Fortinet Fortigate 100D, Install Manual

Page 1: ...www fortinet com FortiGate 50A 50B FortiWiFi 50B and FortiGate 100 FortiOS 3 0 MR4 I N S T A L L G U I D E ...

Page 2: ...e FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion FortiGuard Web FortiLog FortiAnalyzer FortiManager Fortinet FortiOS FortiPartner FortiProtect FortiReporter FortiResponse FortiShield FortiVoIP and FortiWiFi are trademarks of Fortinet Inc in the United States and or other count...

Page 3: ... FortiAnalyzer 10 FortiReporter 10 FortiBridge 10 FortiManager 10 About this document 10 Document conventions 11 Typographic conventions 11 Fortinet documentation 12 Fortinet Tools and Documentation CD 13 Fortinet Knowledge Center 13 Comments on Fortinet technical documentation 13 Customer service and technical support 13 Installing the FortiGate unit 15 Package Contents 15 FortiGate 50A 15 FortiG...

Page 4: ... CLI 31 Configuring the FortiGate unit 33 Planning the FortiGate configuration 33 NAT Route mode 33 NAT Route mode with multiple external network connections 34 Transparent mode 35 Preventing the public interface from responding to ping requests 35 NAT Route mode installation 36 Preparing to configure the FortiGate unit in NAT Route mode 36 DHCP or PPPoE configuration 37 Using the web based manage...

Page 5: ...ng Server 55 Dead gateway detection 55 Adding firewall policies for modem connections 56 Using a wireless network 57 Setting up a wireless network 57 Positioning an Access Point 58 Radio Frequency interface 58 Using multiple access points 59 Wireless Security 60 Wireless Equivalent Privacy WEP 60 Wi Fi Protected Access WPA 60 Additional security measures 61 MAC address filtering 61 Service Set Ide...

Page 6: ... previous firmware version using the CLI 68 Installing firmware images from a system reboot using the CLI 70 Restoring the previous configuration 72 The FortiUSB key 73 Backup and Restore from the FortiUSB key 73 Using the USB Auto Install feature 74 Additional CLI commands for the FortiUSB key 75 Testing a new firmware image before installing it 75 Installing and using a backup firmware image 77 ...

Page 7: ...ntrusion detection VPN and traffic shaping The FortiGate Unified Threat Management System uses Fortinet s Dynamic Threat Prevention System DTPS technology which leverages breakthroughs in chip design networking security and content analysis The unique ASIC based architecture analyzes content and behavior in real time enabling key applications to be deployed right at the network edge where they are...

Page 8: ...iFi 50B includes Power over Ethernet PoE capabilities as a Powered Device through the WAN1 port FortiGate 100 The FortiGate 100 unit is designed for SOHO SMB and branch office applications The FortiGate 100 supports advanced features such as 802 1Q VLAN virtual domains high availability HA and the RIP and OSPF routing protocols Register your FortiGate unit Register your FortiGate unit by visiting ...

Page 9: ...vices IPS FortiGuard Web Filtering FortiGuard Antispam Service FortiGuard Premier Service An online virus scanner and virus encyclopedia is also available for your reference FortiClient FortiClient Host Security software provides a secure computing environment for both desktop and laptop users running the most popular Microsoft Windows operating systems FortiClient offers many features including c...

Page 10: ...ures employees are using the office network appropriately FortiReporter allows IT administrators to identify and respond to attacks including identifying ways to proactively secure their networks before security threats arise FortiBridge FortiBridge products are designed to provide enterprise organizations with continuous network traffic flow in the event of a power outage or a FortiGate system fa...

Page 11: ...t for best reception FortiGate Firmware Describes how to install update restore and test the firmware for the FortiGate device Document conventions The following document conventions are used in this guide In the examples private IP addresses are used for both private and public IP addresses Notes and Cautions are used to provide important information Typographic conventions FortiGate documentatio...

Page 12: ...o apply intrusion prevention antivirus protection web content filtering and spam filtering and how to configure a VPN FortiGate online help Provides a context sensitive and searchable version of the Administration Guide in HTML format You can access online help from the web based manager as you work FortiGate CLI Reference Describes how to use the FortiGate CLI and contains a reference to all Fort...

Page 13: ... up and restoring installed certificates and private keys FortiGate VLANs and VDOMs User Guide Describes how to configure VLANs and VDOMS in both NAT Route and Transparent mode Includes detailed examples Fortinet Tools and Documentation CD All Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product The documents on this CD are current at ...

Page 14: ...FortiGate 50A 50B FortiWiFi 50B and FortiGate 100 FortiOS 3 0 MR4 Install Guide 14 01 30004 0265 20070831 Customer service and technical support Introduction ...

Page 15: ...t cable Fortinet part number CC300248 one gray straight through Ethernet cable Fortinet part number CC300249 one RJ 45 to DB 9 serial cable Fortinet part number CC300247 one AC adapter and power cable FortiGate 50A QuickStart Guide Fortinet Tools and Documentation CD Figure 1 FortiGate 50A package contents PWR STATUS INTERNAL EXTERNAL LINK 100 LINK 100 PWR STATUS A Power LED Status LED External In...

Page 16: ...s Operating temperature 32 to 104 F 0 to 40 C Storage temperature 13 to 158 F 25 to 70 C Humidity 5 to 95 non condensing Dimensions 8 5 x 1 4 x 5 8in 21 6 x 14 8 x 3 6 cm Weight 1 6 lb 0 73 kg Power Requirements DC input voltage 12V DC input current 3A Environmental Specifications Operating temperature 32 to 104 F 0 to 40 C Storage temperature 13 to 158 F 25 to 70 C Humidity 5 to 95 non condensing...

Page 17: ... one null modem cable one AC adapter and power cable FortiGate 100 QuickStart Guide Fortinet Tools and Documentation CD Dimensions 8 5 x 1 4 x 5 8in 21 6 x 14 8 x 3 6 cm Weight 1 6 lb 0 73 kg Power Requirements DC input voltage 12V DC input current 3A Environmental Specifications Operating temperature 32 to 104 F 0 to 40 C Storage temperature 13 to 158 F 25 to 70 C Humidity 5 to 95 non condensing ...

Page 18: ... determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV ...

Page 19: ...the bracket is supported by the bracket side bars Use the four screws supplied to attach the bracket to the FortiWiFi unit Repeat for the other bracket See the illustration below for how the bracket is attached Figure 5 FortiWiFi with attached mounting bracket To mount to the wall measure where the holes in the brackets are on the wall and inser nails or screws Hang the FortiWiFi on the nails or s...

Page 20: ...ng The FortiGate unit is starting up Off The FortiGate unit is running normally Internal External DMZ FortiGate 100 Green The correct cable is in use and the connected equipment has power Flashing green Network activity at this interface Off No link established Internal External DMZ FortiGate 100 interfaces back Green The correct cable is in use and the connected equipment has power Flashing amber...

Page 21: ...web based manager to configure most FortiGate settings and monitor the status of the FortiGate unit Command line interface You can access the FortiGate command line interface CLI by connecting a management computer serial port to the FortiGate serial console connector You can also use Telnet or a secure SSH connection to the CLI from any network that is connected to the FortiGate unit including th...

Page 22: ...d security certificate If you do not accept the certificate the FortiGate unit refuses the connection If you accept the certificate the FortiGate login page appears The credentials entered are encrypted before they are sent to the FortiGate unit If you choose to accept the certificate permanently the warning is not displayed again Just before the FortiGate login page is displayed a second warning ...

Page 23: ...nfiguration changes made with the CLI are effective immediately without resetting the firewall or interrupting service To connect to the FortiGate CLI you require a computer with an available communications port the RJ 45 to DB 9 serial cable or null modem cable included in your FortiGate package terminal emulation software such as HyperTerminal for Microsoft Windows To connect to the CLI 1 Connec...

Page 24: ...you need to do is set your network computers to obtain an IP address automatically and to obtain DNS server IP addresses automatically using DHCP access the web based manager and configure the required settings for the FortiGate external interface You can also configure FortiGate DNS servers and add a FortiGate default route if needed The FortiGate internal interface acts as a DHCP server for the ...

Page 25: ...om the ISP select Apply Use the following DNS server addresses select and enter the DNS server addresses given to you by the ISP select Apply 8 Go to Router Static edit route 1 and change Gateway to the default gateway IP address from the ISP and select OK Network configuration is complete Proceed to Next steps on page 46 9 Select Retrieve default gateway from server and Override internal DNS opti...

Page 26: ...FortiGate 50A 50B FortiWiFi 50B and FortiGate 100 FortiOS 3 0 MR4 Install Guide 26 01 30004 0265 20070831 Quick installation using factory defaults Installing the FortiGate unit ...

Page 27: ...s such as setting system time configuring virus and attack definition updates and registering the FortiGate unit The factory default firewall configuration includes a single network address translation NAT policy that allows users on your internal network to connect to the external network and stops users on the external network from connecting to the internal network You can add more firewall pol...

Page 28: ...ortiGate 50 series you can quickly configure the internal network and the FortiGate unit by using the factory default DHCP server settings See Quick installation using factory defaults on page 24 50A Name internal_dhcp_server Interface Internal Default Gateway 192 168 1 99 IP Range 192 168 1 110 192 168 1 210 Network Mask 255 255 255 0 Lease Time 7 days DNS Server 1 192 168 1 99 Table 8 Factory de...

Page 29: ...policies The following firewall configuration settings are included in the default firewall configuration to make it easier to add firewall policies Network Settings Default Gateway for default route 192 168 100 1 Interface connected to external network for default route external Default Route A default route consists of a default gateway and the name of the interface connected to the external net...

Page 30: ...protection profiles You can add Protection profiles to NAT Route mode and Transparent mode firewall policies The FortiGate unit includes four protection profiles Configuration setting Name Description Firewall policy Internal External Source All Destination All Firewall address All Firewall address matches the source or destination address of any packet Pre defined service More than 50 predefined ...

Page 31: ...e to recover from it Restoring the default settings using the web based manager To reset the default settings 1 Go to System Status 2 In Unit Operation Display select Reset Restoring the default settings using the CLI To reset the default settings enter the following command execute factoryreset Caution This procedure deletes all changes you have made to the FortiGate configuration and reverses th...

Page 32: ...FortiGate 50A 50B FortiWiFi 50B and FortiGate 100 FortiOS 3 0 MR4 Install Guide 32 01 30004 0265 20070831 Restoring the default settings Factory defaults ...

Page 33: ... it to control the traffic flowing between its interfaces Your configuration plan depends on the operating mode you select You can also configure the FortiGate unit and the network it protects using the default settings NAT Route mode In NAT Route mode the FortiGate unit is visible to the network Like a router all its interfaces are on different subnets The following interfaces are available in NA...

Page 34: ...for the FortiGate 50A WAN2 is the redundant interface to the external network on the FortiGate 50B and FortiWiFi 50B DMZ is the redundant interface to the external network on the FortiGate 100 Internal is the interface to the internal network You must configure routing to support redundant Internet connections Routing can automatically redirect connections from an interface if its connection to th...

Page 35: ... Preventing the public interface from responding to ping requests The factory default configuration of your FortiGate unit allows the default public interface to respond to ping requests The default public interface is also called the default external interface and is the interface of the FortiGate unit that is usually connected to the Internet For the most secure operation you should change the c...

Page 36: ...oute mode This section includes the following topics Preparing to configure the FortiGate unit in NAT Route mode DHCP or PPPoE configuration Using the web based manager Using the command line interface Connecting the FortiGate unit to the network s Configuring the networks Preparing to configure the FortiGate unit in NAT Route mode Use Table 12 on page 36 to gather the information you need to cust...

Page 37: ...ager for the initial configuration of the FortiGate unit and all FortiGate unit settings For information about connecting to the web based manager see Connecting to the web based manager on page 21 Configuring basic settings After connecting to the web based manager use the following procedures to complete the basic configuration of the FortiGate unit Administrator Password Internal IP _____ _____...

Page 38: ...dministration Guide 5 Select OK 6 Repeat this procedure for each interface To configure DNS server settings 1 Go to System Network Options 2 Enter the IP address of the primary DNS server 3 Enter the IP address of the secondary DNS server 4 Select Apply Adding a default route Add a default route to configure where the FortiGate unit sends traffic destined for an external network usually the Intern...

Page 39: ... send email from your email account If you cannot browse to the web site or retrieve send email from your account review the previous steps to ensure all information was entered correctly and try again Using the command line interface You can also configure the FortiGate unit using the command line interface CLI For information about connecting to the CLI see Connecting to the CLI on page 23 Confi...

Page 40: ... set ip address_ip netmask end Example config system interface edit external set mode static set ip 10 10 1 5 255 255 255 0 end To set the external interface to use DHCP enter config system interface edit interface set mode dhcp end To set the external interface to use PPPoE enter config system interface edit interface set mode pppoe set connection enable set username name_str set password psswrd ...

Page 41: ...s configured using DHCP or PPPoE To add a default route Set the default route to the Default Gateway IP address Enter config router static edit seq_num set dst class_ip net_netmask set gateway gateway_IP set device interface end Verify the connection To verify the connection try the following ping the FortiGate unit browse to the web based manager GUI retrieve or send email from your email account...

Page 42: ...your networks must be configured to route all Internet traffic to the IP address of the interface where the networks are connected For the internal network change the default gateway address of all computers and routers connected directly to your internal network to the IP address of the FortiGate internal interface For the DMZ network change the default gateway address of all computers and router...

Page 43: ...ger to complete the initial configuration of the FortiGate unit You can continue to use the web based manager for all FortiGate unit settings For information about connecting to the web based manager see Connecting to the web based manager on page 21 The first time you connect to the FortiGate unit it is configured to run in NAT Route mode To switch to Transparent mode using the web based manager ...

Page 44: ...ge 43 to complete the following procedures To change to Transparent mode using the CLI 1 Make sure you are logged into the CLI 2 Switch to Transparent mode Enter config system settings set opmode transparent set manageip address_ip netmask set gateway address_ip end After a few seconds the following prompt appears Changing to TP mode 3 To confirm you have changed to transparent mode enter the foll...

Page 45: ...the management IP default gateway field Connecting the FortiGate unit to your network When you complete the initial configuration you can connect the FortiGate unit between your internal network and the Internet and optionally connect an additional network to the other interfaces if applicable To connect the FortiGate unit running in Transparent mode 1 Connect the Internal interface to the hub or ...

Page 46: ...r System Information System Time select Change 3 Select Refresh to display the current FortiGate system date and time 4 Select your Time Zone from the list 5 Optionally select Automatically adjust clock for daylight saving changes check box 6 Select Set Time and set the FortiGate system date and time 7 Set the hour minute second month day and year as required 8 Select OK To use NTP to set the Fort...

Page 47: ...ocedure for registering your FortiGate unit and try again or see Adding an override server on page 49 Updating antivirus and IPS signatures from the web based manager After you have registered your FortiGate unit you can update antivirus and IPS signatures using the web based manager The FortiGuard Center enables you to receive push updates allow push update to a specific IP address and schedule u...

Page 48: ...ad updates 4 Select Apply The FortiGate unit starts the next scheduled update according to the new update schedule Whenever the FortiGate unit runs a scheduled update the event is recorded in the FortiGate event log To enable schedule updates from the CLI 1 Log into the CLI 2 Enter the following command config system autoupdate schedule set frequency every daily weekly set status enable disable se...

Page 49: ...FortiGuard Center 2 Select the blue arrow for AntiVirus and IPS Downloads to expand the options 3 Select the Use override server address check box 4 Type the fully qualified domain name or IP address of a FortiGuard server 5 Select Apply The FortiGate unit tests the connection to the override server If the FDN setting changes to available the FortiGate unit has successfully connected to the overri...

Page 50: ...FortiGate 50A 50B FortiWiFi 50B and FortiGate 100 FortiOS 3 0 MR4 Install Guide 50 01 30004 0265 20070831 Next steps Configuring the FortiGate unit ...

Page 51: ...the Internet When connecting to an ISP in either configuration the modem can automatically dial up to three dial up accounts until the modem connects to an ISP This section includes the following topics Connecting a modem to the FortiGate 50A Selecting a modem mode Configuring the modem for the FortiGate 50A Adding a Ping Server Adding firewall policies for modem connections Connecting a modem to ...

Page 52: ...k again the FortiGate unit disconnects the modem interface and switches back to the Ethernet interface For the FortiGate unit to switch from an Ethernet interface to the modem you must select the name of the interface in the modem configuration and configure a ping server for that interface You must also configure firewall policies for connections between the modem interface and other FortiGate in...

Page 53: ...to the modem interface The modem disconnects after it reaches the idle timer period value if there is no traffic through the modem interface within that time When traffic occurs on the interface the FortiGate unit dials the modem again auto dial must be disabled when in standalone mode disable holddown timer seconds Used only when the modem is configured as a backup for an interface Set the time 1...

Page 54: ...t add spaces to the phone number Make sure to include standard special characters for pauses country codes and other functions as required by your modem to connect to your dial up account No default phone2 phone number Enter the phone number required to connect to the dialup account Do not add spaces to the phone number Make sure to include standard special characters for pauses country codes and ...

Page 55: ...and select Edit 3 Set Ping Server to the IP address of the next hop router on the network connected to the interface 4 Select the Enable check box 5 Select OK to save the changes Dead gateway detection The FortiGate unit uses dead gateway detection to ping the Ping Server IP address to make sure the FortiGate unit can connect to this IP address Modify dead gateway detection to control how the Fort...

Page 56: ...irewall addresses and policies You can add one or more addresses to the modem interface For information about adding addresses see the FortiGate Administration Guide When you add addresses the modem interface appears on the policy grid You can configure firewall policies to control the flow of packets between the modem interface and the other interfaces on the FortiGate unit For information about ...

Page 57: ...ess network as efficient as possible This section includes the following topics Setting up a wireless network Wireless Security FortiWiFi 50B operation modes Setting up the FortiWiFi 50B as an Access Point Setting up a wireless network In its simplest form a wireless network is an Access Point communicating with one wireless device An Access Point AP is a device that provides a communications hub ...

Page 58: ...nal Be aware of the physical barriers in your office space that may reduce a signal If there is enough physical interference you may encounter dead spots that receive no signals Ensure the FortiWiFi 50B AP is located in a prominent location within a room for maximum coverage rather than in a corner Construction materials used in a building can also weaken radio signals Rooms with walls of concrete...

Page 59: ... improve signal quality Using multiple access points If you cannot avoid some of these impediments due to the shape of the office or building materials used you may need to use multiple FortiWiFi 50B APs to help distribute the radio signal around the room Figure 14 shows how positioning two FortiWiFi 50B APs within a uniquely shaped office space helps to distribute signals around the area Figure 1...

Page 60: ...nd potentially error prone Consequently keys are rarely changed over months or years leaving a hacker plenty of time to get the key and gain access to the network In small wireless networking environments activating WEP security will significantly minimize outside infiltrators from getting in your network and is better than no security at all However it is still very important that you regularly c...

Page 61: ...to your network Service Set Identifier The Service Set Identifier SSID is the network name shared by all users on a wireless network Wireless users should configure their computers to connect to the network that broadcasts this network name For security reasons do not leave the default name of fortinet as the network name Broadcasting enables wireless users to find a network The FortiWiFi 50B mode...

Page 62: ...ture For example in a warehouse where shipping and receiving are on opposite sides of the building running cables is not an option due to the warehouse environment The FortiWiFi 50B unit can support wired users using its four Ethernet ports and can connect to another Access Point wirelessly as a Client This connects the wired users to the network using the 802 11 wireless standard as a backbone Fi...

Page 63: ...0B WLAN interface As a DHCP server the interface dynamically assigns IP addresses to hosts on the network connected to the WLAN interface To configure the FortiWiFi 50B to be a DHCP server 1 Go to System DHCP Service 2 Select the blue triangle to expand the WLAN options 3 Configure the DHCP server settings 4 Select OK Name Enter a name of the DHCP sever For example DHCPSever_1 Enable Select to ena...

Page 64: ...s and the wireless network through the WLAN interface You can provide secure Internet access for wireless clients by creating firewall policies from the WLAN interface to the WAN1 or WAN2 interfaces The following example creates a policy from the wireless clients WLAN interface to the Internet WAN1 interface using traffic shaping firewall authentication and the default Strict content policy To cre...

Page 65: ... manager or CLI procedure to upgrade to a new FortiOS firmware version or to a more recent build of the same firmware version Upgrading the firmware using the web based manager Use the following procedures to upgrade the FortiGate unit to a new firmware version To upgrade the firmware using the web based manager 1 Copy the firmware image file to your management computer 2 Log into the web based ma...

Page 66: ...se the following command to ping the computer running the TFTP server For example if the IP address of the TFTP server is 192 168 1 168 execute ping 192 168 1 168 5 Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit execute restore image name_str tftp_ipv4 Where name_str is the name of the firmware image file and tftp_ip is the IP address of the TFTP ...

Page 67: ... replacement messages Before beginning this procedure it is recommended that you back up the FortiGate unit configuration back up the IPS custom signatures back up web content and email filtering lists For information see the FortiGate Administration Guide If you are reverting to a previous FortiOS version for example reverting from FortiOS v3 0 to FortiOS v2 80 you might not be able to restore th...

Page 68: ...ng the command execute backup config back up the IPS custom signatures using the command execute backup ipsuserdefsig back up web content and email filtering lists For information see the FortiGate Administration Guide If you are reverting to a previous FortiOS version for example reverting from FortiOS v3 0 to FortiOS v2 80 you might not be able to restore your previous configuration from the bac...

Page 69: ...1 168 enter execute restore v2 80image out 192 168 1 168 The FortiGate unit responds with the message This operation will replace the current firmware version Do you want to continue y n 6 Type y The FortiGate unit uploads the firmware image file After the file uploads a message similar to the following is displayed Get image from tftp server OK Check image OK This operation will downgrade the cur...

Page 70: ... information see the FortiGate Administration Guide If you are reverting to a previous FortiOS version for example reverting from FortiOS v3 0 to FortiOS v2 80 you might not be able to restore your previous configuration from the backup configuration file To install firmware from a system reboot 1 Connect to the CLI using the null modem cable and FortiGate console port 2 Make sure the TFTP server ...

Page 71: ...iGate unit running v2 x BIOS Enter TFTP Server Address 192 168 1 168 Go to step 9 FortiGate unit running v3 x BIOS G Get firmware image from TFTP server F Format boot device Q Quit menu and continue to boot with default firmware H Display this list of options Enter G F Q or H 8 Type G to get the new firmware image from the TFTP server The following message appears Enter TFTP server address 192 168...

Page 72: ...aving D B R 12 Type D The FortiGate unit installs the new firmware image and restarts The installation might take a few minutes to complete Restoring the previous configuration Change the internal interface address if required You can do this from the CLI using the following command config system interface edit internal set ip address_ipv4mask set allowaccess ping https ssh telnet http end After c...

Page 73: ...e configuration using the web based manager 1 Go to System Maintenance Backup and Restore 2 Select USB Disk from the Backup configuration to list 3 Select Backup If you want to encrypt the configuration file select Encrypt configuration file and enter a password then select Backup The password is also used when you are restoring the configuration file To restore configuration using the web based m...

Page 74: ...web based manager and the CLI However it is recommended you use the CLI since the login screen may appear before the installation is complete The FortiGate unit may reboot twice if installing the firmware image and configuration file To configure the USB Auto Install using the web based manager 1 Go to System Maintenance Backup and Restore 2 Select the blue arrow to expand the Advanced options 3 S...

Page 75: ...ts it operates with the originally installed firmware image using the current configuration If the new firmware image operates successfully you can install it permanently using the procedure Upgrading to a new firmware version on page 65 Use this procedure to test a new firmware image before installing it To use this procedure you must connect to the CLI using the FortiGate console port and a RJ 4...

Page 76: ...Key To Download Boot Image FortiGate unit running v3 x BIOS Press any key to display configuration menu 7 Immediately press any key to interrupt the system startup If you successfully interrupt the startup process one of the following messages appears FortiGate unit running v2 x BIOS Enter TFTP Server Address 192 168 1 168 Go to step 9 FortiGate unit running v3 x BIOS G Get firmware image from TFT...

Page 77: ...tiGate unit running v3 x BIOS Save as Default firmware Run image without saving D R or Save as Default firmware Backup firmware Run image without saving D B R 12 Type R The FortiGate image is installed to system memory and the FortiGate unit starts running the new firmware image but with its current configuration 13 You can log into the CLI or the web based manager using any administrative account...

Page 78: ...or example if the IP address of the TFTP server is 192 168 1 168 execute ping 192 168 1 168 5 Enter the following command to restart the FortiGate unit execute reboot As the FortiGate unit starts a series of system startup messages are displayed When of the following message appears Press any key to enter configuration menu 6 Immediately press any key to interrupt the system startup If you success...

Page 79: ... connected to Make sure you do not enter the IP address of another device on this network The following message appears Enter File Name image out 10 Enter the firmware image file name and press Enter The TFTP server uploads the firmware image file to the FortiGate unit and the following message is displayed Save as Default firmware Backup firmware Run image without saving D B R 11 Type B The Forti...

Page 80: ...FortiGate 50A 50B FortiWiFi 50B and FortiGate 100 FortiOS 3 0 MR4 Install Guide 80 01 30004 0265 20070831 Installing and using a backup firmware image FortiGate Firmware ...

Page 81: ...e installing current version 70 restoring previous config 72 reverting to an older version 70 testing new firmware 75 upgrading to a new version 65 upgrading using the CLI 66 68 upgrading using the web base manager 31 65 67 FortiGate documentation commenting on 13 Fortinet 9 Fortinet customer service 13 Fortinet documentation 12 Fortinet Family Products 9 FortiBridge 10 FortiClient 9 FortiGuard 9 ...

Page 82: ...tiGate unit 8 restoring default settings 31 restoring previous firmware config 72 reverting to an older firmware version 70 S security certificate 22 set time 46 standalone mode configuring 52 modem 51 52 synchronize with NTP server 46 T technical support 13 time zone 46 Transparent mode changing to 44 settings 43 using the CLI 44 using web based manager 43 U updating adding override server 49 ant...

Page 83: ...www fortinet com ...

Page 84: ...www fortinet com ...