Fortinet FortiGate-3600 Quick Start Manual page 2

5
Collecting information
NAT/Route mode
Administrator
password:
IP:
Internal
Interface:
Netmask:
IP:
Netmask:
External
Interface: Default Gateway:
Primary DNS Server:
Secondary DNS Server: ____.____.____.____
You can use the Setup Wizard to configure the FortiGate-3600 interfaces and to allow
Internet access to servers located on your internal networks. For a complete list of
settings, see the Documentation CD-ROM.
6
Configuring the FortiGate-3600
1. Connect the FortiGate-3600 internal interface to the management computer Ethernet port. Use a cross-over Ethernet cable to connect the
Using the
devices directly. Use straight-through Ethernet cables to connect the devices through a hub or switch.
Setup Wizard
2. Configure the management computer to be on the same subnet as FortiGate-3600 internal interface. To do this, change the IP address of the
management computer to 192.168.1.2 and the netmask to 255.255.255.0.
3. To access the FortiGate web-based manager, start Internet Explorer and browse to https://192.168.1.99 (remember to include the "s" in https://).
4. Type admin in the Name field and select Login.
NAT/Route mode
1. Start the Setup Wizard by selecting the middle button on the upper right of the
FortiGate web-based manager.
2. Configure these settings:
• Administrator password.
• Internal interface.
• External interface, default gateway, and DNS server addresses.
• Optional internal network server settings.
3. Select Finish to confirm the changes and close the Setup Wizard.
Note: If you change the internal interface IP address (NAT/Route mode) or management IP address (Transparent mode) you must use this address to reconnect to the web-based manager and Setup Wizard.
Using the
Command Line Interface
NAT/Route mode
1. Configure the FortiGate-3600 interfaces.
set system interface internal mode static ip <intf_ip> <netmask_ip>
set system interface external mode static ip <intf_ip> <netmask_ip>
set system interface port1 mode static ip <intf_ip> <netmask_ip>
set system interface port5/ha mode static ip <intf_ip> <netmask_ip>
2. Configure the DNS server IP address.
set system dns primary <dns-server_ip>
3. Configure the default route to the Default Gateway.
set system route number 1 gw1 <gateway_ip>
Using the
Control Buttons and LCD
NAT/Route mode
Use the control buttons and LCD to:
• configure the interface IP addresses and netmasks.
• configure the Default Gateway.
Note: When you enter an IP address, the LCD display always shows three digits for each part of the IP address. For example, the IP address 192.168.100.1 appears on the LCD display as 192.168.100.001.
7
Optional procedures
Enabling antivirus protection
Protect your internal network from Internet-based viruses.
Keeping antivirus protection up to date
Configure the unit to connect to the FortiResponse Distribution Network (FDN)
to receive the latest antivirus definitions.
Setting the system time
Set the system time manually or configure the unit to synchronize with
a Network Time Protocol (NTP) server.
Troubleshooting
If the unit is not responding correctly at any time, you can restart it. If restarting
does not solve the problem, you can restore the unit to its factory default
configuration.
8
Completing the configuration
____.____.____.____
____.____.____.____
____.____.____.____
____.____.____.____
____.____.____.____
____.____.____.____
You might also have to change the IP address of the management computer to be on the same subnet as the new IP address.
1. Use a null modem cable to connect the FortiGate CONSOLE port to the management computer serial port.
2. Start a terminal emulation program (HyperTerminal) on the management computer. Use these settings:
Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and Flow Control None.
3. At the FortiGate Login: prompt, type admin and press Enter twice.
• Use the Enter key to access the Main Menu, to select menu items, to move right when entering IP addresses, and to
confirm changes.
• Use the arrow keys to move up and down in the Main Menu, and to change IP address numbers.
• Use the Esc key to return to the Main Menu, and to move left when entering IP addresses.
Use these tables to record your FortiGate-3600 configuration.
Transparent mode
Administrator
password:
IP:
Management IP: Netmask:
Default Gateway:
Primary DNS Server:
DNS Settings:
Secondary DNS Server:
The management IP address and netmask must be valid for the network from which
you will manage the FortiGate-3600. A default gateway is required whenever the
FortiGate unit connects to a router to reach the Internet.
Steps for using the configuration tool that you have chosen.
Transparent mode
1. Use the FortiGate web-based manager to change from NAT/Route mode to
Transparent mode.
• Go to System > Status.
• Select Change to Transparent Mode.
• Select OK.
2. Change the IP address of the management computer to 10.10.10.2 and use
Internet Explorer to browse to https://10.10.10.1.
3. Start the Setup Wizard by selecting the middle button on the upper right of the
FortiGate web-based manager.
4. Configure the administrator password, management IP address and netmask,
default gateway IP address, and primary and secondary DNS server addresses.
5. Select Finish to confirm the changes and close the Setup Wizard.
Transparent mode
1. Change from NAT/Route mode to Transparent mode.
set system opmode transparent
2. Configure the Management IP address.
set system management ip <intf_ip> <netmask_ip>
3. Configure the DNS server IP address.
set system dns primary <dns-server_ip>
4. Configure the default route to the Default Gateway.
set system route number 1 gw1 <gateway_ip>
Transparent mode
Use the control buttons and LCD to:
• change the operating mode from NAT/Route to Transparent.
• configure the Management Interface IP address and netmask.
• configure the Default Gateway.
Use these procedures to configure optional settings and to troubleshoot the FortiGate-3600.
Refer to the online help or the Documentation CD-ROM for the full range of optional procedures.
1. Go to Firewall > Policy > Internal -> External.
2. Select Edit to edit this policy.
1. Go to System > Update.
2. Configure Scheduled Update.
1. Go to System > Config > Time.
2. Set the correct date and time, or select
Synchronize with NTP server.
Go to System > Status.
• To restart the unit, select Restart.
• To reset the unit, select Restore Factory Defaults.
Congratulations! You have finished configuring the basic settings. Your network is now protected
from Internet-based threats. To explore the full range of configuration options, see the online help
or the Documentation CD-ROM:
____.____.____.____
____.____.____.____
____.____.____.____
____.____.____.____
____.____.____.____
3. Select Anti-Virus & Web filter.
4. Select the Scan Content Profile.
5. Select OK.
CLI: set system autoupdate schedule
CLI: set system time
CLI: execute reboot
CLI: execute factoryreset