Fortinet FortiGate FortiGate-800 Quick Start Manual

LED State Description
Green
Power
Off
Amber
Flashing
Amber
Internal Green
External
DMZ
HA
Ports 1 to 4
Flashing
Green
Off
Checking the Package Contents
Connector Type Speed
Internal RJ-45 10/100 Base-T
LC SFP 1000Base-SX
External RJ-45 10/100 Base-T
LC SFP 1000Base-SX
DMZ RJ-45 10/100 Base-T
LC SFP 1000Base-SX
HA RJ-45 10/100 Base-T
LC SFP 1000Base-SX
Ports 1 to 4 RJ-45 10/100 Base-T
USB USB
Console RJ-45 9600 bps
Connecting
Connect the FortiGate unit to a power outlet and to the internal and external networks.
• Place the unit on a stable surface or mount in a 19-inch rack (requires 1U of space).
• The FortiGate unit requires 1.5 inches (3.75 cm) clearance above and on each side to allow for cooling.
• MAIN MENU appears on the LCD when the unit is up and running.
Crossover Ethernet cable connects to management computer on internal network
Straight-through Ethernet cable connects to LAN or switch on internal network
Straight-through Ethernet cable connects to Internet (public switch, router or modem)
I N T E R N A L E X T E R N A L
Esc Enter
P W R
8
Straight-through Ethernet cables connect to other networks
Optional RJ-45 serial cable connects to management computer

Planning the Configuration

Before beginning to configure the FortiGate unit, you need to plan how to integrate the unit into your network. Your configuration plan is dependent upon the operating mode that you select:
NAT/Route mode (the default) or Transparent mode. Refer to the Tools and Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection,
FortiGuard, Web content filtering, Spam filtering, intrusion prevention (IPS), and virtual private networking (VPN).
NAT/Route mode
In NAT/Route mode, each FortiGate unit is visible to the network that it is connected to. All
of its interfaces are on different subnets. Each interface connected to a network must be
configured with an IP address that is valid for that network.
You would typically use NAT/Route mode when the FortiGate unit is deployed as a gateway
between private and public networks. In its default NAT/Route mode configuration, the unit
functions as a firewall. Firewall policies control communications through the FortiGate unit.
No traffic can pass through the FortiGate unit until you add firewall policies.
In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In NAT
mode, the FortiGate unit performs network address translation before IP packets are sent to
the destination network. In Route mode, no translation takes place.
Internet
Router
The FortiGate unit is on.
The FortiGate unit is off.
The correct cable is in use and the connected equipment has
power.
Network activity at this interface.
Internal, External, DMZ and HA connect at up to 1000 Mbps.
1, 2, 3 and 4 (FortiGate-800) connect at up to 100 Mbps.
Internal, External, DMZ and HA (FortiGate-800F), the correct
optical fiber patch cable is connected to the gigabit fiber
interface.
(FortiGate-800F) Network activity at the gigabit fiber interface.
No link established.
Protocol Description
Ethernet Connection to the internal network.
Ethernet Connection to the Internet.
Ethernet Optional connection to a DMZ network.
Ethernet Optional connection to other FortiGate-800 or FortiGate-
800F units for high availability (HA).
Ethernet Optional connections to other networks.
USB Optional connection for FortiUSB key for firmware backup
and installation.
RS-232 Optional connection to the management computer.
serial Provides access to the command line interface (CLI).
Straight-through Ethernet cable connects to DMZ network
Straight-through Ethernet cable connects to another FortiGate-800 for HA
D M Z HA 1 2 3 4 CONSOLE USB
USB
Internal Network
192.168.1.3
Routing policies controlling
traffic between internal
networks.
Internal
192.168.1.99
Internal
DMZ
External
network
10.10.10.1
204.23.1.5
10.10.10.2
NAT mode policies controlling
traffic between internal
and external networks.
8
800F
© Copyright 2007 Fortinet Incorporated. All rights reserved.
Products mentioned in this document are trademarks or registered trade-
marks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
17 May 2007
FortiGate-800 Front
I N T E R N A L E X T E R N A L
Esc Enter
P W R
8
LCD Control Internal,External,DMZ
Buttons HA Interface
FortiGate-800F Front
P W R
I N T E R N A L E X T E R N A L
Esc Enter
800F
Fiber-optic Internal,External,
DMZ HA Interface
Back
Fiber-optic Ethernet cable connects to LAN or switch on internal network
Fiber-optic Ethernet connects to Internet (public switch, router or modem)
P W R
I N T E R N A L E X T E R N A L D M Z
Esc Enter
800F
Straight-through Ethernet cables connect to other networks
or or crossover cable to connect to a management computer
Optional RJ-45 serial cable connects to management computer

Transparent mode

In Transparent mode, the FortiGate unit is invisible to the network. All of its interfaces are on
the same subnet. You only have to configure a management IP address so that you can make
configuration changes.
You would typically use the FortiGate unit in Transparent mode on a private network behind
an existing firewall or behind a router. In its default Transparent mode configuration, the unit
functions as a firewall. No traffic can pass through the FortiGate unit until you add firewall
policies.
You can connect up to four network segments to the FortiGate unit to control traffic between
these network segments.
External
Internet
Router
I N T E R N A L E X T E R N A L D M Z HA 1 2 3
Esc Enter
P W R
P W R
I N T E R N A L E X T E R N A L D M Z HA 1 2 3
Esc Enter
FortiGate-800/800F
01-30004-0038-20070517
D M Z HA 1 2 3 4 CONSOLE USB
Orange - Crossover
Grey - Straight-through
1 to 4 Serial
x4 SFP Transceivers
USB
Interface Port
(FortiGate-800F only)
DB-9 Serial Cable
D M Z HA 1 2 3 4 CONSOLE USB
Rack-Mount Brackets
Copyright 2006 Fortinet Incorporated. All rights reserved.
Power Power Trademarks
Products mentioned in this document are trademarks.
Connection Switch
Documentation
Fiber-optic Ethernet cable connects to DMZ network
Fiber-optic Ethernet cable connects to another FortiGate-800F for HA
HA 1 2 3 4 CONSOLE USB
USB
Internal
Internal network
Hub or switch
4 CONSOLE USB
4 CONSOLE USB
Ethernet Cables:
RJ-45 to
Power Cable
Q u i c k S t a r t G u i d e
Esc Enter I N T E R N A L E X T E R N A L D M Z HA 1 2 3 4 CONSOLE USB
8 P W R
P W R
I N T E R N A L E X T E R N A L D M Z HA 1 2 3 4 CONSOLE USB
800F Esc Enter
FortiGate-800/8000F