INTERNAL
EXTERNAL
LINK 100
LINK 100
PWR
STATUS
PWR
STATUS
INTERNAL
EXTERNAL
LINK 100
LINK 100
PWR
STATUS
Power
LED
Status
LED
External
Interface
Internal
Interface
Documentation
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
USER MANUAL
FortiGate-50A
QuickStart Guide
Copyright 2004 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.
Power Cable Power Supply
Internal
External
DC+12V
USB
Back
Power
USB
(future)
Internal
Front
Internal
External
LINK 100
LINK 100
PWR
STATUS
External
Modem Console
Modem Phone
Connection
Serial Port
RJ-11 Phone cable
RJ-45 to
DB-9 Serial Cable
Internal
External
DC+12V
USB
Power cable connects to power supply
Straight-through Ethernet cable connects
to Internet (public switch, router or modem)
Straight-through Ethernet cable connects to
LAN or switch on internal network
Crossover Ethernet cable connects to
management computer on internal network
or
Modem Console
Optional RJ-45 to DB-9 serial cable connects to management computer
Modem phone line connection
USB
(future)
FortiGate-50AM Unit
Internal network
External interface
Configure Manual IP, DHCP, or
PPPoE addressing
Internal interface
192.168.1.99
DHCP server and DNS server
for the internal network
Obtain IP address and
DNS server IP address
automatically
POWER
Internet
INTERNAL
EXTERNAL
LINK 100
LINK 100
PWR
STATUS
Connector Type
Speed
Protocol Description
Internal
RJ-45
10/100Base-T
Ethernet
Connection to the internal network.
External
RJ-45
10/100Base-T
Ethernet
Connection to the Internet.
CONSOLE
RJ-45
9600 bps
RS-232
serial
Optional connection to the management computer.
Provides access to the command line interface (CLI).
USB
USB
—
USB
Optional connection to a modem for standalone or backup
operation.
Phone cable
RJ-11
—
Phone line for internal modem.
FortiGate-50AM LED Indicators
LED
State
Description
Power
Green
The FortiGate unit is powered on.
Off
The FortiGate unit is powered off.
Status
Flashing Green
The FortiGate unit is starting up.
Green
The FortiGate unit is running normally.
Off
The FortiGate unit is powered off.
Internal
External
(Front)
Green
The correct cable is in use, and the connected equipment
has power.
Flashing Green
Network activity at this interface.
Off
No link established.
Internal
External
(Back)
Green
The correct cable is in use, and the connected equipment
has power.
Flashing Amber
Network activity at this interface.
Off
No link established.
Connect the FortiGate-50AM unit to power outlets and to the internal and external networks.
NAT/Route mode
In NAT/Route mode, the FortiGate-50AM is visible to the networks that it is connected
to. All of its interfaces are on different subnets. You must configure the internal and
external interfaces with IP addresses.
You would typically use NAT/Route mode when the FortiGate-50AM is deployed as a
gateway between private and public networks. In its default NAT/Route mode
configuration, the unit functions as a firewall. Firewall policies control communications
through the FortiGate-50AM unit.
In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In
NAT mode, the FortiGate-50AM performs network address translation before IP
packets are sent to the destination network. In Route mode, no translation takes place.
By default, the unit has a single NAT mode policy that allows users on the internal
network to securely access and download content from the Internet. No other traffic is
possible until you have configured more policies.
Transparent mode
In Transparent mode, the FortiGate-50AM is invisible to the network. All of its interfaces
are on the same subnet. You only have to configure a management IP address so that
you can make configuration changes.
You would typically use the FortiGate-50AM in Transparent mode on a private network
behind an existing firewall or behind a router. In its default Transparent mode
configuration, the unit functions as a firewall. By default, the unit has a single firewall
policy that allows users on the internal network segment to connect to the external
network segment. No other traffic is possible until you have configured more policies.
You can connect two network segments to the FortiGate-50AM unit to control traffic
between these network segments.
FortiGate-50AM Unit
in NAT/Route mode
Internal network
Internal
192.168.1.99
192.168.1.3
External
204.23.1.5
NAT mode policies controlling
traffic between internal and
external networks.
POWER
Internet
INTERNAL
EXTERNAL
LINK 100
LINK 100
PWR
STATUS
Internal network
10.10.10.3
FortiGate-50AM Unit
in Transparent mode
10.10.10.1
Management IP
External
Internal
10.10.10.2
Transparent mode policies
controlling traffic between
internal and external networks
204.23.1.5
(firewall, router)
Gateway to
public network
Internet
INTERNAL
EXTERNAL
LINK 100
LINK 100
PWR
STATUS
Before configuring the FortiGate-50AM, you need to plan how to integrate the unit into your
network. You can select NAT/Route mode (the default) or Transparent mode. In NAT/Route mode
you can also use the default settings to quickly configure the unit on your network.
QuickStart Guide
FortiGate-50AM
Check that the package contents are complete.
•
Place the unit on a stable surface. It requires 1.5 inches
(3.75 cm) clearance above and on each side to allow for cooling.
•
Make sure the power switch on the back of the unit is turned off before connecting the
power and network cables.
•
The Status light flashes while the unit is starting up and turns off when the system is
up and running.
Checking the package contents
Checking the package contents
1
Connecting the FortiGate-50AM
2
Planning the configuration
3
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
Quick configuration using the default settings
You can quickly set up your FortiGate unit for a home or small office using the web-
based manager and the default settings in NAT/Route mode.
All you need to do is set your network computers to use DHCP, access the web-based
manager, and configure the required settings for the external interface. You can also
configure DNS and a default route if needed. The FortiGate unit automatically assigns
IP addresses to up to 100 computers in the internal network.
1. Connect the FortiGate unit to the network.
2. Set the all the network computers to use DHCP to automatically obtain an IP
address.
The FortiGate internal interface acts as a DHCP server for the internal network and
assigns IP addresses to all computers in the range 192.168.1.110 –192.168.1.210.
3. From the management computer browse to https://192.168.1.99.
The FortiGate web-based manager appears.
4. Go to
System > Network > Interface
and select Edit for the external interface.
5. Select one of the following Addressing modes
•
Manual: enter a static IP address and netmask, select OK, and go to step 6
•
DHCP: to get an IP address from the ISP select DHCP and go to step 9
•
PPPoE: to get an IP address from the ISP select PPPoE and go to step 9
6. Go to
System > Network > DNS
.
7. Select one of the following DNS settings
•
Obtain DNS server address automatically: select to get the DNS addresses
from the ISP, select Apply
•
Use the following DNS server addresses: select and enter the DNS server
addresses given to you by the ISP, select Apply
8. Go to
Router > Static
, select Create New, enter the default gateway address and
select OK.
Network configuration is complete. Proceed to part 7 of this
Quick Start Guide
.
9. Select Retrieve default gateway from server and Override internal DNS options if
your ISP supports them, select OK, and proceed to part 7 of this
Quick Start Guide
.
Go to step 6 if you are not selecting these options.
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, Web content filtering, Spam filtering, intrusion
prevention (IPS), and virtual private networking (VPN).
01-2800
7
-0108-20041213
© Copyright 2004 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
13 December 2004
For technical support please visit http://www.fortinet.com.
