Fortinet FortiGate-60M, Quick Start Manual

INTERNAL

DMZ

4

3

2

1

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

WAN1

WAN2

PWR

STATUS

Power

LED

Status

LED

Internal Interface,
switch connectors

1,2,3,4

WAN 1,2
Interface

DMZ

Interface

Internal

Interface

Documentation

Ethernet Cables:

Orange - Crossover

Grey - Straight-through

USER MANUAL

FortiGate-60

QuickStart Guide

Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.

Power Cable Power Supply

RJ-11 Phone cable

Back

1

2

3

4

Modem         Console

USB

WAN2

WAN1

DMZ

DC+12V

Internal

Power

Connection

Modem Phone

Connection

USB

(future)

WAN2

DMZ

Front

INTERNAL

DMZ

4

3

2

1

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

WAN1

WAN2

PWR

STATUS

WAN1

M

Serial Port

RJ-45 to

DB-9 Serial Cable

Optional RJ-45 to DB-9 serial cable connects to management computer

Optional connection to DMZ network 

Straight-through Ethernet cable connects 

to Internet (public switch, router or modem)

Straight-through 

Ethernet cables connect 

to computers on internal network

Power cable connects to power supply

1

2

3

4

Modem        Console

USB

WAN2

WAN1

DMZ

DC+12V

Internal

Optional redundant connection to Internet 

USB

(future)

Modem phone line connection

INTERNAL

DMZ

4

3

2

1

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

WAN1

WAN2

PWR

STATUS

Connector Type

Speed

Protocol Description

Internal

RJ-45

10/100Base-T Ethernet

4-port switch connection to up to four devices or the internal network.

WAN1 and 2 RJ-45 

10/100Base_T Ethernet

Redundant connections to the Internet.

DMZ

RJ-45 

10/100Base-T Ethernet

Optional connection to a DMZ network or to other FortiGate -60M units 
for high availability (HA).

CONSOLE

RJ-45

9600 bps

RS-232 
serial

Optional connection to the management computer. 
Provides access to the command line interface (CLI).

USB

USB

—

USB

Optional connection to a modem for standalone or backup operation.

Phone cable RJ-11

—

Phone line for internal modem.

FortiGate-60M LED Indicators

LED

State

Description

Power

Green

The FortiGate unit is powered on.

Off

The FortiGate unit is powered off.

Status

Green

The FortiGate unit is starting up.

Off

The FortiGate unit is running normally.

Link

(Internal 
DMZ
WAN1
WAN2)

Green 

The correct cable is in use and the connected 
equipment has power.

Flashing Green

Network activity at this interface.

Off

No link established.

100

(Internal 
DMZ
WAN1
WAN2)

Green

The interface is connected at 100 Mbps.

Connect the FortiGate-60M unit to a power outlet and to the internal and external networks. 

NAT/Route mode

In NAT/Route mode, the FortiGate-60M is visible to the networks that it is connected to. 

All of its interfaces are on different subnets. You must configure the internal and WAN1 

interfaces with IP addresses. Optionally, you can also configure the WAN2 and DMZ 

interfaces.
You would typically use NAT/Route mode when the FortiGate-60M is deployed as a 

gateway between private and public networks. In its default NAT/Route mode 

configuration, the unit functions as a firewall. Firewall policies control communications 

through the FortiGate-60M unit.

In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In 

NAT mode, the FortiGate-60M performs network address translation before IP packets 

are sent to the destination network. In Route mode, no translation takes place. By 

default, the unit has a single NAT mode policy that allows users on the internal network 

to securely access and download content from the Internet. No other traffic is possible 

until you have configured more policies.

Transparent mode

In Transparent mode, the FortiGate-60M is invisible to the network. All of its interfaces 

are on the same subnet. You only have to configure a management IP address so that 

you can make configuration changes. 
You would typically use the FortiGate-60M in Transparent mode on a private network 

behind an existing firewall or behind a router. In its default Transparent mode 

configuration, the unit functions as a firewall. By default, the unit has a single firewall 

policy that allows users on the internal network segment to connect to the WAN1 

network segment. No other traffic is possible until you have configured more policies.

You can connect up to four network segments to the FortiGate-60M unit to control traffic 

between these network segments.

FortiGate-60M Unit

in NAT/Route mode

Route mode policies
controlling traffic between
internal networks.

Internal network

DMZ network

Internal

192.168.1.99

DMZ

10.10.10.1

192.168.1.3

10.10.10.2

WAN1

204.23.1.5

NAT mode policies controlling

traffic between internal and

external networks.

Internet

INTERNAL

DMZ

4

3

2

1

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

WAN1

WAN2

PWR

STATUS

M

FortiGate-60M Unit

in Transparent mode

Internet

10.10.10.1
Management IP

10.10.10.3

WAN1

Internal

10.10.10.2

Transparent mode policies 

controlling traffic between 

internal and external networks

204.23.1.5

(firewall, router)

Gateway to

public network

Internal network

INTERNAL

DMZ

4

3

2

1

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

WAN1

WAN2

PWR

STATUS

M

Before configuring the FortiGate-60M, you need to plan how to integrate the unit into your 

network. You can select NAT/Route mode (the default) or Transparent mode. In NAT/Route mode 

you can also use the default settings to quickly configure the unit on your network.

QuickStart Guide

FortiGate-60M

Check that the package contents are complete. 

•

Place the unit on a stable surface. It requires 1.5 inches 

(3.75 cm) clearance above and on each side to allow for cooling. 

•

Make sure the power switch on the back of the unit is turned off before connecting the 

power and network cables.

•

The Status light flashes while the unit is starting up and turns off when the system is 

up and running. 

Checking the package contents

Checking the package contents

1

Connecting the FortiGate-60M

2

Planning the configuration

3

© Copyright 2004 Fortinet Incorporated. All rights reserved. 

Trademarks 

Products mentioned in this document are trademarks or registered trademarks of their respective holders.

Regulatory Compliance

FCC Class A Part 15 CSA/CUS
03 November 2004

For technical support please visit http://www.fortinet.com.

Quick configuration using the default settings

You can quickly set up your FortiGate unit for a home or small office using the web-

based manager and the default settings in NAT/Route mode.
All you need to do is set your network computers to use DHCP, access the web-based 

manager, and configure the required settings for the WAN1 interface. You can also 

configure DNS and a default route if needed. The FortiGate unit automatically assigns 

IP addresses to up to 100 computers in the internal network.
1. Connect the FortiGate unit to the network.
2. Set the all the network computers to use DHCP to automatically obtain an IP 

address.
The FortiGate internal interface acts as a DHCP server for the internal network and 

assigns IP addresses to all computers in the range 192.168.1.110 –192.168.1.210.

3. From the management computer browse to https://192.168.1.99.

The FortiGate web-based manager appears.

4. Go to 

System > Network > Interface

 and select Edit for the WAN1 interface.

5. Select one of the following Addressing modes

•

Manual: enter a static IP address and netmask, select OK, and go to step 6

•

DHCP: to get an IP address from the ISP select DHCP and go to step 9

•

PPPoE: to get an IP address from the ISP select PPPoE and go to step 9

6. Go to 

System > Network > DNS

.

7. Select one of the following DNS settings

•

Obtain DNS server address automatically: select to get the DNS addresses 

from the ISP, select Apply
•

Use the following DNS server addresses: select and enter the DNS server 

addresses given to you by the ISP, select Apply

8. Go to 

Router > Static

, select Create New, enter the default gateway address and 

select OK.
Network configuration is complete. Proceed to part 7 of this 

Quick Start Guide

.

9. Select Retrieve default gateway from server and Override internal DNS options if 

your ISP supports them, select OK, and proceed to part 7 of this 

Quick Start Guide

.

Go to step 6 if you are not selecting these options.

Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, Web content filtering, Spam filtering, intrusion 

prevention (IPS), and virtual private networking (VPN).

FortiGate-60M Unit

Internal network

WAN1 interface

Configure Manual IP, DHCP, or

PPPoE addressing

Internal interface

192.168.1.99

DHCP server and DNS server

for the internal network

Obtain IP address and

DNS server IP address

automatically

Internet

INTERNAL

DMZ

4

3

2

1

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

WAN1

WAN2

PWR

STATUS

M

01-28005-0110-20041103