Fortinet FortiGate FortiGate-3000 Quick Start Manual

FortiGate-3000 LED indicators
LED State Description
Green The FortiGate-3000 unit is powered on.
Power
Off The FortiGate-3000 unit is powered off.
The correct cable is in use and the connected
equipment has power.
Green
•
Display Panel
•
and Interface LEDs
Flashing
Network activity at this interface.
Green
Off No link established.

Factory defaults

NAT/Route mode IP addresses Transparent mode IP address
Interface IP
Interface
Internal 192.168.1.99
MANAGEMENT IP 10.10.10.1
External 192.168.100.99
1 to 4/HA 0.0.0.0
1
Checking the package contents
Checking the package contents
Connector Type Speed
Internal SC 1000Base-SX Ethernet
External SC 1000Base-SX Ethernet
1 to 3 RJ-45 10/100Base-T Ethernet
4/HA RJ-45 1000Base-T
CONSOLE DB-9 9600 bps
2
Connecting the FortiGate-3000
• Mount the unit in a standard 19-inch rack. It requires 2 U of vertical space in
the rack.
• Make sure the power switch on the back of the unit is turned off before
connecting the power and network cables.
• MAIN MENU appears when the unit is up and running.
• If only one power supply is connected, an audible alarm sounds to indicate
a failed power supply. To stop this alarm, press the red alarm cancel button
on the rear panel next to the power supplies.
3

Planning the configuration

NAT/Route mode
In NAT/Route mode, each FortiGate-3000 unit is visible to the networks that it is
connected to. All of its interfaces are on different subnets. Each interface that is
connected to a network must be configured with an IP address that is valid for that
network.
You would typically use NAT/Route mode when the FortiGate-3000 unit is deployed as
a gateway between private and public networks. In its default NAT/Route mode
configuration, the unit functions as a firewall. Firewall policies control communications
through the FortiGate-3000 unit. No traffic can pass through the FortiGate-3000 unit
until you add firewall policies.
External
204.23.1.5
Internet
NAT mode policies controlling
In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In
NAT mode, the FortiGate-3000 unit performs network address translation before IP
packets are sent to the destination network. In Route mode, no translation takes place.
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, Web content filtering, Spam filtering, intrusion
prevention (IPS), and virtual private networking (VPN).
4

Choosing a configuration tool

Web-based
manager &
Setup Wizard
The FortiGate web-based
manager Setup Wizard
guides you through the
initial configuration steps.
Use it to configure the administrator password, the
interface addresses, the default gateway address, and
the DNS server addresses. Optionally, use the Setup
Wizard to configure the internal server settings for
NAT/Route mode.
Requirements:
• Ethernet connection between the FortiGate-3000
and management computer.
• Internet Explorer version 6.0 or higher on the
management computer.
1, 2, or 3 connect at up to 100 Mbps.
4/HA connects at up to 1000 Mbps.
Administrator account settings
IP User Name Password
admin
Protocol Description
Multimode fiber optic connection to the internal network.
Multimode fiber optic connection to the Internet.
Optional connection to other networks.
Optional copper gigabit connection to another network, or to
Ethernet
other FortiGate-3000 units for high availability (HA).
RS-232 Optional connection to the management computer.
serial Provides access to the command line interface (CLI).
Internal network
FortiGate-3000 Unit
Internal
in NAT/Route mode
192.168.1.99
POWER 1 2 3
Esc Enter
Hi-Temp 4/HA INT EXT
1 2 3 4/HA INTERNAL EXTERNAL
Port 3
DMZ network
10.10.10.1
traffic between internal and
external networks.
configure advanced settings, see the Documentation
CD-ROM.
Requirements:
• Serial connection between the FortiGate-3000 and
management computer.
• A terminal emulation application (HyperTerminal for
Windows) on the management computer.
FortiGate-3000
© Copyright 2004 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
03 November 2004
For technical support please visit http://www.fortinet.com.
(none)
Check that the package contents are complete.
Connect the FortiGate-3000 unit to a power outlet and to the internal and external networks.
Esc Enter
1 2 3
Straight-through Ethernet cables
connect to other networks
Before beginning to configure the FortiGate-3000, you need to plan how to integrate the unit into
your network. Your configuration plan is dependent upon the operating mode that you select:
NAT/Route mode (the default) or Transparent mode.

Transparent mode

In Transparent mode, the FortiGate-3000 unit is invisible to the network. All of its
interfaces are on the same subnet. You only have to configure a management IP
address so that you can make configuration changes.
You would typically use the FortiGate-3000 unit in Transparent mode on a private
network behind an existing firewall or behind a router. In its default Transparent mode
configuration, the unit functions as a firewall. No traffic can pass through the
FortiGate-3000 unit until you add firewall policies.
204.23.1.5
192.168.1.3
Internet
Route mode policies
controlling traffic between
internal networks.
You can connect up to 6 network segments to the FortiGate-3000 unit to control traffic
between these network segments.
10.10.10.2
Choose among three different tools to configure the FortiGate-3000.

Command Line

Interface (CLI)
The CLI is a full-featured
management tool.
Use it to configure the
administrator password,
the interface addresses,
the default gateway
address, and the DNS
server addresses. To
Esc Enter
1 2 3

QuickStart Guide

01-28005-0040-20041103
Front
POWER
Esc Enter
Hi-Temp
1 2 3 4/HA
LCD Control 1, 2, 3, 4/HA Internal
Interface Interface
Display Buttons
Back
Alarm
Cancel
Button
RS-232 Serial Power
Connection Connections
Optional null modem cable connects
to serial port on management computer
POWER 1 2 3
Hi-Temp 4/HA INT EXT
4/HA INTERNAL EXTERNAL
SC fiber optic cable connects to Internet
SC fiber optic cable connects to internal network
FortiGate-3000 Unit
in Transparent mode
Gateway to
public network
10.10.10.2 POWER
Esc Enter
Hi-Temp
1 2 3 4/HA
(firewall, router)
10.10.10.1
Management IP
Transparent mode policies
controlling traffic between
internal and external networks
The control buttons and LCD are located on the front
panel of the FortiGate-3000. Use them to configure the
internal, external and DMZ (Port 3) interface addresses,
and the default gateway address. To configure the other
interface addresses, the DNS server addresses and
other settings, use the web-based manager, or the CLI.
Requirements:
• Physical access to the FortiGate-3000.
POWER 1 2
3
Hi-Temp 4/HA INT
EXT
4/HA INTERNAL EXTERNAL
Ethernet Cables:
1 2 3
Orange - Crossover
4/HA INT EXT
Grey - Straight-through
INTERNAL EXTERNAL
Null-Modem Cable
(RS-232)
Power Cables (2)
External
Interface
Rack-Mount Brackets
Power
FortiGate-3000
Supply
Esc Enter POWER 1 2 3
USER MANUAL Hi-Temp 4/HA INT EXT
LEDs 1 2 3 4/HA INTERNAL EXTERNAL
QuickStart Guide
Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.
Documentation
Power cables connect
to power outlets
Internal network
1 2 3
4/HA INT
EXT
10.10.10.3
INTERNAL EXTERNAL
Internal
Control
Buttons &
LCD