Sign In
Upload
Manuals
Brands
Fortinet Manuals
Gateway
FortiGate 4000
Fortinet FortiGate 4000 Manuals
Manuals and User Guides for Fortinet FortiGate 4000. We have
1
Fortinet FortiGate 4000 manual available for free PDF download: User Manual
Fortinet FortiGate 4000 User Manual (332 pages)
Fortinet Incorporated User Manual switch FortiGate 4000
Brand:
Fortinet
| Category:
Gateway
| Size: 6.61 MB
Table of Contents
User Manual
1
Table of Contents
3
Introduction
15
Antivirus Protection
16
Web Content Filtering
16
Email Filtering
17
Firewall
17
Nat/Route Mode
18
Transparent Mode
18
Vlans and Virtual Domains
18
Network Intrusion Detection
18
Vpn
19
High Availability
19
Secure Installation, Configuration, and Management
20
Web-Based Manager
20
Command Line Interface
21
Logging and Reporting
21
Document Conventions
21
Fortinet Documentation
22
Comments on Fortinet Technical Documentation
23
Customer Service and Technical Support
23
Getting Started
25
Warnings and Cautions
26
Warning
26
Package Contents
26
Physical Description
27
Front Panel Features
28
Fortiblade-4010 Module
29
KVM Switch Module
30
Rear Panel Features
31
Power Supplies and Power Connections
32
Cooling Fan Trays
33
Management Module
33
10/100 out of Band Management Module
34
Pass-Through Interface Module
35
Switched Interface Module
36
Installing Hardware
37
Choosing a Suitable Environment
37
Choosing a Rack
37
Attaching the Mounting Rail
37
Installing Fortiblade-4010 Modules
38
Fortigate-4000P Network Connections
39
Fortigate-4000S Network Connections
39
Out of Band Management Connections
40
Console Management Connections
40
Turning Fortigate-4000 Chassis Power on and off
40
Turning on Fortigate-4000 Chassis Power
40
Turning off Fortigate-4000 Chassis Power
41
Hot Swapping Modules
41
Hot Swapping Fortiblade-4010 Modules
42
Hot Swapping Cooling Fan Trays
42
Hot Swapping Power Supplies
42
Hot Swapping Interface Modules
43
Hot Swapping the 10/100 out of Band Management Module
43
Hot Swapping the Management Module
44
Hot Swapping the KVM Switch Module
44
Connecting to the Web-Based Manager
44
Connecting to the Fortigate-4000 Internal Interface Module
45
Connecting to the Fortigate-4000 10/100 out of Band Management Module
46
Connecting to the Command Line Interface (CLI)
47
Factory Default Configuration
48
Factory Default Nat/Route Mode Network Configuration
48
Factory Default Transparent Mode Network Configuration
49
Factory Default Firewall Configuration
50
Factory Default Content Profiles
51
Planning the Fortigate Configuration
53
Planning the Fortigate Configuration
54
Nat/Route Mode Standalone Configuration
54
Transparent Mode Standalone Configuration
55
Fortigate-4000 HA Configuration
55
Fortigate-4000 Units with External Load Balancers
57
Fortigate Model Maximum Values Matrix
59
Next Steps
60
Nat/Route Mode Installation
61
Preparing to Configure Nat/Route Mode
61
Advanced Nat/Route Mode Settings
62
Out of Band Management Interface
63
Using the Setup Wizard
63
Starting the Setup Wizard
63
Reconnecting to the Web-Based Manager
63
Using the Command Line Interface
64
Configuring the Fortigate Unit to Operate in Nat/Route Mode
64
Configuring the out of Band Management Interface
65
Connecting the Fortigate Unit to Your Networks
65
Configuring Your Networks
66
Completing the Configuration
66
Configuring the out of Band Management Interface
66
Setting the Date and Time
66
Changing Antivirus Protection
66
Registering Your Fortigate Unit
67
Configuring Virus and Attack Definition Updates
67
Transparent Mode Installation
69
Preparing to Configure Transparent Mode
69
Out of Band Management Interface
70
Using the Setup Wizard
70
Changing to Transparent Mode Using the Web-Based Manager
70
Starting the Setup Wizard
70
Reconnecting to the Web-Based Manager
71
Using the Command Line Interface
71
Changing to Transparent Mode Using the CLI
71
Configuring the Transparent Mode Management IP Address
71
Configure the Transparent Mode Default Gateway
72
Configure the out of Band Management Interface
72
Completing the Configuration
72
Setting the Date and Time
72
Enabling Antivirus Protection
72
Registering Your Fortigate Unit
73
Configuring Virus and Attack Definition Updates
73
Connecting the Fortigate Unit to Your Networks
73
Transparent Mode Configuration Examples
74
Default Routes and Static Routes
74
Example Default Route to an External Network
75
Example Static Route to an External Destination
76
General Configuration Steps
77
Example Static Route to an Internal Destination
78
High Availability
81
Configuring an HA Cluster
82
Configuring Fortigate Units for HA Operation
82
Connecting the Cluster
84
Adding a New Fortigate Unit to a Functioning Cluster
86
Managing an HA Cluster
87
Configuring Cluster Interface Monitoring
88
Viewing the Status of Cluster Members
88
Monitoring Cluster Members
89
Viewing Cluster Sessions
90
Viewing and Managing Cluster Log Messages
90
Monitoring Cluster Units for Failover
91
Viewing Cluster Communication Sessions
91
Managing Individual Cluster Units
92
Changing Cluster Unit Host Names
92
Synchronizing the Cluster Configuration
93
Upgrading Firmware
94
Replacing a Fortigate Unit after Failover
95
Advanced HA Options
95
Selecting a Fortigate Unit as a Permanent Primary Unit
95
Configuring the Priority of each Fortigate Unit in the Cluster
96
Configuring Weighted-Round-Robin Weights
96
Active-Active Cluster Packet Flow
97
Nat/Route Mode Packet Flow
97
Configuring Switches to Work with a Nat/Route Mode Cluster
98
Transparent Mode Packet Flow
99
System Status
101
Changing the Fortigate Host Name
102
Changing the Fortigate Firmware
102
Upgrading to a New Firmware Version
103
Reverting to a Previous Firmware Version
104
Installing Firmware Images from a System Reboot Using the CLI
107
Testing a New Firmware Image before Installing It
109
Installing and Using a Backup Firmware Image
111
Manual Virus Definition Updates
114
Manual Attack Definition Updates
115
Displaying the Fortigate Serial Number
115
Displaying the Fortigate up Time
115
Backing up System Settings
115
Restoring System Settings
116
Restoring System Settings to Factory Defaults
116
Changing to Transparent Mode
117
Changing to Nat/Route Mode
117
Restarting the Fortigate Unit
118
Shutting down the Fortigate Unit
118
System Status
118
Viewing CPU and Memory Status
119
Viewing Sessions and Network Status
120
Viewing Virus and Intrusions Status
121
Session List
122
Virus and Attack Definitions Updates and Registration
123
Updating Antivirus and Attack Definitions
123
Connecting to the Fortiresponse Distribution Network
124
Manually Initiating Antivirus and Attack Definitions Updates
125
Configuring Update Logging
126
Scheduling Updates
126
Enabling Scheduled Updates
126
Adding an Override Server
127
Enabling Scheduled Updates through a Proxy Server
128
Enabling Push Updates
128
Enabling Push Updates
129
Push Updates When Fortigate IP Addresses Change
129
Enabling Push Updates through a NAT Device
129
Registering Fortigate Units
133
Forticare Service Contracts
134
Registering the Fortigate Unit
134
Updating Registration Information
136
Recovering a Lost Fortinet Support Password
136
Viewing the List of Registered Fortigate Units
137
Registering a New Fortigate Unit
137
Adding or Changing a Forticare Support Contract Number
138
Changing Your Fortinet Support Password
138
Changing Your Contact Information or Security Question
138
Downloading Virus and Attack Definitions Updates
139
Registering a Fortigate Unit after an RMA
140
Network Configuration
141
Configuring Zones
141
Adding Zones
142
Deleting Zones
142
Configuring Interfaces
142
Viewing the Interface List
143
Changing the Administrative Status of an Interface
143
Adding an Interface to a Zone
143
Configuring an Interface with a Manual IP Address
144
Configuring an Interface for DHCP
144
Configuring an Interface for Pppoe
145
Adding a Secondary IP Address to an Interface
146
Adding a Ping Server to an Interface
146
Controlling Administrative Access to an Interface
147
Changing the MTU Size to Improve Network Performance
148
Configuring Traffic Logging for Connections to an Interface
148
Configuring the Management Interface in Transparent Mode
148
Out of Band Management
149
Out of Band Management Interface CLI Command
150
VLAN Overview
150
Vlans in Nat/Route Mode
151
Rules for VLAN Ids
151
Rules for VLAN IP Addresses
152
Adding VLAN Subinterfaces
152
Virtual Domains in Transparent Mode
153
Virtual Domain Properties
154
Configuring a Virtual Domain
154
Adding Firewall Policies for Virtual Domains
157
Deleting Virtual Domains
158
Adding DNS Server IP Addresses
158
Configuring Routing
158
Adding a Default Route
159
Adding Destination-Based Routes to the Routing Table
159
Adding Routes in Transparent Mode
160
Configuring the Routing Table
161
Policy Routing
161
Configuring DHCP Services
162
Configuring a DHCP Relay Agent
163
Configuring a DHCP Server
163
RIP Configuration
167
RIP Settings
167
Configuring RIP for Fortigate Interfaces
169
Adding RIP Filters
171
Adding a RIP Filter List
171
Assigning a RIP Filter List to the Neighbors Filter
172
Assigning a RIP Filter List to the Incoming Filter
172
Assigning a RIP Filter List to the Outgoing Filter
173
System Configuration
175
Setting System Date and Time
175
Changing System Options
176
Adding and Editing Administrator Accounts
178
Adding New Administrator Accounts
178
Editing Administrator Accounts
179
Configuring SNMP
180
Configuring the Fortigate Unit for SNMP Monitoring
180
Configuring Fortigate SNMP Support
180
Fortigate Mibs
182
Fortigate Traps
183
Logging Traps
184
Fortinet MIB Fields
185
Replacement Messages
187
Customizing Replacement Messages
188
Customizing Alert Emails
189
Firewall Configuration
191
Default Firewall Configuration
192
Interfaces
192
VLAN Subinterfaces
193
Zones
193
Addresses
193
Services
194
Schedules
194
Content Profiles
194
Adding Firewall Policies
194
Firewall Policy Options
196
Traffic Shaping
197
Configuring Policy Lists
200
Policy Matching in Detail
200
Changing the Order of Policies in a Policy List
201
Enabling and Disabling Policies
201
Addresses
202
Adding Addresses
202
Editing Addresses
203
Deleting Addresses
204
Organizing Addresses into Address Groups
204
Services
205
Predefined Services
205
Adding Custom TCP and UDP Services
208
Adding Custom ICMP Services
209
Adding Custom IP Services
209
Grouping Services
209
Schedules
210
Creating One-Time Schedules
211
Creating Recurring Schedules
212
Adding Schedules to Policies
213
Virtual Ips
213
Adding Static NAT Virtual Ips
214
Adding Port Forwarding Virtual Ips
215
Adding Policies with Virtual Ips
217
IP Pools
218
Adding an IP Pool
218
IP Pools for Firewall Policies that Use Fixed Ports
219
IP Pools and Dynamic NAT
219
IP/MAC Binding
220
Configuring IP/MAC Binding for Packets Going through the Firewall
220
Configuring IP/MAC Binding for Packets Going to the Firewall
221
Adding IP/MAC Addresses
221
Viewing the Dynamic IP/MAC List
222
Enabling IP/MAC Binding
222
Content Profiles
223
Default Content Profiles
224
Adding Content Profiles
224
Adding Content Profiles to Policies
226
Users and Authentication
227
Setting Authentication Timeout
228
Adding User Names and Configuring Authentication
228
Deleting User Names from the Internal Database
229
Configuring RADIUS Support
230
Adding RADIUS Servers
230
Deleting RADIUS Servers
230
Configuring LDAP Support
231
Adding LDAP Servers
231
Deleting LDAP Servers
232
Configuring User Groups
232
Adding User Groups
233
Deleting User Groups
234
Ipsec VPN
235
Key Management
236
Manual Keys
236
Automatic Internet Key Exchange (Autoike) with Pre-Shared Keys or Certificates
236
Manual Key Ipsec Vpns
237
General Configuration Steps for a Manual Key VPN
237
Adding a Manual Key VPN Tunnel
237
Autoike Ipsec Vpns
239
General Configuration Steps for an Autoike VPN
239
Adding a Phase 1 Configuration for an Autoike VPN
239
Configuring Advanced Options
241
Adding a Phase 2 Configuration for an Autoike VPN
244
Managing Digital Certificates
246
Obtaining a Signed Local Certificate
246
Obtaining CA Certificates
249
Configuring Encrypt Policies
249
Adding a Source Address
250
Adding a Destination Address
251
Adding an Encrypt Policy
251
Ipsec VPN Concentrators
253
VPN Concentrator (Hub) General Configuration Steps
254
Adding a VPN Concentrator
255
VPN Spoke General Configuration Steps
256
Monitoring and Troubleshooting Vpns
257
Viewing VPN Tunnel Status
257
Viewing Dialup VPN Connection Status
258
Testing a VPN
258
PPTP and L2TP VPN
259
Configuring PPTP
259
Configuring the Fortigate Unit as a PPTP Gateway
260
Configuring a Windows 98 Client for PPTP
262
Configuring a Windows 2000 Client for PPTP
263
Configuring a Windows XP Client for PPTP
263
Configuring L2TP
265
Configuring the Fortigate Unit as an L2TP Gateway
265
Configuring a Windows 2000 Client for L2TP
267
Configuring a Windows XP Client for L2TP
268
Network Intrusion Detection System (NIDS)
271
Detecting Attacks
271
Selecting the Interfaces to Monitor
272
Disabling Monitoring Interfaces
272
Configuring Checksum Verification
272
Viewing the Signature List
273
Viewing Attack Descriptions
273
Disabling NIDS Attack Signatures
274
Adding User-Defined Signatures
274
Preventing Attacks
276
Enabling NIDS Attack Prevention
276
Enabling NIDS Attack Prevention Signatures
276
Setting Signature Threshold Values
277
Logging Attacks
278
Logging Attack Messages to the Attack Log
278
Reducing the Number of NIDS Attack Log and Email Messages
278
Antivirus Protection
281
General Configuration Steps
281
Antivirus Scanning
282
File Blocking
283
Blocking Files in Firewall Traffic
284
Adding File Patterns to Block
284
Blocking Oversized Files and Emails
285
Configuring Limits for Oversized Files and Email
285
Exempting Fragmented Email from Blocking
285
Viewing the Virus List
286
Web Filtering
287
General Configuration Steps
287
Content Blocking
288
Adding Words and Phrases to the Banned Word List
288
Clearing the Banned Word List
289
Backing up the Banned Word List
290
Restoring the Banned Word List
290
URL Blocking
291
Configuring Fortigate Web URL Blocking
291
Configuring Fortigate Web Pattern Blocking
294
Configuring Cerberian URL Filtering
294
Installing a Cerberian License Key
295
Adding a Cerberian User
295
Configuring Cerberian Web Filter
295
Enabling Cerberian URL Filtering
296
Script Filtering
297
Enabling Script Filtering
297
Selecting Script Filter Options
297
Exempt URL List
298
Adding Urls to the URL Exempt List
298
Downloading the URL Exempt List
299
Uploading a URL Exempt List
299
Email Filter
301
General Configuration Steps
301
Email Banned Word List
302
Adding Words and Phrases to the Email Banned Word List
302
Downloading the Email Banned Word List
303
Uploading the Email Banned Word List
303
Email Block List
304
Adding Address Patterns to the Email Block List
304
Downloading the Email Block List
304
Uploading an Email Block List
305
Email Exempt List
305
Adding Address Patterns to the Email Exempt List
306
Adding a Subject Tag
306
Logging and Reporting
307
Recording Logs
307
Recording Logs on a Remote Computer
308
Recording Logs on a Netiq Webtrends Server
308
Recording Logs in System Memory
309
Log Message Levels
309
Filtering Log Messages
310
Configuring Traffic Logging
311
Enabling Traffic Logging
312
Configuring Traffic Filter Settings
313
Adding Traffic Filter Entries
313
Viewing Logs Saved to Memory
314
Viewing Logs
314
Searching Logs
315
Configuring Alert Email
315
Adding Alert Email Addresses
316
Testing Alert Email
316
Enabling Alert Email
317
Glossary
319
Index
323
Advertisement
Advertisement
Related Products
Fortinet FortiGate 400
Fortinet FortiGate 110C
Fortinet FortiGate 100
Fortinet FortiGate 60B
Fortinet FortiGate 620B
Fortinet FortiGate v3.0 MR7
Fortinet FortiGate 30B
Fortinet FortiGate FortiGate-30B
Fortinet FortiGate FortiGate-310B
Fortinet FortiGate FortiGate-60B
Fortinet Categories
Firewall
Network Hardware
Wireless Access Point
Telephone
Switch
More Fortinet Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL