortinet.com. When requesting technical support, please provide the following information: •...
  • Page 12 Customer service and technical support Introduction 01-28008-0111-20050128 Fortinet Inc.

  • Page 13: Getting Started

    Getting started This section describes unpacking, setting up, and powering on a FortiGate Antivirus Firewall unit. This section includes: • • • • • • • • • FortiGate-60M Installation Guide FortiGate-60M Installation Guide Version 2.80 MR8 Package contents Mounting Turning the FortiGate unit power on and off Connecting to the web-based manager Connecting to the command line interface (CLI)

  • Page 14: Package Contents

    FortiGate-60M Antivirus Firewall one orange crossover ethernet cable (Fortinet part number CC300248) one gray regular ethernet cable (Fortinet part number CC300249) one RJ-45 to DB-9 serial cable (Fortinet part number CC300302) one RJ-11 phone cable FortiGate-60M Quick Start Guide CD containing the FortiGate user documentation...

  • Page 15: Turning The Fortigate Unit Power On And Off

    Getting started Power requirements • • Environmental specifications • • • Turning the FortiGate unit power on and off To power on the FortiGate unit Connect the AC adapter to the power connection at the back of the FortiGate-60M unit. Connect the AC adapter to the power cable.

  • Page 16: Connecting To The Web-Based Manager

    “s” in https://). The FortiGate login is displayed. Figure 3: FortiGate login Type admin in the Name field and select Login. a computer with an ethernet connection, Internet Explorer version 6.0 or higher, an ethernet cable. 01-28008-0111-20050128 Getting started Fortinet Inc.

  • Page 17: Connecting To The Command Line Interface (Cli)

    Getting started Connecting to the command line interface (CLI) As an alternative to the web-based manager, you can install and configure the FortiGate unit using the CLI. Configuration changes made with the CLI are effective immediately without resetting the firewall or interrupting service. To connect to the FortiGate CLI, you need: •...

  • Page 18: Quick Installation Using Factory Defaults

    LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Internal interface 192.168.1.99 DHCP server and DNS server for the internal network “Factory default DHCP Getting started Internal network Obtain IP address and DNS server IP address automatically Fortinet Inc.

  • Page 19: Factory Default Fortigate Configuration Settings

    Select one of the following DNS settings • • Go to Router > Static, edit route #1 and change Gateway to the default gateway IP address from the ISP and select OK. Network configuration is complete. Proceed to Select Retrieve default gateway from server and Override internal DNS options if your...

  • Page 20: Factory Default Nat/Route Mode Network Configuration

    (none) 192.168.1.99 Netmask: 255.255.255.0 Administrative Access: HTTP, HTTPS, Ping 192.168.100.99 Netmask: 255.255.255.0 Administrative Access: Ping 192.168.101.99 Netmask: 255.255.255.0 Administrative Access: Ping 10.10.10.1 Netmask: 255.255.255.0 Administrative Access: HTTPS, Ping 0.0.0.0 Netmask: 0.0.0.0 Administrative Access: Getting started Table 3 on Fortinet Inc.

  • Page 21: Factory Default Transparent Mode Network Configuration

    Getting started Table 3: Factory default NAT/Route mode network configuration (Continued) Network Settings Factory default Transparent mode network configuration In Transparent mode, the FortiGate unit has the default network configuration listed in Table Table 4: Factory default Transparent mode network configuration Administrator account Management IP...

  • Page 22: Factory Default Protection Profiles

    Select from any of the 50 pre-defined services to control traffic through the FortiGate unit that uses that service. The recurring schedule is valid at any time. Control how the FortiGate unit applies virus scanning, web content filtering, spam filtering, and IPS. Fortinet Inc.

  • Page 23: Planning The Fortigate Configuration

    Getting started Unfiltered Figure 5: Web protection profile settings Planning the FortiGate configuration Before you configure the FortiGate unit, you need to plan how to integrate the unit into the network. Among other things, you must decide whether you want the unit to be visible to the network, which firewall functions you want it to provide, and how you want it to control the traffic flowing between its interfaces.

  • Page 24: Nat/Route Mode

    Planning the FortiGate configuration NAT/Route mode In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its interfaces are on different subnets. The following interfaces are available in NAT/Route mode: • • • • •...

  • Page 25: Nat/Route Mode With Multiple External Network Connections

    The management IP address is also used for antivirus and attack definition updates. You typically use the FortiGate unit in Transparent mode on a private network behind an existing firewall or behind a router. The FortiGate unit performs firewall functions, IPSec VPN, virus scanning, IPS, web content filtering, and Spam filtering.

  • Page 26: Configuration Options

    A 4-port switch for connecting the FortiGate internal interface to your internal network segment, WAN1 can connect to the external firewall or router, DMZ and WAN2 can connect to other network segments, Ethernet connection between the FortiGate unit and a management computer.

