background image

Esc

Enter

A

CONSOLE

10/100

10/100/1000

USB

1

2

3

4                               5                             6                      

Power Cable

Rack-Mount Brackets

Documentation

Ethernet Cables:

Orange - Crossover

Grey - Straight-through

USER MANUAL

FortiGate-400A

QuickStart Guide

Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.

Front

LCD

Control

Buttons

Power

LED

1, 2, 3, 4

10/100

5, 6

10/100/1000

Esc

Enter

DMZ2

DMZ1

INTERNAL

WAN1

WAN2

CONSOLE

USB

1

2

3

4

A

Back

Power

Connection

Power
Switch

USB

(future)

Serial

Port

RJ-45 to

DB-9 Serial Cable

Esc

Enter

A

CONSOLE

10/100

10/100/1000

USB

1

2

3

4                               5                             6                      

Straight-through Ethernet cable connects
to Internet (public switch, router, or modem)

Power cable connects to power outlet

Optional RJ-45 serial cable connects to management computer

 

Straight-through Ethernet cable connects to LAN or switch on internal network

Crossover Ethernet cable connects to management computer on internal network

Straight-through Ethernet cables connect
to other networks

Esc

Enter

A

CONSOLE

10/100

10/100/1000

USB

1

2

3

4                               5                             6                      

Connector Type

Speed

Protocol Description

Port 1

RJ-45

10/100Base_T Ethernet

Default connection to the internal network.

Port 2

RJ-45  10/100Base_T Ethernet

Default connection to the Internet.

Port 3 and 4 RJ-45

10/100Base_T Ethernet

Optional connections to other networks, or to other 
FortiGate-400A units for HA. For details, see the 
Documentation CD-ROM.

Port 5 and 6 RJ-45

10/100/1000 
Base-T

Ethernet

Optional connection to other networks.

CONSOLE

RJ-45

9600 bps

RS-232 
serial

Optional connection to the management computer. 
Provides access to the command line interface (CLI).

FortiGate-400A LED Indicators

LED

State

Description

Power

Green

The FortiGate unit is powered on.

Off

The FortiGate unit is powered off.

Ports 1, 2, 
3, 4, 5 and 6

Amber (Left LED)

The correct cable is in use and the connected equipment has 
power on ports.

Flashing Amber
(Left LED)

Network activity at this interface.

Green (Right LED) Ports 1, 2, 3, 4, the interface is connected at 100 Mbps.

Amber (Right LED) Ports 5 and 6, the interface is connected at 1000 Mbps.

Connect the FortiGate-400A unit to a power outlet and to networks.

NAT/Route mode

In NAT/Route mode, the FortiGate-400A is visible to the networks that it is connected 

to. All of its interfaces are on different subnets. You must configure the Port 1 and Port 2 

interfaces with IP addresses. Optionally, you can also configure Ports 3 to 6.
You would typically use NAT/Route mode when the FortiGate-400A is deployed as a 

gateway between private and public networks. In its default NAT/Route mode 

configuration, the unit functions as a firewall. Firewall policies control communications 

through the FortiGate-400A unit.

In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In 

NAT mode, the FortiGate-400A performs network address translation before IP packets 

are sent to the destination network. In Route mode, no translation takes place. By 

default, the unit has a single NAT mode policy that allows users on the internal network 

to securely access and download content from the Internet. No other traffic is possible 

until you have configured more policies.

Transparent mode

In Transparent mode, the FortiGate-400A is invisible to the network. All of its interfaces 

are on the same subnet. You only have to configure a management IP address so that 

you can make configuration changes. 
You would typically use the FortiGate-400A in Transparent mode on a private network 

behind an existing firewall or behind a router. In its default Transparent mode 

configuration, the unit functions as a firewall. By default, the unit has a single firewall 

policy that allows users on the internal network segment to connect to the external 

network segment. No other traffic is possible until you have configured more policies.

You can connect up to 5 network segments to the FortiGate-400A unit to control traffic 

between these network segments.

FortiGate-400A Unit

in NAT/Route mode

Route mode policies
controlling traffic between
internal networks.

Internal network

DMZ network

Port 1

192.168.1.99

Port 4

10.10.10.1

192.168.1.3

10.10.10.2

Port 2

204.23.1.5

NAT mode policies controlling

traffic between internal and

external networks.

Internet

Esc

Enter

A

CONSOLE

10/100

10/100/1000

USB

1

2

3

4                               5                             6                      

FortiGate-400A Unit

in Transparent mode

Internet

10.10.10.1
Management IP

10.10.10.3

Port 2

Port 1

10.10.10.2

Transparent mode policies 

controlling traffic between 

internal and external networks

204.23.1.5

(firewall, router)

Gateway to

public network

Internal network

Esc

Enter

A

CONSOLE

10/100

10/100/1000

USB

1

2

3

4                               5                             6                      

Before configuring the FortiGate-400A, you need to plan how to integrate the unit into your 

network. Your configuration plan is dependent upon the operating mode that you select: 

NAT/Route mode (the default) or Transparent mode.

Choose among three different tools to configure the FortiGate-400A. 

QuickStart Guide

FortiGate-400A

Check that the package contents are complete.

Place the unit on a stable surface or mount it in a 19-inch rack. It 

requires 1.5 inches clearance (3.75 cm) on each side to allow for 

cooling. 

Make sure the power switch on the back of the unit is turned off before 

connecting the power and network cables.

Checking the package contents

1

Connecting the FortiGate-400A

2

Planning the configuration

3

Choosing a configuration tool

4

© Copyright 2005 Fortinet Incorporated. All rights reserved. 

Trademarks 

Products mentioned in this document are trademarks or registered trademarks of their respective holders.

Regulatory Compliance

FCC Class A Part 15 CSA/CUS
25 May 2005

For technical support please visit http://www.fortinet.com.

Factory default settings

NAT/Route mode

Transparent mode

Port 1 interface

192.168.1.99

Management IP

10.10.10.1

Port 2 interface

192.168.100.99

Administrative account settings

Port 4 interface

10.10.10.1

User name

admin

Password

(none)

Web-based 

manager & 

Setup Wizard

The FortiGate web-based 

manager Setup Wizard 

guides you through the 

initial configuration steps. 

Use it to configure the administrator password, the 

interface addresses, the default gateway address, and 

the DNS server addresses. Optionally, use the Setup 

Wizard to configure the internal server settings for 

NAT/Route mode. 

Requirements:

 

Ethernet connection between the FortiGate-400A 

and management computer. 

Internet Explorer version 6.0 or higher on the 

management computer. 

Command 

Line Interface 

(CLI)

The CLI is a full-featured 

management tool. 
Use it to configure the 

administrator password, 

the interface addresses, 

the default gateway 

address, and the DNS server addresses. To configure 

advanced settings, see the Documentation CD-ROM. 

Requirements:

 

Serial connection between the FortiGate-400A and 

management computer. 

A terminal emulation application (HyperTerminal for 

Windows) on the management computer. 

Control 

Buttons & 

LCD

The control buttons and LCD are located on the front 

panel of the FortiGate-400A. Use them to configure the 

Port 1, Port 2 and Port 5 interface addresses, and the 

default gateway address. To configure the other 

interface addresses, the DNS server addresses and 

other settings, use the web-based manager, or the CLI.

Requirements:

 

Physical access to the FortiGate-400A. 

Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, Web content filtering, Spam filtering, intrusion 

prevention (IPS), and virtual private networking (VPN).

01-28005-0099-20050525

Отзывы: