Fortinet Fortinet Switch 800, Installation Manual

Page 1: ...Enter CONSOLE I N T E R N A L E X T E R N A L D M Z HA 1 2 3 4 USB 800F P W R Esc Enter CONSOLE I N T E R N A L E X T E R N A L D M Z HA 1 2 3 4 USB 8 P W R FortiGate 800F FortiGate 800 Version 2 80 M...

Page 2: ...ation Guide Version 2 80 MR6 26 October 2004 01 28006 0024 20041026 Trademarks Products mentioned in this document are trademarks or registered trademarks of their respective holders Regulatory Compli...

Page 3: ...manager 16 Connecting to the command line interface CLI 17 Factory default FortiGate configuration settings 19 Factory default NAT Route mode network configuration 19 Factory default Transparent mode...

Page 4: ...and LCD 43 Using the command line interface 44 Using the setup wizard 45 Reconnecting to the web based manager 46 Connecting the FortiGate unit to your network 46 Next steps 48 High availability inst...

Page 5: ...sed architecture analyzes content and behavior in real time enabling key applications to be deployed right at the network edge where they are most effective at protecting your networks The FortiGate 8...

Page 6: ...rewall or interrupting service Once you are satisfied with a configuration you can download and save it The saved configuration can be restored at any time Figure 1 FortiGate web based manager and set...

Page 7: ...that uses the digits 0 9 and letters A F xxx_ipv4 indicates a dotted decimal IPv4 address xxx_v4mask indicates a dotted decimal IPv4 netmask xxx_ipv4mask indicates a dotted decimal IPv4 address follow...

Page 8: ...ction procedures and basic configuration procedures Choose the guide for your product model number FortiGate Administration Guide Provides basic information about how to configure a FortiGate unit inc...

Page 9: ...e to set up a VPN connection from your computer to remote networks scan your computer for viruses and restrict access to your computer and applications by setting up firewall policies FortiClient Host...

Page 10: ...online help Provides a searchable version of the Administration Guide in HTML format You can access online help from the web based manager as you work The FortiGate online help also contains procedure...

Page 11: ...l support is available from the following addresses For information on Fortinet telephone support see http support fortinet com When requesting technical support please provide the following informati...

Page 12: ...12 01 28006 0024 20041026 Fortinet Inc Comments on Fortinet technical documentation Introduction...

Page 13: ...scribes unpacking setting up and powering on a FortiGate Antivirus Firewall unit This section includes Package contents Mounting Turning the FortiGate unit power on and off Connecting to the web based...

Page 14: ...ck Power Cable Rack Mount Brackets RJ 45 Serial Cable Ethernet Cables Orange Crossover Grey Straight through Documentation USER MANUAL FortiGate 800 QuickStart Guide Copyright 2003 Fortinet Incorporat...

Page 15: ...ding Fortinet recommends direct connections to the branch circuit Environmental specifications Operating temperature 41 to 95 F 5 to 35 C Storage temperature 4 to 176 F 20 to 80 C Humidity 10 to 90 no...

Page 16: ...ased manager are effective immediately without resetting the firewall or interrupting service Table 1 FortiGate 800 LED indicators LED State Description Power Green The FortiGate unit is powered on Of...

Page 17: ...ate login 3 Type admin in the Name field and select Login Connecting to the command line interface CLI As an alternative to the web based manager you can install and configure the FortiGate unit using...

Page 18: ...the communications port on your computer and select OK 5 Select the following port settings and select OK 6 Press Enter to connect to the FortiGate CLI The following prompt is displayed FortiGate 800...

Page 19: ...rent levels of antivirus protection web content filtering spam filtering and IPS to the network traffic that is controlled by firewall policies Factory default NAT Route mode network configuration Fac...

Page 20: ...ess Ping Network Settings Default Gateway for default route 192 168 100 1 Interface connected to external network for default route external Default Route A default route consists of a default gateway...

Page 21: ...antivirus protection for HTTP FTP IMAP POP3 and SMTP firewall policies Configure Web filtering for HTTP firewall policies Configure Web category filtering for HTTP firewall policies Configure spam fil...

Page 22: ...apply maximum protection to HTTP FTP IMAP POP3 and SMTP traffic You may not use the strict protection profile under normal circumstances but it is available if you have problems with viruses and requ...

Page 23: ...You can add firewall policies to control whether communications through the FortiGate unit operate in NAT or Route mode Firewall policies control the flow of traffic based on the source address destin...

Page 24: ...ly the Internet If you have multiple internal networks such as a DMZ network in addition to the internal private network you could create route mode firewall policies for traffic flowing between them...

Page 25: ...rd the interface addresses the default gateway address and the DNS server addresses Optionally use the Setup Wizard to configure the internal server settings for NAT Route mode To connect to the web b...

Page 26: ...web based manager and then use the setup wizard to add the administration password the management IP address and gateway and the DNS server addresses Next steps Now that your FortiGate unit is operati...

Page 27: ...wizard Connecting the FortiGate unit to the network s Configuring the networks Next steps Preparing to configure the FortiGate unit in NAT Route mode Use Table 6 to gather the information that you nee...

Page 28: ...k _____ _____ _____ _____ DMZ IP _____ _____ _____ _____ Netmask _____ _____ _____ _____ HA IP _____ _____ _____ _____ Netmask _____ _____ _____ _____ Port 1 IP _____ _____ _____ _____ Netmask _____ _...

Page 29: ...complete the basic configuration of the FortiGate unit To add change the administrator password 1 Go to System Admin Administrators 2 Select the Change Password icon for the admin administrator 3 Ente...

Page 30: ...ay to the default gateway IP address 7 Set Device to the interface connected to the external network 8 Select OK Using the front control buttons and LCD Basic settings including interface IP addresses...

Page 31: ...2 Use the down arrow key to highlight the name of the interface connected to the Internet and press Enter 3 Use the down arrow to highlight Default Gateway 4 Press Enter and set the default gateway 5...

Page 32: ...and netmask of the internal interface to the internal IP address and netmask that you recorded in Table 6 on page 28 Enter config system interface edit internal set mode static set ip address_ip netma...

Page 33: ...xternal interface to use PPPoE enter config system interface edit external set mode pppoe set connection enable set username name_str set password psswrd end 4 Use the same syntax to set the IP addres...

Page 34: ...0 0 0 0 0 0 0 set gateway 204 23 1 2 set device external end Using the setup wizard From the web based manager you can use the setup wizard to complete the initial configuration of the FortiGate unit...

Page 35: ...__ Default Gateway _____ _____ _____ _____ DNS IP _____ _____ _____ _____ Your FortiGate firewall contains a DHCP server to automatically set up the addresses of computers on your internal network Int...

Page 36: ...blic switch or router and the Internet DMZ for connecting to a DMZ network HA for connecting to another FortiGate 800F for high availability see High availability installation on page 51 There are 4 1...

Page 37: ...network You can use a DMZ network to provide access from the Internet to a web server or other server without installing the servers on the internal network Figure 10 FortiGate 800 800F NAT Route mod...

Page 38: ...ed If you are using the FortiGate unit as the DHCP server for your internal network configure the computers on your internal network for DHCP Make sure that the connected FortiGate unit is functioning...

Page 39: ...nd time or configure the FortiGate unit to automatically keep its time correct by synchronizing with a Network Time Protocol NTP server 1 Go to System Config Time 2 Select Refresh to display the curre...

Page 40: ...nance Update Center 2 Select Refresh to test the FortiGate unit connectivity with the FortiProtect Distribution Network FDN To be able to connect to the FDN the FortiGate unit default route must point...

Page 41: ...anning the FortiGate configuration on page 23 This chapter describes Preparing to configure Transparent mode Using the web based manager Using the front control buttons and LCD Using the command line...

Page 42: ...to the internal or DMZ interface and browse to https followed by the Transparent mode management IP address The default FortiGate Transparent mode management IP address is 10 10 10 1 To change the Man...

Page 43: ...ing the front control buttons and LCD This procedure describes how to use the control buttons and LCD to configure Transparent mode IP addresses Use the information that you recorded in Table 9 on pag...

Page 44: ...he command line interface CLI on page 17 Use the information that you gathered in Table 9 on page 42 to complete the following procedures To change to Transparent mode using the CLI 1 Make sure that y...

Page 45: ...condary 293 44 75 22 end To configure the default gateway 1 Make sure that you are logged into the CLI 2 Set the default route to the default gateway that you recorded in Table 9 on page 42 Enter conf...

Page 46: ...figuration settings and then select Finish and Close Reconnecting to the web based manager If you changed the IP address of the management interface while you were using the setup wizard you must reco...

Page 47: ...ernet DMZ for connecting to a DMZ network HA for connecting to another FortiGate 800F for high availability see High availability installation on page 51 There are 4 10 100 Base TX connectors on the F...

Page 48: ...ctive scheduling and logging the FortiGate system date and time must be accurate You can either manually set the system date and time or configure the FortiGate unit to automatically keep its time cor...

Page 49: ...pport fortinet com and selecting Product Registration To register enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased You can regi...

Page 50: ...50 01 28006 0024 20041026 Fortinet Inc Reconnecting to the web based manager Transparent mode installation...

Page 51: ...clude steps for changing the priorities of heartbeat devices or for configuring monitor priorities settings Both of these HA settings should be configured after the cluster is up and running Configuri...

Page 52: ...the cluster get the same virtual MAC address This virtual MAC address is set according to the group ID Group ID MAC Address 0 00 09 0f 06 ff 00 1 00 09 0f 06 ff 01 2 00 09 0f 06 ff 02 3 00 09 0f 06 f...

Page 53: ...d using switches select Least connection to distribute traffic to the cluster unit with the fewest concurrent connections Round Robin Round robin load balancing If the FortiGate units are connected us...

Page 54: ...Once all of the units are configured continue with Connecting the cluster to your networks on page 55 11 If you are configuring a Transparent mode cluster reconnect to the web based manager You may ha...

Page 55: ...r all the FortiGate units in the cluster Once all of the units are configured continue with Connecting the cluster to your networks on page 55 3 If you are configuring a Transparent mode cluster switc...

Page 56: ...otiation all network traffic is dropped To connect the cluster 1 Connect the cluster units Connect the internal interfaces of each FortiGate unit to a switch or hub connected to your internal network...

Page 57: ...guring the cluster When negotiation is complete the you can configure the cluster as if it was a single FortiGate unit If you are installing a NAT Route mode cluster use the information in NAT Route m...

Page 58: ...cluster interface configured for HTTPS administrative access You can also configure and manage the cluster by connecting to the CLI using any cluster interface configured for SSH administrative acces...

Page 59: ...A configuring FortiGate units for HA operation 51 connecting an HA cluster 55 57 High availability 51 HTTPS 6 I internal network configuring 38 IP addresses configuring from the CLI 44 configuring wit...

Page 60: ...60 01 28006 0024 20041026 Fortinet Inc Index...