background image

© Copyright 2005 Fortinet Inc. All rights reserved.

No part of this publication including text, examples, diagrams or illustrations may be reproduced,
transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or
otherwise, for any purpose, without prior written permission of Fortinet Inc. 

FortiGate-50A Installation Guide

 

Version 2.80 MR8
28 January 2005
01-28008-0017-20050128

Trademarks

Products mentioned in this document are trademarks or registered trademarks of their respective
holders.

Regulatory Compliance

FCC Class A Part 15 CSA/CUS

CAUTION: RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT TYPE.
DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.

For technical support, please visit 

http://www.fortinet.com

.

Send information about errors or omissions in this document or any Fortinet technical documentation to 

[email protected]

.

Summary of Contents for FortiGate 50A

Page 1: ...FortiGate 50A Installation Guide INTERNAL EXTERNAL LINK 100 LINK 100 PWR STATUS A Version 2 80 MR8 28 January 2005 01 28008 0017 20050128 ...

Page 2: ...tion Guide Version 2 80 MR8 28 January 2005 01 28008 0017 20050128 Trademarks Products mentioned in this document are trademarks or registered trademarks of their respective holders Regulatory Compliance FCC Class A Part 15 CSA CUS CAUTION RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT TYPE DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS For technical support please visit http ww...

Page 3: ... and off 15 Connecting to the web based manager 16 Connecting to the command line interface CLI 17 Quick installation using factory defaults 18 Factory default FortiGate configuration settings 19 Factory default DHCP server configuration 19 Factory default NAT Route mode network configuration 20 Factory default Transparent mode network configuration 21 Factory default firewall configuration 21 Fac...

Page 4: ...Transparent mode 37 Using the web based manager 38 Reconnecting to the web based manager 39 Using the command line interface 39 Using the setup wizard 41 Reconnecting to the web based manager 41 Connecting the FortiGate unit to your network 42 Next steps 42 Configuring the modem interface 45 Selecting a modem mode 45 Redundant mode configuration 45 Standalone mode configuration 46 Configuring mode...

Page 5: ...ng security and content analysis The unique ASIC based architecture analyzes content and behavior in real time enabling key applications to be deployed right at the network edge where they are most effective at protecting your networks The FortiGate 50A model is designed for telecommuters and small remote offices with 10 or fewer employees The FortiGate 50A provides complete real time network prot...

Page 6: ...satisfied with a configuration you can download and save it The saved configuration can be restored at any time Figure 1 FortiGate web based manager and setup wizard Command line interface You can access the FortiGate command line interface CLI by connecting a management computer serial port to the FortiGate RJ 45 serial console connector You can also use Telnet or a secure SSH connection to conne...

Page 7: ...g that uses the digits 0 9 and letters A F xxx_ipv4 indicates a dotted decimal IPv4 address xxx_v4mask indicates a dotted decimal IPv4 netmask xxx_ipv4mask indicates a dotted decimal IPv4 address followed by a dotted decimal IPv4 netmask xxx_ipv6 indicates a dotted decimal IPv6 address xxx_v6mask indicates a dotted decimal IPv6 netmask xxx_ipv6mask indicates a dotted decimal IPv6 address followed ...

Page 8: ...dministration Guide Provides basic information about how to configure a FortiGate unit including how to define FortiGate protection profiles and firewall policies how to apply intrusion prevention antivirus protection web content filtering and spam filtering and how to configure a VPN FortiGate online help Provides a context sensitive and searchable version of the Administration Guide in HTML form...

Page 9: ...ntation FortiManager documentation FortiManager QuickStart Guide Explains how to install the FortiManager Console set up the FortiManager Server and configure basic settings FortiManager System Administration Guide Describes how to use the FortiManager System to manage FortiGate devices FortiManager System online help Provides a searchable version of the Administration Guide in HTML format You can...

Page 10: ...iew FortiGate and FortiMail log files generate and view log reports and use the FortiLog unit as a NAS server FortiLog online help Provides a searchable version of the Administration Guide in HTML format You can access online help from the web based manager as you work Customer service and technical support For antivirus and attack definition updates firmware updates updated product documentation ...

Page 11: ...ide 01 28008 0017 20050128 11 When requesting technical support please provide the following information Your name Company name Location Email address Telephone number FortiGate unit serial number FortiGate model FortiGate FortiOS firmware version Detailed description of the problem ...

Page 12: ...12 01 28008 0017 20050128 Fortinet Inc Customer service and technical support Introduction ...

Page 13: ... up and powering on a FortiGate Antivirus Firewall unit This section includes Package contents Mounting Turning the FortiGate unit power on and off Connecting to the web based manager Connecting to the command line interface CLI Quick installation using factory defaults Factory default FortiGate configuration settings Planning the FortiGate configuration Next steps ...

Page 14: ... unit has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate air flow and cooling Dimensions 8 63 x 6 13 x 1 38 in 21 9 x 15 6 x 3 5 cm Weight 1 5 lb 0 68 kg Power requirements DC input voltage 12 V DC input current 3 A PWR STATUS INTERNAL EXTERNAL LINK 100 LINK 100 PWR STATUS A Power LED Status LED External Interface Internal Interface Documentation Ethernet Cables Orange Cro...

Page 15: ...lways shut down the FortiGate operating system properly before turning off the power switch 1 From the web based manager go to System Maintenance ShutDown select Shut Down and select Apply or from the CLI enter execute shutdown 2 Disconnect the power supply Table 1 FortiGate 50A LED indicators LED State Description Power Green The FortiGate unit is powered on Off The FortiGate unit is powered off ...

Page 16: ...onnection to the static IP address 192 168 1 2 with a netmask of 255 255 255 0 You can also configure the management computer to obtain an IP address automatically using DHCP The FortiGate DHCP server assigns the management computer an IP address in the range 192 168 1 1 to 192 168 1 254 2 Using the crossover cable or the ethernet hub and cables connect the internal interface of the FortiGate unit...

Page 17: ... to the communications port of your computer and to the FortiGate Console port 2 Make sure that the FortiGate unit is powered on 3 Start HyperTerminal enter a name for the connection and select OK 4 Configure HyperTerminal to connect directly to the communications port on your computer and select OK 5 Select the following port settings and select OK 6 Press Enter to connect to the FortiGate CLI Th...

Page 18: ... the DNS server IP addresses added to the FortiGate unit configuration and returns lookup results to the internal network For more information about default DHCP server settings see Factory default DHCP server configuration on page 19 The following procedure describes how to configure your internal network and the FortiGate unit to use the FortiGate default settings 1 Connect the FortiGate unit be...

Page 19: ...n to operate the FortiGate unit in Transparent mode you can switch to Transparent mode from the factory default configuration and then configure the FortiGate unit onto the network in Transparent mode Once the network configuration is complete you can perform additional configuration tasks such as setting system time configuring virus and attack definition updates and registering the FortiGate uni...

Page 20: ... Interface Internal Default Gateway 192 168 1 99 IP Range 192 168 1 110 192 168 1 210 Network Mask 255 255 255 0 Lease Duration 7 days DNS Server 1 192 168 1 99 Table 3 Factory default NAT Route mode network configuration Administrator account User name admin Password none Internal interface IP 192 168 1 99 Netmask 255 255 255 0 Administrative Access HTTP HTTPS Ping External interface IP 192 168 1...

Page 21: ...tings are included in the default firewall configuration to make it easier to add firewall policies The factory default firewall configuration is the same in NAT Route and Transparent mode Table 4 Factory default Transparent mode network configuration Administrator account User name admin Password none Management IP IP 10 10 10 1 Netmask 255 255 255 0 DNS Primary DNS Server 207 194 200 1 Secondary...

Page 22: ...ses might need strict protection traffic between trusted internal addresses might need moderate protection You can configure firewall policies for different traffic services to use the same or different protection profiles You can add Protection profiles to NAT Route mode and Transparent mode firewall policies The FortiGate unit comes preconfigured with four protection profiles Strict To apply max...

Page 23: ...uter all its interfaces are on different subnets The following interfaces are available in NAT Route mode External is the interface to the external network usually the Internet Internal is the interface to the internal network Modem is the interface for connecting an external modem to the FortiGate 50A See Configuring the modem interface on page 45 You can add firewall policies to control whether ...

Page 24: ...rivate network and the external public network usually the Internet Figure 7 Example NAT Route multiple internet connection configuration Transparent mode In Transparent mode the FortiGate unit is invisible to the network Similar to a network bridge all FortiGate interfaces must be on the same subnet You only have to configure a management IP address so that you can make configuration changes The ...

Page 25: ...uire Ethernet connection between the FortiGate unit and a management computer Internet Explorer version 6 0 or higher on the management computer CLI The FortiGate CLI is a full featured management tool Use it to configure the administrator password the interface addresses the default gateway address and the DNS server addresses To connect to the CLI you require Serial connection between the FortiG...

Page 26: ...te unit is operating you can proceed to configure it to connect to networks If you are going to operate the FortiGate unit in NAT Route mode go to NAT Route mode installation on page 27 If you are going to operate the FortiGate unit in Transparent mode go to Transparent mode installation on page 37 ...

Page 27: ...etwork s Configuring the networks Configuring the modem interface Next steps Preparing to configure the FortiGate unit in NAT Route mode Use Table 6 on page 28 to gather the information that you need to customize NAT Route mode settings You can configure the FortiGate unit in several ways the web based manager GUI is a complete interface for configuring most settings See Using the web based manage...

Page 28: ...an also continue to use the web based manager for all FortiGate unit settings For information about connecting to the web based manager see Connecting to the web based manager on page 16 Configuring basic settings After connecting to the web based manager you can use the following procedures to complete the basic configuration of the FortiGate unit Table 6 NAT Route mode settings Administrator Pas...

Page 29: ...K 6 Repeat this procedure for each interface To configure DNS server settings 1 Go to System Network DNS 2 Enter the IP address of the primary DNS server 3 Enter the IP address of the secondary DNS server 4 Select OK To add a default route Add a default route to configure where the FortiGate unit sends traffic destined for an external network usually the Internet Adding the default route also defi...

Page 30: ... you gathered in Table 6 on page 28 to complete the following procedures To add change the administrator password 1 Log in to the CLI 2 Change the admin administrator password Enter config system admin edit admin set password psswrd end To configure interfaces 1 Log in to the CLI 2 Set the IP address and netmask of the internal interface to the internal IP address and netmask that you recorded in ...

Page 31: ...ce to use PPPoE enter config system interface edit external set mode pppoe set connection enable set username name_str set password psswrd end 4 Use the same syntax to set the IP address of each FortiGate interface as required 5 Confirm that the addresses are correct Enter get system interface The CLI lists the IP address netmask and other settings for each of the FortiGate interfaces To configure...

Page 32: ...ay 204 23 1 2 set device external end Using the setup wizard From the web based manager you can use the setup wizard to complete the initial configuration of the FortiGate unit For information about connecting to the web based manager see Connecting to the web based manager on page 16 If you are configuring the FortiGate unit to operate in NAT Route mode the default you can use the setup wizard to...

Page 33: ...Default Gateway _____ _____ _____ _____ DNS IP _____ _____ _____ _____ Your FortiGate firewall contains a DHCP server to automatically set up the addresses of computers on your internal network Internal servers Web Server _____ _____ _____ _____ SMTP Server _____ _____ _____ _____ POP3 Server _____ _____ _____ _____ IMAP Server _____ _____ _____ _____ FTP Server _____ _____ _____ _____ If you prov...

Page 34: ...Internet Service Provider If you are a DSL or cable subscriber connect the External interface to the internal or LAN connection of your DSL or cable modem Figure 10 FortiGate 50A NAT Route mode connections Note If you change the IP address of the interface you are connecting to you must connect through a web browser again using the new address Browse to https followed by the new IP address of the ...

Page 35: ... the internal network You should be able to connect to any Internet address Configuring the Modem interface In NAT Route mode you use the modem interface as either a redundant interface or standalone interface to the Internet In redundant mode the modem interface automatically takes over from a selected ethernet interface when that ethernet interface is unavailable In standalone mode the modem int...

Page 36: ...ser to connect to http support fortinet com and selecting Product Registration To register enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased You can register multiple FortiGate units in a single session without re entering your contact information To configure virus attack and spam definition updates You can configure the Fort...

Page 37: ...age 23 This chapter describes Preparing to configure Transparent mode Using the web based manager Using the command line interface Using the setup wizard Connecting the FortiGate unit to your network Next steps Preparing to configure Transparent mode Use Table 9 to gather the information that you need to customize Transparent mode settings You can configure Transparent mode using four methods the ...

Page 38: ...of the management computer to 10 10 10 2 Connect to the internal interface and browse to https followed by the Transparent mode management IP address The default FortiGate Transparent mode management IP address is 10 10 10 1 To change the Management IP 1 Go to System Network Management 2 Enter the management IP address and netmask that you recorded in Table 9 on page 38 3 Select access methods and...

Page 39: ...eb based manager by browsing to https 10 10 10 1 If you connect to the management interface through a router make sure that you have added a default gateway for that router to the management IP default gateway field Using the command line interface As an alternative to the web based manager or setup wizard you can begin the initial configuration of the FortiGate unit using the command line interfa...

Page 40: ...system manageip set ip 10 10 10 2 255 255 255 0 end 3 Confirm that the address is correct Enter get system manageip The CLI lists the management IP address and netmask To configure DNS server settings 1 Set the primary and secondary DNS server IP addresses Enter config system dns set primary address_ip set secondary address_ip end Example config system dns set primary 293 44 75 21 set secondary 29...

Page 41: ...nagement computer to 10 10 10 2 Connect to the internal interface and browse to https followed by the Transparent mode management IP address The default FortiGate Transparent mode management IP address is 10 10 10 1 To start the setup wizard 1 Select Easy Setup Wizard the middle button in the upper right corner of the web based manager 2 Use the information that you gathered in Table 9 on page 38 ...

Page 42: ... switch connected to your internal network 2 Connect the External interface to network segment connected to the external firewall or router 3 Connect to the public switch or router provided by your Internet Service Provider Figure 11 FortiGate 50A network connections Next steps You can use the following information to configure FortiGate system time to register the FortiGate unit and to configure ...

Page 43: ...nize its time with the NTP server 5 Select Apply To register your FortiGate unit After purchasing and installing a new FortiGate unit you can register the unit by going to the System Update Support page or using a web browser to connect to http support fortinet com and selecting Product Registration To register enter your contact information and the serial numbers of the FortiGate units that you o...

Page 44: ...44 01 28008 0017 20050128 Fortinet Inc Next steps Transparent mode installation ...

Page 45: ...dem settings Connecting and disconnecting the modem in Standalone mode Defining a Ping Server Adding firewall policies for modem connections Selecting a modem mode An external modem with the FortiGate 50A can work in one of two modes depending on your requirements redundant mode standalone mode Redundant mode configuration The redundant modem interface in redundant mode backs up a selected etherne...

Page 46: ...tes as the primary connection to the Internet The FortiGate unit routes traffic through the modem interface which remains permanently connected to the dialup account If the connection to the dialup account fails the FortiGate unit automatically redials the modem The modem redials the ISP number based on the amount of times specified by the redial limit or until it connects to a dialup account In s...

Page 47: ...necting connected disconnecting or hung up Standalone mode only Dial Now Hang Up Standalone mode only Select Dial Now to manually connect to a dialup account If the modem is connected you can select Hang Up to manually disconnect the modem Mode Select Standalone or Redundant mode In Standalone mode the modem is an independent interface In Redundant mode the modem is a backup facility for a selecte...

Page 48: ...1 60 seconds that the FortiGate unit waits before switching from the modem interface to the primary interface after the primary interface has been restored The default is 1 second Configure a higher value if you find the FortiGate unit switching repeatedly between the primary interface and the modem interface Redial Limit The maximum number of times 1 10 that the FortiGate unit modem attempts to r...

Page 49: ...an interface and select Edit 3 Set Ping Server to the IP address of the next hop router on the network connected to the interface 4 Select the Enable check box 5 Select OK to save the changes Dead gateway detection The FortiGate unit uses dead gateway detection to ping the Ping Server IP address to make sure that the FortiGate unit can connect to this IP address Modify dead gateway detection to co...

Page 50: ...u can add one or more addresses to the modem interface For information about adding addresses see the FortiGate Administration Guide When you add addresses the modem interface appears on the policy grid You can configure firewall policies to control the flow of packets between the modem interface and the other interfaces on the FortiGate unit For information about adding firewall policies see the ...

Page 51: ...irewall policies modem 50 firewall setup wizard 6 28 32 38 41 starting 28 33 38 41 Fortinet customer service 10 H hang up 47 holddown timer 48 HTTPS 6 I internal network configuring 35 IP addresses configuring from the CLI 39 L lease duration DHCP 20 M management IP address transparent mode 40 modem adding firewall policies 50 configuring settings 46 redundant mode 45 standalone mode 45 46 N NAT R...

Page 52: ... NTP server 36 43 T technical support 10 time zone 36 43 Transparent mode changing to 39 configuring the default gateway 40 management IP address 40 W web based manager 6 connecting to 16 introduction 6 wizard setting up firewall 28 32 38 41 starting 28 33 38 41 ...

Reviews: