Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Fortinet FortiWiFi FortiWiFi-50B
Summary of Contents for Fortinet FortiWiFi FortiWiFi-50B
- Page 1 I N S T A L L G U I D E FortiWiFi-50B FortiOS 3.0 MR6 www.fortinet.com...
- Page 2 FortiOS 3.0 MR6 31 January 2008 01-30006-0445-20080131 © Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.
-
Page 3: Table Of Contents
Document conventions... 6 Typographic conventions ... 7 Further Reading ... 7 Fortinet Knowledge Center ... 8 Comments on Fortinet technical documentation ... 8 Customer service and technical support ... 8 Installing ... 9 Environmental specifications... 9 Cautions and warnings ... 10 Grounding ... - Page 4 Advanced configuration... 31 Using a wireless network ... 37 Configure the interfaces ... 21 Configure a DNS server ... 22 Adding a default route and gateway ... 22 Adding firewall policies ... 23 Configuring Transparent mode... 23 Using the web-based manager ... 24 Switching to Transparent mode...
- Page 5 Contents Wireless Security... 41 Wireless Equivalent Privacy (WEP) ... 41 Wi-Fi Protected Access (WPA, WPA2) ... 42 Additional security measures ... 42 Setting up the FortiWiFi unit as an access point... 43 Configure the DHCP settings ... 43 Configure the wireless parameters ... 44 Configure the wireless interface ...
- Page 6 Contents FortiWiFi-50B FortiOS 3.0 MR6 Install Guide 01-30006-0445-20080131...
-
Page 7: Introduction
Introduction Introduction Welcome and thank you for selecting Fortinet products for your real-time network protection. The FortiWiFi Unified Threat Management System improves network security, reduces network misuse and abuse, and helps you use communications resources more efficiently without compromising the performance of your network. -
Page 8: About The Fortiwifi-50B
About the FortiWiFi-50B About the FortiWiFi-50B About this document Document conventions The FortiWiFi-50B adds wireless connectivity by providing standard 802.11 b/g support. The FortiWiFi-50B can be powered by standard based Power Over Ethernet (POE) devices to ease installation and deployment. The FortiWiFi-50B is ideal for remote offices, wireless service providers, retail stores, broadband telecommuter sites, and many other applications. -
Page 9: Typographic Conventions
CLI command syntax Document names Menu commands Program output Variables Further Reading The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com. The following FortiWiFi • FortiWiFi QuickStart Guide Provides basic information about connecting and installing a FortiWiFi unit. -
Page 10: Fortinet Knowledge Center
Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com. Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and operate reliably in your network. -
Page 11: Installing
Installing Installing This chapter describes installing your FortiWiFi unit in your server room, environmental specifications and how to mount the FortiWiFi in a rack if applicable. This chapter contains the following topics: • Environmental specifications • Cautions and warnings • Plugging in the FortiWiFi •... -
Page 12: Cautions And Warnings
Cautions and warnings Cautions and warnings Grounding Rack mount instructions Mounting • Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. • Consult the dealer or an experienced radio/TV technician for help. The equipment compliance with FCC radiation exposure limit set forth for uncontrolled Environment. -
Page 13: Setting Up A Wireless Network
Installing Place the FortiWiFi unit on any flat, stable surface. Ensure the unit has at least 1.5 inches (3.75 cm) of clearance on each side to ensure adequate airflow for cooling. Alternatively, you can use the mounting brackets to mount the FortiWiFi to a wall. To attach the mounting brackets, place the bracket so that the flat portion is away from the FortiWifi, and the bracket is supported by the bracket side bars. -
Page 14: Radio Frequency Interface
Setting up a wireless network Radio Frequency interface Using multiple access points The 802.11b/g standard uses a frequency range of 2.4 to 2.483 GHz and the 802.11a standard transmit at 5 GHz. Radio frequency (RF) interference occurs when other devices send RF signals during their normal operation that use the same frequency as the FortiWiFi AP. -
Page 15: Plugging In The Fortiwifi
Installing This sample office has washrooms, a stairwell and an elevator shaft in the center of the building, making it impossible to use a single FortiWiFi AP effectively. The elevator shaft and multiple metal stalls in the washrooms can cause signal degradation. - Page 16 Turning off the FortiWiFi unit Installing FortiWiFi-50B FortiOS 3.0 MR6 Install Guide 01-30006-0445-20080131...
-
Page 17: Configuring
Configuring Configuring This section provides an overview of the operating modes of the FortiWiFi unit, NAT/Route and Transparent, and how to configure the FortiWiFi unit for each mode. There are two ways you can configure the FortiWiFi unit, using the web-based manager or the command line interface (CLI). -
Page 18: Transparent Mode
Connecting to the FortiWiFi unit Transparent mode Connecting to the FortiWiFi unit Connecting to the web-based manager In Transparent mode, the FortiWiFi unit is invisible to the network. Similar to a network bridge, all FortiGate interfaces must be on the same subnet. You only have to configure a management IP address to make configuration changes. -
Page 19: Connecting To The Cli
Configuring To support a secure HTTPS authentication method, the FortiWiFi unit ships with a self-signed security certificate, which is offered to remote clients whenever they initiate a HTTPS connection to the FortiWiFi unit. When you connect, the FortiWiFi unit displays two security warnings in a browser. The first warning prompts you to accept and optionally install the FortiWiFi unit’s self-signed security certificate. -
Page 20: Configuring Nat Mode
Configuring NAT mode Configuring NAT mode Using the web-based manager Configuring NAT mode involves defining interface addresses and default routes, and simple firewall policies. You can use the web-based manager or the CLI to configure the FortiWiFi unit in NAT/Route mode. After connecting to the web-based manager, you can use the following procedures to complete the basic configuration of the FortiWiFi unit. -
Page 21: Configure A Dns Server
Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet. DNS server IP addresses are typically provided by your internet service provider. -
Page 22: Adding Firewall Policies
Configuring NAT mode For an initial configuration, you must edit the factory configured static default route to specify a different default gateway for the FortiWiFi unit. This will enable the flow of data through the FortiWiFi unit. For details on adding additional static routes, see the FortiGate Administration Guide. -
Page 23: Using The Cli
Configuring Set the following and select OK. Source Interface Source Address Destination Interface Select the port connected to the network. Destination Address All Schedule Service Action Firewall policy configuration is the same in NAT/Route mode and Transparent mode. Note that these policies allow all traffic through. No protection profiles have been applied. -
Page 24: Configure A Dns Server
Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet. DNS server IP addresses are typically provided by your internet service provider. -
Page 25: Adding Firewall Policies
Configuring For an initial configuration, you must edit the factory configured static default route to specify a different default gateway for the FortiWiFi unit. This will enable the flow of data through the FortiWiFi unit. For details on adding additional static routes, see the FortiGate Administration Guide. -
Page 26: Using The Web-Based Manager
Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet. DNS server IP addresses are typically provided by your internet service provider. -
Page 27: Using The Cli
Configuring To add an outgoing traffic firewall policy Go to Firewall > Policy. Select Create New. Set the following and select OK. Source Interface Source Address Destination Interface Select the port connected to the Internet. Destination Address All Schedule Service Action To add an incoming traffic firewall policy Go to Firewall >... -
Page 28: Configure A Dns Server
Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet. DNS server IP addresses are typically provided by your internet service provider. -
Page 29: Verify The Configuration
Configuring Verify the configuration Your FortiWiFi unit is now configured and connected to the network. To verify the FortiWiFi unit is connected and configured correctly, use your web browser to browse a web site, or use your email client to send and receive email. If you cannot browse to the web site or retrieve/send email from your account, review the previous steps to ensure all information was entered correctly and try again. -
Page 30: Restoring A Configuration
Restoring a configuration Restoring a configuration Additional configuration Set the time and date Set the Administrator password Should you need to restore the configuration file, use the following steps. To restore the FortiWiFi configuration Go to System > Maintenance > Backup & Restore. Select to upload the restore file from your PC or a USB key. -
Page 31: Configure Fortiguard
FortiWiFi unit. Before you can begin receiving updates, you must register your FortiWiFi unit from the Fortinet web page. For information about registering your FortiWiFi unit, “Register your FortiWiFi unit” on page... - Page 32 Additional configuration Configuring FortiWiFi-50B FortiOS 3.0 MR6 Install Guide 01-30006-0445-20080131...
-
Page 33: Advanced Configuration
Advanced configuration Advanced configuration The FortiWiFi unit and the FortiOS operating system provide a wide range of features that enable you to control network and internet traffic and protect your network. This chapter describes some of these options and how to configure them. -
Page 34: Firewall Policies
Firewall policies Firewall policies Apply virus scanning and web content blocking to HTTP traffic. Unfiltered Apply no scanning, blocking or IPS. Use the unfiltered content profile if no content protection for content traffic is required. Add this protection profile to firewall policies for connections between highly trusted or highly secure networks where content does not need to be protected. -
Page 35: Configuring Firewall Policies
• Virus scan - The virus definitions are kept up to date through the FortiNet Distribution Network. The list is updated on a regular basis so you do not have to wait for a firmware upgrade. Note that you must register the FortiWiFi unit to and purchase FortiGuard services to use virus scanning through the FDN. -
Page 36: Antispam Options
FortiGuard is an antispam system from Fortinet that includes an IP address black list, a URL black list, and spam filtering tools. The FortiGuard Center accepts submission of spam email messages as well as well as reports of false positives. -
Page 37: Web Filtering
Advanced configuration Banned word lists are specific words that may be typically found in email. The FortiWiFi unit searches for words or patterns in email messages. If matches are found, values assigned to the words are totalled. If the defined threshold value is exceeded, the message is marked as spam. -
Page 38: Logging
To configure URL filters, go to Web Filter > URL Filter. FortiGuard web filtering is a managed web filtering solution provided by Fortinet. FortiGuard web filtering sorts hundreds of millions of web pages into a wide range of categories users can allow, block, or monitor. -
Page 39: Using A Wireless Network
Using a wireless network Using a wireless network In a wired network, computers are connected through a series of cables that transfer information. In a wireless network, information is transferred over radio waves. There are factors which affect the transmission of data “on the air” that you must take into account when setting up a wireless network. -
Page 40: Positioning An Access Point
Setting up a wireless network Positioning an access point Radio Frequency interface Using multiple access points When placing the FortiWiFi unit, your main concern is providing a strong signal to all users. A strong signal ensures a fast connection and efficient data transfer. A weaker signal means a greater chance of data transmission errors and the need to re-send information, slowing down data transfer. -
Page 41: Fortiwifi Operation Modes
Using a wireless network Figure 7: Using multiple APs to provide a constant strong signal. This sample office has washrooms, a stairwell and an elevator shaft in the center of the building, making it impossible to use a single FortiWiFi unit effectively. The elevator shaft and multiple metal stalls in the washrooms can cause signal degradation. -
Page 42: Client Mode
FortiWiFi operation modes Using a wireless network Figure 8: FortiWiFi unit in access point mode Internal Router WAN1 Internet WAN2 MODEM / DSL / Cable Client mode When using the FortiWiFi unit in Client mode, the FortiWiFi unit is configured to receive transmissions from another access point. -
Page 43: Changing The Operating Mode
Using a wireless network Figure 9: FortiWiFi unit in Client mode Web Server Mail Server Changing the operating mode To change the wireless operating mode Go to System > Wireless > Settings. For the Operation mode, select Change Select the desired operation mode and select Apply. Wireless Security Radio waves transmitted between a wireless device and access points provide the weakest link between the wireless device and network servers. -
Page 44: Wi-Fi Protected Access (Wpa, Wpa2)
Wireless Security Wi-Fi Protected Access (WPA, WPA2) Additional security measures There has been criticism of WEP security. WEP keys are static. They must be changed manually and frequently on both the wireless device and the access points. On a small company or network with a few users and APs, this is not a big issue. -
Page 45: Service Set Identifier
Wireless users should configure their computers to connect to the network that broadcasts this network name. For security reasons, do not leave the default name of “fortinet” as the network name. Broadcasting enables wireless users to find a network. The FortiWiFi unit includes an option to not broadcast the SSID. -
Page 46: Configure The Wireless Parameters
Setting up the FortiWiFi unit as an access point Configure the wireless parameters To configure the FortiWiFi unit to be a DHCP server Go to System > DHCP > Service. Select the blue triangle to expand the WLAN options. Configure the DHCP server settings and select OK: Name: Enter a name of the DHCP sever. -
Page 47: Configure The Wireless Interface
Using a wireless network Configure the wireless interface Configure the wireless interface, WLAN, on the FortiWiFi unit for use on the network. To configure the wireless interface Go to System > Wireless > Settings. Select the WLAN interface. Enter the following settings and select Apply. Address Mode Administrative Access Select the methods that administrators can connect to Administrative Status... -
Page 48: Configure The Firewall Policies
Setting up the FortiWiFi unit as an access point Configure the firewall policies You need to add at least two firewall policies to enable the flow of traffic from the wireless port (your wireless users) and the WAN1 port (access to the Internet). First, create an outgoing firewall policy that allows traffic from the wireless port to the Internet, so wireless users can send data to the Internet. -
Page 49: Configure The Default Gateway
Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet. For details on configuring a DNS server, see... -
Page 50: Configure The Wireless Settings
Setting up the FortiWiFi unit as a client Configure the wireless settings Configure the address and default gateway Configure the firewall policies The wireless settings to configure on the client are similar to what a wireless user needs to use a wireless access point. The information entered is the broadcast information from the access point, and enables the FortiWiFi client to be on the wireless network. - Page 51 Using a wireless network Configure the following settings and select OK: Interface/Zone Source Interface/Zone Destination Address Name Source Address Name Destination Schedule Service Action Protection Profile Next, create an outgoing firewall policy that allows traffic from the local users through to the wireless network port so network users can send data to the external network and the Internet.
