Fortinet FortiGate-200A Quick Start Manual

FortiGate-200A LED Indicators
LED State Description
Green The FortiGate unit is powered on.
Power
Off The FortiGate unit is powered off.
The correct cable is in use and the connected
Amber
equipment has power.
Internal
WAN1
Flashing
Network activity at this interface.
WAN2
Amber
DMZ1
Green The interface is connected at 100 Mbps.
DMZ2
Off No link established.

Factory default settings

NAT/Route mode
Internal interface 192.168.1.99
WAN1 interface 192.168.100.99
WAN2 interface 192.168.101.99
DMZ1 interface 10.10.10.1
1

Checking the package contents

Connector Type Speed
Internal RJ-45 10/100Base_T Ethernet
WAN1 and 2 RJ-45 10/100Base_T Ethernet
DMZ1 and 2 RJ-45 10/100Base_T Ethernet
CONSOLE RJ-45 9600 bps
2
Connecting the FortiGate-200A
• Place the unit on a stable surface or mount it in a 19-inch rack. It
requires 1.5 inches clearance (3.75 cm) on each side to allow for
cooling.
• Make sure the power switch on the back of the unit is turned off before
connecting the power and network cables.
3
Planning the configuration
NAT/Route mode
In NAT/Route mode, the FortiGate-200A is visible to the networks that it is connected
to. All of its interfaces are on different subnets. You must configure the internal and
WAN1 interfaces with IP addresses. Optionally, you can also configure the WAN2
DMZ1, and DMZ2 interfaces.
You would typically use NAT/Route mode when the FortiGate-200A is deployed as a
gateway between private and public networks. In its default NAT/Route mode
configuration, the unit functions as a firewall. Firewall policies control communications
through the FortiGate-200A unit.
WAN1
204.23.1.5
Internet
NAT mode policies controlling
traffic between internal and
In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In
NAT mode, the FortiGate-200A performs network address translation before IP packets
are sent to the destination network. In Route mode, no translation takes place. By
default, the unit has a single NAT mode policy that allows users on the internal network
to securely access and download content from the Internet. No other traffic is possible
until you have configured more policies.
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, Web content filtering, Spam filtering, intrusion
prevention (IPS), and virtual private networking (VPN).
4
Choosing a configuration tool
Web-based
manager &

Setup Wizard

The FortiGate web-based
manager Setup Wizard
guides you through the
initial configuration steps.
Use it to configure the administrator password, the
interface addresses, the default gateway address, and
the DNS server addresses. Optionally, use the Setup
Wizard to configure the internal server settings for
NAT/Route mode.
Requirements:
• Ethernet connection between the FortiGate-200A
and management computer.
• Internet Explorer version 6.0 or higher on the
management computer.

Transparent mode

Management IP 10.10.10.1
Administrative account settings
User name admin
Password (none)
Protocol Description
4-port switch connection to up to four network
devices or the internal network.
Redundant connections to the Internet.
Optional connections to one or two DMZ networks,
or to other FortiGate-200A units for HA. For details,
see the Documentation CD-ROM.
Optional connection to the management computer.
RS-232
Provides access to the command line interface
serial
(CLI).
Internal network
FortiGate-200A Unit
Internal
in NAT/Route mode
192.168.1.99
Route mode policies
controlling traffic between
CONSOLE USB INTERNAL DMZ1 DMZ2 WAN1 WAN2
1 2 3 4
Esc Enter
internal networks.
A
DMZ1
DMZ network
10.10.10.1
external networks.
address, and the DNS server addresses. To configure
advanced settings, see the Documentation CD-ROM.
Requirements:
• Serial connection between the FortiGate-200A and
management computer.
• A terminal emulation application (HyperTerminal for
Windows) on the management computer.
FortiGate-200A
© Copyright 2004 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
02 November 2004
For technical support please visit http://www.fortinet.com.
Check that the package contents are complete.
A
LCD
Connect the FortiGate-200A unit to a power outlet and to networks.
Optional RJ-45 serial cable connects to management computer
CONSOLE
Esc Enter
A
Straight-through Ethernet cables
connect to computers on internal network
Before configuring the FortiGate-200A, you need to plan how to integrate the unit into your
network. Your configuration plan is dependent upon the operating mode that you select: NAT/
Route mode (the default) or Transparent mode.
Transparent mode
In Transparent mode, the FortiGate-200A is invisible to the network. All of its interfaces
are on the same subnet. You only have to configure a management IP address so that
you can make configuration changes.
You would typically use the FortiGate-200A in Transparent mode on a private network
behind an existing firewall or behind a router. In its default Transparent mode
configuration, the unit functions as a firewall. By default, the unit has a single firewall
policy that allows users on the internal network segment to connect to the external
network segment. No other traffic is possible until you have configured more policies.
192.168.1.3
Gateway to
public network
204.23.1.5
(firewall, router)
Internet
10.10.10.2
You can connect up to 5 network segments to the FortiGate-200A unit to control traffic
between these network segments.
Choose among three different tools to configure the FortiGate-200A.
Command

Line Interface

(CLI)
The CLI is a full-featured
management tool.
Use it to configure the
administrator password,
the interface addresses,
the default gateway
CONSOLE
Esc Enter
A
QuickStart Guide
01-28005-0070-20041102
Front
CONSOLE USB INTERNAL DMZ1 DMZ2 WAN1
1 2 3 4
Esc Enter
Control Serial Internal WAN
Buttons Port (4-port switch) 1, 2
USB DMZ
(future) 1, 2
Back
Power
Connection
USB INTERNAL DMZ1 DMZ2 WAN1 WAN2
1 2 3 4
Straight-through Ethernet cables connect
to Internet (public switch, router, or modem)
FortiGate-200A Unit
in Transparent mode
10.10.10.2
CONSOLE USB INTERNAL DMZ1
1 2 3 4
Esc Enter
A
WAN1
Transparent mode policies
controlling traffic between
internal and external networks
The control buttons and LCD are located on the front
panel of the FortiGate-200A. Use them to configure the
internal, WAN1 and DMZ 1 interface addresses, and the
default gateway address. To configure the other
interface addresses, the DNS server addresses and
other settings, use the web-based manager, or the CLI.
Requirements:
• Physical access to the FortiGate-200A.
USB INTERNAL DMZ1 DMZ2 WAN1 WAN2
1 2 3 4
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
WAN2
RJ-45 to
DB-9 Serial Cable
Power Cable
Power
LED
Rack-Mount Brackets
FortiGate-200A
USER MANUAL
CONSOLE USB 1 INTERNAL 2 3 4 DMZ1 DMZ2 WAN1 WAN2
Esc Enter
A
QuickStart Guide
Power
Switch
Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.
Documentation
Power cable connects to power outlet
10.10.10.1
Management IP
Internal network
10.10.10.3
DMZ2 WAN1 WAN2
Internal
Control
Buttons &
LCD