manualshive.com logo in svg

Fortinet FortiWiFi FortiWiFi-60B, Install Manual

The Fortinet FortiWiFi FortiWiFi-60B is a powerful firewall and wireless security gateway suitable for small to medium-sized businesses. Ensure smooth installation and setup by downloading the free Install Manual from manualshive.com. This manual provides detailed instructions on configuring and optimizing your network security.

Share
Download
background image

Configuring 

NAT vs. Transparent mode

FortiWiFi-60B FortiOS 3.0 MR6 Install Guide
01-30006-0447-20080131

19

Configuring

This section provides an overview of the operating modes of the FortiWiFi unit, 
NAT/Route and Transparent, and how to configure the FortiWiFi unit for each 
mode. There are two ways you can configure the FortiWiFi unit, using the 
web-based manager or the command line interface (CLI). This section will step 
through using both methods. Use whichever you are most comfortable with.

This section includes the following topics: 

NAT vs. Transparent mode

Connecting to the FortiWiFi unit

Verify the configuration

Backing up the configuration

Additional configuration

NAT vs. Transparent mode

The FortiWiFi unit can run in two different modes, depending on your network 
infrastructure and requirements. You have a choice between NAT/Route mode 
and Transparent mode. Both include the same robust network security features 
such as antispam, antivirus, VPN and firewall policies.

NAT mode

In NAT/Route mode, the FortiWiFi unit is visible to the network. Like a router, all its 
interfaces are on different subnets. 

In NAT mode, each port is on a different subnet, enabling you to have a single IP 
address available to the public Internet. The FortiWiFi unit performs network 
address translation before it sends and receives the packet to the destination 
network.

In Route mode, there is no address translation.

Figure 4: FortiWiFi unit in NAT mode

You typically use NAT/Route mode when the FortiWiFi unit is operating as a 
gateway between private and public networks. In this configuration, you would 
create NAT mode firewall policies to control traffic flowing between the internal, 
private network and the external, public network, usually the Internet.

Internet

Router

Internal network

192.168.1.20

192.168.1.99

204.23.1.5

NAT mode policies controlling 

traffic between internal 

and external networks.

Summary of Contents for FortiWiFi FortiWiFi-60B

Page 1: ...www fortinet com FortiWiFi 60B FortiOS 3 0 MR6 I N S T A L L G U I D E...

Page 2: ...evention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion FortiGuard...

Page 3: ...utions and warnings 14 Grounding 14 Rack mount instructions 14 Mounting 14 Setting up a wireless network 15 Radio Frequency interface 16 Using multiple access points 16 Plugging in the FortiWiFi 17 Co...

Page 4: ...y the configuration 31 Backing up the configuration 31 Restoring a configuration 32 Additional configuration 32 Set the time and date 32 Set the Administrator password 32 Configure FortiGuard 33 Updat...

Page 5: ...it as a client 51 Change to Client mode 51 Configure the wireless settings 52 Configure the address and default gateway 52 Set the default gateway 52 Configure the firewall policies 52 Configuring the...

Page 6: ...8 Reverting to a previous version 69 Installing firmware from a system reboot using the CLI 70 Restoring the previous configuration 72 Backup and Restore from a USB key 72 Using the USB Auto Install 7...

Page 7: ...Management System uses Fortinet s Dynamic Threat Prevention System DTPS technology which leverages breakthroughs in chip design networking security and content analysis The unique ASIC based architec...

Page 8: ...FortiWiFi 60B supports a wide range of 3G wireless PC Cards to provide an ideal wireless broadband and wireless LAN gateway Figure 1 FortiWiFi 60B About this document This document explains how to in...

Page 9: ...tiWiFi unit FortiGate Administration Guide Provides basic information about how to configure a FortiWiFi unit including how to define FortiWiFi protection profiles and firewall policies how to apply i...

Page 10: ...by step instructions for configuring IPSec VPNs using the web based manager FortiGate SSL VPN User Guide Compares FortiGate IPSec VPN and FortiGate SSL VPN technology and describes how to configure w...

Page 11: ...and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly configure easily and operate reliably in your network Please visit...

Page 12: ...FortiWiFi 60B FortiOS 3 0 MR6 Install Guide 12 01 30006 0447 20080131 Customer service and technical support Introduction...

Page 13: ...re that the appliance has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate air flow and cooling This device complies with part FCC Class A Part 15 UL CUL C Tick CE and VCCI Oper...

Page 14: ...he rack environment may be greater than room ambient Therefore consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature Tma specified...

Page 15: ...g the FortiWiFi on the nails or screws from the brackets Setting up a wireless network When placing the FortiWiFi access point AP your main concern is providing a strong signal to all users A strong s...

Page 16: ...ireless devices at least 10 feet away from appliances such as microwave ovens and cordless phones If you must have a cordless phone select one that does not use the 2 4GHz frequency range for b g or 5...

Page 17: ...e back of the FortiGate unit 2 Connect the AC adapter to the power cable 3 Connect the power cable to a power outlet The FortiGate unit starts and the Power and Status LEDs light up The Status LEDs fl...

Page 18: ...FortiWiFi 60B FortiOS 3 0 MR6 Install Guide 18 01 30006 0447 20080131 Turning off the FortiWiFi unit Installing...

Page 19: ...ode and Transparent mode Both include the same robust network security features such as antispam antivirus VPN and firewall policies NAT mode In NAT Route mode the FortiWiFi unit is visible to the net...

Page 20: ...using the web based manger a GUI interface using a current web browser such as FireFox or Internet Explorer using the command line interface CLI a command line interface similar to DOS or UNIX command...

Page 21: ...e FortiWiFi unit redirects the connection This is an informational message Select OK to continue logging in 4 Type admin in the Name field and select Login Connecting to the CLI To connect to the Fort...

Page 22: ...gateway retrieved from the DHCP server The administrative distance specifies the relative priority of a route when there are multiple routes to the same destination A lower administrative distance ind...

Page 23: ...oute is called the static default route If no other routes are present in the routing table and a packet needs to be forwarded beyond the FortiWiFi unit the factory configured static default route cau...

Page 24: ...tiWiFi interfaces Firewall policies define how the FortiWiFi unit processes the packets in a communication session You can configure the firewall policies to allow only specific traffic users and spec...

Page 25: ...onnecting to the CLI on page 21 before beginning Configure the interfaces When shipped the FortiWiFi unit has a default address of 192 168 1 99 and a netmask of 255 255 255 0 for either the Port 1 or...

Page 26: ...he autosvr to enable you do not have to configure the primary or secondary DNS server IP addresses Adding a default route and gateway A route provides the FortiWiFi unit with the information it needs...

Page 27: ...verify your configuration is working On lower end units such a default firewall policy is already in place For the higher end FortiWiFi units you will need to add a firewall policy The following steps...

Page 28: ...one book for the Internet A DNS server matches domain names with the computer IP address This enables you to use readable locations such as fortinet com when browsing the Internet DNS server IP addres...

Page 29: ...the CLI you can use the following procedures to complete the basic configuration of the FortiWiFi unit Ensure you read the section Connecting to the CLI on page 21 before beginning Switching to Transp...

Page 30: ...unit process the packets in a communication session You can configure the firewall policies to allow only specific traffic users and specific times when traffic is allowed For the initial installatio...

Page 31: ...acking up the configuration you ensure that if you need to reset the FortiWiFi unit for whatever reason you will be able to quickly return it to operation with minimal effort To back up the FortiWiFi...

Page 32: ...not mandatory they will help in ensuring better control with the firewall Set the time and date For effective scheduling and logging the FortiGate system date and time must be accurate You can either...

Page 33: ...ed your FortiWiFi unit you can update antivirus and IPS signatures The FortiGuard Center enables you to receive push updates allow push update to a specific IP address and schedule updates for daily w...

Page 34: ...FortiWiFi 60B FortiOS 3 0 MR6 Install Guide 34 01 30006 0447 20080131 Additional configuration Configuring...

Page 35: ...spam filtering content archiving instant messaging filtering and access control P2P access and bandwidth control logging options for policies and configurations within the policies rate limiting for V...

Page 36: ...firewall action for the connection The action can be to allow the connection deny the connection require authentication before the connection is allowed or process the packet as an IPSec VPN connecti...

Page 37: ...ou can apply FortiWiFi features such as virus scanning and authentication to the communication session accepted by the policy Add DENY policies to deny communication sessions Add IPSec encryption poli...

Page 38: ...AntiVirus Config Grayware Antivirus settings are turned on in the protection profile In the protection profile you can enable antivirus options for specific services and which services will use the fi...

Page 39: ...the email address of the message s sender to the email address list in sequence If a match is found the action associated with the email address is taken If no match is found the message is passed to...

Page 40: ...You need to have a FortiGuard subscription to take advantage of FortiGuard web filtering The FortiWiFi unit also enables you to override the FortiGuard filtering designation and you can add your own T...

Page 41: ...reless network FortiWiFi operation modes Wireless Security Setting up the FortiWiFi unit as an access point Setting up the FortiWiFi unit as a client Setting up a wireless network In its simplest form...

Page 42: ...Radio frequency RF interference occurs when other devices send RF signals during their normal operation that use the same frequency as the FortiWiFi unit Wireless devices such as cordless phones micr...

Page 43: ...multiple access points set each FortiWiFi unit to a different channel to avoid interference in areas where signals from both FortiWiFi units can be received FortiWiFi operation modes The FortiWiFi uni...

Page 44: ...does not have a wired infrastructure For example in a warehouse where shipping and receiving are on opposite sides of the building running cables is not an option due to the warehouse environment The...

Page 45: ...mation from being intercepted by unwanted sources These are Wireless Equivalent Privacy WEP and WiFi Protected Access WPA WPA2 encryption Wireless encryption is only used between the wireless device a...

Page 46: ...key being used In a network setup where a RADIUS server is not a viable option WPA also provides authentication with preshared keys using Temporal Key Integrity Protocol TKIP Using TKIP the encryptio...

Page 47: ...tings 2 Select the WLAN interface 3 Clear SSID Broadcast and select OK Setting up the FortiWiFi unit as an access point This section describes how to configure the FortiWiFi unit as an access point to...

Page 48: ...a MAC address will use an IP address before it is released to the address pool If you have a large number of users connecting you will want to use a shorter lease time Advanced Use only to specify se...

Page 49: ...dresses and select to Allow or Deny them from the wireless network 8 Select OK Address Mode Enter a static IP and netmask for the interface DHCP and PPPoE are not available on a wireless interface Adm...

Page 50: ...nistration Guide To create and outgoing firewall policy 1 Go to Firewall Policy 2 Select the blue arrow for WLAN to WAN1 3 Select Create New Configure the following settings and select OK Next create...

Page 51: ...eless client As a client the FortiWiFi connects to another access point to connect to the Internet All other ports on the FortiWiFi are used to connect a remote network In simple terms it is a wireles...

Page 52: ...is the next hop for data packets leaving the FortiWiFi unit You need to add the default gateway to ensure traffic will get out to the Internet In this case it is the wireless WLAN port of the access...

Page 53: ...ue arrow for Internal to WLAN 6 Select Create New Configure the following settings and select OK Interface Zone Source WLAN Interface Zone Destination Internal Address Name Source All Address Name Des...

Page 54: ...FortiWiFi 60B FortiOS 3 0 MR6 Install Guide 54 01 30006 0447 20080131 Setting up the FortiWiFi unit as a client Using a wireless network...

Page 55: ...ative access through the modem port Configuring the PCMCIA modem card Selecting a modem mode The modem interface can work in one of two modes redundant and stand alone mode To select an operational mo...

Page 56: ...lone and Redundant Note Do not add firewall policies for connections between the Ethernet interface that the modem replaces and other interfaces Note Do not add a default route to the Ethernet interfa...

Page 57: ...erface after the primary interface has been restored Configure a higher value if you find the FortiWiFi unit switching repeatedly between the primary interface and the modem interface Redial Limit The...

Page 58: ...et idle timer minutes set interface name set mode redudant standalone set modem dev1 internal pcmica wireless set modem dev2 internal pcmica wireless set modem dev3 internal pcmica wireless set passwd...

Page 59: ...WiFi unit is restarted This is available only when dial on demand is set to disabled and mode is set to standalone disable connect timeout seconds Set the connection completion timeout 30 255 seconds...

Page 60: ...t to the Internet standalone modem dev1 internal pcmica wireless Set the modem type for the selected dialup account internal modem dev2 internal pcmica wireless Set the modem type for the selected dia...

Page 61: ...dialup account Do not add spaces to the phone number Make sure to include standard special characters for pauses country codes and other functions as required by your modem to connect to your dialup...

Page 62: ...work Interface 2 Choose an interface and select Edit 3 Set Ping Server to the IP address of the next hop router on the network connected to the interface 4 Select the Enable check box 5 Select OK to s...

Page 63: ...odem connection using the standard connection options available to the other FortiWiFi ports telnet ssh http https and ping To enable administrative access on the modem interface 1 Go to System Interf...

Page 64: ...em interface 7 If a security pin is required enter in the Extra Initialization String field in the following format at cpin 5555 where 5555 is the pin provided to you by your ISP 8 Select Apply Create...

Page 65: ...tem reboot using the CLI Testing new firmware before installing Downloading firmware Firmware images for all FortiWiFi units is available on the Fortinet Customer Support web site You must register yo...

Page 66: ...able to restore the previous configuration from the backup configuration file To revert to a previous firmware version 1 Copy the firmware image file to the management computer 2 Log into the FortiWi...

Page 67: ...ur system settings before shutting down or rebooting your FortiWiFi unit To configure the USB Auto Install 1 Go to System Maintenance Backup and Restore 2 Select the blue arrow to expand the Advanced...

Page 68: ...FortiWiFi unit can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the IP address of the TFTP server is 192 168 1 168 execute...

Page 69: ...sure the FortiWiFi unit can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the TFTP server s IP address is 192 168 1 168 exec...

Page 70: ...To use this procedure you must connect to the CLI using the FortiWiFi console port and a RJ 45 to DB 9 or null modem cable This procedure reverts the FortiWiFi unit to its factory default configuratio...

Page 71: ...erver F Format boot device Q Quit menu and continue to boot with default firmware H Display this list of options Enter G F Q or H 8 Type G to get to the new firmware image form the TFTP server The fol...

Page 72: ...SB port To backup configuration using the CLI 1 Log into the CLI 2 Enter the following command to backup the configuration files exec backup config usb filename 3 Enter the following command to check...

Page 73: ...ng the new firmware image with the current configuration This new firmware image is not permanently installed The next time the FortiWiFi unit restarts it operates with the originally installed firmwa...

Page 74: ...es appears Press any key to display configuration menu 7 Immediately press any key to interrupt the system startup If you successfully interrupt the startup process the following messages appears G Ge...

Page 75: ...e following appears Save as Default firmware Backup firmware Run image without saving D B R 12 Type R The FortiWiFi image is installed to system memory and the FortiWiFi unit starts running the new fi...

Page 76: ...FortiWiFi 60B FortiOS 3 0 MR6 Install Guide 76 01 30006 0447 20080131 Testing new firmware before installing FortiWiFi Firmware...

Page 77: ...62 default adding a route 23 26 default route 23 26 DHCP 25 wireless 47 dial now button 56 dial on demand 57 dial on demand system modem 59 distance system modem 59 DNS override 22 document convention...

Page 78: ...redial system modem 61 redial limit 57 redundant mode configuring 55 registering 7 restore 32 restoring previous firmware configuration 72 reverting firmware 66 routing table priority 61 RSA RC4 45 S...

Page 79: ...FortiWiFi 60B FortiOS 3 0 MR6 Install Guide 79 01 30006 0447 20080131 Index DHCP settings 47 network name 47 security 45 Wireless Equivalent Privacy WEP 45...

Page 80: ...FortiWiFi 60B FortiOS 3 0 MR6 Install Guide 80 01 30006 0447 20080131 Index...

Page 81: ...www fortinet com...

Page 82: ...www fortinet com...

Reviews:

No comments

Related manuals for FortiWiFi FortiWiFi-60B

Symantec 10521148 - Network Security 7161 Implementation Manual preview
10521148 - Network Security 7161
Brand: Symantec Pages: 214
Fortinet FortiGate 3810A-LENC Quick Start Manual preview
FortiGate 3810A-LENC
Brand: Fortinet Pages: 2
Fortinet FortiBridge 1000 Configuration preview
FortiBridge 1000
Brand: Fortinet Pages: 286
Nexcom NSA 1150 User Manual preview
NSA 1150
Brand: Nexcom Pages: 61
Nexcom NSA 3111 Series User Manual preview
NSA 3111 Series
Brand: Nexcom Pages: 80
US Robotics USR8200 Quick Installation Manual preview
USR8200
Brand: US Robotics Pages: 42
Fortinet FortiWiFi FortiWiFi-50B Install Manual preview
FortiWiFi FortiWiFi-50B
Brand: Fortinet Pages: 68
HP 11900 User Manual preview
11900
Brand: HP Pages: 11
HP 10500 series Specifications preview
10500 series
Brand: HP Pages: 42
HP F5000-S User Manual preview
F5000-S
Brand: HP Pages: 2
HP 10500 series Security Configuration Manual preview
10500 series
Brand: HP Pages: 596
HP F5000 Installation Manual preview
F5000
Brand: HP Pages: 99
Triton RiskVision Setup Manual preview
RiskVision
Brand: Triton Pages: 26
Stonesoft SSL-3200 Series Appliance Installation Manual preview
SSL-3200 Series
Brand: Stonesoft Pages: 50
Stonesoft StoneGate FW-5000 Series Appliance Installation Manual preview
StoneGate FW-5000 Series
Brand: Stonesoft Pages: 51
ei3 Amphion S14-H Green Box User Manual preview
Amphion S14-H Green Box
Brand: ei3 Pages: 26

Brands by name

Popular brands

Load more brands