Esc
Enter
Connectors
Connector
Type
Speed
Protocol Description
INTERNAL
RJ-45
10/100Base-T
Ethernet
Connection to the internal network.
EXTERNAL
RJ-45
10/100Base-T
Ethernet
Connection to the Internet.
DMZ/HA
RJ-45
10/100Base-T
Ethernet
Optional connection to a DMZ network, or other
FortiGate-300s for HA. For details, see the
Documentation CD-ROM.
CONSOLE
DB-9
115,200 bps
RS-232
serial
Optional connection to the management computer.
Provides access to the command line interface (CLI).
FortiGate-300 LED Indicators
For technical support please visit http://www.fortinet.com
LED
State
Description
Power
Green
The FortiGate-300 unit is powered on.
Off
The FortiGate-300 unit is powered off.
Internal
External
DMZ/HA
Amber
The correct cable is in use and the connected
equipment has power.
Flashing
Amber
Network activity at this interface.
Green
The interface is connected at 100 Mbps.
Off
No link established.
Connect the FortiGate-300 unit to a power outlet and to the internal and external networks.
NAT/Route mode
In NAT/Route mode, the FortiGate-300 is visible to the network. All of its interfaces are
on different subnets. You must configure the internal and external interfaces with IP
addresses. Optionally, you can also configure the DMZ/HA interface.
You would typically use NAT/Route mode when the FortiGate-300 is deployed as a
gateway between private and public networks. In its default NAT/Route mode
configuration, the unit functions as a firewall. Users on the internal network can access
the Internet while the FortiGate-300 blocks all other traffic. Refer to the Documentation
CD-ROM for information on how to allow other traffic, and how to configure antivirus
protection, content filtering, network intrusion detection (NIDS), and virtual private
networks (VPNs).
Security policies control whether communications through the FortiGate-300 operate in
NAT mode or in route mode. In NAT mode, the FortiGate-300 performs network
address translation before IP packets are sent to the destination network. In route
mode, no translation takes place. By default, the unit has a single NAT mode policy that
allows users on the internal network to securely access and download content from the
Internet. No other traffic is possible until you have configured more policies.
Transparent mode
In Transparent mode, the FortiGate-300 is invisible to the network. All of its interfaces
are on the same subnet. You only have to configure a management IP address so that
you can make configuration changes.
You would typically use the FortiGate-300 in Transparent mode on a private network
behind an existing firewall or behind a router. In its default Transparent mode
configuration, the unit functions as a firewall. It has a single security policy that allows
users on the internal network to securely download content from the external network.
No other traffic is possible until you have configured more security policies. Refer to the
Documentation CD-ROM for information on how to allow other traffic, and how to
configure antivirus protection, content filtering, and network intrusion detection (NIDS).
You can connect up to three network segments to the FortiGate-300 to control traffic
between them. You can connect the external interface to an external firewall or router,
the internal interface to the internal network, and the DMZ/HA interface to other network
segments.
FortiGate-300 Unit
in NAT/Route mode
Route mode policies
controlling traffic between
internal networks.
Internal network
DMZ network
Internal
192.168.1.99
DMZ
10.10.10.1
192.168.1.1
10.10.10.2
External
204.23.1.5
NAT mode policies controlling
traffic between internal and
external networks.
Esc
Enter
Internet
Internal network
10.10.10.3
FortiGate-300 Unit
in Transparent mode
10.10.10.1
Management IP
External
Internal
10.10.10.2
Transparent mode policies
controlling traffic between
internal and external networks
204.23.1.5
(firewall, router)
Gateway to
public network
Internet
Esc
Enter
Before beginning to configure the FortiGate-300, you need to plan how to integrate the unit into
your network. Your configuration plan is dependent upon the operating mode that you select:
NAT/Route mode (the default) or Transparent mode.
Web-based
manager &
Setup Wizard
The FortiGate web-based
manager Setup Wizard
guides you through the
initial configuration steps.
Use it to configure the administrator password, the
interface addresses, and the default gateway address.
Optionally, use the Setup Wizard to configure the
internal server and DHCP server settings for NAT/Route
mode.
Requirements:
•
The Ethernet connection between the FortiGate-300
and management computer.
•
Internet Explorer version 4.0 or higher on the
management computer.
Command Line
Interface (CLI)
The CLI is a full-featured
management tool.
Use it to configure the
administrator password,
the interface addresses,
and the default gateway
address. To configure
advanced settings (such
as the DHCP server settings), see the Documentation
CD-ROM.
Requirements:
•
The serial connection between the FortiGate-300
and management computer.
•
A terminal emulation application (HyperTerminal for
Windows) on the management computer.
Control
Buttons &
LCD
The control buttons and LCD are located on the front
panel of the FortiGate-300. Use them to configure the
internal, external and DMZ/HA interface addresses, and
the default gateway address. To configure DNS, DHCP
and other settings, use the web-based manager, the
Setup Wizard, or the CLI.
Requirements:
•
Physical access to the FortiGate-300.
Choose among three different tools to configure the FortiGate-300.
QuickStart Guide
FortiGate-300
© Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
Check that the package contents are complete.
Front
Back
Esc
Enter
LCD
Control
Buttons
DMZ/HA
Interface
External
Interface
Internal
Interface
Power
Light
RS-232 Serial
Connection
Removable
Hard Drive
Power
Connection
Power
Switch
Power Cable
Rack-Mount Brackets
Null-Modem Cable
(RS-232)
Documentation
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
USER MANUAL
Esc
Enter
FortiGate-300
QuickStart Guide
Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.
1. Place the unit on a stable surface or mount it in a 19-inch rack. It requires
1.5 inches clearance (3.75 cm) on each side to allow for cooling.
2. Make sure the power switch on the back of the unit is turned off.
3. Connect the network cables.
4. Connect the power cable to a power outlet.
5. Turn on the power switch. After a few seconds, SYSTEM STARTING
appears on the LCD. MAIN MENU appears when the unit is up and running.
Esc
Enter
Straight-through Ethernet cable connects to Internet (public switch, router or modem)
Default IP Addresses (Nat/Route mode)
INTERNAL
EXTERNAL
DMZ/HA
192.168.1.99
192.168.100.99
10.10.10.1
Straight-through Ethernet cable connects to LAN or switch on internal network
Crossover Ethernet cable connects to management computer on internal network
or
Optional null modem cable connects to serial port on management computer
Power cable connects to power outlet
Straight-through Ethernet cable connects to DMZ network, or to another FortiGate-300 for HA
Default IP Address (Transparent mode)
MANAGEMENT IP 10.10.10.1
Checking the package contents
1
Connecting the FortiGate-200
2
Planning the configuration
3
Choosing a configuration tool
4
