Fortinet FortiGate-3600 Quick Start Manual

FortiGate-3600 LED Indicators
LED State Description
Power Green The FortiGate-3600 unit is powered on.
Off The FortiGate-3600 unit is powered off.
Display Panel LEDs: Green The correct cable is in use and the connected
1, 2, 3, 4 equipment has power.
5/HA, INT, EXT
Flashing Network activity at this interface.
Green
Off No link established.
Interface LEDs: Green The correct cable is in use and the connected
1, Internal, External equipment has power.
Flashing Network activity at this interface.
•
•
Green The interface is connected.
•
•
Off No link established.
1
Checking the package contents
Checking the package contents
Connector Type Speed Protocol
Internal RJ-45 1000Base-T Ethernet
External RJ-45 1000Base-T Ethernet
1 RJ-45 10/100Base-T Ethernet
2, 3, 4 SC 1000Base-SX Ethernet
5/HA SC 1000Base-SX Ethernet
CONSOLE DB-9 9,600 bps RS-232
serial
2
Connecting the FortiGate-3600
1. Mount the unit in a standard 19-inch rack. It requires 2 U of vertical space in
the rack.
2. Connect the network cables.
3. Connect the power cables to power outlets.
After a few seconds, SYSTEM STARTING appears on the LCD. MAIN
MENU appears when the unit is up and running.
3
Planning the configuration
NAT/Route mode
In NAT/Route mode, the FortiGate-3600 is visible to the network. All of its interfaces are
on different subnets. You must configure the internal and external interfaces with IP
addresses. Optionally, you can also configure interfaces 1 to 5/HA.
You would typically use NAT/Route mode when the FortiGate-3600 is deployed as a
gateway between private and public networks. In its default NAT/Route mode
configuration, the unit functions as a firewall. Users on the internal network can access
the Internet while the FortiGate-3600 blocks all other traffic. Refer to the Documentation
CD-ROM for information on how to allow other traffic, and how to configure antivirus
protection, content filtering, network intrusion detection (NIDS), and virtual private
networks (VPNs).
External
204.23.1.5
Internet
Security policies control whether communications through the FortiGate-3600 operate
in NAT mode or in route mode. In NAT mode, the FortiGate-3600 performs network
address translation before IP packets are sent to the destination network. In route
mode, no translation takes place. By default, the unit has a single NAT mode policy that
allows users on the internal network to securely access and download content from the
Internet. No other traffic is possible until you have configured more policies.
4
Choosing a configuration tool
Web-based
manager &
Setup Wizard
The FortiGate web-based
manager Setup Wizard
guides you through the
initial configuration steps.
Use it to configure the administrator password, the
interface addresses, the default gateway address, and
the DNS server addresses. Optionally, use the Setup
Wizard to configure the internal server settings for
NAT/Route mode.
Requirements:
• The Ethernet connection between the FortiGate-
3600 and management computer.
• Internet Explorer version 4.0 or higher on the
management computer.
1 flashes green.
Internal and External flash amber.
1 connects at up to 100 Mbps.
Internal and External connect at up to 1000
Mbps.
Description
Copper gigabit connection to the internal network.
Copper gigabit connection to the Internet.
Optional connection to a 10/100Base-T network.
Optional multimode fiber optic connections to other networks.
Optional multimode fiber optic connection to another network,
or to other FortiGate-3600s for HA.
Optional connection to the management computer.
Provides access to the command line interface (CLI).
Internal network
FortiGate-3600 Unit
Internal
in NAT/Route mode
192.168.1.99
Route mode policies
ESC ENTER
controlling traffic between
POWER 1 2 3
internal networks.
Hi-Temp 4 5/HA INT EXT CONSOLE 1 2 3 4 5/HA INTERNAL EXTERNAL
Port 3
DMZ network
10.10.10.1
NAT mode policies controlling
traffic between internal and
external networks.
3600
configure advanced settings, see the Documentation
CD-ROM.
Requirements:
• The serial connection between the FortiGate-3600
and management computer.
• A terminal emulation application (HyperTerminal for
Windows) on the management computer.
FortiGate-3600
POWER
Hi-Temp
For technical support please visit http://www.fortinet.com
© Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
Check that the package contents are complete.
Connect the FortiGate-3600 unit to a power outlet and to the internal and external networks.
Default IP Addresses (Nat/Route mode)
Internal 192.168.1.99
External 192.168.100.99
1 to 5/HA 0.0.0.0
ESC ENTER
POWER 1 2 3
Hi-Temp 4 5/HA INT EXT
Optional null modem cable connects
to serial port on management computer
SC fiber optic cables connects to other networks
Before beginning to configure the FortiGate-3600, you need to plan how to integrate the unit into
your network. Your configuration plan is dependent upon the operating mode that you select:
NAT/Route mode (the default) or Transparent mode.
Transparent mode
In Transparent mode, the FortiGate-3600 is invisible to the network. All of its interfaces
are on the same subnet. You only have to configure a management IP address so that
you can make configuration changes.
You would typically use the FortiGate-3600 in Transparent mode on a private network
behind an existing firewall or behind a router. In its default Transparent mode
configuration, the unit functions as a firewall. It has a single security policy that allows
users on the internal network to securely download content from the external network.
No other traffic is possible until you have configured more security policies. Refer to the
Documentation CD-ROM for information on how to allow other traffic, and how to
configure antivirus protection, content filtering, and network intrusion detection (NIDS).
192.168.1.3
204.23.1.5
Internet
You can connect up to six network segments to the FortiGate unit to control traffic
10.10.10.2
between these network segments.
• External can connect to the external firewall or router.
• Internal can connect to the internal network.
• Interface 1, 2, 3, and 4 can connect to other network segments.
• Interface 5/HA can connect to another network segment or to other FortiGate-3600s
if you are installing an HA cluster.
Choose among three different tools to configure the FortiGate-3600.
Command Line
Interface (CLI)
The CLI is a full-featured
management tool.
Use it to configure the
administrator password,
the interface addresses,
the default gateway
address, and the DNS
server addresses. To
ESC ENTER
1 2 3
4 5/HA INT EXT
CONSOLE 1 2
QuickStart Guide
Front
ESC ENTER
POWER 1 2 3
Hi-Temp 4 5/HA INT
EXT CONSOLE 1 2 3 4 5/HA INTERNAL EXTERNAL
LCD Control RS-232 Serial 1, 2, 3, 4, 5/HA Internal
Display Buttons Connection Interfaces Interface
Back
Redundant Redundant
Hot-Swappable Hot Swappable
Fan Assemblies Power Supplies
Default IP Address (Transparent mode)
MANAGEMENT IP 10.10.10.1
CONSOLE 1 2 3 4 5/HA INTERNAL EXTERNAL
Straight-through Ethernet cable connects
to Internet (public switch, router or modem)
Crossover Ethernet cable connects to management computer on internal network
Straight-through Ethernet cable connects to LAN or switch on internal network
FortiGate-3600 Unit
in Transparent mode
Gateway to
public network
10.10.10.2
ESC ENTER
POWER 1 2 3
Hi-Temp 4 5/HA INT EXT
CONSOLE 1 2 3 4 5/HA
(firewall, router)
External
10.10.10.1
Management IP
Transparent mode policies
controlling traffic between
internal and external networks
The control buttons and LCD are located on the front
panel of the FortiGate-3600. Use them to configure the
internal, external and DMZ (port 4) interface addresses,
and the default gateway address. To configure the other
interface addresses, the DNS server addresses and
other settings, use the web-based manager, or the CLI.
Requirements:
• Physical access to the FortiGate-3600.
3 4 5/HA INTERNAL EXTERNAL
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
Null-Modem Cable
(RS-232)
External
Power Cables (2)
Interface
Rack-Mount Brackets
Power
FortiGate-3600
Supply
USER MANUAL ESC ENTER
POWER 1 2 3
LEDs Hi-Temp 4 5/HA INT EXT CONSOLE 1 2 3 4 5/HA INTERNAL EXTERNAL
QuickStart Guide
Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.
Documentation
Power cables connect to power outlets
Internal network
INTERNAL EXTERNAL
10.10.10.3
Internal
Control
Buttons &
LCD