background image

Configuring 

Connecting to the FortiGate unit

FortiGate-50B FortiOS 3.0 MR6 Install Guide
01-30006-0444-20080131

15

To support a secure HTTPS authentication method, the FortiGate unit ships with a 
self-signed security certificate, which is offered to remote clients whenever they 
initiate a HTTPS connection to the FortiGate unit. When you connect, the 
FortiGate unit displays two security warnings in a browser. 

The first warning prompts you to accept and optionally install the FortiGate unit’s 
self-signed security certificate. If you do not accept the certificate, the FortiGate 
unit refuses the connection. If you accept the certificate, the FortiGate login page 
appears. The credentials entered are encrypted before they are sent to the 
FortiGate unit. If you choose to accept the certificate permanently, the warning is 
not displayed again. 

Just before the FortiGate login page is displayed, a second warning informs you 
that the FortiGate certificate distinguished name differs from the original request. 
This warning occurs because the FortiGate unit redirects the connection. This is 
an informational message. Select OK to continue logging in. 

4

Type 

admin

 in the Name field and select Login. 

Connecting to the CLI

To connect to the FortiGate CLI you require: 

• a computer with an available communications port
• a serial cable, either a RJ-45 to DB-9 or null modem cable, whichever was 

included in your FortiGate package

• terminal emulation software such as HyperTerminal for Microsoft Windows

To connect to the CLI

1

Connect the serial cable to the communications port of your computer and to the 
FortiGate console port. 

2

Start HyperTerminal, enter a name for the connection and select OK. 

3

Configure HyperTerminal to connect directly to the communications port on your 
computer and select OK. 

4

Select the following port settings and select OK:

5

Press Enter to connect to the FortiGate CLI.

6

When the login prompt appears, type 

admin

 and press Enter twice. 

Type ? to list available commands. For information about how to use the CLI, see 
the 

FortiGate CLI Reference

.

Note: 

The following procedure uses Microsoft Windows HypterTerminal software. You can 

apply these steps to any terminal emulation program.

Bits per second

9600

Data bits

8

Parity

None

Stop bits

1

Flow control 

None

Summary of Contents for FortiGate FortiGate-50B

Page 1: ...www fortinet com FortiGate 50B FortiOS 3 0 MR6 I N S T A L L G U I D E...

Page 2: ...evention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion FortiGuard...

Page 3: ...ecifications 9 Cautions and warnings 10 Grounding 10 Rack mount instructions 10 Mounting 11 Plugging in the FortiGate 11 Connecting to the network 11 Turning off the FortiGate unit 12 Configuring 13 N...

Page 4: ...up the configuration 25 Restoring a configuration 26 Additional configuration 26 Set the time and date 26 Set the Administrator password 26 Configure FortiGuard 27 Updating antivirus and IPS signature...

Page 5: ...1 Contents Installing firmware from a system reboot using the CLI 40 Restoring the previous configuration 42 Backup and Restore from a USB key 42 Using the USB Auto Install 42 Additional CLI Commands...

Page 6: ...FortiGate 50B FortiOS 3 0 MR6 Install Guide 4 01 30006 0444 20080131 Contents...

Page 7: ...Management System uses Fortinet s Dynamic Threat Prevention System DTPS technology which leverages breakthroughs in chip design networking security and content analysis The unique ASIC based architec...

Page 8: ...de new firmware versions on your FortiGate unit This document contains the following chapters Installing Describes setting up and powering on a FortiGate unit Configuring Provides an overview of the o...

Page 9: ...archable version of the Administration Guide in HTML format You can access online help from the web based manager as you work FortiGate CLI Reference Describes how to use the FortiGate CLI and contain...

Page 10: ...te requests installing signed certificates importing CA root certificates and certificate revocation lists and backing up and restoring installed certificates and private keys FortiGate VLANs and VDOM...

Page 11: ...e that the appliance has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate air flow and cooling This device complies with part FCC Class A Part 15 UL CUL C Tick CE and VCCI Opera...

Page 12: ...ation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technici...

Page 13: ...tiGate unit Adhere the rubber feet included in the package to the underside of the FortiGate unit near the corners of the device Place the FortiGate unit on any flat stable surface Ensure the unit has...

Page 14: ...ays shut down the FortiGate operating system properly before turning off the power switch to avoid potential hardware problems To power off the FortiGate unit 1 From the web based manager go to System...

Page 15: ...ode and Transparent mode Both include the same robust network security features such as antispam antivirus VPN and firewall policies NAT mode In NAT Route mode the FortiGate unit is visible to the net...

Page 16: ...using the web based manger a GUI interface using a current web browser such as FireFox or Internet Explorer using the command line interface CLI a command line interface similar to DOS or UNIX command...

Page 17: ...e FortiGate unit redirects the connection This is an informational message Select OK to continue logging in 4 Type admin in the Name field and select Login Connecting to the CLI To connect to the Fort...

Page 18: ...gateway retrieved from the DHCP server The administrative distance specifies the relative priority of a route when there are multiple routes to the same destination A lower administrative distance ind...

Page 19: ...oute is called the static default route If no other routes are present in the routing table and a packet needs to be forwarded beyond the FortiGate unit the factory configured static default route cau...

Page 20: ...tiGate interfaces Firewall policies define how the FortiGate unit processes the packets in a communication session You can configure the firewall policies to allow only specific traffic users and spec...

Page 21: ...onnecting to the CLI on page 15 before beginning Configure the interfaces When shipped the FortiGate unit has a default address of 192 168 1 99 and a netmask of 255 255 255 0 for either the Port 1 or...

Page 22: ...rver IP addresses are typically provided by your internet service provider To configure DNS server settings config system dns set autosvr enable disable set primary address_ip set secondary address_ip...

Page 23: ...ow through the FortiGate interfaces Firewall policies to define the FortiGate unit process the packets in a communication session You can configure the firewall policies to allow only specific traffic...

Page 24: ...address and the Default Gateway address The default gateway IP address is required to tell the FortiGate unit where to send network traffic to other networks 5 Select Apply Configure a DNS server A DN...

Page 25: ...wall policy configuration is the same in NAT Route mode and Transparent mode Note that these policies allow all traffic through No protection profiles have been applied Ensure you create additional fi...

Page 26: ...NS server IP addresses Adding firewall policies Firewall policies enable traffic to flow through the FortiGate interfaces Firewall policies define the FortiGate unit process the packets in a communica...

Page 27: ...d and working correctly it is extremely important that you back up your configuration By backing up the configuration you ensure that if you need to reset the FortiGate unit for whatever reason you wi...

Page 28: ...not mandatory they will help in ensuring better control with the firewall Set the time and date For effective scheduling and logging the FortiGate system date and time must be accurate You can either...

Page 29: ...ed your FortiGate unit you can update antivirus and IPS signatures The FortiGuard Center enables you to receive push updates allow push update to a specific IP address and schedule updates for daily w...

Page 30: ...FortiGate 50B FortiOS 3 0 MR6 Install Guide 28 01 30006 0444 20080131 Additional configuration Configuring...

Page 31: ...spam filtering content archiving instant messaging filtering and access control P2P access and bandwidth control logging options for policies and configurations within the policies rate limiting for V...

Page 32: ...firewall action for the connection The action can be to allow the connection deny the connection require authentication before the connection is allowed or process the packet as an IPSec VPN connecti...

Page 33: ...ou can apply FortiGate features such as virus scanning and authentication to the communication session accepted by the policy Add DENY policies to deny communication sessions Add IPSec encryption poli...

Page 34: ...AntiVirus Config Grayware Antivirus settings are turned on in the protection profile In the protection profile you can enable antivirus options for specific services and which services will use the fi...

Page 35: ...the email address of the message s sender to the email address list in sequence If a match is found the action associated with the email address is taken If no match is found the message is passed to...

Page 36: ...You need to have a FortiGuard subscription to take advantage of FortiGuard web filtering The FortiGate unit also enables you to override the FortiGuard filtering designation and you can add your own T...

Page 37: ...tem reboot using the CLI Testing new firmware before installing Downloading firmware Firmware images for all FortiGate units is available on the Fortinet Customer Support web site You must register yo...

Page 38: ...able to restore the previous configuration from the backup configuration file To revert to a previous firmware version 1 Copy the firmware image file to the management computer 2 Log into the FortiGa...

Page 39: ...ur system settings before shutting down or rebooting your FortiGate unit To configure the USB Auto Install 1 Go to System Maintenance Backup and Restore 2 Select the blue arrow to expand the Advanced...

Page 40: ...FortiGate unit can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the IP address of the TFTP server is 192 168 1 168 execute...

Page 41: ...sure the FortiGate unit can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the TFTP server s IP address is 192 168 1 168 exec...

Page 42: ...To use this procedure you must connect to the CLI using the FortiGate console port and a RJ 45 to DB 9 or null modem cable This procedure reverts the FortiGate unit to its factory default configuratio...

Page 43: ...erver F Format boot device Q Quit menu and continue to boot with default firmware H Display this list of options Enter G F Q or H 8 Type G to get to the new firmware image form the TFTP server The fol...

Page 44: ...SB port To backup configuration using the CLI 1 Log into the CLI 2 Enter the following command to backup the configuration files exec backup config usb filename 3 Enter the following command to check...

Page 45: ...ng the new firmware image with the current configuration This new firmware image is not permanently installed The next time the FortiGate unit restarts it operates with the originally installed firmwa...

Page 46: ...es appears Press any key to display configuration menu 7 Immediately press any key to interrupt the system startup If you successfully interrupt the startup process the following messages appears G Ge...

Page 47: ...e following appears Save as Default firmware Backup firmware Run image without saving D B R 12 Type R The FortiGate image is installed to system memory and the FortiGate unit starts running the new fi...

Page 48: ...FortiGate 50B FortiOS 3 0 MR6 Install Guide 46 01 30006 0444 20080131 Testing new firmware before installing FortiGate Firmware...

Page 49: ...in name server configure 22 domain name server configure 17 20 downloading firmware 35 E earthing 11 execute shutdown 12 F firewall policies 18 21 30 firmware backup and restore from USB 42 download 3...

Page 50: ...hut down 12 signatures update 27 static route 17 21 system reboot installing 40 T technical support 8 TFTP server 40 time and date 26 time zone 26 Transparent mode 14 switching to 22 typographic conve...

Page 51: ...www fortinet com...

Page 52: ...www fortinet com...

Reviews: