background image

Upgrade Guide for FortiOS v3.0 

4

01-30000-0317-20060424

Contents

VPN ...................................................................................................................  23

IPSec ..........................................................................................................  23
SSL .............................................................................................................  23
Certificates ..................................................................................................  23

User...................................................................................................................  24

Local ...........................................................................................................  24
Radius.........................................................................................................  24
LDAP...........................................................................................................  24
Windows AD ...............................................................................................  24
User Group .................................................................................................  24

Antivirus ...........................................................................................................  25

File Pattern..................................................................................................  25
Quarantine ..................................................................................................  25
Config..........................................................................................................  25

Intrusion Protection (formerly IPS)................................................................  25

Signature.....................................................................................................  25
Anomaly ......................................................................................................  26
Protocol Decoder ........................................................................................  26

Web Filter .........................................................................................................  26

Content Block..............................................................................................  26
URL Filter....................................................................................................  26
FortiGuard-Web Filter .................................................................................  26

AntiSpam (formerly Spam Filter) ...................................................................  27

Banned word...............................................................................................  28
Black/White list............................................................................................  28

IM/P2P (new) ....................................................................................................  28

Statistics......................................................................................................  29
User ............................................................................................................  29

Log & Report....................................................................................................  29

Log Config...................................................................................................  29
Log Access .................................................................................................  30
Report .........................................................................................................  30

HA .....................................................................................................................  30

Upgrading the HA cluster for FortiOS 3.0 ...................................................  31

SNMP MIBs and traps changes......................................................................  31

In-depth SNMP trap changes......................................................................  31
In-depth MIB file name changes .................................................................  31

Upgrading to FortiOS 3.0 ................................................................  33

Backing up your configuration ......................................................................  33

Backing up your configuration using the web-based manager.............  33
Backing up your configuration using the CLI ........................................  34

Summary of Contents for FortiOS 3.0

Page 1: ...www fortinet com Upgrade Guide for FortiOS 3 0 U P G R A D E G U I D E...

Page 2: ...hreat Prevention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard FortiGuard Antispam FortiGuard Antivirus FortiGuard In...

Page 3: ...upport 9 Upgrade Notes 11 Backing up configuration files 11 Setup Wizard 11 FortiLog name change 11 LCD display changes 11 Web based manager changes 12 Changes to the web based manager 13 Command Line...

Page 4: ...nt Block 26 URL Filter 26 FortiGuard Web Filter 26 AntiSpam formerly Spam Filter 27 Banned word 28 Black White list 28 IM P2P new 28 Statistics 29 User 29 Log Report 29 Log Config 29 Log Access 30 Rep...

Page 5: ...36 Reverting to FortiOS v2 80MR11 37 Backing up your FortiOS 3 0 configuration 37 Backing up to a FortiUSB key 37 Downgrading to FortiOS v2 80MR11 using web based manager 38 Verifying the downgrade 38...

Page 6: ...Upgrade Guide for FortiOS v3 0 6 01 30000 0317 20060424 Contents...

Page 7: ...ing chapters Upgrade Notes Provides information on changes and new features for FortiOS 3 0 New features and changes Provides information on what has changed from FortiOS v2 80MR11 Upgrading to FortiO...

Page 8: ...Guide Provides basic information about how to configure a FortiGate unit including how to define FortiGate protection profiles and firewall policies how to apply intrusion prevention antivirus protect...

Page 9: ...r Guide Explains how to configure a PPTP VPN using the web based manager FortiGate Certificate Management User Guide Contains procedures for managing digital certificates including generating certific...

Page 10: ...Upgrade Guide for FortiOS v3 0 10 01 30000 0317 20060424 Customer service and technical support Introduction...

Page 11: ...FortiLog name change LCD display changes Web based manager changes Web based manager changes Command Line Interface changes USB support Other Backing up configuration files You now have the option to...

Page 12: ...w categorized and additional features added to better monitor your FortiGate unit Figure 3 System Dashboard of a FortiGate 60 Menu Fortigat NAT Standalone Menu Fortigat Transparent Standalone System I...

Page 13: ...formation Also some FortiOS 2 80MR11 web based manager features have been moved to the CLI See the New features and changes on page 17 for information on these changes Firmware Version The current fir...

Page 14: ...be aware of not included in the above sections or in New features and changes on page 17 Antivirus scanning blocking and quarantine is available for instant messaging file transfers with AIM MSN Yaho...

Page 15: ...d forward You need to manually configure these settings after upgrading Lists from FortiOS 2 80MR11 cannot be restored in FortiOS 3 0 Make sure to document these lists before upgrading If you upgrade...

Page 16: ...Upgrade Guide for FortiOS v3 0 16 01 30000 0317 20060424 Other Upgrade Notes...

Page 17: ...e following documents to familiarize yourself the new features and changes FortiGate Administration Guide FortiGate CLI Reference The following topics are included in this section System Firewall VPN...

Page 18: ...ed manager changes on page 12 for more information on the System Dashboard Sessions The Sessions information is now located in System Status Statistics Network The Network tab appears in the System me...

Page 19: ...options available for backing up and restoring configuration files From this tab you can backup or restore a configuration file and select to encrypt the configuration file You also select your Local...

Page 20: ...u enable this option you must log back into the web based manager to configure VDOM settings Both the web based manager and CLI change as follows to reflect VDOM Global and per VDOM configurations are...

Page 21: ...distance vector routing protocol for small networks or similar networks OSPF is slightly different and is a link state routing protocol most often used in large networks to share networking informati...

Page 22: ...nal options Protection Profile and Log Allowed Traffic When you select Traffic Shaping you can then select guaranteed bandwidth maximum bandwidth and the traffic priority Address The Address menu now...

Page 23: ...enable this protocol through the CLI in the VPN chapter See the FortiGate CLI Reference for more information on SSL Also you can enable the use of digital certificates for authenticating remote client...

Page 24: ...enables you to configure your FortiGate unit on a Windows Active Directory AD network so it can transparently authenticate the user without asking for their username and password From the Windows AD...

Page 25: ...nd you can configure file and email size limits including grayware blocking Config The Config menu includes the Virus List and Grayware tabs The Config tab is now located in the CLI under Antivirus Se...

Page 26: ...of the following menus It is now located under Intrusion Protection Content Block URL Filter FortiGuard Web Filter Content Block The Content Block menu has a new tab called Web Content Exempt URL Fil...

Page 27: ...additional features for FortiGate 800 units and above In the Banned word list you can create new antispam banned word list view antispam banned word catalog You can also configure the following for th...

Page 28: ...ender to the IP address in sequence when doing an IP address list check If the FortiGate unit finds a match the action associated with the IP address is taken If there is no match then the message pas...

Page 29: ...a new menu Report Log Report consists of the following menus Log Config Log Access Report Log Config The Log Config menu has a new tab Event Log The Event Log tab enables you to choose the events you...

Page 30: ...choose from over a thousand of FortiAnalyzer reports to display logs Also you can customize a default report for your FortiGate unit You can also select what you want included in your report from News...

Page 31: ...oad and install to your SNMP management system SNMP traps and variables that used hyphens for example xxx yyy have dropped the hyphen and capitalized the second term xxxYyy The v3 0 MIB file also has...

Page 32: ...e fnHaSchedule fnHaGroupID fnHaGroupID fnHaPriority No longer available fnHaOverride No longer available fnHaAutoSync No longer available Options fnOptAuthTimeout New fnOptionLanguage New fnOptLcdProt...

Page 33: ...r configuration file s for FortiOS v2 80MR11 in either the web based manager or the CLI Backing up your configuration using the web based manager Use the following procedure to backup your current con...

Page 34: ...rmware images such as FortiOS 2 80MR11 and FortiOS 3 0 for downgrading upgrading purposes Use the Fortinet Knowlege Center article 2 80MR11 to 3 0MR1 upgrade downgrade dual boot to configure a dual bo...

Page 35: ...is running 2 Copy the new firmware image file to the root directory of the TFTP server 3 Log into the CLI 4 Make sure the FortiGate unit can connect to the TFTP server You can use the following comma...

Page 36: ...ettings have been carried forward For example if you go to System Network Options you can see your DNS settings carried forward from your FortiOS v2 80MR11 configuration settings Even though your conf...

Page 37: ...following procedure to backup your configuration onto your PC To backup your configuration to your PC 1 Go to System Maintenance Backup Restore 2 Select Local PC from Backup Configuration to list If...

Page 38: ...ersion 2 Select Update 3 Type the location of the firmware version or select Browse 4 Select OK The following message appears The new image does not support CC mode Do you want to continue to upgrade...

Page 39: ...of the firmware image file and tftp_ipv4 is the IP address of the TFTP server For example if the firmware image file name is image out and the IP address of the TFTP server er is 192 168 1 168 enter e...

Page 40: ...assword for the configuration file 5 Type the location of the file or select Browse to locate the file 6 Select OK The FortiGate unit restores the configuration settings for FortiOS v2 80MR11 This may...

Page 41: ...IP address of the TFTP server is 192 168 1 168 and the password is ghrffdt123 execute restore allconfig confall 192 168 1 168 ghrffdt123 The FortiGate unit responds with the message This operation wil...

Page 42: ...Update Guide for FortiOS v3 0 42 01 30000 0317 20060424 Restoring your configuration Reverting to FortiOS v2 80MR11...

Page 43: ...Center system menu 20 FortiLog name change 11 Fortinet customer service 9 documentation 8 Knowledge Center 9 I IM P2P menu statistics menu 29 user 29 intrusion protection protocol anomaly menu 26 sign...

Page 44: ...11 USB support 14 web based manager 12 web based manager changes 13 upgrading 3 0 using the CLI 35 3 0 using web based manager 34 config using CLI 34 FortiGate unit to 3 0 34 using the web based mana...

Page 45: ...www fortinet com...

Page 46: ...www fortinet com...

Reviews: