Subscribe to Our Youtube Channel
Related Manuals for Fortinet FortiGate 500A
Summary of Contents for Fortinet FortiGate 500A
-
Page 1: Installation Guide
Installation Guide FortiGate 500A CON SOLE 10/ 100 10/ 100/1 0 00 Ent er Version 2.80 MR5 15 October 2004 01-28005-0101-20041015... - Page 2 Products mentioned in this document are trademarks or registered trademarks of their respective holders. Regulatory Compliance FCC Class A Part 15 CSA/CUS For technical support, please visit http://www.fortinet.com. Send information about errors or omissions in this document or any Fortinet technical documentation to techdoc@fortinet.com.
-
Page 3: Table Of Contents
Command line interface ....................7 Setup wizard ........................7 Document conventions ....................... 7 Fortinet documentation ....................... 9 Comments on Fortinet technical documentation............. 9 Customer service and technical support................10 Getting started ..................... 11 Package contents ......................12 Mounting ........................... 12 Turning the FortiGate unit power on and off .............. - Page 4 High availability configuration settings ................45 Configuring FortiGate units for HA using the web-based manager ......47 Configuring FortiGate units for HA using the CLI............48 Connecting the cluster to your networks................49 Installing and configuring the cluster................. 51 Index ........................53 01-28005-0101-20041015 Fortinet Inc.
-
Page 5: Con Sole Usb Lan
• network-level services such as firewall, intrusion detection, VPN, and traffic shaping. The FortiGate Antivirus Firewall uses Fortinet’s Accelerated Behavior and Content Analysis System (ABACAS™) technology, which leverages breakthroughs in chip design, networking, security, and content analysis. The unique ASIC-based... -
Page 6: Secure Installation, Configuration, And Management
Once you are satisfied with a configuration, you can download and save it. The saved configuration can be restored at any time. Figure 1: FortiGate web-based manager and setup wizard 01-28005-0101-20041015 Fortinet Inc. -
Page 7: Command Line Interface
Introduction Command line interface Command line interface You can access the FortiGate command line interface (CLI) by connecting a management computer serial port to the FortiGate RS-232 serial console connector. You can also use Telnet or a secure SSH connection to connect to the CLI from any network that is connected to the FortiGate unit, including the Internet. - Page 8 In most cases to make changes to lists that contain options separated by spaces, you need to retype the whole list including all the options you want to apply and excluding all the options you want to remove. 01-28005-0101-20041015 Fortinet Inc.
-
Page 9: Fortinet Documentation
FortiGate unit. For a complete list of FortiGate documentation visit Fortinet Technical Support at http://support.fortinet.com. Comments on Fortinet technical documentation You can send information about errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com. FortiGate-500A Installation Guide... -
Page 10: Customer Service And Technical Support
Fortinet technical support web site at http://support.fortinet.com. You can also register FortiGate Antivirus Firewalls from http://support.fortinet.com and change your registration information at any time. Fortinet email support is available from the following addresses: amer_support@fortinet.com For customers in the United States, Canada, Mexico, Latin... -
Page 11: Getting Started
FortiGate-500A Installation Guide Version 2.80 MR5 Getting started This section describes unpacking, setting up, and powering on a FortiGate Antivirus Firewall unit. This section includes: • Package contents • Mounting • Turning the FortiGate unit power on and off • Connecting to the web-based manager •... -
Page 12: Package Contents
The FortiGate-500A package contains the following items: • FortiGate-500A Antivirus Firewall • one orange crossover ethernet cable (Fortinet part number CC300248) • one gray regular ethernet cable (Fortinet part number CC300249) • one RJ-45 serial cable (Fortinet part number CC300302) •... -
Page 13: Turning The Fortigate Unit Power On And Off
Getting started Power requirements • Power dissipation: 50 W (max) • AC input voltage: 100 to 240 VAC • AC input current: 1.6 A • Frequency: 50 to 60 H Environmental specifications • Operating temperature: 32 to 104°F (0 to 40°C) •... -
Page 14: Connecting To The Web-Based Manager
Set the IP address of the computer with an ethernet connection to the static IP address 192.168.1.2 with a netmask of 255.255.255.0. Using the crossover cable or the ethernet hub and cables, connect port 1 of the FortiGate unit to the computer ethernet connection. 01-28005-0101-20041015 Fortinet Inc. -
Page 15: Connecting To The Command Line Interface (Cli)
Getting started Start Internet Explorer and browse to the address https://192.168.1.99. (remember to include the “s” in https://). The FortiGate login is displayed. Figure 3: FortiGate login Type admin in the Name field and select Login. Connecting to the command line interface (CLI) As an alternative to the web-based manager, you can install and configure the FortiGate unit using the CLI. -
Page 16: Factory Default Fortigate Configuration Settings
IPS to the network traffic that is controlled by firewall policies. • Factory default NAT/Route mode network configuration • Factory default Transparent mode network configuration • Factory default firewall configuration • Factory default protection profiles 01-28005-0101-20041015 Fortinet Inc. -
Page 17: Factory Default Nat/Route Mode Network Configuration
Getting started Factory default NAT/Route mode network configuration Factory default NAT/Route mode network configuration When the FortiGate unit is first powered on, it is running in NAT/Route mode and has the basic network configuration listed in Table 2. This configuration allows you to connect to the FortiGate unit web-based manager and establish the configuration required to connect the FortiGate unit to the network. -
Page 18: Factory Default Transparent Mode Network Configuration
The recurring schedule is valid at any time. Protection Profiles Strict, Scan, Web, Control how the FortiGate unit applies virus Unfiltered scanning, web content filtering, spam filtering, and IPS. The factory default firewall configuration is the same in NAT/Route and Transparent mode. 01-28005-0101-20041015 Fortinet Inc. -
Page 19: Factory Default Protection Profiles
Getting started Factory default protection profiles Factory default protection profiles Use protection profiles to apply different protection settings for traffic that is controlled by firewall policies. You can use protection profiles to: • Configure antivirus protection for HTTP, FTP, IMAP, POP3, and SMTP firewall policies •... -
Page 20: Planning The Fortigate Configuration
Port 4 can be connected to another 10/100 Base-T network. Port 4 can also be connected to other FortiGate-300 units if you are installing an HA cluster. • Ports 5 and 6 can be connected to 10/100/1000 Base-T networks. 01-28005-0101-20041015 Fortinet Inc. -
Page 21: Nat/Route Mode With Multiple External Network Connections
Getting started NAT/Route mode with multiple external network connections You can add firewall policies to control whether communications through the FortiGate unit operate in NAT or Route mode. Firewall policies control the flow of traffic based on the source address, destination address, and service of each packet. In NAT mode, the FortiGate unit performs network address translation before it sends the packet to the destination network. -
Page 22: Transparent Mode
Port 4 can also connect to other FortiGate-500A units if you are installing an HA cluster. Configuration options Once you have selected Transparent or NAT/Route mode operation, you can complete the configuration plan and begin to configure the FortiGate unit. Choose among three different tools to configure the FortiGate unit 01-28005-0101-20041015 Fortinet Inc. -
Page 23: Next Steps
Getting started Configuration options Web-based manager and setup wizard The FortiGate web-based manager is a full featured management tool. You can use the web-based manager to configure most FortiGate settings. The web-based manager Setup Wizard guides you through the initial configuration steps. - Page 24 Configuration options Getting started 01-28005-0101-20041015 Fortinet Inc.
-
Page 25: Nat/Route Mode Installation
FortiGate-500A Installation Guide Version 2.80 MR5 NAT/Route mode installation This chapter describes how to install the FortiGate unit in NAT/Route mode. For information about installing a FortiGate unit in Transparent mode, see “Transparent mode installation” on page 37. For information about installing two or more FortiGate units in HA mode, see “High availability installation”... -
Page 26: Dhcp Or Pppoe Configuration
PPPoE requires you to supply a user name and password. In addition, PPPoE unnumbered configurations require you to supply an IP address. Use Table 6 record the information you require for your PPPoE configuration. Table 6: PPPoE settings User name: Password: 01-28005-0101-20041015 Fortinet Inc. -
Page 27: Using The Web-Based Manager
NAT/Route mode installation Configuring basic settings Using the web-based manager You can use the web-based manager for the initial configuration of the FortiGate unit. You can also continue to use the web-based manager for all FortiGate unit settings. For information about connecting to the web-based manager, see “Connecting to the web-based manager”... -
Page 28: Using The Front Control Buttons And Lcd
After you set the last digit of the IP address, press Enter. Use the down arrow to highlight Netmask. Press Enter and change the Netmask. After you set the last digit of the Netmask, press Enter. Press Esc to return to the Main Menu. 01-28005-0101-20041015 Fortinet Inc. -
Page 29: Using The Command Line Interface
NAT/Route mode installation Configuring the FortiGate unit to operate in NAT/Route mode To add a default gateway to an interface The default gateway is usually configured for the interface connected to the Internet. You can use the procedure below to configure a default gateway for any interface. Press Enter to display the interface list. - Page 30 To set the port2 to use PPPoE, enter: config system interface edit port2 set mode pppoe set username user@domain.com set password mypass set connection enable Use the same syntax to set the IP address of each FortiGate interface as required. 01-28005-0101-20041015 Fortinet Inc.
- Page 31 NAT/Route mode installation Configuring the FortiGate unit to operate in NAT/Route mode Confirm that the addresses are correct. Enter: get system interface The CLI lists the IP address, netmask, and other settings for each of the FortiGate interfaces. To configure DNS server settings •...
-
Page 32: Using The Setup Wizard
Internal servers FTP Server: _____._____._____._____ If you provide access from the Internet to a web server, SMTP server, POP3 server IMAP server, or FTP server installed on an internal network, add the IP addresses of the servers here. 01-28005-0101-20041015 Fortinet Inc. -
Page 33: Starting The Setup Wizard
NAT/Route mode installation Starting the setup wizard Table 7: Setup wizard settings High Create a protection profile that enables virus scanning, file blocking, and blocking of oversize email for HTTP, FTP, IMAP, POP3, and SMTP. Add this protection profile to a default firewall policy. Medium Create a protection profile that enables virus Antivirus... -
Page 34: Connecting The Fortigate Unit To The Network(S)
Figure 9: FortiGate-500A NAT/Route mode connections Internal Network DMZ Network Web Server Mail Server Hub or Switch Port 1 P o rt 3 Hub or Switch CONSOLE 10/100 10/100/1000 Enter FortiGate-500A Port 2 Public Switch or Router Internet 01-28005-0101-20041015 Fortinet Inc. -
Page 35: Configuring The Networks
NAT/Route mode installation Starting the setup wizard Optionally connect Ports 3, 4, 5, and 6 to other networks. For example, you could connect port 3 to a DMZ network to provide access from the Internet to a web server or other server without installing the servers on the internal network. - Page 36 After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.
-
Page 37: Transparent Mode Installation
FortiGate-500A Installation Guide Version 2.80 MR5 Transparent mode installation This chapter describes how to install a FortiGate unit in Transparent mode. If you want to install the FortiGate unit in NAT/Route mode, see “NAT/Route mode installation” on page 25. If you want to install two or more FortiGate units in HA mode, see “High availability installation”... -
Page 38: Using The Web-Based Manager
Select access methods and logging for any interfaces as required. Select Apply. To configure DNS server settings Go to System > Network > DNS. Enter the IP address of the primary DNS server. Enter the IP address of the secondary DNS server. Select OK. 01-28005-0101-20041015 Fortinet Inc. -
Page 39: Reconnecting To The Web-Based Manager
Transparent mode installation Reconnecting to the web-based manager To configure the default gateway Go to System > Network > Management. Set Default Gateway to the default gateway IP address that you recorded in Table 8 on page Select Apply. Reconnecting to the web-based manager If you changed the IP address of the management interface while you were using the setup wizard, you must reconnect to the web-based manager using the new IP address. -
Page 40: Using The Command Line Interface
Make sure that you are logged into the CLI. Set the management IP address and netmask to the IP address and netmask that you recorded in Table 8 on page 38. Enter: config system manageip set ip <address_ip> <netmask> 01-28005-0101-20041015 Fortinet Inc. - Page 41 Transparent mode installation Reconnecting to the web-based manager Example config system manageip set ip 10.10.10.2 255.255.255.0 Confirm that the address is correct. Enter: get system manageip The CLI lists the management IP address and netmask. To configure DNS server settings Set the primary and secondary DNS server IP addresses.
-
Page 42: Using The Setup Wizard
10/100/1000Base-TX connectors (5 and 6) that can be connected to up to seven different network segments. You can connect them in any configuration. If you are configuring HA you can connect the FortiGate-500A to other FortiGate-500A units using port 4. 01-28005-0101-20041015 Fortinet Inc. -
Page 43: Next Steps
Transparent mode installation Reconnecting to the web-based manager For example, you can connect the FortiGate-500A using the following steps: Connect port 1 to the hub or switch connected to your internal network. Connect port 2 to the network segment connected to the external firewall or router. Optionally connect ports 3 and 4 to hubs or switches connected to your other networks (the example shows a connection to port 5). - Page 44 After purchasing and installing a new FortiGate unit, you can register the unit by going to the System Update Support page, or using a web browser to connect to http://support.fortinet.com and selecting Product Registration. To register, enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased.
-
Page 45: High Availability Installation
FortiGate-500A Installation Guide Version 2.80 MR5 High availability installation This chapter describes how to install two or more FortiGate units in an HA cluster. HA installation involves three basic steps: • Configuring FortiGate units for HA operation • Connecting the cluster to your networks •... - Page 46 FortiGate unit with the highest serial number becomes the primary cluster unit. Override You can configure a FortiGate unit to always become the primary unit in the cluster by giving it a high priority and by selecting Override master. Master 01-28005-0101-20041015 Fortinet Inc.
-
Page 47: Configuring Fortigate Units For Ha Using The Web-Based Manager
High availability installation Configuring FortiGate units for HA using the web-based manager Table 9: High availability settings (Continued) The schedule controls load balancing among the FortiGate units in the active-active HA cluster. The schedule must be the same for all FortiGate units in the HA cluster. -
Page 48: Configuring Fortigate Units For Ha Using The Cli
To change the FortiGate unit host name Power on the FortiGate unit to be configured. Connect to the CLI. “Connecting to the command line interface (CLI)” on page Change the host name. config system global set hostname <name_str> 01-28005-0101-20041015 Fortinet Inc. -
Page 49: Connecting The Cluster To Your Networks
You must connect all matching interfaces in the cluster to the same hub or switch. Then you must connect these interfaces to their networks using the same hub or switch. Fortinet recommends using switches for all cluster connections for the best performance. FortiGate-500A Installation Guide... - Page 50 HA cluster to function. Figure 11: HA network configuration Internal Network Port 1 Port 2 10/100 10/100/1000 CONSOLE Enter Port 4 Hub or Hub or Switch Switch Port 4 Router CONSOLE 10/100 10/100/1000 Enter Port 1 Port 2 Internet 01-28005-0101-20041015 Fortinet Inc.
-
Page 51: Installing And Configuring The Cluster
High availability installation Configuring FortiGate units for HA using the CLI Power on all the FortiGate units in the cluster. As the units start, they negotiate to choose the primary cluster unit and the subordinate units. This negotiation occurs with no user intervention and normally just takes a few seconds. - Page 52 Configuring FortiGate units for HA using the CLI High availability installation 01-28005-0101-20041015 Fortinet Inc.
-
Page 53: Index
6, 27, 32, 38, 42 starting 27, 33, 38, 42 starting 27, 33, 38, 42 synchronize with NTP server 35, 44 Fortinet customer service 10 front keypad and LCD configuring IP address 39 technical support 10 time zone 35, 44... - Page 54 Index 01-28005-0101-20041015 Fortinet Inc.
Need help?
Do you have a question about the FortiGate 500A and is the answer not in the manual?
Questions and answers