Fortinet FortiGate FortiGate-800F Quick Start Manual

FortiGate-800F LED indicators

LED State Description
Green The FortiGate-800F unit is powered on.
Power
Off The FortiGate-800F unit is powered off.
The correct cable is in use and the connected equipment has
Amber
Internal power.
External
Flashing
DMZ Network activity at this interface.
Amber
HA
Off No link established.

Factory defaults

NAT/Route mode IP addresses Transparent mode IP address
Interface IP
Internal 192.168.1.99
Interface
192.168.100.99
External
MANAGEMENT IP 10.10.10.1
DMZ 10.10.10.1
HA 0.0.0.0
1 to 4 0.0.0.0
1

Checking the package contents

Checking the package contents
Connector Type Speed
Internal LC SFP 1000Base-SX
External LC SFP 1000Base-SX
DMZ LC SFP 1000Base-SX
HA LC SFP 1000Base-SX
1 to 4 RJ-45 10/100 Base-T
CONSOLE RJ-45 9,600 bps
2
Connecting the FortiGate-800F
• Place the unit on a stable surface or mount it in a 19-inch rack. It requires
1.5 inches (3.75 cm) clearance on each side to allow for cooling.
• Make sure the power switch on the back of the unit is turned off before
connecting the power and network cables.
• MAIN MENU appears when the unit is up and running.
3

Planning the configuration

NAT/Route mode
In NAT/Route mode, each FortiGate-800F unit is visible to the networks that it is
connected to. All of its interfaces are on different subnets. Each interface that is
connected to a network must be configured with an IP address that is valid for that
network.
You would typically use NAT/Route mode when the FortiGate-800F unit is deployed as
a gateway between private and public networks. In its default NAT/Route mode
configuration, the unit functions as a firewall. Firewall policies control communications
through the FortiGate-800 unit. No traffic can pass through the FortiGate-800 unit until
you add firewall policies.
External
204.23.1.5
Internet
800F
NAT mode policies controlling
In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In
NAT mode, the FortiGate-800F unit performs network address translation before IP
packets are sent to the destination network. In Route mode, no translation takes place.
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, Web content filtering, Spam filtering, intrusion
prevention (IPS), and virtual private networking (VPN).
4

Choosing a configuration tool

Web-based
manager and

Setup Wizard

The FortiGate web-based
manager is an easy to use
management tool.
Use it to configure the
administrator password, the internal, external and DMZ
interface addresses, the default gateway address, and
the DNS server addresses.
Requirements:
• The Ethernet connection between the FortiGate-
800F and management computer.
• Internet Explorer version 6.0 or higher on the
management computer.
Administrator account settings
IP User Name Password
admin (none)
Protocol Description
Ethernet Connection to the internal network.
Ethernet Connection to the Internet.
Ethernet Optional connection to a DMZ network.
Optional connection to other FortiGate-800F units for
Ethernet
high availability (HA).
Ethernet Optional connections to other networks.
Optional connection to the management computer.
RS-232
Provides access to the command line interface (CLI).
Internal network
FortiGate-800F Unit
Internal
192.168.1.99
in NAT/Route mode
Route mode policies
P W R
controlling traffic between
I N T E R N A L E X T E R N A L D M Z HA 1 2 3 4 CONSOLE USB
Esc Enter
internal networks.
DMZ
DMZ network
10.10.10.1
traffic between internal and
external networks.
configure advanced settings, see the Documentation
CD-ROM.
Requirements:
• The RJ-45-serial connection between the
FortiGate-800F and management computer.
• A terminal emulation application (HyperTerminal for
Windows) on the management computer.
FortiGate-800F
800F
© Copyright 2005 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
12 January 2005
For technical support please visit http://www.fortinet.com.
Check that the package contents are complete.
8
LCD
Connect the FortiGate-800F unit to a power outlet and to the internal and external networks.
Crossover Ethernet cable connects to management computer on internal network
Straight-through Ethernet cable connects to LAN or switch on internal network
Fiber-optic Ethernet connects to Internet (public switch, router or modem)
P W R
I N T E R N A L E X T E R N A L D M Z
Esc Enter
800F
Straight-through Ethernet cables connect to other networks
Optional RJ-45 serial cable connects to management computer
Before beginning to configure the FortiGate-800F, you need to plan how to integrate the unit into
your network. Your configuration plan is dependent upon the operating mode that you select:
NAT/Route mode (the default) or Transparent mode.

Transparent mode

In Transparent mode, the FortiGate-800F unit is invisible to the network. All of its
interfaces are on the same subnet. You only have to configure a management IP
address so that you can make configuration changes.
You would typically use the FortiGate-800F unit in Transparent mode on a private
network behind an existing firewall or behind a router. In its default Transparent mode
configuration, the unit functions as a firewall. No traffic can pass through the
FortiGate-800F unit until you add firewall policies.
public network
204.23.1.5
Internet
192.168.1.3
(firewall, router)
You can connect up to 8 network segments to the FortiGate-800F unit to control traffic
between these network segments.
10.10.10.2
Choose among three different tools to configure the FortiGate-800F.
Command Line
Interface (CLI)
The CLI is a full-featured
management tool.
Use it to configure the
administrator password,
the interface addresses,
the default gateway
address, and the DNS
server addresses. To
P W R
I N T E R N A L E X T E R N A L D M Z
Esc Enter

QuickStart Guide

01-28005-0061-20050112
Front
P W R
I N T E R N A L E X T E R N A L D M Z HA 1 2 3 4 CONSOLE
Esc Enter
Control Fiber-optic Internal,External, 1 to 4 Serial
Buttons DMZ HA Interface Interface Port
Back
Power
Connection
Fiber-optic Ethernet cable connects to DMZ network
Fiber-optic Ethernet cable connects to another FortiGate-800 for HA
HA 1 2 3 4 CONSOLE USB
USB (future use)
FortiGate-800F Unit
Gateway to
in Transparent mode
10.10.10.2
P W R
I N T E R N A L E X T E R N A L D M Z HA 1 2 3 4
Esc Enter
8
External
10.10.10.1
Management IP
Transparent mode policies
controlling traffic between
internal and external networks
The control buttons and LCD are located on the front
panel of the FortiGate-800F. Use them to configure the
internal, external and DMZ interface addresses, and the
default gateway address. To configure the other
interface addresses, and the DNS server addresses,
use the web-based manager or the CLI.
Requirements:
• Physical access to the FortiGate-800F.
HA 1 2 3 4 CONSOLE USB
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
USB
RJ-45 Serial Cable
x4 SFP Transceivers
USB
(future)
RJ-45 to
DB-9 Serial Cable
Power Cable
Rack-Mount Brackets
Power
Switch FortiGate-800
USER MANUAL Esc Enter I N T E R N A L E X T E R N A L D M Z HA 1 2 3 4 CONSOLE USB
8 P W R
QuickStart Guide
Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.
Documentation
Power cable connects to power outlet
Internal network
CONSOLE USB
10.10.10.3
Internal
Control
Buttons &
LCD