INTERNAL
EXTERNAL
LINK 100
LINK 100
PWR
STATUS
A
PWR
STATUS
INTERNAL
EXTERNAL
LINK 100
LINK 100
PWR
STATUS
A
Power
LED
Status
LED
External
Interface
Internal
Interface
Documentation
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
USER MANUAL
FortiGate-50A
QuickStart Guide
Copyright 2004 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.
Power Cable Power Supply
RJ-45 to
DB-9 Serial Cable
Internal
External
DC+12V
USB
Back
Power
USB
Internal
Front
Internal
External
LINK 100
LINK 100
PWR
STATUS
External
Modem Console
RJ-45 Serial
Connection
Internal
External
DC+12V
USB
Default IP Addresses (Nat/Route mode)
INTERNAL
EXTERNAL
192.168.1.99
DHCP
Default IP Address (Transparent mode)
MANAGEMENT IP 10.10.10.1
Power cable connects to power supply
Straight-through Ethernet cable connects
to Internet (public switch, router or modem)
Straight-through Ethernet cable connects to
LAN or switch on internal network
Crossover Ethernet cable connects to
management computer on internal network
or
Optional connection to a serial modem
Modem Console
RJ-45 to DB-9 serial cable connects to management computer
Connector Type
Speed
Protocol Description
Internal
RJ-45
10/100Base-T
Ethernet
Connection to the internal network.
External
RJ-45
10/100Base-T
Ethernet
Connection to the Internet.
CONSOLE
RJ-45
9600 bps
RS-232
serial
Optional connection to the management computer.
Provides access to the command line interface (CLI).
USB
USB
—
USB
Optional connection to a modem for standalone or backup
operation.
Modem
RJ-11
Inactive port for this model (blocked).
FortiGate-50A LED Indicators
LED
State
Description
Power
Green
The FortiGate unit is powered on.
Off
The FortiGate unit is powered off.
Status
Flashing Green
The FortiGate unit is starting up.
Green
The FortiGate unit is running normally.
Off
The FortiGate unit is powered off.
Internal
External
(Front)
Green
The correct cable is in use, and the connected equipment
has power.
Flashing Green
Network activity at this interface.
Off
No link established.
Internal
External
(Back)
Green
The correct cable is in use, and the connected equipment
has power.
Flashing Amber
Network activity at this interface.
Off
No link established.
Connect the FortiGate-50A unit to power outlets and to the internal and external networks.
NAT/Route mode
In NAT/Route mode, the FortiGate-50A is visible to the networks that it is connected to.
All of its interfaces are on different subnets. You must configure the internal and
external interfaces with IP addresses.
You would typically use NAT/Route mode when the FortiGate-50A is deployed as a
gateway between private and public networks. In its default NAT/Route mode
configuration, the unit functions as a firewall. Firewall policies control communications
through the FortiGate-50A unit.
In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In
NAT mode, the FortiGate-50A performs network address translation before IP packets
are sent to the destination network. In Route mode, no translation takes place. By
default, the unit has a single NAT mode policy that allows users on the internal network
to securely access and download content from the Internet. No other traffic is possible
until you have configured more policies.
Transparent mode
In Transparent mode, the FortiGate-50A is invisible to the network. All of its interfaces
are on the same subnet. You only have to configure a management IP address so that
you can make configuration changes.
You would typically use the FortiGate-50A in Transparent mode on a private network
behind an existing firewall or behind a router. In its default Transparent mode
configuration, the unit functions as a firewall. By default, the unit has a single firewall
policy that allows users on the internal network segment to connect to the external
network segment. No other traffic is possible until you have configured more policies.
You can connect two network segments to the FortiGate-50A unit to control traffic
between these network segments.
FortiGate-50A Unit
in NAT/Route mode
Internal network
Internal
192.168.1.99
192.168.1.3
External
204.23.1.5
NAT mode policies controlling
traffic between internal and
external networks.
POWER
Internet
INTERNAL
EXTERNAL
LINK 100
LINK 100
PWR
STATUS
A
Internal network
10.10.10.3
FortiGate-50A Unit
in Transparent mode
10.10.10.1
Management IP
External
Internal
10.10.10.2
Transparent mode policies
controlling traffic between
internal and external networks
204.23.1.5
(firewall, router)
Gateway to
public network
Internet
INTERNAL
EXTERNAL
LINK 100
LINK 100
PWR
STATUS
A
Before configuring the FortiGate-50A, you need to plan how to integrate the unit into your
network. You can select NAT/Route mode (the default) or Transparent mode. In NAT/Route mode
you can also use the default settings to quickly configure the unit on your network.
QuickStart Guide
FortiGate-50A
Check that the package contents are complete.
•
Place the unit on a stable surface. It requires 1.5 inches
(3.75 cm) clearance above and on each side to allow for cooling.
•
Make sure the power switch on the back of the unit is turned off before
connecting the power and network cables.
•
The Status light flashes while the unit is starting up and turns off when the
system is up and running.
Checking the package contents
Checking the package contents
1
Connecting the FortiGate-50A
2
Planning the configuration
3
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
Quick configuration using the default settings
You can quickly set up your FortiGate unit for a home or small office using the web-
based manager and the default settings in NAT/Route mode.
All you need to do is set your network computers to use DHCP, access the web-based
manager, and configure the required settings for the external interface. You can also
configure DNS and a default route if needed. The FortiGate unit automatically assigns
IP addresses to up to 100 computers in the internal network.
1. Connect the FortiGate unit to the network.
2. Set the all the network computers to use DHCP to automatically obtain an IP
address.
The FortiGate internal interface acts as a DHCP server for the internal network and
assigns IP addresses to all computers in the range 192.168.1.110 –192.168.1.210.
3. From the management computer browse to https://192.168.1.99.
The FortiGate web-based manager appears.
4. Go to
System > Network > Interface
and select Edit for the external interface.
5. Select one of the following Addressing modes
•
Manual: enter a static IP address and netmask, select OK, and go to step 6
•
DHCP: to get an IP address from the ISP select DHCP and go to step 9
•
PPPoE: to get an IP address from the ISP select PPPoE and go to step 9
6. Go to
System > Network > DNS
.
7. Select one of the following DNS settings
•
Obtain DNS server address automatically: select to get the DNS addresses
from the ISP, select Apply
•
Use the following DNS server addresses: select and enter the DNS server
addresses given to you by the ISP, select Apply
8. Go to
Router > Static
, select Create New, enter the default gateway address and
select OK.
Network configuration is complete. Proceed to part 7 of this
Quick Start Guide
.
9. Select Retrieve default gateway from server and Override internal DNS options if
your ISP supports them, select OK, and proceed to part 7 of this
Quick Start Guide
.
Go to step 6 if you are not selecting these options.
FortiGate-50A Unit
Internal network
External interface
Configure Manual IP, DHCP, or
PPPoE addressing
Internal interface
192.168.1.99
DHCP server and DNS server
for the internal network
Obtain IP address and
DNS server IP address
automatically
POWER
Internet
INTERNAL
EXTERNAL
LINK 100
LINK 100
PWR
STATUS
A
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, Web content filtering, Spam filtering, intrusion
prevention (IPS), and virtual private networking (VPN).
01-28005-0031-20041206
© Copyright 2004 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
06 December 2004
For technical support please visit http://www.fortinet.com.
