Back
Front
Power
LED
Internal, External, DMZ
Interfaces
Status
LED
INTERNAL
EXTERNAL
DMZ
POWER
STATUS
DMZ
External
Console
DC +12V 5A
Internal
RS-232 Serial
Connection
Power
Connection
DMZ, External, Internal
Interfaces
Null-Modem Cable
(RS-232)
Documentation
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
USER MANUAL
FortiGate-100
QuickStart Guide
Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.
Power Cable Power Supply
INTERNAL
EXTERNAL
DMZ
POWER
STATUS
Optional null modem cable connects to serial port on management computer
Optional straight-through Ethernet cable connects to DMZ network
Straight-through Ethernet cable connects to Internet (public switch, router or modem)
DMZ
External
Console
DC +12V 5A
Internal
Straight-through Ethernet cable connects to LAN or switch on internal network
Crossover Ethernet cable connects to management computer on internal network
or
Power cable connects to power supply
INTERNAL
EXTERNAL
DMZ
POWER
STATUS
Connector Type
Speed
Protocol Description
Internal
RJ-45
10/100Base_T Ethernet
Connection to the internal network.
External
RJ-45 10/100Base_T Ethernet
Connection to the Internet.
DMZ
RJ-45
10/100Base_T Ethernet
Optional connection to a DMZ network, or other FortiGate-100
units for high availability (HA). For details, see the
Documentation CD-ROM.
CONSOLE
DB-9
9600 bps
RS-232
serial
Optional connection to the management computer.
Provides access to the command line interface (CLI).
FortiGate-100 LED Indicators
LED
State
Description
Power
Green
The FortiGate unit is powered on.
Off
The FortiGate unit is powered off.
Status
Flashing
The FortiGate unit is starting up.
Green
The FortiGate unit is running normally.
Off
The FortiGate unit is powered off.
Internal External
DMZ
(front and back)
Green
The correct cable is in use, and the
connected equipment has power.
Flashing green (front)
Flashing Amber (back)
Network activity at this interface.
Off
No link established.
Connect the FortiGate-100 unit to power outlets and to the internal and external networks.
NAT/Route mode
In NAT/Route mode, the FortiGate-100 is visible to the networks that it is connected to.
All of its interfaces are on different subnets. You must configure the internal and
external interfaces with IP addresses. Optionally, you can also configure the DMZ
interface.
You would typically use NAT/Route mode when the FortiGate-100 is deployed as a
gateway between private and public networks. In its default NAT/Route mode
configuration, the unit functions as a firewall. Firewall policies control communications
through the FortiGate-100 unit.
In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In
NAT mode, the FortiGate-100 performs network address translation before IP packets
are sent to the destination network. In Route mode, no translation takes place. By
default, the unit has a single NAT mode policy that allows users on the internal network
to securely access and download content from the Internet. No other traffic is possible
until you have configured more policies.
Transparent mode
In Transparent mode, the FortiGate-100 is invisible to the network. All of its interfaces
are on the same subnet. You only have to configure a management IP address so that
you can make configuration changes.
You would typically use the FortiGate-100 in Transparent mode on a private network
behind an existing firewall or behind a router. In its default Transparent mode
configuration, the unit functions as a firewall. By default, the unit has a single firewall
policy that allows users on the internal network segment to connect to the external
network segment. No other traffic is possible until you have configured more policies.
You can connect up to three network segments to the FortiGate-100 unit to control
traffic between these network segments.
FortiGate-100 Unit
in NAT/Route mode
Route mode policies
controlling traffic between
internal networks.
Internal network
DMZ network
Internal
192.168.1.99
DMZ
10.10.10.1
192.168.1.3
10.10.10.2
External
204.23.1.5
NAT mode policies controlling
traffic between internal and
external networks.
INTERNAL
EXTERNAL
DMZ
POWER
STATUS
Internet
Internal network
10.10.10.3
FortiGate-100 Unit
in Transparent mode
10.10.10.1
Management IP
External
Internal
10.10.10.2
Transparent mode policies
controlling traffic between
internal and external networks
204.23.1.5
(firewall, router)
Gateway to
public network
Internet
INTERNAL
EXTERNAL
DMZ
POWER
STATUS
Before configuring the FortiGate-100, you need to plan how to integrate the unit into your
network. Your configuration plan is dependent upon the operating mode that you select: NAT/
Route mode (the default) or Transparent mode.
Web-based manager and Setup
Wizard
Using the Setup Wizard you can add basic settings
by stepping through the wizard pages and filling in
the information required.
The FortiGate web-based manager is an easy to use
management tool. Use it to configure the
administrator password, interface addresses, the
default gateway address, and the DNS server
addresses.
Requirements:
•
Ethernet connection between the FortiGate-100 and a management computer.
•
Internet Explorer version 6.0 or higher on the management computer.
Command Line Interface (CLI)
The CLI is a full-featured management tool.
Use it to configure the administrator password, the
interface addresses, the default gateway address, and
the DNS server addresses. To configure advanced
settings, see the Documentation CD-ROM.
Requirements:
•The RJ-45-serial connection between the FortiGate-100
and management computer.
•
A terminal emulation application (HyperTerminal for Windows) on the management
computer.
Choose among two different tools to configure the FortiGate-100.
QuickStart Guide
FortiGate-100
Check that the package contents are complete.
•
Place the unit on a stable surface. It requires 1.5 inches
(3.75 cm) clearance on each side to allow for cooling.
•
Make sure the power switch on the back of the unit is turned off before
connecting the power and network cables.
•
The Status light flashes while the unit is starting up and remains lit when
the system is up and running.
Checking the package contents
1
Connecting the FortiGate-100
2
Planning the configuration
3
Choosing a configuration tool
4
© Copyright 2004 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
04 November 2004
For technical support please visit http://www.fortinet.com.
Factory default settings
NAT/Route mode
Transparent mode
Internal interface
192.168.1.99
Management IP
10.10.10.1
External interface
192.168.100.99
Administrative account settings
DMZ interface
10.10.10.1
User name
admin
Password
(none)
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, Web content filtering, Spam filtering, intrusion
prevention (IPS), and virtual private networking (VPN).
01-28005-0033-20041104