background image

www.fortinet.com

FortiGate-800 and FortiGate-800F 
FortiOS 3.0 MR6

I N S T A L L   G U I D E

Summary of Contents for FortiGate 800/800F

Page 1: ...www fortinet com FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 I N S T A L L G U I D E...

Page 2: ...c Threat Prevention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion...

Page 3: ...talling 11 Environmental specifications 11 Cautions and warnings 12 Grounding 12 Rack mount instructions 12 Mounting 13 Plugging in the FortiGate 14 Connecting to the network 14 Turning off the FortiG...

Page 4: ...nfiguration 27 Backing up the configuration 27 Restoring a configuration 28 Additional configuration 28 Set the time and date 28 Set the Administrator password 28 Configure FortiGuard 29 Updating anti...

Page 5: ...006 0455 20080910 5 Installing firmware from a system reboot using the CLI 42 Restoring the previous configuration 44 Backup and Restore from a USB key 44 Using the USB Auto Install 45 Additional CLI...

Page 6: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 6 01 30006 0455 20080910 Contents...

Page 7: ...ed Threat Management System uses Fortinet s Dynamic Threat Prevention System DTPS technology which leverages breakthroughs in chip design networking security and content analysis The unique ASIC based...

Page 8: ...how to install and configure your FortiGate unit onto your network This document also includes how to install and upgrade new firmware versions on your FortiGate unit This document contains the follo...

Page 9: ...rotection web content filtering and spam filtering and how to configure a VPN FortiGate online help Provides a context sensitive and searchable version of the Administration Guide in HTML format You c...

Page 10: ...PN User Guide Explains how to configure a PPTP VPN using the web based manager FortiGate Certificate Management User Guide Contains procedures for managing digital certificates including generating ce...

Page 11: ...n make sure that the appliance has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate air flow and cooling This device complies with part FCC Class A Part 15 UL CUL C Tick CE and...

Page 12: ...e rack environment may be greater than room ambient Therefore consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature Tma specified...

Page 13: ...front portion of the FortiGate unit Ensure that the screws are tight and not loose The following photos illustrate how the brackets should be mounted Note that the screw configuration may vary dependi...

Page 14: ...o the on position indicated by the I Connecting to the network Using the supplied Ethernet cable connect one end of the cable to your router or modem whatever the connection is to the Internet Connect...

Page 15: ...T Route mode and Transparent mode Both include the same robust network security features such as antispam antivirus VPN and firewall policies NAT mode In NAT Route mode the FortiGate unit is visible t...

Page 16: ...ese tasks using the web based manger a GUI interface using a current web browser such as FireFox or Internet Explorer using the command line interface CLI a command line interface similar to DOS or UN...

Page 17: ...because the FortiGate unit redirects the connection This is an informational message Select OK to continue logging in 4 Type admin in the Name field and select Login Connecting to the CLI To connect t...

Page 18: ...e default gateway retrieved from the DHCP server The administrative distance specifies the relative priority of a route when there are multiple routes to the same destination A lower administrative di...

Page 19: ...ns This route is called the static default route If no other routes are present in the routing table and a packet needs to be forwarded beyond the FortiGate unit the factory configured static default...

Page 20: ...h the FortiGate interfaces Firewall policies define how the FortiGate unit processes the packets in a communication session You can configure the firewall policies to allow only specific traffic users...

Page 21: ...section Connecting to the CLI on page 17 before beginning Configure the interfaces When shipped the FortiGate unit has a default address of 192 168 1 99 and a netmask of 255 255 255 0 for either the...

Page 22: ...et DNS server IP addresses are typically provided by your internet service provider To configure DNS server settings config system dns set autosvr enable disable set primary address_ip set secondary a...

Page 23: ...ffic to flow through the FortiGate interfaces Firewall policies to define the FortiGate unit process the packets in a communication session You can configure the firewall policies to allow only specif...

Page 24: ...Netmask address and the Default Gateway address The default gateway IP address is required to tell the FortiGate unit where to send network traffic to other networks 5 Select Apply Configure a DNS se...

Page 25: ...ct OK Firewall policy configuration is the same in NAT Route mode and Transparent mode Note that these policies allow all traffic through No protection profiles have been applied Ensure you create add...

Page 26: ...econdary DNS server IP addresses Adding firewall policies Firewall policies enable traffic to flow through the FortiGate interfaces Firewall policies define the FortiGate unit process the packets in a...

Page 27: ...configured and working correctly it is extremely important that you back up your configuration By backing up the configuration you ensure that if you need to reset the FortiGate unit for whatever rea...

Page 28: ...tion While not mandatory they will help in ensuring better control with the firewall Set the time and date For effective scheduling and logging the FortiGate system date and time must be accurate You...

Page 29: ...registered your FortiGate unit you can update antivirus and IPS signatures The FortiGuard Center enables you to receive push updates allow push update to a specific IP address and schedule updates fo...

Page 30: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 30 01 30006 0455 20080910 Additional configuration Configuring...

Page 31: ...filtering spam filtering content archiving instant messaging filtering and access control P2P access and bandwidth control logging options for policies and configurations within the policies rate limi...

Page 32: ...rects the firewall action for the connection The action can be to allow the connection deny the connection require authentication before the connection is allowed or process the packet as an IPSec VPN...

Page 33: ...policy you can apply FortiGate features such as virus scanning and authentication to the communication session accepted by the policy Add DENY policies to deny communication sessions Add IPSec encryp...

Page 34: ...ng go to AntiVirus Config Grayware Antivirus settings are turned on in the protection profile In the protection profile you can enable antivirus options for specific services and which services will u...

Page 35: ...t compares the email address of the message s sender to the email address list in sequence If a match is found the action associated with the email address is taken If no match is found the message is...

Page 36: ...evolves You need to have a FortiGuard subscription to take advantage of FortiGuard web filtering The FortiGate unit also enables you to override the FortiGuard filtering designation and you can add y...

Page 37: ...ing the patch release before upgrading the firmware Follow the steps below download and review the release notes for the patch release download the patch release back up the current configuration inst...

Page 38: ...ype the path and filename of the firmware image file or select Browse and locate the file 6 Select OK The FortiGate unit uploads the firmware image file upgrades to the new firmware version restarts a...

Page 39: ...g since the FortiGate unit must recognize that the key is installed in its USB port To backup configuration 1 Go to System Maintenance Backup and Restore 2 Select USB Disk from the backup configuratio...

Page 40: ...finitions included with the firmware release you are installing After you install new firmware make sure that antivirus and attack definitions are up to date You can also use the CLI command execute u...

Page 41: ...lacement messages Before beginning this procedure it is recommended that you back up the FortiGate unit system configuration using the command execute backup config back up the IPS custom signatures u...

Page 42: ...s Get image from tftp server OK Check image OK This operation will downgrade the current firmware version Do you want to continue y n 7 Type y The FortiGate unit reverts to the old firmware version re...

Page 43: ...following message This operation will reboot the system Do you want to continue y n 7 Type y As the FortiGate unit starts a series of system startup messages appears When the following messages appea...

Page 44: ...storing the previous configuration Change the internal interface address if required You can do this from the CLI using the following command config system interface edit interface set ip address_ip4m...

Page 45: ...ommand config system auto install set default config file filename set auto intall config enable disable set default image file filename set auto install image enable disable end 3 Enter the following...

Page 46: ...e on the same subnet as the internal interface To test the new firmware image 1 Connect to the CLI using a RJ 45 to DB 9 or null modem cable 2 Make sure the TFTP server is running 3 Copy the new firmw...

Page 47: ...rver but make sure you do not use the IP address of another device on the network The following message appears Enter File Name image out 11 Enter the firmware image file name and press Enter The TFTP...

Page 48: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 48 01 30006 0455 20080910 Testing new firmware before installing FortiGate Firmware...

Page 49: ...rride 18 document conventions 8 documentation 9 domain name server configure 24 domain name server configure 19 22 downloading firmware 37 E earthing 12 execute shutdown 14 F firewall policies 20 23 3...

Page 50: ...security certificate 17 shielded twisted pair 12 shut down 14 signatures update 29 static route 19 23 system reboot installing 42 T technical support 10 TFTP server 42 time and date 28 time zone 28 T...

Page 51: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 51 01 30006 0455 20080910 Index...

Page 52: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 52 01 30006 0455 20080910 Index...

Page 53: ...www fortinet com...

Page 54: ...www fortinet com...

Reviews: