background image

FortiGate-1000A/AFA2 FortiOS 3.0 MR6 Install Guide

24

01-30006-0461-20080131

Configuring NAT mode

Configuring

To set an interface to use PPPoE addressing

config system interface

edit external

set mode pppoe
set username <name_str>
set password <psswrd>
set ipunnumbered <ip_address>
set disc-retry-timeout <integer_seconds>
set padt-retry-timeout <integer_seconds>
set distance <integer>
set defaultgw {enable | disable}
set dns-server-override {enable | disable}

end

The CLI lists the IP address, netmask, and other settings for each of the FortiGate 
interfaces.

Configure a DNS server

A DNS server is a service that converts symbolic node names to IP addresses. A 
domain name server (DNS server) implements the protocol. In simple terms, it 
acts as a phone book for the Internet. A DNS server matches domain names with 
the computer IP address. This enables you to use readable locations, such as 
fortinet.com when browsing the Internet.

DNS server IP addresses are typically provided by your internet service provider.

To configure DNS server settings

config system dns

set autosvr {enable | disable}
set primary <address_ip>
set secondary <address_ip>

end

Note if you set the 

autosvr

 to 

enable

, you do not have to configure the primary 

or secondary DNS server IP addresses.

Adding a default route and gateway

A route provides the FortiGate unit with the information it needs to forward a 
packet to a particular destination. A static route causes packets to be forwarded to 
a destination other than the default gateway. You define static routes manually. 
Static routes control traffic exiting the FortiGate unit-you can specify through which 
interface the packet will leave and to which device the packet should be routed.

In the factory default configuration, entry number 1 in the Static Route list is 
associated with a destination address of 0.0.0.0/0.0.0.0, which means any/all 
destinations. This route is called the "static default route". If no other routes are 
present in the routing table and a packet needs to be forwarded beyond the 
FortiGate unit, the factory configured static default route causes the FortiGate unit 
to forward the packet to the default gateway.

Note: 

If you change the IP address of the interface you are connecting to, you must 

connect through a web browser again using the new address. Browse to https:// followed by 
the new IP address of the interface. If the new IP address of the interface is on a different 
subnet, you may have to change the IP address of your computer to the same subnet. 

Summary of Contents for FortiGate FortiGate-1000A

Page 1: ...www fortinet com FortiGate 1000A AFA2 FortiOS 3 0 MR6 I N S T A L L G U I D E...

Page 2: ...t Prevention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion FortiGu...

Page 3: ...11 Environmental specifications 11 Cautions and warnings 12 Grounding 12 Rack mount instructions 12 Mounting 12 Plugging in the FortiGate 14 Connecting to the network 15 Turning off the FortiGate uni...

Page 4: ...ation 29 Backing up the configuration 29 Restoring a configuration 30 Additional configuration 30 Set the time and date 30 Set the Administrator password 30 Configure FortiGuard 31 Updating antivirus...

Page 5: ...461 20080131 3 Installing firmware from a system reboot using the CLI 44 Restoring the previous configuration 46 Backup and Restore from a USB key 46 Using the USB Auto Install 46 Additional CLI Comma...

Page 6: ...FortiGate 1000A AFA2 FortiOS 3 0 MR6 Install Guide 4 01 30006 0461 20080131 Contents...

Page 7: ...eat Management System uses Fortinet s Dynamic Threat Prevention System DTPS technology which leverages breakthroughs in chip design networking security and content analysis The unique ASIC based archi...

Page 8: ...es The FortiGate 1000AFA2 offers 10 tri speed ports two Small Form factor Pluggable SFP FortiAccel ASIC accelerated ports which use hardware acceleration for line rate performance of all packet sizes...

Page 9: ...FortiGate unit FortiGate Administration Guide Provides basic information about how to configure a FortiGate unit including how to define FortiGate protection profiles and firewall policies how to app...

Page 10: ...tep by step instructions for configuring IPSec VPNs using the web based manager FortiGate SSL VPN User Guide Compares FortiGate IPSec VPN and FortiGate SSL VPN technology and describes how to configur...

Page 11: ...ice and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly configure easily and operate reliably in your network Please vis...

Page 12: ...FortiGate 1000A AFA2 FortiOS 3 0 MR6 Install Guide 10 01 30006 0461 20080131 Customer service and technical support Introduction...

Page 13: ...sure that the appliance has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate air flow and cooling This device complies with part FCC Class A Part 15 UL CUL C Tick CE and VCCI O...

Page 14: ...mperature of the rack environment may be greater than room ambient Therefore consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature...

Page 15: ...ts should be mounted Note that the screw configuration may vary depending on your FortiGate unit Figure 1 Installed mounting brackets 2 Position the FortiGate unit in the rack to allow for sufficient...

Page 16: ...nnect the power cables to power outlets Each power cable should be connected to a different power source If one power source fails the other may still be operative After a few seconds SYSTEM STARTING...

Page 17: ...al WAN port or port 1 Connect additional cable to the Internal port or port 2 and your internal hub or switch Turning off the FortiGate unit Always shut down the FortiGate operating system properly be...

Page 18: ...FortiGate 1000A AFA2 FortiOS 3 0 MR6 Install Guide 16 01 30006 0461 20080131 Turning off the FortiGate unit Installing...

Page 19: ...e mode and Transparent mode Both include the same robust network security features such as antispam antivirus VPN and firewall policies NAT mode In NAT Route mode the FortiGate unit is visible to the...

Page 20: ...sks using the web based manger a GUI interface using a current web browser such as FireFox or Internet Explorer using the command line interface CLI a command line interface similar to DOS or UNIX com...

Page 21: ...e the FortiGate unit redirects the connection This is an informational message Select OK to continue logging in 4 Type admin in the Name field and select Login Connecting to the CLI To connect to the...

Page 22: ...ult gateway retrieved from the DHCP server The administrative distance specifies the relative priority of a route when there are multiple routes to the same destination A lower administrative distance...

Page 23: ...s route is called the static default route If no other routes are present in the routing table and a packet needs to be forwarded beyond the FortiGate unit the factory configured static default route...

Page 24: ...FortiGate interfaces Firewall policies define how the FortiGate unit processes the packets in a communication session You can configure the firewall policies to allow only specific traffic users and s...

Page 25: ...on Connecting to the CLI on page 19 before beginning Configure the interfaces When shipped the FortiGate unit has a default address of 192 168 1 99 and a netmask of 255 255 255 0 for either the Port 1...

Page 26: ...t the autosvr to enable you do not have to configure the primary or secondary DNS server IP addresses Adding a default route and gateway A route provides the FortiGate unit with the information it nee...

Page 27: ...to verify your configuration is working On lower end units such a default firewall policy is already in place For the higher end FortiGate units you will need to add a firewall policy The following s...

Page 28: ...phone book for the Internet A DNS server matches domain names with the computer IP address This enables you to use readable locations such as fortinet com when browsing the Internet DNS server IP add...

Page 29: ...to the CLI you can use the following procedures to complete the basic configuration of the FortiGate unit Ensure you read the section Connecting to the CLI on page 19 before beginning Switching to Tr...

Page 30: ...Gate unit process the packets in a communication session You can configure the firewall policies to allow only specific traffic users and specific times when traffic is allowed For the initial install...

Page 31: ...By backing up the configuration you ensure that if you need to reset the FortiGate unit for whatever reason you will be able to quickly return it to operation with minimal effort To back up the FortiG...

Page 32: ...hile not mandatory they will help in ensuring better control with the firewall Set the time and date For effective scheduling and logging the FortiGate system date and time must be accurate You can ei...

Page 33: ...tered your FortiGate unit you can update antivirus and IPS signatures The FortiGuard Center enables you to receive push updates allow push update to a specific IP address and schedule updates for dail...

Page 34: ...FortiGate 1000A AFA2 FortiOS 3 0 MR6 Install Guide 32 01 30006 0461 20080131 Additional configuration Configuring...

Page 35: ...ing spam filtering content archiving instant messaging filtering and access control P2P access and bandwidth control logging options for policies and configurations within the policies rate limiting f...

Page 36: ...the firewall action for the connection The action can be to allow the connection deny the connection require authentication before the connection is allowed or process the packet as an IPSec VPN conne...

Page 37: ...y you can apply FortiGate features such as virus scanning and authentication to the communication session accepted by the policy Add DENY policies to deny communication sessions Add IPSec encryption p...

Page 38: ...to AntiVirus Config Grayware Antivirus settings are turned on in the protection profile In the protection profile you can enable antivirus options for specific services and which services will use the...

Page 39: ...ares the email address of the message s sender to the email address list in sequence If a match is found the action associated with the email address is taken If no match is found the message is passe...

Page 40: ...es You need to have a FortiGuard subscription to take advantage of FortiGuard web filtering The FortiGate unit also enables you to override the FortiGuard filtering designation and you can add your ow...

Page 41: ...system reboot using the CLI Testing new firmware before installing Downloading firmware Firmware images for all FortiGate units is available on the Fortinet Customer Support web site You must register...

Page 42: ...be able to restore the previous configuration from the backup configuration file To revert to a previous firmware version 1 Copy the firmware image file to the management computer 2 Log into the Fort...

Page 43: ...your system settings before shutting down or rebooting your FortiGate unit To configure the USB Auto Install 1 Go to System Maintenance Backup and Restore 2 Select the blue arrow to expand the Advanc...

Page 44: ...the FortiGate unit can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the IP address of the TFTP server is 192 168 1 168 exec...

Page 45: ...ake sure the FortiGate unit can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the TFTP server s IP address is 192 168 1 168 e...

Page 46: ...are To use this procedure you must connect to the CLI using the FortiGate console port and a RJ 45 to DB 9 or null modem cable This procedure reverts the FortiGate unit to its factory default configur...

Page 47: ...TP server F Format boot device Q Quit menu and continue to boot with default firmware H Display this list of options Enter G F Q or H 8 Type G to get to the new firmware image form the TFTP server The...

Page 48: ...s USB port To backup configuration using the CLI 1 Log into the CLI 2 Enter the following command to backup the configuration files exec backup config usb filename 3 Enter the following command to che...

Page 49: ...using the new firmware image with the current configuration This new firmware image is not permanently installed The next time the FortiGate unit restarts it operates with the originally installed fir...

Page 50: ...sages appears Press any key to display configuration menu 7 Immediately press any key to interrupt the system startup If you successfully interrupt the startup process the following messages appears G...

Page 51: ...d the following appears Save as Default firmware Backup firmware Run image without saving D B R 12 Type R The FortiGate image is installed to system memory and the FortiGate unit starts running the ne...

Page 52: ...FortiGate 1000A AFA2 FortiOS 3 0 MR6 Install Guide 50 01 30006 0461 20080131 Testing new firmware before installing FortiGate Firmware...

Page 53: ...20 document conventions 7 documentation 7 domain name server configure 26 domain name server configure 21 24 downloading firmware 39 E earthing 12 execute shutdown 15 F firewall policies 22 25 34 firm...

Page 54: ...ity certificate 19 shielded twisted pair 12 shut down 15 signatures update 31 static route 21 24 system reboot installing 44 T technical support 9 TFTP server 44 time and date 30 time zone 30 Transpar...

Page 55: ...FortiGate 1000A AFA2 FortiOS 3 0 MR6 Install Guide 3 01 30006 0461 20080131 Index...

Page 56: ...FortiGate 1000A AFA2 FortiOS 3 0 MR6 Install Guide 4 01 30006 0461 20080131 Index...

Page 57: ...www fortinet com...

Page 58: ...www fortinet com...

Reviews: