manualshive.com logo in svg

Fortinet FortiWiFi 60, Installation And Configuration Manual, Page: 50 / 76

Share
Download
Fortinet FortiWiFi 60 Installation And Configuration Manual Download Page 50

50

01-28008-0030-20050128

Fortinet Inc.

Configuring the networks

NAT/Route mode installation

Figure 14: FortiWiFi-60 NAT/Route mode connections

Configuring the networks

If you are running the FortiGate unit in NAT/Route mode, your networks must be 
configured to route all Internet traffic to the IP address of the FortiGate interface to 
which they are connected. 

• For the internal network, change the default gateway address of all computers and 

routers connected directly to your internal network to the IP address of the 
FortiGate internal interface. 

• For the DMZ network, change the default gateway address of all computers and 

routers connected directly to your DMZ network to the IP address of the FortiGate 
DMZ interface. 

• For the external network, route all packets to the FortiGate WAN1 or WAN 2 

interface.

If you are using the FortiGate unit as the DHCP server for your internal network, 
configure the computers on your internal network for DHCP.

Make sure that the connected FortiGate unit is functioning properly by connecting to 
the Internet from a computer on the internal network. You should be able to connect to 
any Internet address.

INTERNAL

DMZ

4

3

2

1

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

WAN1

WAN2

PWR

WLAN

FortiWiFi-60

DMZ

DMZ Network

Mail Server

Web Server

Internal Network

WAN2

WAN1

Internet

Broadband (cable or DSL)

T1

Wireless Network

Internal

Summary of Contents for FortiWiFi 60

Page 1: ...iWiFi 60 Installation and Configuration Guide INTERNAL DMZ 4 3 2 1 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 WAN1 WAN2 PWR WLAN Version 2 80 MR8 28 January 2005 01 28008 0030 2005...

Page 2: ...rior written permission of Fortinet Inc FortiWiFi 60 Installation Guide Version 2 80 MR8 28 January 2005 01 28008 0030 20050128 Trademarks Products mentioned in this document are trademarks or registe...

Page 3: ...te unit power on and off 17 Connecting to the web based manager 19 Connecting to the command line interface CLI 20 Quick installation using factory defaults 21 Factory default FortiGate configuration...

Page 4: ...FortiGate unit to operate in NAT Route mode 44 Using the setup wizard 47 Starting the setup wizard 48 Connecting the FortiGate unit to the network s 48 Configuring the networks 50 Configuring the Mode...

Page 5: ...cluster 67 Configuring the modem interface 69 Selecting a modem mode 69 Redundant mode configuration 69 Standalone mode configuration 70 Configuring modem settings 71 Connecting and disconnecting the...

Page 6: ...Contents 6 01 28008 0030 20050128 Fortinet Inc...

Page 7: ...everages breakthroughs in chip design networking security and content analysis The unique ASIC based architecture analyzes content and behavior in real time enabling key applications to be deployed ri...

Page 8: ...sed manager Using HTTP or a secure HTTPS connection from any computer running Internet Explorer you can configure and manage the FortiGate unit The web based manager supports multiple languages You ca...

Page 9: ...rtiGate unit The wizard walks through the configuration of a new administrator password FortiGate interfaces DHCP server settings internal servers web FTP etc and basic antivirus settings Document con...

Page 10: ...all the options you want to apply and excluding all the options you want to remove FortiGate documentation Information about FortiGate products is available from the following guides FortiGate QuickSt...

Page 11: ...ical documentation is available from the Fortinet Knowledge Center The knowledge center contains short how to articles FAQs technical notes product and feature guides and much more Visit the Fortinet...

Page 12: ...web based manager as you work FortiMail Web Mail Online Help Describes how to use the FortiMail web based email client including how to send and receive email how to add import and export addresses an...

Page 13: ...il address Telephone number FortiGate unit serial number FortiGate model FortiGate FortiOS firmware version Detailed description of the problem amer_support fortinet com For customers in the United St...

Page 14: ...14 01 28008 0030 20050128 Fortinet Inc Customer service and technical support Introduction...

Page 15: ...p and powering on a FortiGate Antivirus Firewall unit This section includes Package contents Mounting Turning the FortiGate unit power on and off Connecting to the web based manager Connecting to the...

Page 16: ...air flow and cooling Dimensions 8 63 x 6 13 x 1 38 in 21 9 x 15 6 x 3 5 cm Weight 1 5 lb 0 68 kg Power requirements DC input voltage 12 V DC input current 3 A Null Modem Cable RS 232 Ethernet Cables O...

Page 17: ...ughput and range Follow these basic guidelines to ensure the best possible performance Install the access point in an area where large steel structures such as shelving units bookcases and filing cabi...

Page 18: ...nit is powered off Status Green The FortiGate unit is starting up Off The FortiGate unit is running normally Link Internal DMZ WAN1 WAN2 Green The correct cable is in use and the connected equipment h...

Page 19: ...t connection to the static IP address 192 168 1 2 with a netmask of 255 255 255 0 You can also configure the management computer to obtain an IP address automatically using DHCP The FortiGate DHCP ser...

Page 20: ...nications port of your computer and to the FortiGate Console port 2 Make sure that the FortiGate unit is powered on 3 Start HyperTerminal enter a name for the connection and select OK 4 Configure Hype...

Page 21: ...er IP addresses added to the FortiGate unit configuration and returns lookup results to the internal network For more information about default DHCP server settings see Factory default DHCP server con...

Page 22: ...e the FortiGate unit in Transparent mode you can switch to Transparent mode from the factory default configuration and then configure the FortiGate unit onto the network in Transparent mode Once the n...

Page 23: ...terface responds to ping requests Table 3 FortiGate DHCP Server default configuration Name internal_dhcp_server Interface Internal Default Gateway 192 168 1 99 IP Range 192 168 1 110 192 168 1 210 Net...

Page 24: ...llowing firewall configuration settings are included in the default firewall configuration to make it easier to add firewall policies Network Settings Default Gateway for default route 192 168 100 1 I...

Page 25: ...on traffic between trusted internal addresses might need moderate protection You can configure firewall policies for different traffic services to use the same or different protection profiles Protect...

Page 26: ...plan depends on the operating mode that you select The FortiGate unit can be configured in one of two modes NAT Route mode the default or Transparent mode You can also configure the FortiGate unit an...

Page 27: ...ased on the source address destination address and service of each packet In NAT mode the FortiGate unit performs network address translation before it sends the packet to the destination network In R...

Page 28: ...ate network and the external public network usually the Internet If you have multiple internal networks such as one or more DMZ networks in addition to the internal private network you can create rout...

Page 29: ...e web based manager Setup Wizard guides you through the initial configuration steps Use the Setup Wizard to configure the administrator password the interface addresses the default gateway address and...

Page 30: ...ate in Transparent mode you can switch to Transparent mode from the web based manager and then use the setup wizard to add the administration password the management IP address and gateway and the DNS...

Page 31: ...ake your wireless network as efficient as possible This chapter includes Setting up a wireless network Wireless Security FortiWiFi 60 operation modes Setting up the FortiWiFi 60 as an Access Point Set...

Page 32: ...ysical interference you may encounter dead spots that receive no signals Ensure the FortiWiFi 60 AP is located in a prominent location within a room for maximum coverage rather than in a corner Constr...

Page 33: ...need to use multiple FortiWiFi 60 APs to help distribute the radio signal around the room Figure 10 shows how positioning two FortiWiFi 60 APs within a uniquely shaped office space helps to distribut...

Page 34: ...lly error prone Consequently keys are rarely changed over months or years leaving a hacker plenty of time to get the key and gain access to the network In small wireless networking environments activa...

Page 35: ...more difficult for a hacker using random MAC addresses or spoofing a MAC address to gain access to your network Service Set Identifier The Service Set Identifier SSID is the network name shared by all...

Page 36: ...in a warehouse where shipping and receiving are on opposite sides of the building Running cables is not an option due to the warehouse environment The FortiWiFi 60 unit can support wired users using i...

Page 37: ...reless security features to provide a secure wireless environment This section contains the following steps Log into the web based manager Set the DHCP settings Set the security options Configure the...

Page 38: ...a DHCP server you need to configure the DHCP server settings To configure a DHCP server for an interface 1 Go to System DHCP Server 2 Select Create New 3 Enter a name for the DHCP server 4 Select the...

Page 39: ...WAN2 interfaces The following example creates a policy from the wireless clients WLAN interface to the Internet WAN1 interface using traffic shaping firewall authentication and the default Strict cont...

Page 40: ...40 01 28008 0030 20050128 Fortinet Inc Setting up the FortiWiFi 60 as an Access Point Using a wireless network...

Page 41: ...g the setup wizard Connecting the FortiGate unit to the network s Configuring the networks Configuring the modem interface Next steps Preparing to configure the FortiGate unit in NAT Route mode Use Ta...

Page 42: ...u require for your PPPoE configuration Table 7 NAT Route mode settings Administrator Password Internal IP _____ _____ _____ _____ Netmask _____ _____ _____ _____ WAN1 IP _____ _____ _____ _____ Netmas...

Page 43: ...an interface 3 Set the addressing mode for the interface Choose from manual DHCP or PPPoE 4 Complete the addressing configuration For manual addressing enter the IP address and netmask for the interfa...

Page 44: ...t Mask to 0 0 0 0 6 Set Gateway to the default gateway IP address 7 Set Device to the interface connected to the external network 8 Select OK Using the command line interface You can also configure th...

Page 45: ...u recorded in Table 7 on page 42 To set the static IP address and netmask enter config system interface edit wan1 set mode static set ip address_ip netmask end Example config system interface edit wan...

Page 46: ...add a default route Add a default route to configure where the FortiGate unit sends traffic that should be sent to an external network usually the Internet Adding the default route also defines which...

Page 47: ...additional settings that you can configure with the setup wizard See Table 7 on page 42 and Table 8 on page 42 for other settings Table 9 Setup wizard settings Password Prepare an administrator passw...

Page 48: ...locking and blocking of oversize email for HTTP FTP IMAP POP3 and SMTP Add this protection profile to a default firewall policy Medium Create a protection profile that enables virus scanning for HTTP...

Page 49: ...network The Internal interface functions as a switch allowing up to four devices to be connected to the internal network and the internal interface 2 Connect the WAN1 interface to the Internet Connect...

Page 50: ...eway address of all computers and routers connected directly to your DMZ network to the IP address of the FortiGate DMZ interface For the external network route all packets to the FortiGate WAN1 or WA...

Page 51: ...Gate Administration Guide for complete information on configuring monitoring and maintaining the FortiGate unit To set the date and time For effective scheduling and logging the FortiGate system date...

Page 52: ...figure the FortiGate unit to automatically keep virus grayware and attack definitions up to date 1 Go to System Maintenance Update Center 2 Select Refresh to test the FortiGate unit connectivity with...

Page 53: ...nt mode see Planning the FortiGate configuration on page 26 This chapter describes Preparing to configure Transparent mode Using the web based manager Using the command line interface Using the setup...

Page 54: ...management computer to 10 10 10 2 Connect to the internal or DMZ interface and browse to https followed by the Transparent mode management IP address The default FortiGate Transparent mode management...

Page 55: ...b based manager by browsing to https 10 10 10 1 If you connect to the management interface through a router make sure that you have added a default gateway for that router to the management IP default...

Page 56: ...ystem manageip set ip 10 10 10 2 255 255 255 0 end 3 Confirm that the address is correct Enter get system manageip The CLI lists the management IP address and netmask To configure DNS server settings...

Page 57: ...nt computer to 10 10 10 2 Connect to the internal or DMZ interface and browse to https followed by the Transparent mode management IP address The default FortiGate Transparent mode management IP addre...

Page 58: ...nt mode 1 Connect the Internal interface connectors to PCs and other network devices in your internal network The Internal interface functions as a switch allowing up to four devices to be connected t...

Page 59: ...tem date and time 6 Set the hour minute second month day and year as required 7 Select Apply To use NTP to set the FortiGate date and time 1 Go to System Config Time 2 Select Synchronize with NTP Serv...

Page 60: ...e FDN the FortiGate unit default route must point to a network such as the Internet to which a connection to the FDN can be established If FortiProtect Distribution Network changes to Available then t...

Page 61: ...steps for changing the priorities of heartbeat devices or for configuring monitor priorities settings Both of these HA settings should be configured after the cluster is up and running Configuring For...

Page 62: ...in the cluster get the same virtual MAC address This virtual MAC address is set according to the group ID Group ID MAC Address 0 00 09 0f 06 ff 00 1 00 09 0f 06 ff 01 2 00 09 0f 06 ff 02 3 00 09 0f 06...

Page 63: ...ches select Least connection to distribute traffic to the cluster unit with the fewest concurrent connections Round Robin Round robin load balancing If the FortiGate units are connected using switches...

Page 64: ...ce all of the units are configured continue with Connecting the cluster to your networks on page 65 11 If you are configuring a Transparent mode cluster reconnect to the web based manager You may have...

Page 65: ...he FortiGate units in the cluster Once all of the units are configured continue with Connecting the cluster to your networks on page 65 3 If you are configuring a Transparent mode cluster switch the F...

Page 66: ...each FortiGate unit to a switch or hub connected to your internal network Connect the WAN1 interfaces of each FortiGate unit to a switch or hub connected to your external network Connect the DMZ inte...

Page 67: ...the FortiGate units in the cluster are synchronized so that the FortiGate units can function as a cluster Because of this synchronization you configure and manage the HA cluster instead of managing th...

Page 68: ...68 01 28008 0030 20050128 Fortinet Inc Installing and configuring the cluster High availability installation...

Page 69: ...ngs Connecting and disconnecting the modem in Standalone mode Defining a Ping Server Adding firewall policies for modem connections Selecting a modem mode The external modem when connected to the Fort...

Page 70: ...account The modem interface operates as the primary connection to the Internet The FortiGate unit routes traffic through the modem interface which remains permanently connected to the dialup account...

Page 71: ...FortiGate interface that the modem is redundant for Figure 17 Modem settings Standalone and Redundant Enable Modem or Enable USB Modem Select to enable the FortiGate modem Depending on the model the m...

Page 72: ...ut Standalone mode only Enter the timeout duration in minutes After this period of inactivity the modem disconnects Holddown Timer Redundant mode only Enter the time 1 60 seconds that the FortiGate un...

Page 73: ...interface To add a ping server to an interface 1 Go to System Network Interface 2 Choose an interface and select Edit 3 Set Ping Server to the IP address of the next hop router on the network connecte...

Page 74: ...or modem connections The modem interface requires firewall addresses and policies You can add one or more addresses to the modem interface For information about adding addresses see the FortiGate Admi...

Page 75: ...figuring Transparent mode 56 default route 23 dial now 71 dial on demand 72 E encryption 34 WEP 34 WPA 34 environmental specifications 17 F firewall policies 39 modem 74 firewall setup wizard 8 43 47...

Page 76: ...et time 51 59 setup wizard 43 47 54 57 starting 43 48 54 57 SSID 35 broadcasting 35 standalone mode configuring 70 modem 69 70 starting IP DHCP 23 synchronize with NTP server 51 59 T technical support...

Reviews:

No comments