background image

FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide

8

01-30006-0455-20080910

About the FortiGate-800/800F

Introduction

About the FortiGate-800/800F

The FortiGate-800/F Multi-Threat Security system provides the performance, 
flexibility, and security necessary to protect today's most demanding large 
enterprise networks. The FortiGate-800 can be deployed as a high performance 
antivirus and web content filtering gateway, or as a complete network protection 
solution leveraging firewall, VPN, IPS and antispam capabilities. The FortiGate-
800 Multi-Threat Securiy system features four 10/100/1000 tri-speed ethernet 
ports for networks running at gigabit speeds and four user-definable 10/100 ports 
that provide granular security through multi-zone capabilities, allowing 
administrators to segment their network into zones and create policies between 
zones.

Figure 1: FortiGate-800 and FortiGate-800F

About this document

This document explains how to install and configure your FortiGate unit onto your 
network. This document also includes how to install and upgrade new firmware 
versions on your FortiGate unit. 

This document contains the following chapters:

Installing

 – Describes setting up and powering on a FortiGate unit.

Configuring

 – Provides an overview of the operating modes of the FortiGate 

unit and how to integrate the FortiGate unit into your network. 

Advanced configuration

 – Describes additional configuration you can perform 

on the FortiGate unit to enhance network protection, including antivirus, 
antispam, firewall configuration and logging.

FortiGate Firmware

 – Describes how to install, update, restore and test 

firmware for the FortiGate device.

Document conventions

The following document conventions are used in this guide:

• In the examples, private IP addresses are used for both private and public IP 

addresses.

• Notes and Cautions are used to provide important information:

Esc

Enter

CONSOLE

I N T E R N A L

E X T E R N A L

D M Z

HA

1

2

3

4

USB

8

P W R

Esc

Enter

CONSOLE

I N T E R N A L

E X T E R N A L

D M Z

HA

1

2

3

4

USB

800F

P W R

Note: 

Highlights useful additional information. 

Summary of Contents for FortiGate 800/800F

Page 1: ...www fortinet com FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 I N S T A L L G U I D E...

Page 2: ...c Threat Prevention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion...

Page 3: ...talling 11 Environmental specifications 11 Cautions and warnings 12 Grounding 12 Rack mount instructions 12 Mounting 13 Plugging in the FortiGate 14 Connecting to the network 14 Turning off the FortiG...

Page 4: ...nfiguration 27 Backing up the configuration 27 Restoring a configuration 28 Additional configuration 28 Set the time and date 28 Set the Administrator password 28 Configure FortiGuard 29 Updating anti...

Page 5: ...006 0455 20080910 5 Installing firmware from a system reboot using the CLI 42 Restoring the previous configuration 44 Backup and Restore from a USB key 44 Using the USB Auto Install 45 Additional CLI...

Page 6: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 6 01 30006 0455 20080910 Contents...

Page 7: ...ed Threat Management System uses Fortinet s Dynamic Threat Prevention System DTPS technology which leverages breakthroughs in chip design networking security and content analysis The unique ASIC based...

Page 8: ...how to install and configure your FortiGate unit onto your network This document also includes how to install and upgrade new firmware versions on your FortiGate unit This document contains the follo...

Page 9: ...rotection web content filtering and spam filtering and how to configure a VPN FortiGate online help Provides a context sensitive and searchable version of the Administration Guide in HTML format You c...

Page 10: ...PN User Guide Explains how to configure a PPTP VPN using the web based manager FortiGate Certificate Management User Guide Contains procedures for managing digital certificates including generating ce...

Page 11: ...n make sure that the appliance has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate air flow and cooling This device complies with part FCC Class A Part 15 UL CUL C Tick CE and...

Page 12: ...e rack environment may be greater than room ambient Therefore consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature Tma specified...

Page 13: ...front portion of the FortiGate unit Ensure that the screws are tight and not loose The following photos illustrate how the brackets should be mounted Note that the screw configuration may vary dependi...

Page 14: ...o the on position indicated by the I Connecting to the network Using the supplied Ethernet cable connect one end of the cable to your router or modem whatever the connection is to the Internet Connect...

Page 15: ...T Route mode and Transparent mode Both include the same robust network security features such as antispam antivirus VPN and firewall policies NAT mode In NAT Route mode the FortiGate unit is visible t...

Page 16: ...ese tasks using the web based manger a GUI interface using a current web browser such as FireFox or Internet Explorer using the command line interface CLI a command line interface similar to DOS or UN...

Page 17: ...because the FortiGate unit redirects the connection This is an informational message Select OK to continue logging in 4 Type admin in the Name field and select Login Connecting to the CLI To connect t...

Page 18: ...e default gateway retrieved from the DHCP server The administrative distance specifies the relative priority of a route when there are multiple routes to the same destination A lower administrative di...

Page 19: ...ns This route is called the static default route If no other routes are present in the routing table and a packet needs to be forwarded beyond the FortiGate unit the factory configured static default...

Page 20: ...h the FortiGate interfaces Firewall policies define how the FortiGate unit processes the packets in a communication session You can configure the firewall policies to allow only specific traffic users...

Page 21: ...section Connecting to the CLI on page 17 before beginning Configure the interfaces When shipped the FortiGate unit has a default address of 192 168 1 99 and a netmask of 255 255 255 0 for either the...

Page 22: ...et DNS server IP addresses are typically provided by your internet service provider To configure DNS server settings config system dns set autosvr enable disable set primary address_ip set secondary a...

Page 23: ...ffic to flow through the FortiGate interfaces Firewall policies to define the FortiGate unit process the packets in a communication session You can configure the firewall policies to allow only specif...

Page 24: ...Netmask address and the Default Gateway address The default gateway IP address is required to tell the FortiGate unit where to send network traffic to other networks 5 Select Apply Configure a DNS se...

Page 25: ...ct OK Firewall policy configuration is the same in NAT Route mode and Transparent mode Note that these policies allow all traffic through No protection profiles have been applied Ensure you create add...

Page 26: ...econdary DNS server IP addresses Adding firewall policies Firewall policies enable traffic to flow through the FortiGate interfaces Firewall policies define the FortiGate unit process the packets in a...

Page 27: ...configured and working correctly it is extremely important that you back up your configuration By backing up the configuration you ensure that if you need to reset the FortiGate unit for whatever rea...

Page 28: ...tion While not mandatory they will help in ensuring better control with the firewall Set the time and date For effective scheduling and logging the FortiGate system date and time must be accurate You...

Page 29: ...registered your FortiGate unit you can update antivirus and IPS signatures The FortiGuard Center enables you to receive push updates allow push update to a specific IP address and schedule updates fo...

Page 30: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 30 01 30006 0455 20080910 Additional configuration Configuring...

Page 31: ...filtering spam filtering content archiving instant messaging filtering and access control P2P access and bandwidth control logging options for policies and configurations within the policies rate limi...

Page 32: ...rects the firewall action for the connection The action can be to allow the connection deny the connection require authentication before the connection is allowed or process the packet as an IPSec VPN...

Page 33: ...policy you can apply FortiGate features such as virus scanning and authentication to the communication session accepted by the policy Add DENY policies to deny communication sessions Add IPSec encryp...

Page 34: ...ng go to AntiVirus Config Grayware Antivirus settings are turned on in the protection profile In the protection profile you can enable antivirus options for specific services and which services will u...

Page 35: ...t compares the email address of the message s sender to the email address list in sequence If a match is found the action associated with the email address is taken If no match is found the message is...

Page 36: ...evolves You need to have a FortiGuard subscription to take advantage of FortiGuard web filtering The FortiGate unit also enables you to override the FortiGuard filtering designation and you can add y...

Page 37: ...ing the patch release before upgrading the firmware Follow the steps below download and review the release notes for the patch release download the patch release back up the current configuration inst...

Page 38: ...ype the path and filename of the firmware image file or select Browse and locate the file 6 Select OK The FortiGate unit uploads the firmware image file upgrades to the new firmware version restarts a...

Page 39: ...g since the FortiGate unit must recognize that the key is installed in its USB port To backup configuration 1 Go to System Maintenance Backup and Restore 2 Select USB Disk from the backup configuratio...

Page 40: ...finitions included with the firmware release you are installing After you install new firmware make sure that antivirus and attack definitions are up to date You can also use the CLI command execute u...

Page 41: ...lacement messages Before beginning this procedure it is recommended that you back up the FortiGate unit system configuration using the command execute backup config back up the IPS custom signatures u...

Page 42: ...s Get image from tftp server OK Check image OK This operation will downgrade the current firmware version Do you want to continue y n 7 Type y The FortiGate unit reverts to the old firmware version re...

Page 43: ...following message This operation will reboot the system Do you want to continue y n 7 Type y As the FortiGate unit starts a series of system startup messages appears When the following messages appea...

Page 44: ...storing the previous configuration Change the internal interface address if required You can do this from the CLI using the following command config system interface edit interface set ip address_ip4m...

Page 45: ...ommand config system auto install set default config file filename set auto intall config enable disable set default image file filename set auto install image enable disable end 3 Enter the following...

Page 46: ...e on the same subnet as the internal interface To test the new firmware image 1 Connect to the CLI using a RJ 45 to DB 9 or null modem cable 2 Make sure the TFTP server is running 3 Copy the new firmw...

Page 47: ...rver but make sure you do not use the IP address of another device on the network The following message appears Enter File Name image out 11 Enter the firmware image file name and press Enter The TFTP...

Page 48: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 48 01 30006 0455 20080910 Testing new firmware before installing FortiGate Firmware...

Page 49: ...rride 18 document conventions 8 documentation 9 domain name server configure 24 domain name server configure 19 22 downloading firmware 37 E earthing 12 execute shutdown 14 F firewall policies 20 23 3...

Page 50: ...security certificate 17 shielded twisted pair 12 shut down 14 signatures update 29 static route 19 23 system reboot installing 42 T technical support 10 TFTP server 42 time and date 28 time zone 28 T...

Page 51: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 51 01 30006 0455 20080910 Index...

Page 52: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 52 01 30006 0455 20080910 Index...

Page 53: ...www fortinet com...

Page 54: ...www fortinet com...

Reviews: