manualshive.com logo in svg

Fortinet FortiGate FortiGate-3810A, Install Manual

The Fortinet FortiGate FortiGate-3810A is a powerful network security appliance designed to protect your network from advanced cyber threats. To ensure a smooth installation process, we provide a comprehensive Install Manual. You can conveniently download this manual for free from our website, making your network setup hassle-free and secure.

Share
Download
background image

Advanced configuration 

Antivirus options

FortiGate-3810A FortiOS 3.0 MR6 Install Guide
01-30006-0456-20080131

35

Configuring firewall policies

To add or edit a firewall policy go to 

Firewall > Policy

 and select Edit on an 

existing policy, or select Create New to add a policy.

The 

source and destination Interface/Zone

 match the firewall policy with the 

source and destination of a communication session. The Address Name matches 
the source and destination address of the communication session.

Schedule

 defines when the firewall policy is enabled. While most policies are 

always on, you can configure a firewall policy so that it is only on at specific times 
of the day. For example, you may want to block news and entertainment sites 
most of the day, except during lunch or after work, enabling your employees to 
only view those sites during non-working times.

Service

 matches the firewall policy with the service used by a communication 

session. This enables you to configure a policy for general web surfing and a 
different policy specifically for other traffic such as SMTP mail or FTP uploads and 
downloads.

Action

 defines how the FortiGate unit processes traffic. Specify an action to 

accept or deny traffic or configure a firewall encryption policy.

• Add ACCEPT policies that accept communication sessions. Using an accept 

policy, you can apply FortiGate features such as virus scanning and 
authentication to the communication session accepted by the policy.

• Add DENY policies to deny communication sessions.
• Add IPSec encryption policies to enable IPSec tunnel mode VPN traffic and 

SSL VPN encryption policies to enable SSL VPN traffic. Firewall encryption 
policies determine which types of IP traffic will be permitted during an IPSec or 
SSL VPN session.

Select 

Protection Profile

 to include apply a protection profile to the firewall policy 

for scanning of traffic passing through the FortiGate unit.

For details on the firewall policies features and settings, see the 

FortiGate 

Administration Guide

 or the FortiGate Online Help.

Antivirus options

The FortiGate unit’s antivirus configuration prevents malicious files from entering 
and infecting your network environment.

The FortiGate unit uses a number of processes to scan files to ensure unwanted 
files and potential attackers do not get through. The FortiGate unit scans using 
these antivirus options:

• File pattern - The FortiGate will check the file against the file pattern setting 

you have configured. You can set which file names or file types the FortiGate 
unit looks for in the incoming traffic.

• Virus scan - The virus definitions are kept up to date through the FortiNet 

Distribution Network. The list is updated on a regular basis so you do not have 
to wait for a firmware upgrade. Note that you must register the FortiGate unit to 
and purchase FortiGuard services to use virus scanning through the FDN.

Summary of Contents for FortiGate FortiGate-3810A

Page 1: ...www fortinet com FortiGate 3810A FortiOS 3 0 MR6 I N S T A L L G U I D E ...

Page 2: ...Prevention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion FortiGuard Web FortiLog FortiAnalyzer FortiManager FortiOS FortiPartner FortiProtect FortiReporter FortiResponse FortiShield and FortiVoIP are trademarks of Fortinet Inc in the United States and or other count...

Page 3: ...1 Environmental specifications 11 Cautions and warnings 12 Grounding 12 Rack mount instructions 12 Mounting 12 Plugging in the FortiGate 14 Connecting to the network 15 Turning off the FortiGate unit 15 Configuring 17 NAT vs Transparent mode 17 NAT mode 17 Transparent mode 18 Connecting to the FortiGate unit 18 Connecting to the web based manager 18 Connecting to the CLI 19 Configuring NAT mode 20...

Page 4: ...ng a configuration 30 Additional configuration 30 Set the time and date 30 Set the Administrator password 30 Configure FortiGuard 31 Updating antivirus and IPS signatures 31 Advanced configuration 33 Protection profiles 33 Firewall policies 34 Configuring firewall policies 35 Antivirus options 35 AntiSpam options 36 Web filtering 37 Logging 38 AMC modules 39 Installing AMC filler units 39 Installi...

Page 5: ...everting to a previous version 46 Backup and Restore from a USB key 47 Using the USB Auto Install 47 Using the CLI 48 Reverting to a previous version 49 Installing firmware from a system reboot using the CLI 50 Restoring the previous configuration 52 Backup and Restore from a USB key 52 Using the USB Auto Install 52 Additional CLI Commands for a USB key 53 Testing new firmware before installing 53...

Page 6: ...FortiGate 3810A FortiOS 3 0 MR6 Install Guide 6 01 30006 0456 20080131 Contents ...

Page 7: ...at Management System uses Fortinet s Dynamic Threat Prevention System DTPS technology which leverages breakthroughs in chip design networking security and content analysis The unique ASIC based architecture analyzes content and behavior in real time enabling key applications to be deployed right at the network edge where they are most effective at protecting your networks Register your FortiGate u...

Page 8: ...t explains how to install and configure your FortiGate unit onto your network This document also includes how to install and upgrade new firmware versions on your FortiGate unit This document contains the following chapters Installing Describes setting up and powering on a FortiGate unit Configuring Provides an overview of the operating modes of the FortiGate unit and how to integrate the FortiGat...

Page 9: ... and spam filtering and how to configure a VPN FortiGate online help Provides a context sensitive and searchable version of the Administration Guide in HTML format You can access online help from the web based manager as you work FortiGate CLI Reference Describes how to use the FortiGate CLI and contains a reference to all FortiGate CLI commands Note Highlights useful additional information Cautio...

Page 10: ... Guide Explains how to configure a PPTP VPN using the web based manager FortiGate Certificate Management User Guide Contains procedures for managing digital certificates including generating certificate requests installing signed certificates importing CA root certificates and certificate revocation lists and backing up and restoring installed certificates and private keys FortiGate VLANs and VDOM...

Page 11: ...sure that the appliance has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate air flow and cooling This device complies with part FCC Class A Part 15 UL CUL C Tick CE and VCCI Operation is subject to the following two conditions This device may not cause harmful interference and This device must accept any interference received including interference that may cause undesired ...

Page 12: ...perature of the rack environment may be greater than room ambient Therefore consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature Tma specified by the manufacturer Reduced Air Flow Installation of the equipment in a rack should be such that the amount of air flow required for safe operation of the equipment is not compromised Me...

Page 13: ...s should be mounted Note that the screw configuration may vary depending on your FortiGate unit Figure 1 Installed mounting brackets 2 Position the FortiGate unit in the rack to allow for sufficient air flow 3 Line up the mounting bracket holes to the holes on the rack ensuring the FortiGate unit is level 4 Finger tighten the screws to attach the FortiGate unit to the rack 5 Once you verify the sp...

Page 14: ...nect the power cables to power outlets Each power cable should be connected to a different power source If one power source fails the other may still be operative After a few seconds SYSTEM STARTING appears on the LCD The main menu setting appears on the LCD when the system is running The FortiGate unit starts and the Power and Status LEDs light up The Status LEDs flash while the FortiGate unit st...

Page 15: ... WAN port or port 1 Connect additional cable to the Internal port or port 2 and your internal hub or switch Turning off the FortiGate unit Always shut down the FortiGate operating system properly before turning off the power switch to avoid potential hardware problems To power off the FortiGate unit 1 From the web based manager go to System Status 2 In the Unit Operation display select Shutdown or...

Page 16: ...FortiGate 3810A FortiOS 3 0 MR6 Install Guide 16 01 30006 0456 20080131 Turning off the FortiGate unit Installing ...

Page 17: ... mode and Transparent mode Both include the same robust network security features such as antispam antivirus VPN and firewall policies NAT mode In NAT Route mode the FortiGate unit is visible to the network Like a router all its interfaces are on different subnets In NAT mode each port is on a different subnet enabling you to have a single IP address available to the public Internet The FortiGate ...

Page 18: ...s using the web based manger a GUI interface using a current web browser such as FireFox or Internet Explorer using the command line interface CLI a command line interface similar to DOS or UNIX commands using an SSH terminal or Telnet terminal Connecting to the web based manager To connect to the web based manager you require a computer with an Ethernet connection Microsoft Internet Explorer vers...

Page 19: ...the FortiGate unit redirects the connection This is an informational message Select OK to continue logging in 4 Type admin in the Name field and select Login Connecting to the CLI To connect to the FortiGate CLI you require a computer with an available communications port a serial cable either a RJ 45 to DB 9 or null modem cable whichever was included in your FortiGate package terminal emulation s...

Page 20: ...t gateway retrieved from the DHCP server The administrative distance specifies the relative priority of a route when there are multiple routes to the same destination A lower administrative distance indicates a more preferred route Retrieve default gateway from server Enable to retrieve a default gateway IP address from the DHCP server The default gateway is added to the static routing table Overr...

Page 21: ... route is called the static default route If no other routes are present in the routing table and a packet needs to be forwarded beyond the FortiGate unit the factory configured static default route causes the FortiGate unit to forward the packet to the default gateway Initial PADT Timeout Initial PPPoE Active Discovery Terminate PADT timeout in seconds Use this timeout to shut down the PPPoE sess...

Page 22: ...ortiGate interfaces Firewall policies define how the FortiGate unit processes the packets in a communication session You can configure the firewall policies to allow only specific traffic users and specific times when traffic is allowed For the initial installation a single firewall policy that enables all traffic through will enable you to verify your configuration is working On lower end units s...

Page 23: ... Connecting to the CLI on page 19 before beginning Configure the interfaces When shipped the FortiGate unit has a default address of 192 168 1 99 and a netmask of 255 255 255 0 for either the Port 1 or Internal interface You need to configure this and other ports for use on your network To set an interface to use a static address config system interface edit interface_name set mode static set ip a...

Page 24: ... the autosvr to enable you do not have to configure the primary or secondary DNS server IP addresses Adding a default route and gateway A route provides the FortiGate unit with the information it needs to forward a packet to a particular destination A static route causes packets to be forwarded to a destination other than the default gateway You define static routes manually Static routes control ...

Page 25: ...o verify your configuration is working On lower end units such a default firewall policy is already in place For the higher end FortiGate units you will need to add a firewall policy The following steps add two policies that allows all traffic through the FortiGate unit to enable you to continue testing the configuration on the network To add an outgoing traffic firewall policy config firewall pro...

Page 26: ...phone book for the Internet A DNS server matches domain names with the computer IP address This enables you to use readable locations such as fortinet com when browsing the Internet DNS server IP addresses are typically provided by your internet service provider To configure DNS server settings 1 Go to System Network Options 2 Enter the IP address of the primary DNS server 3 Enter the IP address o...

Page 27: ...o the CLI you can use the following procedures to complete the basic configuration of the FortiGate unit Ensure you read the section Connecting to the CLI on page 19 before beginning Switching to Transparent mode The FortiGate unit comes preset to NAT mode You need to switch to Transparent mode To switch to Transparent mode config system settings set opmode transparent set manageip address_ip netm...

Page 28: ...te unit process the packets in a communication session You can configure the firewall policies to allow only specific traffic users and specific times when traffic is allowed For the initial installation a single firewall policy that enables all traffic through will enable you to verify your configuration is working On lower end units such a default firewall policy is already in place For the high...

Page 29: ... backing up the configuration you ensure that if you need to reset the FortiGate unit for whatever reason you will be able to quickly return it to operation with minimal effort To back up the FortiGate configuration 1 Go to System Maintenance Backup Restore 2 Select to back up to your PC or to a USB key The USB Disk option will be grayed out if the FortiGate unit supports USB disks but none are co...

Page 30: ...le not mandatory they will help in ensuring better control with the firewall Set the time and date For effective scheduling and logging the FortiGate system date and time must be accurate You can either manually set the system date and time or configure the FortiGate unit to automatically keep its time correct by synchronizing with a Network Time Protocol NTP server To set the date and time 1 Go t...

Page 31: ...ered your FortiGate unit you can update antivirus and IPS signatures The FortiGuard Center enables you to receive push updates allow push update to a specific IP address and schedule updates for daily weekly or hourly intervals To update antivirus definitions and IPS signatures 1 Go to System Maintenance FortiGuard 2 Select the blue arrow for AntiVirus and IPS Options to expand the options 3 Selec...

Page 32: ...FortiGate 3810A FortiOS 3 0 MR6 Install Guide 32 01 30006 0456 20080131 Additional configuration Configuring ...

Page 33: ...g spam filtering content archiving instant messaging filtering and access control P2P access and bandwidth control logging options for policies and configurations within the policies rate limiting for VoIP protocols Using protection profiles you can customize types and levels of protection for different firewall policies For example while traffic between internal and external addresses might need ...

Page 34: ...he firewall action for the connection The action can be to allow the connection deny the connection require authentication before the connection is allowed or process the packet as an IPSec VPN connection You can configure each firewall policy to route connections or apply network address translation NAT to translate source and destination IP addresses and ports You also add protection profiles to...

Page 35: ... you can apply FortiGate features such as virus scanning and authentication to the communication session accepted by the policy Add DENY policies to deny communication sessions Add IPSec encryption policies to enable IPSec tunnel mode VPN traffic and SSL VPN encryption policies to enable SSL VPN traffic Firewall encryption policies determine which types of IP traffic will be permitted during an IP...

Page 36: ...o AntiVirus Config Grayware Antivirus settings are turned on in the protection profile In the protection profile you can enable antivirus options for specific services and which services will use the file patterns as a part of the antivirus process To configure antivirus protection profile settings go to Firewall Protection Profile Select edit for a profile and select the Anti Virus options For de...

Page 37: ...es the email address of the message s sender to the email address list in sequence If a match is found the action associated with the email address is taken If no match is found the message is passed to the next enabled antispam filter To configure black white lists go to AntiSpam Black White List You enable antispam options for each mail service POP3 IMAP and SMTP in the protection profile To con...

Page 38: ...s You need to have a FortiGuard subscription to take advantage of FortiGuard web filtering The FortiGate unit also enables you to override the FortiGuard filtering designation and you can add your own To customize your FortiGuard web filtering go to Web Filter FortiGuard Web Filter For details and configuration options for the web filtering features and settings see the FortiGate Administration Gu...

Page 39: ...rom entering the FortiGate unit Install the fillers on any AMC slots you do not have an AMC card installed To install the filler module 1 Pull the latch on the filler module to the extended position 2 Insert the module by applying moderate force to the front faceplate to slide the module into the slot The filler module should glide smoothly into the chassis If you encounter any resistance while sl...

Page 40: ... latch to lock in the module 8 Power on the FortiGate unit Removing modules Should you need to remove a module shut down the FortiGate unit using proper shut down procedures To remove a module 1 Ensure the FortiGate unit is powered off before proceeding 2 To avoid any electrostatic discharge ESD when handling FortiGate modules install in a static free area 3 Pull the hot swap latch on the right ha...

Page 41: ...mum log level Select a log level The FortiGate unit logs all messages at and above the logging severity level you select For example if you select Error the unit logs Error Critical Alert and Emergency level messages When log disk is full Select what the FortiGate unit should do when the log disk is full You can either select to overright the oldest logs or stop logging until you can remove or bac...

Page 42: ...roughput for traffic with small packets such as VoIP latency sensitive traffic such as streaming multimedia traffic with long session lifetimes such as FTP IPSec VPN traffic active active HA load balanced traffic P2P traffic Eligible traffic processing is off loaded to the module This fast path processing leverages the additional hardware acceleration resources provided by the AMC modules Ineligib...

Page 43: ... the default mode You can use a CLI command to change the interface to operate in SGMII mode Depending on the type of transceivers you install you need to configure the FortiGate unit or module for the transceiver using the CLI Use the mediatype keyword of the config system interface CLI command to change the interfaces to either SerDes or SGMII mode ...

Page 44: ...terface edit AMC SW1 1 set mediatype sgmii sfp set speed auto next edit AMC SW1 2 set mediatype sgmii sfp set speed auto end Configure the speed You must also ensure the speed for the interface is correct for the installed transceiver Forcing the speed could result in link failure and disrupted service Fortinet recommends enabling link speed auto negotiation by setting speed to auto Use the follow...

Page 45: ...ystem reboot using the CLI Testing new firmware before installing Downloading firmware Firmware images for all FortiGate units is available on the Fortinet Customer Support web site You must register your FortiGate unit to access firmware images Register the FortiGate unit by visiting http support fortinet com and select Product Registration To download firmware 1 Log into the site using your user...

Page 46: ...be able to restore the previous configuration from the backup configuration file To revert to a previous firmware version 1 Copy the firmware image file to the management computer 2 Log into the FortiGate web based manager 3 Go to System Status 4 Under System Information Firmware Version select Update 5 Type the path and filename of the firmware image file or select Browse and locate the file 6 Se...

Page 47: ...your system settings before shutting down or rebooting your FortiGate unit To configure the USB Auto Install 1 Go to System Maintenance Backup and Restore 2 Select the blue arrow to expand the Advanced options 3 Select the following On system restart automatically update FortiGate configuration file if default file name is available on the USB disk On system restart automatically update FortiGate ...

Page 48: ...he FortiGate unit can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the IP address of the TFTP server is 192 168 1 168 execute ping 192 168 1 168 5 Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit execute restore image name_str tftp_ip4 Where name_str is the name of the firmw...

Page 49: ...ke sure the FortiGate unit can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the TFTP server s IP address is 192 168 1 168 execute ping 192 168 1 168 5 Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit execute restore image name_str tftp_ipv4 Where name_str is the name of the ...

Page 50: ...e To use this procedure you must connect to the CLI using the FortiGate console port and a RJ 45 to DB 9 or null modem cable This procedure reverts the FortiGate unit to its factory default configuration For this procedure you install a TFTP server that you can connect to from the FortiGate internal interface The TFTP server should be on the same subnet as the internal interface Before beginning t...

Page 51: ... server F Format boot device Q Quit menu and continue to boot with default firmware H Display this list of options Enter G F Q or H 8 Type G to get to the new firmware image form the TFTP server The following message appears Enter TFTP server address 192 168 1 168 9 Type the address of the TFTP server and press Enter The following message appears Enter Local Address 192 168 1 188 10 Type an IP add...

Page 52: ... USB port To backup configuration using the CLI 1 Log into the CLI 2 Enter the following command to backup the configuration files exec backup config usb filename 3 Enter the following command to check the configuration files are on the key exec usb disk list To restore configuration using the CLI 1 Log into the CLI 2 Enter the following command to restore the configuration files exec restore imag...

Page 53: ...sing the new firmware image with the current configuration This new firmware image is not permanently installed The next time the FortiGate unit restarts it operates with the originally installed firmware image using the current configuration If the new firmware image operates successfully you can install it permanently using the procedure Upgrading the firmware on page 45 To use this procedure yo...

Page 54: ...ages appears Press any key to display configuration menu 7 Immediately press any key to interrupt the system startup If you successfully interrupt the startup process the following messages appears G Get firmware image from TFTP server F Format boot device Q Quit menu and continue to boot with default firmware H Display this list of options Enter G F Q or H 8 Type G to get the new firmware image f...

Page 55: ...the following appears Save as Default firmware Backup firmware Run image without saving D B R 12 Type R The FortiGate image is installed to system memory and the FortiGate unit starts running the new firmware image but with its current configuration You can test the new firmware image as required When done testing you can reboot the FortiGate unit and the FortiGate unit will resume using the firmw...

Page 56: ...FortiGate 3810A FortiOS 3 0 MR6 Install Guide 56 01 30006 0456 20080131 Testing new firmware before installing FortiGate Firmware ...

Page 57: ... document conventions 8 documentation 9 domain name server configure 26 domain name server configure 21 24 downloading firmware 45 E earthing 12 execute shutdown 15 F firewall policies 22 25 34 firmware backup and restore from USB 52 download 45 from system reboot 50 installing 50 re installing current version 52 restore from CLI 52 restoring previous config 52 revert from CLI 49 reverting with we...

Page 58: ...ty certificate 19 shielded twisted pair 12 shut down 15 signatures update 31 static route 21 24 system reboot installing 50 T technical support 10 TFTP server 50 time and date 30 time zone 30 Transparent mode 18 switching to 26 typographic conventions 9 U unnumbered IP 20 update signatures 31 updating antivirus and IPS web based manager 31 upgrading firmware using the CLI 48 USB 52 auto install 47...

Page 59: ...FortiGate 3810A FortiOS 3 0 MR6 Install Guide 59 01 30006 0456 20080131 Index ...

Page 60: ...FortiGate 3810A FortiOS 3 0 MR6 Install Guide 60 01 30006 0456 20080131 Index ...

Page 61: ...www fortinet com ...

Page 62: ...www fortinet com ...

Reviews:

No comments

Related manuals for FortiGate FortiGate-3810A

3Com 3C16772 - OfficeConnect Web Site Filter User Manual preview
3C16772 - OfficeConnect Web Site Filter
Brand: 3Com Pages: 182
FEITIAN MultiPass FIDO Product Manual preview
MultiPass FIDO
Brand: FEITIAN Pages: 7
Lancom R&S Unified AGPO150 Migration Manual preview
R&S Unified AGPO150
Brand: Lancom Pages: 17
Black Box MC170A Specifications preview
MC170A
Brand: Black Box Pages: 3

Brands by name

Popular brands

Load more brands