Fortinet FortiGate-100 Quick Start Manual

FortiGate-100 LED Indicators
LED State
Power Green
Off
Status Flashing
Green
Off
Internal External Green
DMZ
(front and back)
Flashing green (front)
Flashing Amber (back)
Off

Factory default settings

NAT/Route mode
Internal interface 192.168.1.99
External interface 192.168.100.99
DMZ interface 10.10.10.1
1

Checking the package contents

Connector Type Speed
Internal RJ-45 10/100Base_T Ethernet
External RJ-45 10/100Base_T Ethernet
DMZ RJ-45 10/100Base_T Ethernet
CONSOLE DB-9 9600 bps
2
Connecting the FortiGate-100
• Place the unit on a stable surface. It requires 1.5 inches
(3.75 cm) clearance on each side to allow for cooling.
• Make sure the power switch on the back of the unit is turned off before
connecting the power and network cables.
• The Status light flashes while the unit is starting up and remains lit when
the system is up and running.
3
Planning the configuration
NAT/Route mode
In NAT/Route mode, the FortiGate-100 is visible to the networks that it is connected to.
All of its interfaces are on different subnets. You must configure the internal and
external interfaces with IP addresses. Optionally, you can also configure the DMZ
interface.
You would typically use NAT/Route mode when the FortiGate-100 is deployed as a
gateway between private and public networks. In its default NAT/Route mode
configuration, the unit functions as a firewall. Firewall policies control communications
through the FortiGate-100 unit.
FortiGate-100 Unit
in NAT/Route mode
External
204.23.1.5
Internet
NAT mode policies controlling
traffic between internal and
external networks.
In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In
NAT mode, the FortiGate-100 performs network address translation before IP packets
are sent to the destination network. In Route mode, no translation takes place. By
default, the unit has a single NAT mode policy that allows users on the internal network
to securely access and download content from the Internet. No other traffic is possible
until you have configured more policies.
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, Web content filtering, Spam filtering, intrusion
prevention (IPS), and virtual private networking (VPN).
4
Choosing a configuration tool
Web-based manager and Setup
Wizard
Using the Setup Wizard you can add basic settings
by stepping through the wizard pages and filling in
the information required.
The FortiGate web-based manager is an easy to use
management tool. Use it to configure the
administrator password, interface addresses, the
default gateway address, and the DNS server
addresses.
Requirements:
• Ethernet connection between the FortiGate-100 and a management computer.
• Internet Explorer version 6.0 or higher on the management computer.
Description
The FortiGate unit is powered on.
The FortiGate unit is powered off.
The FortiGate unit is starting up.
The FortiGate unit is running normally.
The FortiGate unit is powered off.
The correct cable is in use, and the
connected equipment has power.
Network activity at this interface.
No link established.

Transparent mode

Management IP 10.10.10.1
Administrative account settings
User name admin
Password (none)
Protocol Description
Connection to the internal network.
Connection to the Internet.
Optional connection to a DMZ network, or other FortiGate-100
units for high availability (HA). For details, see the
Documentation CD-ROM.
RS-232 Optional connection to the management computer.
serial Provides access to the command line interface (CLI).
Internal network
192.168.1.3
Internal
192.168.1.99
Route mode policies
controlling traffic between
INTERNAL EXTERNAL DMZ POWER
STATUS
internal networks.
DMZ
DMZ network
10.10.10.1
10.10.10.2
FortiGate-100
© Copyright 2004 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
04 November 2004
For technical support please visit http://www.fortinet.com.
Check that the package contents are complete.
DC +12V 5A
Power RS-232 Serial
Connection Connection
Connect the FortiGate-100 unit to power outlets and to the internal and external networks.
Power cable connects to power supply
DC +12V 5A
Optional straight-through Ethernet cable connects to DMZ network
Straight-through Ethernet cable connects to Internet (public switch, router or modem)
Before configuring the FortiGate-100, you need to plan how to integrate the unit into your
network. Your configuration plan is dependent upon the operating mode that you select: NAT/
Route mode (the default) or Transparent mode.
Transparent mode
In Transparent mode, the FortiGate-100 is invisible to the network. All of its interfaces
are on the same subnet. You only have to configure a management IP address so that
you can make configuration changes.
You would typically use the FortiGate-100 in Transparent mode on a private network
behind an existing firewall or behind a router. In its default Transparent mode
configuration, the unit functions as a firewall. By default, the unit has a single firewall
policy that allows users on the internal network segment to connect to the external
network segment. No other traffic is possible until you have configured more policies.
Gateway to
public network
204.23.1.5
Internet
(firewall, router)
You can connect up to three network segments to the FortiGate-100 unit to control
traffic between these network segments.
Choose among two different tools to configure the FortiGate-100.
• A terminal emulation application (HyperTerminal for Windows) on the management
computer.
INTERNAL EXTERNAL DMZ
QuickStart Guide
01-28005-0033-20041104
Front
POWER
INTERNAL EXTERNAL DMZ
STATUS
Internal, External, DMZ Status Power
Interfaces LED LED
Back
DMZ External Internal
Console
DMZ, External, Internal
Interfaces
Optional null modem cable connects to serial port on management computer
DMZ External Internal
Console
or
Crossover Ethernet cable connects to management computer on internal network
Straight-through Ethernet cable connects to LAN or switch on internal network
FortiGate-100 Unit
in Transparent mode
10.10.10.2
POWER
INTERNAL EXTERNAL DMZ
STATUS
External
Internal
10.10.10.1
Management IP
Transparent mode policies
controlling traffic between
internal and external networks
Command Line Interface (CLI)
The CLI is a full-featured management tool.
Use it to configure the administrator password, the
interface addresses, the default gateway address, and
the DNS server addresses. To configure advanced
settings, see the Documentation CD-ROM.
Requirements:
•The RJ-45-serial connection between the FortiGate-100
and management computer.
POWER
STATUS
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
Null-Modem Cable
(RS-232)
Power Cable Power Supply
FortiGate-100
USER MANUAL
POWER
INTERNAL EXTERNAL DMZ STATUS
QuickStart Guide
Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.
Documentation
Internal network
10.10.10.3