Fortinet FortiWiFi FortiWiFi-60B Install Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiWiFi FortiWiFi-60B
  6. Install manual
Fortinet FortiWiFi FortiWiFi-60B Install Manual

Fortinet FortiWiFi FortiWiFi-60B Install Manual

Fortios 3.0 mr6
Hide thumbs Also See for FortiWiFi FortiWiFi-60B:
Table of Contents

Advertisement

Quick Links

Download this manual
I N S T A L L G U I D E
FortiWiFi-60B
FortiOS 3.0 MR6
www.fortinet.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FortiWiFi FortiWiFi-60B and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Fortinet FortiWiFi FortiWiFi-60B

Summary of Contents for Fortinet FortiWiFi FortiWiFi-60B

  • Page 1 I N S T A L L G U I D E FortiWiFi-60B FortiOS 3.0 MR6 www.fortinet.com...
  • Page 2 FortiOS 3.0 MR6 31 January 2008 01-30006-0447-20080131 © Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.

  • Page 3: Table Of Contents

    Document conventions... 9 Typographic conventions ... 9 Further Reading ... 9 Fortinet Knowledge Center ... 10 Comments on Fortinet technical documentation ... 10 Customer service and technical support ... 11 Installing ... 13 Environmental specifications... 13 Cautions and warnings ... 14 Grounding ...
  • Page 4 Advanced configuration... 35 Using a wireless network ... 41 Configure the interfaces ... 25 Configure a DNS server ... 26 Adding a default route and gateway ... 26 Adding firewall policies ... 27 Configuring Transparent mode... 27 Using the web-based manager ... 28 Switching to Transparent mode...
  • Page 5 Configuring the modem interface ... 55 FortiWiFi Firmware ... 65 Wireless Security... 45 Wireless Equivalent Privacy (WEP) ... 45 Wi-Fi Protected Access (WPA, WPA2) ... 46 Additional security measures ... 46 MAC address filtering ... 46 Service Set Identifier ... 47 Setting up the FortiWiFi unit as an access point ...
  • Page 6 Index... 77 Using the CLI ... 68 Reverting to a previous version ... 69 Installing firmware from a system reboot using the CLI ... 70 Restoring the previous configuration ... 72 Backup and Restore from a USB key ... 72 Using the USB Auto-Install ...

  • Page 7: Introduction

    Introduction Introduction Welcome and thank you for selecting Fortinet products for your real-time network protection. The FortiWiFi Unified Threat Management System improves network security, reduces network misuse and abuse, and helps you use communications resources more efficiently without compromising the performance of your network.

  • Page 8: About The Fortiwifi-60B

    About the FortiWiFi-60B About the FortiWiFi-60B About this document The FortiWiFi-60B multi-threat security solution offers Small and Medium Business and SOHO/ROBO users enterprise-class protection against blended threats targeting 3G broadband, wireless LAN and wired infrastructure. The FortiWiFi-60B supports a wide array of wireless broadband PC Cards and optional built-in 802.11 a/b/g wireless support.

  • Page 9: Document Conventions

    CLI command syntax Document names Menu commands Program output Variables Further Reading The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com. The following FortiWiFi • FortiWiFi QuickStart Guide Provides basic information about connecting and installing a FortiWiFi unit.

  • Page 10: Fortinet Knowledge Center

    Describes how to configure VLANs and VDOMS in both NAT/Route and Transparent mode. Includes detailed examples. The Knowledge Center contains troubleshooting and how-to articles, FAQs, technical notes, and more. Visit the Fortinet Knowledge Center at http://kc.forticare.com. Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com.

  • Page 11: Customer Service And Technical Support

    Introduction Customer service and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and operate reliably in your network. Please visit the Fortinet Technical Support web site at to learn about the technical support services that Fortinet provides.
  • Page 12 Customer service and technical support Introduction FortiWiFi-60B FortiOS 3.0 MR6 Install Guide 01-30006-0447-20080131...

  • Page 13: Installing

    Installing Installing This chapter describes installing your FortiWiFi unit in your server room, environmental specifications and how to mount the FortiWiFi in a rack if applicable. This chapter contains the following topics: • Environmental specifications • Cautions and warnings • Plugging in the FortiWiFi •...

  • Page 14: Cautions And Warnings

    Cautions and warnings Cautions and warnings Grounding Rack mount instructions Mounting • Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. • Consult the dealer or an experienced radio/TV technician for help. The equipment compliance with FCC radiation exposure limit set forth for uncontrolled Environment.

  • Page 15: Setting Up A Wireless Network

    Installing Place the FortiWiFi unit on any flat, stable surface. Ensure the unit has at least 1.5 inches (3.75 cm) of clearance on each side to ensure adequate airflow for cooling. Alternatively, you can use the mounting brackets to mount the FortiWiFi to a wall. To attach the mounting brackets, place the bracket so that the flat portion is away from the FortiWifi, and the bracket is supported by the bracket side bars.

  • Page 16: Radio Frequency Interface

    Setting up a wireless network Radio Frequency interface Using multiple access points The 802.11b/g standard uses a frequency range of 2.4 to 2.483 GHz and the 802.11a standard transmit at 5 GHz. Radio frequency (RF) interference occurs when other devices send RF signals during their normal operation that use the same frequency as the FortiWiFi AP.

  • Page 17: Plugging In The Fortiwifi

    Installing This sample office has washrooms, a stairwell and an elevator shaft in the center of the building, making it impossible to use a single FortiWiFi AP effectively. The elevator shaft and multiple metal stalls in the washrooms can cause signal degradation.
  • Page 18 Turning off the FortiWiFi unit Installing FortiWiFi-60B FortiOS 3.0 MR6 Install Guide 01-30006-0447-20080131...

  • Page 19: Configuring

    Configuring Configuring This section provides an overview of the operating modes of the FortiWiFi unit, NAT/Route and Transparent, and how to configure the FortiWiFi unit for each mode. There are two ways you can configure the FortiWiFi unit, using the web-based manager or the command line interface (CLI).

  • Page 20: Transparent Mode

    Connecting to the FortiWiFi unit Transparent mode Connecting to the FortiWiFi unit Connecting to the web-based manager In Transparent mode, the FortiWiFi unit is invisible to the network. Similar to a network bridge, all FortiGate interfaces must be on the same subnet. You only have to configure a management IP address to make configuration changes.

  • Page 21: Connecting To The Cli

    Configuring To support a secure HTTPS authentication method, the FortiWiFi unit ships with a self-signed security certificate, which is offered to remote clients whenever they initiate a HTTPS connection to the FortiWiFi unit. When you connect, the FortiWiFi unit displays two security warnings in a browser. The first warning prompts you to accept and optionally install the FortiWiFi unit’s self-signed security certificate.

  • Page 22: Configuring Nat Mode

    Configuring NAT mode Configuring NAT mode Using the web-based manager Configuring NAT mode involves defining interface addresses and default routes, and simple firewall policies. You can use the web-based manager or the CLI to configure the FortiWiFi unit in NAT/Route mode. After connecting to the web-based manager, you can use the following procedures to complete the basic configuration of the FortiWiFi unit.

  • Page 23: Configure A Dns Server

    Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet. DNS server IP addresses are typically provided by your internet service provider.

  • Page 24: Adding Firewall Policies

    Configuring NAT mode For an initial configuration, you must edit the factory configured static default route to specify a different default gateway for the FortiWiFi unit. This will enable the flow of data through the FortiWiFi unit. For details on adding additional static routes, see the FortiGate Administration Guide.

  • Page 25: Using The Cli

    Configuring Set the following and select OK. Source Interface Source Address Destination Interface Select the port connected to the network. Destination Address All Schedule Service Action Firewall policy configuration is the same in NAT/Route mode and Transparent mode. Note that these policies allow all traffic through. No protection profiles have been applied.

  • Page 26: Configure A Dns Server

    Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet. DNS server IP addresses are typically provided by your internet service provider.

  • Page 27: Adding Firewall Policies

    Configuring For an initial configuration, you must edit the factory configured static default route to specify a different default gateway for the FortiWiFi unit. This will enable the flow of data through the FortiWiFi unit. For details on adding additional static routes, see the FortiGate Administration Guide.

  • Page 28: Using The Web-Based Manager

    Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet. DNS server IP addresses are typically provided by your internet service provider.

  • Page 29: Using The Cli

    Configuring To add an outgoing traffic firewall policy Go to Firewall > Policy. Select Create New. Set the following and select OK. Source Interface Source Address Destination Interface Select the port connected to the Internet. Destination Address All Schedule Service Action To add an incoming traffic firewall policy Go to Firewall >...

  • Page 30: Configure A Dns Server

    Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet. DNS server IP addresses are typically provided by your internet service provider.

  • Page 31: Verify The Configuration

    Configuring Verify the configuration Your FortiWiFi unit is now configured and connected to the network. To verify the FortiWiFi unit is connected and configured correctly, use your web browser to browse a web site, or use your email client to send and receive email. If you cannot browse to the web site or retrieve/send email from your account, review the previous steps to ensure all information was entered correctly and try again.

  • Page 32: Restoring A Configuration

    Restoring a configuration Restoring a configuration Additional configuration Set the time and date Set the Administrator password Should you need to restore the configuration file, use the following steps. To restore the FortiWiFi configuration Go to System > Maintenance > Backup & Restore. Select to upload the restore file from your PC or a USB key.

  • Page 33: Configure Fortiguard

    FortiWiFi unit. Before you can begin receiving updates, you must register your FortiWiFi unit from the Fortinet web page. For information about registering your FortiWiFi unit, “Register your FortiWiFi unit” on page...
  • Page 34 Additional configuration Configuring FortiWiFi-60B FortiOS 3.0 MR6 Install Guide 01-30006-0447-20080131...

  • Page 35: Advanced Configuration

    Advanced configuration Advanced configuration The FortiWiFi unit and the FortiOS operating system provide a wide range of features that enable you to control network and internet traffic and protect your network. This chapter describes some of these options and how to configure them.

  • Page 36: Firewall Policies

    Firewall policies Firewall policies Apply virus scanning and web content blocking to HTTP traffic. Unfiltered Apply no scanning, blocking or IPS. Use the unfiltered content profile if no content protection for content traffic is required. Add this protection profile to firewall policies for connections between highly trusted or highly secure networks where content does not need to be protected.

  • Page 37: Configuring Firewall Policies

    • Virus scan - The virus definitions are kept up to date through the FortiNet Distribution Network. The list is updated on a regular basis so you do not have to wait for a firmware upgrade. Note that you must register the FortiWiFi unit to and purchase FortiGuard services to use virus scanning through the FDN.

  • Page 38: Antispam Options

    FortiGuard is an antispam system from Fortinet that includes an IP address black list, a URL black list, and spam filtering tools. The FortiGuard Center accepts submission of spam email messages as well as well as reports of false positives.

  • Page 39: Web Filtering

    Advanced configuration Banned word lists are specific words that may be typically found in email. The FortiWiFi unit searches for words or patterns in email messages. If matches are found, values assigned to the words are totalled. If the defined threshold value is exceeded, the message is marked as spam.

  • Page 40: Logging

    To configure URL filters, go to Web Filter > URL Filter. FortiGuard web filtering is a managed web filtering solution provided by Fortinet. FortiGuard web filtering sorts hundreds of millions of web pages into a wide range of categories users can allow, block, or monitor.

  • Page 41: Using A Wireless Network

    Using a wireless network Using a wireless network In a wired network, computers are connected through a series of cables that transfer information. In a wireless network, information is transferred over radio waves. There are factors which affect the transmission of data “on the air” that you must take into account when setting up a wireless network.

  • Page 42: Positioning An Access Point

    Setting up a wireless network Positioning an access point Radio Frequency interface Using multiple access points When placing the FortiWiFi unit, your main concern is providing a strong signal to all users. A strong signal ensures a fast connection and efficient data transfer. A weaker signal means a greater chance of data transmission errors and the need to re-send information, slowing down data transfer.

  • Page 43: Fortiwifi Operation Modes

    Using a wireless network Figure 7: Using multiple APs to provide a constant strong signal. This sample office has washrooms, a stairwell and an elevator shaft in the center of the building, making it impossible to use a single FortiWiFi unit effectively. The elevator shaft and multiple metal stalls in the washrooms can cause signal degradation.

  • Page 44: Client Mode

    FortiWiFi operation modes Using a wireless network Figure 8: FortiWiFi unit in access point mode Internal Router WAN1 Internet WAN2 MODEM / DSL / Cable Client mode When using the FortiWiFi unit in Client mode, the FortiWiFi unit is configured to receive transmissions from another access point.

  • Page 45: Changing The Operating Mode

    Using a wireless network Figure 9: FortiWiFi unit in Client mode Web Server Mail Server Changing the operating mode To change the wireless operating mode Go to System > Wireless > Settings. For the Operation mode, select Change Select the desired operation mode and select Apply. Wireless Security Radio waves transmitted between a wireless device and access points provide the weakest link between the wireless device and network servers.

  • Page 46: Wi-Fi Protected Access (Wpa, Wpa2)

    Wireless Security Wi-Fi Protected Access (WPA, WPA2) Additional security measures There has been criticism of WEP security. WEP keys are static. They must be changed manually and frequently on both the wireless device and the access points. On a small company or network with a few users and APs, this is not a big issue.

  • Page 47: Service Set Identifier

    Wireless users should configure their computers to connect to the network that broadcasts this network name. For security reasons, do not leave the default name of “fortinet” as the network name. Broadcasting enables wireless users to find a network. The FortiWiFi unit includes an option to not broadcast the SSID.

  • Page 48: Configure The Wireless Parameters

    Setting up the FortiWiFi unit as an access point Configure the wireless parameters To configure the FortiWiFi unit to be a DHCP server Go to System > DHCP > Service. Select the blue triangle to expand the WLAN options. Configure the DHCP server settings and select OK: Name: Enter a name of the DHCP sever.

  • Page 49: Configure The Wireless Interface

    Using a wireless network Configure the wireless interface Configure the wireless interface, WLAN, on the FortiWiFi unit for use on the network. To configure the wireless interface Go to System > Wireless > Settings. Select the WLAN interface. Enter the following settings and select Apply. Address Mode Administrative Access Select the methods that administrators can connect to Administrative Status...

  • Page 50: Configure The Firewall Policies

    Setting up the FortiWiFi unit as an access point Configure the firewall policies You need to add at least two firewall policies to enable the flow of traffic from the wireless port (your wireless users) and the WAN1 port (access to the Internet). First, create an outgoing firewall policy that allows traffic from the wireless port to the Internet, so wireless users can send data to the Internet.

  • Page 51: Configure The Default Gateway

    Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet. For details on configuring a DNS server, see...

  • Page 52: Configure The Wireless Settings

    Setting up the FortiWiFi unit as a client Configure the wireless settings Configure the address and default gateway Configure the firewall policies The wireless settings to configure on the client are similar to what a wireless user needs to use a wireless access point. The information entered is the broadcast information from the access point, and enables the FortiWiFi client to be on the wireless network.
  • Page 53 Using a wireless network Configure the following settings and select OK: Interface/Zone Source Interface/Zone Destination Address Name Source Address Name Destination Schedule Service Action Protection Profile Next, create an outgoing firewall policy that allows traffic from the local users through to the wireless network port so network users can send data to the external network and the Internet.
  • Page 54 Setting up the FortiWiFi unit as a client Using a wireless network FortiWiFi-60B FortiOS 3.0 MR6 Install Guide 01-30006-0447-20080131...

  • Page 55: Configuring The Modem Interface

    Configuring the modem interface Configuring the modem interface This chapter describes the modem interface configuration options. The FortiWiFi unit supports the modem interface only when running in NAT/Route mode. You can configure the modem interface for stand alone mode, the direct connection to the Internet, or for redundant mode, to act as a backup connection to the Internet, should the primary connection fail.

  • Page 56: Stand Alone Mode

    Configuring modem settings Stand alone mode Configuring modem settings When the Ethernet interface can connect to its network again, the FortiWiFi unit disconnects the modem interface and switches back to the Ethernet interface. Note: Do not add firewall policies for connections between the Ethernet interface that the modem replaces and other interfaces.
  • Page 57 Displays the status of a wireless modem card installed in a FortiWiFi-60B, if available. Select the Supported Modems link to view the list of wireless modems tested by Fortinet. Displays the traffic and uptime of the modem interface. Configure up to three dial-up accounts. The FortiWiFi unit tries connecting to each account in order until a connection can be established.

  • Page 58: Configuring The Modem Using The Cli

    Configuring the modem using the CLI Configuring the modem using the CLI Configure the modem settings using the CLI. Syntax config system modem account_relation {equal | fallback} altmode {enable | disable} auto-dial {enable | disable} connect-timeout <seconds> dial-on-demand {enable | disable} distance <distance>...
  • Page 59 Configuring the modem interface Keywords and variables account_relation {equal | fallback} altmode {enable | disable} Enable for installations using PPP in auto-dial {enable | disable} connect-timeout <seconds> dial-on-demand {enable | disable} distance <distance> extra-init1 <string> extra-init2 <string> extra-init3 <string> FortiWiFi-60B FortiOS 3.0 MR6 Install Guide 01-30006-0447-20080131 Configuring the modem using the CLI Description...
  • Page 60 Configuring the modem using the CLI Keywords and variables Description Used only when the modem is holddown-timer <seconds> configured as a backup for an interface. Set the time (1-60 seconds) that the FortiWiFi unit waits before switching from the modem interface to the primary interface, after the primary interface has been restored.

  • Page 61: Example

    Configuring the modem interface Keywords and variables phone1 <phone-number> phone2 <phone-number> phone3 <phone-number> pin-init <string> priority <integer> redial <tries_integer> status {disable | enable} username1 <name_str> username2 <name_str> username3 <name_str> wireless-custom-vendor-id <hex_string> wireless-custom-product-id <hex_string> Example This example shows how to enable the modem and configure the modem to act as a backup for the WAN1 interface.

  • Page 62: Adding A Ping Server

    Adding a Ping Server Adding a Ping Server Dead gateway detection config system modem set action dial set status enable set holddown-timer 5 set interface wan1 set passwd1 acct1passwd set phone1 1234567891 set redial 10 set username1 acct1user Adding a ping server is required for routing failover for the modem in redundant mode.

  • Page 63: Adding Firewall Policies For Modem Connections

    Configuring the modem interface Adding firewall policies for modem connections The modem interface requires firewall addresses and policies. You can add one or more addresses to the modem interface. For information about adding addresses, see the FortiGate Administration Guide. When you add addresses, the modem interface appears on the policy grid.
  • Page 64 Configuring the PCMCIA modem card If a security pin is required, enter in the Extra Initialization String field in the following format: at+cpin=5555 where 5555 is the pin provided to you by your ISP. Select Apply. Create a static route, firewall policies and VPN configuration using this modem interface, just as you would any physical interface.

  • Page 65: Fortiwifi Firmware

    • Testing new firmware before installing Downloading firmware Firmware images for all FortiWiFi units is available on the Fortinet Customer Support web site. You must register your FortiWiFi unit to access firmware images. Register the FortiWiFi unit by visiting select Product Registration.

  • Page 66: Reverting To A Previous Version

    Using the web-based manager Reverting to a previous version To upgrade the firmware Download the firmware image file to your management computer. Log into the web-based manager as the admin administrative user. Go to System > Status. Under System Information > Firmware Version, select Update. Type the path and filename of the firmware image file, or select Browse and locate the file.

  • Page 67: Backup And Restore From A Usb Key

    FortiWiFi Firmware Backup and Restore from a USB key Use a USB key to either backup a configuration file or restore a configuration file. You should always make sure a USB key is properly install before proceeding since the FortiWiFi unit must recognize that the key is installed in its USB port. Note: You can only save VPN certificates if you encrypt the file.

  • Page 68: Using The Cli

    Using the CLI Using the CLI Installing firmware replaces your current antivirus and attack definitions, along with the definitions included with the firmware release you are installing. After you install new firmware, make sure that antivirus and attack definitions are up to date. You can also use the CLI command execute update-now to update the antivirus and attack definitions.

  • Page 69: Reverting To A Previous Version

    FortiWiFi Firmware Reverting to a previous version This procedure reverts the FortiWiFi unit to its factory default configuration and deletes IPS custom signatures, web content lists, email filtering lists, and changes to replacement messages. Before beginning this procedure, it is recommended that you: •...

  • Page 70: Installing Firmware From A System Reboot Using The Cli

    Installing firmware from a system reboot using the CLI Installing firmware from a system reboot using the CLI The FortiWiFi unit uploads the firmware image file. After the file uploads, a message similar to the following appears: Get image from tftp server OK. Check image OK.
  • Page 71 FortiWiFi Firmware To confirm the FortiWiFi unit can connect to the TFTP server, use the following command to ping the computer running the TFTP server. For example, if the IP address of the TFTP server is 192.168.1.168: execute ping 192.168.1.168 Enter the following command to restart the FortiWiFi unit.

  • Page 72: Restoring The Previous Configuration

    Installing firmware from a system reboot using the CLI Restoring the previous configuration Backup and Restore from a USB key Using the USB Auto-Install Type D. The FortiWiFi unit installs the new firmware image and restarts. The installation might take a few minutes to complete. Change the internal interface address, if required.

  • Page 73: Additional Cli Commands For A Usb Key

    FortiWiFi Firmware Note: You need an unencrypted configuration file for this feature. Also the default files, image.out and system.conf, must be in the root directory of the USB key. Note: Make sure at least FortiOS v3.0MR1 is installed on the FortiWiFi unit before installing.
  • Page 74 Testing new firmware before installing To test the new firmware image Connect to the CLI using a RJ-45 to DB-9 or null modem cable. Make sure the TFTP server is running. Copy the new firmware image file to the root directory of the TFTP server. Make sure the internal interface is connected to the same integer as the TFTP server.
  • Page 75 FortiWiFi Firmware Enter the firmware image file name and press Enter. The TFTP server uploads the firmware image file to the FortiWiFi unit and the following appears. Save as Default firmware/Backup firmware/Run image without saving: [D/B/R] Type R. The FortiWiFi image is installed to system memory and the FortiWiFi unit starts running the new firmware image, but with its current configuration.
  • Page 76 Testing new firmware before installing FortiWiFi Firmware FortiWiFi-60B FortiOS 3.0 MR6 Install Guide 01-30006-0447-20080131...

  • Page 77: Index

    73 testing new firmware 73 upgrade from CLI 68 upgrade with web-based manager 65 upgrading using the CLI 68 FortiGuard 33 Fortinet Knowledge Center 10 frequency 16, 42 further reading 9 gateway 23, 26 grounding 14 hang up button 56...
  • Page 78 system modem 60 Initial Disc Timeout 22 interface system modem 60 interface, configure 25 interface, configuring 22 interference 16, 42 Knowledge Center 10 logging 40 MAC address filtering 46 management IP 28 Message Integrity Code (MIC) 46 mode system modem 60 modem adding firewall policies 63 auto-dial 59...
  • Page 79 Index DHCP settings 47 security 45 network name 47 Wireless Equivalent Privacy (WEP) 45 FortiWiFi-60B FortiOS 3.0 MR6 Install Guide 01-30006-0447-20080131...
  • Page 80 Index FortiWiFi-60B FortiOS 3.0 MR6 Install Guide 01-30006-0447-20080131...
  • Page 81 www.fortinet.com...
  • Page 82 www.fortinet.com...

Table of Contents