Fortinet FortiGate-800 Install Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate FortiGate-800
  6. Install manual
Fortinet FortiGate-800 Install Manual

Fortinet FortiGate-800 Install Manual

Fortios 3.0mr4
Hide thumbs Also See for FortiGate-800:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual
I N S T A L L G U I D E
FortiGate-800 and FortiGate-800F
FortiOS 3.0MR4
www.fortinet.com

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate-800

Summary of Contents for Fortinet FortiGate-800

  • Page 1 I N S T A L L G U I D E FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 www.fortinet.com...
  • Page 2 FortiOS 3.0MR4 15 February 2007 01-30004-0269-20070215 © Copyright 2007 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.

  • Page 3: Table Of Contents

    Connecting to the web-based manager ............16 System Dashboard ................18 Connecting to the CLI ................. 18 LCD and front control buttons ............... 19 Using the front control buttons and LCD ............. 19 FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 4 Verifying the front control buttons and LCD configuration ....41 Verify connection .................. 41 Using the command line interface............... 41 Reconnecting to the web-based manager..........42 Connecting the FortiGate unit to your network ........... 42 FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 5 Backup and Restore from the FortiUSB key ..........56 Using the USB Auto-Install feature ............. 57 Additional CLI Commands for the FortiUSB key ......... 58 Testing a new firmware image before installing it........58 Index....................61 FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 6 Contents FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 7: Introduction

    VLAN support, and virtual domains. The FortiGate-800 also provides stateful failover HA, when you are configuring a cluster of FortiGate units. The FortiGate-800 is a natural choice for large enterprises, who demand top network security performance. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide...

  • Page 8: Fortigate-800F

    Fortinet Family Products Fortinet offers a family of products that includes both software and hardware appliances, for a complete network security solution including mail, logging, reporting, network management, and security along with FortiGate Unified Threat Management Systems.

  • Page 9: Forticlient

    FortiMail unit has reliable, high performance features for detecting and blocking malicious attachments such as Distributed Checksum Clearinghouse (DCC) scanning and Bayesian scanning. Built on Fortinet’s award winning FortiOS and FortiASIC technology, FortiMail antivirus technology extends full content inspection capabilities to detect the most advanced email threats.

  • Page 10: Fortibridge

    Notes and Cautions are used to provide important information: Note: Highlights useful additional information. Caution: Warns you about commands or procedures that could have unexpected or undesirable results including loss of data or damage to equipment. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 11: Typographic Conventions

    Go to VPN > IPSEC > Phase 1 and select Create New. Program output Welcome! <address_ipv4> Variables FortiGate documentation The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com. The following FortiGate product documentation is available: •...

  • Page 12: Fortinet Knowledge Center

    Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com. Customer service and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and operate reliably in your network.

  • Page 13: Installing The Fortigate Unit

    Package Contents Review the contents of your FortiGate package to ensure all components were included. FortiGate-800/800F The FortiGate-800 and FortiGate-800F package contains the following items: • FortiGate-800 or FortiGate-800F Unified Threat Management System • one orange crossover Ethernet cable (Fortinet part number CC300248) •...

  • Page 14: Mounting

    Mounting The FortiGate-800 and FortiGate-800F units can be mounted in a standard 19-inch rack. Each requires 1U of vertical space in the rack. The FortiGate-800 and FortiGate-800F units can also be installed as a free-standing appliance on any stable surface.

  • Page 15: Mechanical Loading

    The main menu setting appears on the LCD when the system is running. Menu [ Fortigat -> ] NAT, Standalone The FortiGate unit starts and the Power LEDs light up. Table 2: FortiGate-800 and FortiGate-800F LED indicators Status Description Power Green The FortiGate unit is powered on.

  • Page 16: Powering Off The Fortigate Unit

    Connecting to the web-based manager Use the following procedure to connect to the web-based manager for the first time. Configuration changes made with the web-based manager are effective immediately, without resetting the firewall or interrupting service. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 17 This warning occurs because the FortiGate unit redirects the connection. This is an informational message. Select OK to continue logging in. Figure 3: FortiGate login Type admin in the Name field and select Login. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 18: System Dashboard

    The login prompt appears. Type admin and press Enter twice. The following prompt is displayed: Welcome! Type ? to list available commands. For information about how to use the CLI, see FortiGate CLI Reference. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 19: Lcd And Front Control Buttons

    When the main menu is displayed, you can begin to configure the IP addresses, netmasks, default gateways, and if required, change the operating mode. Use the following procedures as a guide when configuring your FortiGate unit in “Configuring the FortiGate unit” on page FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 20 Press Enter to go to the interfaces. Press the up and down arrows to highlight the menu Reset Defaults. Press Enter. The FortiGate unit resets to factory default settings. This takes a few minutes. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 21: Factory Defaults

    The following topics are included in this section: • Factory default NAT/Route mode network configuration • Factory default Transparent mode network configuration • Factory default firewall configuration • Factory default protection profiles • Restoring the default settings FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 22: Factory Default Nat/Route Mode Network Configuration

    (usually the Internet). The default gateway directs all non-local traffic to this interface and to the external network. Primary DNS Server: 65.39.139.53 Secondary DNS Server: 65.39.139.53 FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 23: Factory Default Transparent Mode Network Configuration

    Recurring schedule Always The recurring schedule is valid at any time. Protection Profiles Strict, Scan, Web, Control how the FortiGate unit applies Unfiltered virus scanning, web content filtering, spam filtering, and IPS. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 24: Factory Default Protection Profiles

    Caution: This procedure deletes all changes you have made to the FortiGate configuration and reverses the system to its original configuration, including resetting interface addresses. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 25: Restoring The Default Settings Using The Web-Based Manager

    To reset the default settings, enter the following command: execute factoryreset Note: If you want to restore factory default settings using the front control buttons and LCD, “LCD and front control buttons” on page FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 26 Restoring the default settings Factory defaults FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 27: Configuring The Fortigate Unit

    In NAT mode, the FortiGate unit performs network address translation before it sends the packet to the destination network. In Route mode, there is no address translation. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 28: Nat/Route Mode With Multiple External Network Connections

    (usually the Internet). Note: If you have multiple networks, such as a DMZ network in addition to the internal private network, you could create route mode firewall policies for traffic flowing between them. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 29: Transparent Mode

    Figure 8: Example Transparent mode configuration. Internal Network Gateway to public network External Internal 204.23.1.2 10.10.10.2 Internet 10.10.10.3 Router 10.10.10.1 Management IP Transparent mode policies controlling traffic between internal and external networks. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 30: Preventing The Public Fortigate Interface From Responding To Ping Requests

    FortiGate unit from the Internet. The default public interface for the FortiGate-800/800F is the external interface. A FortiGate unit responds to ping requests if ping administrative access is enabled for that interface.

  • Page 31: Preparing To Configure The Fortigate Unit In Nat/Route Mode

    (usually the Internet). The default gateway directs all non-local traffic to this interface and to the external network. Primary DNS Server: _____._____._____._____ Secondary DNS Server: _____._____._____._____ FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 32: Dhcp Or Pppoe Configuration

    For PPPoE addressing, select PPPoE, and enter the username and password and any other required settings. For information about how to configure these and other interface settings, see the FortiGate online help or the FortiGate Administration Guide. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 33: Adding A Default Route

    If you cannot browse the website or retrieve/send email from your account, review the previous steps to ensure all information was entered correctly and try again. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 34: Using The Front Control Buttons And Lcd

    Press Esc to return to the main menu setting. You will have to configure the DNS server settings through either the web-based manager or the CLI. There is no option on the LCD to configure DNS server settings. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 35: Verifying The Front Control Buttons And Lcd Configuration

    192.168.120.99 255.255.255.0 Set the IP address and netmask of the external interface to the external IP address and netmask you recorded in Table 10 on page FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 36 To configure DNS server settings Set the primary and secondary DNS server IP addresses. Enter: config system dns set primary <address_ip> set secondary <address_ip> Example config system dns set primary 293.44.75.21 set secondary 293.44.75.22 FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 37: Adding A Default Route

    If you cannot browse to the web site or retrieve/send email from your account, review the previous steps to ensure all information was entered correctly and try again. You are now finished the initial configuration of the FortiGate unit. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 38: Configuring The Fortigate Unit To Your Network(S)

    If you are running the FortiGate unit in NAT/Route mode, your networks must be configured to route all Internet traffic to the IP address of the interface where the networks are connected. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 39: Transparent Mode Installation

    FortiGate unit. Add a default gateway if the FortiGate unit must connect to a router to reach the management computer. Primary DNS Server: _____._____._____._____ DNS Settings Secondary DNS Server: _____._____._____._____ FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 40: Using The Web-Based Manager

    Note: When you enter the IP address, the LCD always shows three digits for each part of the address. For example, the IP address 192.168.100.1 appears on the LCD as 192.168.100.001. The IP address 192.168.23.45 appears as 192.168.023.045. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 41: Adding A Default Gateway Using The Front Control Buttons And Lcd

    Make sure you are logged into the CLI. Switch to Transparent mode. Enter: config system settings set opmode transparent set manageip <address_ip> <netmask> set gateway <address_gateway> After a few seconds, the following prompt appears: Changing to TP mode FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 42: Reconnecting To The Web-Based Manager

    To connect the FortiGate unit running in Transparent mode Connect the Internal interface to the hub or switch connected to your internal network. Connect the External interface to the network segment connected to the external firewall or router. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 43: Verify The Connection

    Network Time Protocol (NTP) server. To set the date and time Go to System > Status. Under System Information > System Time, select Change. Select Refresh to display the current FortiGate system date and time. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 44: Updating Antivirus And Ips Signatures

    You can update your antivirus and IPS signatures using the web-based manager or the CLI. Before you can begin receiving updates, you must register your FortiGate unit from the Fortinet web page. For information about registering your FortiGate unit, see “Register your FortiGate unit”...

  • Page 45: Updating Antivirus And Ips Signatures From The Web-Based Manager

    CLI. To enable schedule updates from the web-based manager Go to System > Maintenance > FortiGuard Center. Select the blue arrow for AntiVirus and IPS Downloads to expand the options. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 46: Adding An Override Server

    Type the fully qualified domain name or IP address of a FortiGuard server. Select Apply. The FortiGate unit tests the connection to the override server. If the FDN setting changes to available, the FortiGate unit has successfully connected to the override server. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 47 FortiGate unit from connecting to the override FortiGuard server. To add an override server using the CLI Log into the CLI. Enter the following command: config system autoupdate override set address set status FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 48 Next steps Configuring the FortiGate unit FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 49: Fortigate Firmware

    FortiGate Firmware Upgrading to a new firmware version FortiGate Firmware Fortinet periodically updates the FortiGate firmware to include enhancements and address issues. After you have registered your FortiGate unit, FortiGate firmware is available for download at the support web site, http://support.fortinet.com.

  • Page 50: Upgrading The Firmware Using The Cli

    Do you want to continue? (y/n) Type y. The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, and restarts. This process takes a few minutes. Reconnect to the CLI. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 51: Reverting To A Previous Firmware Version

    The FortiGate unit uploads the firmware image file, reverts to the old firmware version, resets the configuration, restarts, and displays the FortiGate login. This process takes a few minutes. Log into the web-based manager. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 52: Reverting To A Previous Firmware Version Using The Cli

    Make sure the FortiGate unit can connect to the TFTP server. You can use the following command to ping the computer running the TFTP server. For example, if the TFTP server’s IP address is 192.168.1.168: execute ping 192.168.1.168 FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 53: Installing Firmware Images From A System Reboot Using The Cli

    The version of the BIOS running on the FortiGate unit is displayed when you restart the FortiGate unit using the CLI through a console connection. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 54 FortiGate unit running v2.x BIOS Press Any Key To Download Boot Image..• FortiGate unit running v3.x BIOS Press any key to display configuration menu..Immediately press any key to interrupt the system startup. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 55 Save as Default firmware/Run image without saving:[D/R] Save as Default firmware/Backup firmware/Run image without saving: [D/B/R] Type D. The FortiGate unit installs the new firmware image and restarts. The installation might take a few minutes to complete. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 56: Restoring The Previous Configuration

    To backup configuration using the web-based manager Go to System > Maintenance > Backup and Restore. Select USB Disk from the backup configuration to list. Enter a filename for the configuration file. Select Backup. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 57: Using The Usb Auto-Install Feature

    Note: Make sure at least FortiOS v3.0MR1 is installed on the FortiGate unit before installing. To configure the USB Auto-Install using the web-based manager Go to System > Maintenance > Backup and Restore. Select the blue arrow to expand the Advanced options. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 58: Additional Cli Commands For The Fortiusb Key

    If the new firmware image operates successfully, you can install it permanently using the procedure “Upgrading to a new firmware version” on page FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 59 FortiGate unit reboots and you must log in and repeat the execute reboot command. If you successfully interrupt the startup process, one of the following messages appears: • FortiGate unit running v2.x BIOS Enter TFTP Server Address: [192.168.1.168]: Go to step 9. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 60 You can log into the CLI or the web-based manager using any administrative account. To confirm the new firmware image has been loaded from the CLI, enter: get system status You can test the new firmware image as required. FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...

  • Page 61: Index

    FortiManager 10 settings 39 FortiReporter 9 using CLI 41 FortiUSB key using front control buttons, LCD 40 additional CLI commands 58 using web-based manager 40 backup and restore 56 USB Auto-Install 57 FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 62 CLI 50 firmware using the web-based manager 49 USB Auto-Install 57 using front control buttons and LCD 34, 40 web-based manager using the web-based manager 32, 40 connecting 16 FortiGate-800 and FortiGate-800F FortiOS 3.0MR4 Install Guide 01-30004-0269-20070215...
  • Page 63 www.fortinet.com...
  • Page 64 www.fortinet.com...

This manual is also suitable for:

Fortigate-800f

Table of Contents