Fortinet FortiGate-200 Quick Start Manual

FortiGate-200 LED Indicators
LED State
Power Green
Off
Status Flashing green
Green
Off
Internal External Green
DMZ
(front and back)
Flashing green (front)
Flashing Amber (back)
Off

Factory default settings

NAT/Route mode
Internal interface 192.168.1.99
External interface 192.168.100.99
DMZ interface 10.10.10.1
1

Checking the package contents

Connector Type Speed
Internal RJ-45 10/100Base_T Ethernet
External RJ-45 10/100Base_T Ethernet
DMZ RJ-45 10/100Base_T Ethernet
CONSOLE DB-9 9600 bps
2
Connecting the FortiGate-200
• Place the unit on a stable surface or mount it in a 19-inch rack. It
requires 1.5 inches clearance (3.75 cm) on each side to allow for
cooling.
• Make sure the power switch on the back of the unit is turned off before
connecting the power and network cables.
3
Planning the configuration
NAT/Route mode
In NAT/Route mode, the FortiGate-200 is visible to the networks that it is connected to.
All of its interfaces are on different subnets. You must configure the internal and
external interfaces with IP addresses. Optionally, you can also configure the DMZ
interface.
You would typically use NAT/Route mode when the FortiGate-200 is deployed as a
gateway between private and public networks. In its default NAT/Route mode
configuration, the unit functions as a firewall. Firewall policies control communications
through the FortiGate-200 unit.
External
204.23.1.5
POWER STATUS
Internet
NAT mode policies controlling
traffic between internal and
external networks.
In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In
NAT mode, the FortiGate-200 performs network address translation before IP packets
are sent to the destination network. In route mode, no translation takes place. By
default, the unit has a single NAT mode policy that allows users on the internal network
to securely access and download content from the Internet. No other traffic is possible
until you have configured more policies.
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, Web content filtering, Spam filtering, intrusion
prevention (IPS), and virtual private networking (VPN).
4
Choosing a configuration tool
Web-based manager and Setup
Wizard
Using the Setup Wizard you can add basic settings
by stepping through the wizard pages and filling in
the information required.
The FortiGate web-based manager is an easy to use
management tool. Use it to configure the
administrator password, interface addresses, the
default gateway address, and the DNS server
addresses.
Requirements:
• Ethernet connection between the FortiGate-200 and a management computer.
• Internet Explorer version 6.0 or higher on the management computer.
Description
The FortiGate unit is powered on.
The FortiGate unit is powered off.
The FortiGate unit is starting up.
The FortiGate unit is running normally.
The FortiGate unit is powered off.
The correct cable is in use, and the
connected equipment has power.
Network activity at this interface.
No link established.

Transparent mode

Management IP 10.10.10.1
Administrative account settings
User name admin
Password (none)
Protocol Description
Connection to the internal network.
Connection to the Internet.
Optional connection to a DMZ network, or other
FortiGate-200 units for high availability (HA). For details,
see the Documentation CD-ROM.
RS-232 Optional connection to the management computer.
serial Provides access to the command line interface (CLI).
Internal network
FortiGate-200 Unit
Internal
in NAT/Route mode
192.168.1.99
INTERNAL EXTERNAL DMZ
CONSOLE INTERNAL EXTERNAL DMZ
DMZ
DMZ network
10.10.10.1
FortiGate-200
POWER STATUS INTERNAL EXTERNAL
© Copyright 2004 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
03 November 2004
For technical support please visit http://www.fortinet.com.
Check that the package contents are complete.
POWER STATUS INTERNAL EXTERNAL
Power Status Internal, External,
DMZ Interface LEDs
LED LED
Connect the FortiGate-200 unit to power outlets and to the internal and external networks.
POWER STATUS INTERNAL DMZ
EXTERNAL CONSOLE
Before configuring the FortiGate-200, you need to plan how to integrate the unit into your
network. Your configuration plan is dependent upon the operating mode that you select: NAT/
Route mode (the default) or Transparent mode.
Transparent mode
In Transparent mode, the FortiGate-200 is invisible to the network. All of its interfaces
are on the same subnet. You only have to configure a management IP address so that
you can make configuration changes.
You would typically use the FortiGate-200 in Transparent mode on a private network
behind an existing firewall or behind a router. In its default Transparent mode
configuration, the unit functions as a firewall. By default, the unit has a single firewall
policy that allows users on the internal network segment to connect to the external
network segment. No other traffic is possible until you have configured more policies.
192.168.1.3
public network
204.23.1.5
Internet
Route mode policies
(firewall, router)
controlling traffic between
internal networks.
10.10.10.2
You can connect up to three network segments to the FortiGate-200 unit to control
traffic between these network segments.
Choose among two different tools to configure the FortiGate-200.
• A terminal emulation application (HyperTerminal for Windows) on the management
computer.
DMZ
CONSOLE
QuickStart Guide
01-28005-0034-20041103
Front
DMZ
CONSOLE INTERNAL EXTERNAL DMZ
RS-232 Serial Internal External DMZ
Connection Interface Interface Interface
Back
Removable Power Power
Hard Drive Switch Connection
Optional null modem cable connects to serial port on management computer
INTERNAL EXTERNAL DMZ
or
Optional straight-through Ethernet cable connects to DMZ network
Straight-through Ethernet cable connects to Internet (public switch, router or modem)
Crossover Ethernet cable connects to management computer on internal network
Straight-through Ethernet cable connects to LAN or switch on internal network
FortiGate-200 Unit
in Transparent mode
Gateway to
10.10.10.2
POWER STATUS INTERNAL EXTERNAL DMZ CONSOLE INTERNAL EXTERNAL DMZ
External
10.10.10.1
Management IP
Transparent mode policies
controlling traffic between
internal and external networks
Command Line Interface (CLI)
The CLI is a full-featured management tool.
Use it to configure the administrator password, the
interface addresses, the default gateway address, and
the DNS server addresses. To configure advanced
settings, see the Documentation CD-ROM.
Requirements:
•The RJ-45-serial connection between the FortiGate-200
and management computer.
INTERNAL EXTERNAL DMZ
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
Null-Modem Cable
(RS-232)
Power Cable
Rack-Mount Brackets
FortiGate-200
USER MANUAL
POWER STATUS INTERNAL EXTERNAL DMZ CONSOLE INTERNAL EXTERNAL DMZ
QuickStart Guide
Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.
Documentation
Power cable connects to power outlet
Internal network
10.10.10.3
Internal