  • Page 27: Next Steps

    Getting started If you are configuring the FortiGate unit to operate in Transparent mode, you can switch to Transparent mode from the web-based manager and then use the setup wizard to add the administration password, the management IP address and gateway, and the DNS server addresses.
  • Page 28 Next steps Getting started 01-28008-0111-20050128 Fortinet Inc.

  • Page 29: Nat/Route Mode Installation

    NAT/Route mode installation This chapter describes how to install the FortiGate unit in NAT/Route mode. For information about installing a FortiGate unit in Transparent mode, see mode installation” on page units in HA mode, see about installing the FortiGate unit in NAT/Route mode, see configuration”...

  • Page 30: Dhcp Or Pppoe Configuration

    The default gateway directs all non-local traffic to this interface and to the external network. Primary DNS Server: Secondary DNS Server: 01-28008-0111-20050128 NAT/Route mode installation _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ _____._____._____._____ Table 7 “Connecting to the Fortinet Inc.

  • Page 31: Configuring Basic Settings

    NAT/Route mode installation Configuring basic settings After connecting to the web-based manager you can use the following procedures to complete the basic configuration of the FortiGate unit. To add/change the administrator password Go to System > Admin > Administrators. Select the Change Password icon for the admin administrator. Enter the new password and enter it again to confirm.

  • Page 32: Using The Command Line Interface

    Using the command line interface Go to System > Router > Static. If the Static Route table contains a default route (IP and Mask set to 0.0.0.0), select the Delete icon to delete this route. Select Create New. Set Destination IP to 0.0.0.0.
  • Page 33 NAT/Route mode installation Example Set the IP address and netmask of the WAN1 interface to the IP address and netmask that you recorded in To set the static IP address and netmask, enter: Example To set the WAN1 interface to use DHCP, enter: To set the WAN1 interface to use PPPoE, enter: Use the same syntax to set the IP address of each FortiGate interface as required.

  • Page 34: Using The Setup Wizard

    1 set dst 0.0.0.0 0.0.0.0 set gateway <gateway_IP> set device <interface> config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway 204.23.1.2 set device wan1 “Connecting to the web-based manager” on page 01-28008-0111-20050128 NAT/Route mode installation Fortinet Inc.
  • Page 35 NAT/Route mode installation If you are configuring the FortiGate unit to operate in NAT/Route mode (the default), you can use the setup wizard to: • • • • • • • • Table 8 on page 35 wizard. See Table 8: Setup wizard settings Password Internal Interface External Interface...

  • Page 36: Starting The Setup Wizard

    Create a protection profile that enables virus scanning, for HTTP, FTP, IMAP, POP3, and SMTP (recommended). Add this protection profile to a default firewall policy. Do not configure antivirus protection. to fill in the wizard fields. Fortinet Inc.
  • Page 37 One WAN1 port for connecting to your public switch or router and the Internet, One WAN2 port for connecting to a second public switch or router and the Internet for a redundant Internet connection, One DMZ port for connecting to a DMZ network.

  • Page 38: Configuring The Networks

    For the external network, route all packets to the FortiGate WAN1 or WAN 2 interface. 01-28008-0111-20050128 NAT/Route mode installation Internal INTERNAL WAN1 WAN2 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 WAN2 Broadband (cable or DSL) Internet DMZ Network Web Server Mail Server Fortinet Inc.

  • Page 39: Configuring The Modem Interface

    NAT/Route mode installation Configuring the Modem interface In NAT/Route mode, you use the modem interface as either a redundant interface or standalone interface to the Internet. • • When connecting to the ISP, in either configuration, the FortiGate unit modem can automatically dial up to three dialup accounts until the modem connects to an ISP.
  • Page 40 After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.

  • Page 41: Transparent Mode Installation

    Transparent mode installation This chapter describes how to install a FortiGate unit in Transparent mode. If you want to install the FortiGate unit in NAT/Route mode, see page availability installation” on page unit in Transparent mode, see This chapter describes: •...

  • Page 42: Using The Web-Based Manager

    The management IP address and netmask must be valid for the network from which you will manage the FortiGate unit. Add a default gateway if the FortiGate unit must connect to a router to reach the management computer. Primary DNS Server: Secondary DNS Server: _____._____._____._____...

  • Page 43: Reconnecting To The Web-Based Manager

    Otherwise, you can reconnect to the web-based manager by browsing to https://10.10.10.1. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field.
  • Page 44 <address_ip> set secondary <address_ip> config system dns set primary 293.44.75.21 set secondary 293.44.75.22 config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway <address_gateway> set device <interface> 01-28008-0111-20050128 Transparent mode installation Table 9 on page Fortinet Inc.

  • Page 45: Using The Setup Wizard

    Otherwise, you can reconnect to the web-based manager by browsing to https://10.10.10.1. If you connect to the management interface through a router, make sure that you have added a default gateway for that router to the management IP default gateway field.

  • Page 46: Connecting The Fortigate Unit To Your Network

    Connect the WAN1 interface to the network segment connected to the external firewall or router. Connect to the public switch or router provided by your Internet Service Provider. If you are a DSL or cable subscriber, connect the WAN1 interface to the internal or LAN connection of your DSL or cable modem.

  • Page 47: Next Steps

    FortiGate-60M Installation Guide Internal Network Hub or Switch Internal INTERNAL STATUS WAN1 WAN2 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 FortiGate-60M WAN1 Internet 01-28008-0111-20050128 Other Network Hub or Switch Public Switch or Router Next steps...
  • Page 48 After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.

  • Page 49: High Availability Installation

    High availability installation This chapter describes how to install two or more FortiGate units in an HA cluster. HA installation involves three basic steps: • • • For information about HA, see the FortiGate Administration Guide and the FortiOS High Availability technical note. Priorities of heartbeat device and monitor priorities The procedures in this chapter do not include steps for changing the priorities of heartbeat devices or for configuring monitor priorities settings.
  • Page 50 FortiGate unit with the highest serial number becomes the primary cluster unit. You can configure a FortiGate unit to always become the primary unit in the cluster by giving it a high priority and by selecting Override master. 01-28008-0111-20050128 High availability installation Fortinet Inc.

  • Page 51: Configuring Fortigate Units For Ha Using The Web-Based Manager

    High availability installation Table 10: High availability settings (Continued) Schedule Configuring FortiGate units for HA using the web-based manager Use the following procedure to configure each FortiGate unit for HA operation. To change the FortiGate unit host name Changing the host name is optional, but you can use host names to identify individual cluster units.

  • Page 52: Configuring Fortigate Units For Ha Using The Cli

    Connect to the CLI. Change the host name. “Connecting the cluster to your networks” on page “Connecting to the command line interface (CLI)” on page config system global set hostname <name_str> 01-28008-0111-20050128 High availability installation “Connecting the cluster to your networks” Fortinet Inc.

  • Page 53: Connecting The Cluster To Your Networks

    You must connect all matching interfaces in the cluster to the same hub or switch. Then you must connect these interfaces to their networks using the same hub or switch. Fortinet recommends using switches for all cluster connections for the best performance. FortiGate-60M Installation Guide...
  • Page 54 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Hub or Switch INTERNAL STATUS WAN1 WAN2 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 Internal WAN1 Internet Router Fortinet Inc.

  • Page 55: Installing And Configuring The Cluster

    High availability installation Power on all the FortiGate units in the cluster. As the units start, they negotiate to choose the primary cluster unit and the subordinate units. This negotiation occurs with no user intervention and normally just takes a few seconds. Installing and configuring the cluster When negotiation is complete the you can configure the cluster as if it was a single FortiGate unit.
  • Page 56 Installing and configuring the cluster High availability installation 01-28008-0111-20050128 Fortinet Inc.

  • Page 57: Configuring The Modem Interface

    Configuring the modem interface The FortiGate-60M includes an internal 56K modem for use as either a redundant interface or a standalone interface in NAT/Route mode. • • When connecting to an ISP in either configuration, the modem can automatically dial up to three dialup accounts until the modem connects to an ISP.

  • Page 58: Standalone Mode Configuration

    Go to System > Network > Modem. From the Redundant for list, select the ethernet interface that the modem is replacing. “Defining a Ping Server” on page “Adding firewall policies for modem connections” on page 01-28008-0111-20050128 Configuring the modem interface Fortinet Inc.

  • Page 59: Configuring Modem Settings

    Configuring the modem interface Configure other modem settings as required. Make sure there is correct information in one or more Dialup Accounts. Configure firewall policies for connections to the modem interface. Select Dial Up. The FortiGate unit initiates dialing into each dialup account in turn until the modem connects to an ISP.

  • Page 60: Connecting And Disconnecting The Modem In Standalone Mode

    The user name (maximum 63 characters) sent to the ISP. The password sent to the ISP. 01-28008-0111-20050128 Configuring the modem interface Fortinet Inc.

  • Page 61: Defining A Ping Server

    To add a ping server to an interface Go to System > Network > Interface. Choose an interface and select Edit. Set Ping Server to the IP address of the next hop router on the network connected to the interface. Select the Enable check box.

  • Page 62: Adding Firewall Policies For Modem Connections

    You can configure firewall policies to control the flow of packets between the modem interface and the other interfaces on the FortiGate unit. For information about adding firewall policies, see the FortiGate Administration Guide. 01-28008-0111-20050128 Configuring the modem interface Fortinet Inc.

  • Page 63: Index

    62 firewall setup wizard 6, 30, 34, 42, 45 starting 31, 36, 42, 45 Fortinet customer service 10 configuring FortiGate units for HA operation 49 connecting an HA cluster 53, 55 FortiGate-60M Installation Guide FortiGate-60M Installation Guide Version 2.80 MR8...
  • Page 64 39, 47 Transparent mode changing to 43 configuring the default gateway 44 management IP address 44 web-based manager 6 connecting to 16 introduction 6 wizard setting up firewall 30, 34, 42, 45 starting 31, 36, 42, 45 01-28008-0111-20050128 Fortinet Inc.

This manual is also suitable for:

Fortigate 60m

Table of Contents