- Page 52 Setting up the FortiWiFi unit as a client Using a wireless network FortiWiFi-50B FortiOS 3.0 MR6 Install Guide 01-30006-0445-20080131...
-
Page 53: Fortiwifi Firmware
• Testing new firmware before installing Downloading firmware Firmware images for all FortiWiFi units is available on the Fortinet Customer Support web site. You must register your FortiWiFi unit to access firmware images. Register the FortiWiFi unit by visiting select Product Registration. -
Page 54: Reverting To A Previous Version
Using the web-based manager Reverting to a previous version To upgrade the firmware Download the firmware image file to your management computer. Log into the web-based manager as the admin administrative user. Go to System > Status. Under System Information > Firmware Version, select Update. Type the path and filename of the firmware image file, or select Browse and locate the file. -
Page 55: Backup And Restore From A Usb Key
FortiWiFi Firmware Backup and Restore from a USB key Use a USB key to either backup a configuration file or restore a configuration file. You should always make sure a USB key is properly install before proceeding since the FortiWiFi unit must recognize that the key is installed in its USB port. Note: You can only save VPN certificates if you encrypt the file. -
Page 56: Using The Cli
Using the CLI Using the CLI Installing firmware replaces your current antivirus and attack definitions, along with the definitions included with the firmware release you are installing. After you install new firmware, make sure that antivirus and attack definitions are up to date. You can also use the CLI command execute update-now to update the antivirus and attack definitions. -
Page 57: Reverting To A Previous Version
FortiWiFi Firmware Reverting to a previous version This procedure reverts the FortiWiFi unit to its factory default configuration and deletes IPS custom signatures, web content lists, email filtering lists, and changes to replacement messages. Before beginning this procedure, it is recommended that you: •... -
Page 58: Installing Firmware From A System Reboot Using The Cli
Installing firmware from a system reboot using the CLI Installing firmware from a system reboot using the CLI The FortiWiFi unit uploads the firmware image file. After the file uploads, a message similar to the following appears: Get image from tftp server OK. Check image OK. - Page 59 FortiWiFi Firmware To confirm the FortiWiFi unit can connect to the TFTP server, use the following command to ping the computer running the TFTP server. For example, if the IP address of the TFTP server is 192.168.1.168: execute ping 192.168.1.168 Enter the following command to restart the FortiWiFi unit.
-
Page 60: Restoring The Previous Configuration
Installing firmware from a system reboot using the CLI Restoring the previous configuration Backup and Restore from a USB key Using the USB Auto-Install Type D. The FortiWiFi unit installs the new firmware image and restarts. The installation might take a few minutes to complete. Change the internal interface address, if required. -
Page 61: Additional Cli Commands For A Usb Key
FortiWiFi Firmware Note: You need an unencrypted configuration file for this feature. Also the default files, image.out and system.conf, must be in the root directory of the USB key. Note: Make sure at least FortiOS v3.0MR1 is installed on the FortiWiFi unit before installing. - Page 62 Testing new firmware before installing To test the new firmware image Connect to the CLI using a RJ-45 to DB-9 or null modem cable. Make sure the TFTP server is running. Copy the new firmware image file to the root directory of the TFTP server. Make sure the internal interface is connected to the same integer as the TFTP server.
- Page 63 FortiWiFi Firmware Enter the firmware image file name and press Enter. The TFTP server uploads the firmware image file to the FortiWiFi unit and the following appears. Save as Default firmware/Backup firmware/Run image without saving: [D/B/R] Type R. The FortiWiFi image is installed to system memory and the FortiWiFi unit starts running the new firmware image, but with its current configuration.
- Page 64 Testing new firmware before installing FortiWiFi Firmware FortiWiFi-50B FortiOS 3.0 MR6 Install Guide 01-30006-0445-20080131...
-
Page 65: Index
59 testing new firmware 59 upgrade from CLI 54 upgrade with web-based manager 51 upgrading using the CLI 54 FortiGuard 29 Fortinet Knowledge Center 8 frequency 12, 38 further reading 7 gateway 19, 22 grounding 10 humidity 9... - Page 66 network ID 43 operating temperature 9 PADT timeout 19 password, changing 28 power off 13 PPPoE 22 protection profiles 31 registering 5 restore 28 restoring previous firmware configuration 58 reverting firmware 52 RSA RC4 41 security MAC address filtering 42 WEP 41 wireless 41 WPA 42...
- Page 67 www.fortinet.com...
- Page 68 www.fortinet.com...
Need help?
Do you have a question about the FortiWiFi FortiWiFi-50B and is the answer not in the manual?
Questions and answers