Fortinet FortiGate 500A Скачать руководство пользователя страница 14

Страница: 14 / 54

01-28005-0101-20041015

Fortinet Inc.

Getting started

To power off the FortiGate unit

Always shut down the FortiGate operating system properly before turning off the
power switch.

From the web-based manager, go to

System > Maintenance > ShutDown

, select

Shut Down and select Apply, or from the CLI, enter:

execute shutdown

Turn off the power switch.

Disconnect the power cable from the power supply.

Connecting to the web-based manager

Use the following procedure to connect to the web-based manager for the first time.
Configuration changes made with the web-based manager are effective immediately
without resetting the firewall or interrupting service.

To connect to the web-based manager, you need:

• a computer with an ethernet connection,
• Internet Explorer version 6.0 or higher,
• a crossover cable or an ethernet hub and two ethernet cables.

To connect to the web-based manager

Set the IP address of the computer with an ethernet connection to the static IP
address 192.168.1.2 with a netmask of 255.255.255.0.

Using the crossover cable or the ethernet hub and cables, connect port 1 of the
FortiGate unit to the computer ethernet connection.

Table 1: FortiGate-500A LED indicators

LED

State

Description

Power

Green

The FortiGate unit is powered on.

Off

The FortiGate unit is powered off.

LAN (L1, L2,
L3, L4), 1, 2, 3,
4, 5, 6

Amber

The correct cable is in use and the connected equipment has

power.

Flashing

Amber

Network activity at this interface.

Green

The interface is connected.
• 1, 2, 3, and 4 connect at up to 100 Mbps.
• 5 and 6 connect at up to 1000 Mbps.

Off

No link established.

Note:

You can use the web-based manager with recent versions of most popular web browsers.

The web-based manager is fully supported for Internet Explorer version 6.0 or higher.

Содержание FortiGate 500A

Страница 1: ...FortiGate 500A Installation Guide Esc Ent er A CONSOLE 5 6 USB LAN 1 2 3 4 L1 L2 L3 L4 10 100 10 100 1 000 Version 2 80 MR5 15 October 2004 01 28005 0101 20041015 ...

Страница 2: ...rior written permission of Fortinet Inc FortiGate 500A Installation Guide Version 2 80 MR5 15 October 2004 01 28005 0101 20041015 Trademarks Products mentioned in this document are trademarks or registered trademarks of their respective holders Regulatory Compliance FCC Class A Part 15 CSA CUS For technical support please visit http www fortinet com Send information about errors or omissions in th...

Страница 3: ... network configuration 17 Factory default Transparent mode network configuration 18 Factory default firewall configuration 18 Factory default protection profiles 19 Planning the FortiGate configuration 20 NAT Route mode 20 NAT Route mode with multiple external network connections 21 Transparent mode 22 Configuration options 22 Next steps 23 NAT Route mode installation 25 Preparing to configure the...

Страница 4: ...2 Reconnecting to the web based manager 42 Connecting the FortiGate unit to your network 42 Next steps 43 High availability installation 45 Priorities of heartbeat device and monitor priorities 45 Configuring FortiGate units for HA operation 45 High availability configuration settings 45 Configuring FortiGate units for HA using the web based manager 47 Configuring FortiGate units for HA using the ...

Страница 5: ...stem ABACAS technology which leverages breakthroughs in chip design networking security and content analysis The unique ASIC based architecture analyzes content and behavior in real time enabling key applications to be deployed right at the network edge where they are most effective at protecting your networks The FortiGate 500A model provides the carrier class levels of performance and reliabilit...

Страница 6: ...d manager Using HTTP or a secure HTTPS connection from any computer running Internet Explorer you can configure and manage the FortiGate unit The web based manager supports multiple languages You can configure the FortiGate unit for HTTP and HTTPS administration from any FortiGate interface You can use the web based manager to configure most FortiGate settings You can also use the web based manage...

Страница 7: ... FortiGate unit The wizard walks through the configuration of a new administrator password FortiGate interfaces DHCP server settings internal servers web FTP etc and basic antivirus settings Document conventions This guide uses the following conventions to describe command syntax Angle brackets to indicate variables For example execute restore config filename_str You enter execute restore config m...

Страница 8: ...ernal interface you can enter show system interface internal A space to separate options that can be entered in any combination and must be separated by spaces For example set allowaccess ping https ssh snmp http telnet You can enter any of the following set allowaccess ping set allowaccess ping https ssh set allowaccess https ping ssh set allowaccess snmp In most cases to make changes to lists th...

Страница 9: ...rough the FortiGate unit and how to configure VPN IPS antivirus web filtering spam filtering The administration guide also describes how to use protection profiles to apply intrusion prevention antivirus protection web content filtering and spam filtering to traffic passing through the FortiGate unit FortiGate CLI Reference Guide Describes how to use the FortiGate CLI and contains a reference to a...

Страница 10: ... available from the following addresses For information on Fortinet telephone support see http support fortinet com When requesting technical support please provide the following information Your name Company name Location Email address Telephone number FortiGate unit serial number FortiGate model FortiGate FortiOS firmware version Detailed description of the problem amer_support fortinet com For ...

Страница 11: ...ibes unpacking setting up and powering on a FortiGate Antivirus Firewall unit This section includes Package contents Mounting Turning the FortiGate unit power on and off Connecting to the web based manager Connecting to the command line interface CLI Factory default FortiGate configuration settings Planning the FortiGate configuration Next steps ...

Страница 12: ... any stable surface The FortiGate 500A unit can also be mounted on a standard 19 inch rack It requires 1 U of vertical space in the rack Dimensions 16 8 x 10 x 1 75 in 42 7 x 25 4 x 4 5 cm Weight 7 3 lb 3 3 kg Esc Enter A CONSOLE 5 6 USB LAN 1 2 3 4 L1 L2 L3 L4 10 100 10 100 1000 Power Cable Rack Mount Brackets Documentation Ethernet Cables Orange Crossover Grey Straight through USER MANUAL FortiG...

Страница 13: ...stallation make sure that the amount of air flow required for safe operation of the FortiGate unit is not compromised For free standing installation make sure that the FortiGate unit has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate air flow and cooling Mechanical loading For rack installation make sure the mechanical loading of the FortiGate unit is evenly distributed to...

Страница 14: ... higher a crossover cable or an ethernet hub and two ethernet cables To connect to the web based manager 1 Set the IP address of the computer with an ethernet connection to the static IP address 192 168 1 2 with a netmask of 255 255 255 0 2 Using the crossover cable or the ethernet hub and cables connect port 1 of the FortiGate unit to the computer ethernet connection Table 1 FortiGate 500A LED in...

Страница 15: ... without resetting the firewall or interrupting service To connect to the FortiGate CLI you need a computer with an available communications port the RJ 45 serial cable included in your FortiGate package terminal emulation software such as HyperTerminal for Windows To connect to the CLI 1 Make sure that the FortiGate unit is powered on 2 Start HyperTerminal enter a name for the connection and sele...

Страница 16: ...er IP addresses and configure basic routing if required If you plan to operate the FortiGate unit in Transparent mode you can switch to Transparent mode from the factory default configuration and then configure the FortiGate unit onto the network in Transparent mode Once the network configuration is complete you can perform additional configuration tasks such as setting system time configuring vir...

Страница 17: ...ministrator account User name admin Password none LAN IP 0 0 0 0 Netmask 0 0 0 0 Administrative Access Ping Port 1 IP 192 168 1 99 Netmask 255 255 255 0 Administrative Access HTTPS Ping Port 2 IP 192 168 100 99 Netmask 255 255 255 0 Administrative Access Ping Port 3 IP 0 0 0 0 Netmask 0 0 0 0 Administrative Access Ping Port 4 IP 10 10 10 1 Netmask 0 0 0 0 Administrative Access HTTPS Ping Port 5 IP...

Страница 18: ...ctory default firewall configuration is the same in NAT Route and Transparent mode Table 3 Factory default Transparent mode network configuration Administrator account User name admin Password none Management IP IP 10 10 10 1 Netmask 255 255 255 0 DNS Primary DNS Server 207 194 200 1 Secondary DNS Server 207 194 200 129 Administrative access LAN HTTPS Ping Port 1 Ping Port 2 Ping Port 3 Ping Port ...

Страница 19: ...can configure firewall policies for different traffic services to use the same or different protection profiles Protection profiles can be added to NAT Route mode and Transparent mode firewall policies The FortiGate unit comes preconfigured with four protection profiles Strict To apply maximum protection to HTTP FTP IMAP POP3 and SMTP traffic You may not use the strict protection profile under nor...

Страница 20: ...e the FortiGate unit is visible to the network Like a router all its interfaces are on different subnets The following interfaces are available in NAT Route mode Ports 1 2 3 4 5 and 6 can be connected to any networks By default the FortiGate 300A interfaces have the following configuration LAN L1 L2 L3 and L4 is a 4 port 10 100 Base T switch that can connect to up to four network devices or an int...

Страница 21: ...ation NAT Route mode with multiple external network connections In NAT Route mode you can configure the FortiGate unit with multiple redundant connections to the external network usually the Internet For example you could create the following configuration LAN is the interface to the internal network Port 1 is the default interface to the external network usually the Internet Port 2 is the redunda...

Страница 22: ...ork segments LAN can connect to the internal firewall or router Ports 1 can connect to the external network Ports 2 to 6 can connect to other networks Port 4 can also connect to other FortiGate 500A units if you are installing an HA cluster Configuration options Once you have selected Transparent or NAT Route mode operation you can complete the configuration plan and begin to configure the FortiGa...

Страница 23: ...management tool Use it to configure the administrator password the interface addresses the default gateway address and the DNS server addresses To connect to the CLI you require Serial connection between the FortiGate unit and a management computer A terminal emulation application on the management computer If you are configuring the FortiGate unit to operate in Transparent mode you can switch to ...

Страница 24: ...24 01 28005 0101 20041015 Fortinet Inc Configuration options Getting started ...

Страница 25: ...ard Connecting the FortiGate unit to the network s Configuring the networks Next steps Preparing to configure the FortiGate unit in NAT Route mode Use Table 5 to gather the information that you need to customize NAT Route mode settings You can configure the FortiGate unit in several ways the web based manager GUI is a complete interface for configuring most settings See Using the web based manager...

Страница 26: ...r Password LAN IP _____ _____ _____ _____ Netmask _____ _____ _____ _____ Port 1 IP _____ _____ _____ _____ Netmask _____ _____ _____ _____ Port 2 IP _____ _____ _____ _____ Netmask _____ _____ _____ _____ Port 3 IP _____ _____ _____ _____ Netmask _____ _____ _____ _____ Port 4 IP _____ _____ _____ _____ Netmask _____ _____ _____ _____ Port 5 IP _____ _____ _____ _____ Netmask _____ _____ _____ __...

Страница 27: ...r an interface 3 Set the addressing mode for the interface Choose from manual DHCP or PPPoE 4 Complete the addressing configuration For manual addressing enter the IP address and netmask for the interface For DHCP addressing select DHCP and any required settings For PPPoE addressing select PPPoE and enter the username and password and any other required settings For information about how to config...

Страница 28: ...ys and the FortiGate operating mode can be configured using the LCD and front control buttons on the FortiGate unit Use the information that you recorded in Table 5 on page 26 to complete the following procedure Start when Main Menu is displayed on the LCD To change the IP address and netmask of an interface 1 Press Enter to display the interface list 2 Use the up and down arrows to highlight the ...

Страница 29: ...r 6 Press Esc to return to the Main Menu You have now completed the initial configuration of the FortiGate unit and you can proceed to Next steps on page 35 Using the command line interface You can also configure the FortiGate unit using the command line interface CLI For information about connecting to the CLI see Connecting to the command line interface CLI on page 15 Configuring the FortiGate u...

Страница 30: ...55 255 0 enter config system interface edit port1 set ip 192 168 20 99 255 255 255 0 end 4 To set the IP address and netmask of port2 enter config system interface edit port2 set ip address_ip netmask end Example To set the IP address of port 1 to 204 23 1 5 and netmask to 255 255 255 0 enter config system interface edit port1 set ip 204 23 1 5 255 255 255 0 end To set port2 to use DHCP enter conf...

Страница 31: ...dary 293 44 75 22 end To add a default route Add a default route to configure where the FortiGate unit sends traffic that should be sent to an external network usually the Internet Adding the default route also defines which interface is connected to an external network The default route is not required if the interface connected to the external network is configured using DHCP or PPPoE Set the de...

Страница 32: ...nfigure with the setup wizard See Table 5 on page 26 and Table 6 on page 26 for other settings Table 7 Setup wizard settings Password Prepare an administrator password Internal Interface Use the information you gathered in Table 5 on page 26 The Internal interface in the setup wizard refers to Port 1 of the FortiGate 500A unit External Interface Use the information you gathered in Table 5 on page ...

Страница 33: ...ofile to a default firewall policy Medium Create a protection profile that enables virus scanning for HTTP FTP IMAP POP3 and SMTP recommended Add this protection profile to a default firewall policy None Do not configure antivirus protection Select one of these security levels to protect your network from viruses Table 7 Setup wizard settings Note If you change the IP address of the interface you ...

Страница 34: ...ilability installation on page 45 Ports 5 and 6 are 10 100 1000 Base T connectors that can be connected to other networks To connect the FortiGate unit running in NAT Route mode 1 Connect port 1 to the hub or switch connected to the internal network 2 Connect port 2 to the public switch or router provided by your Internet Service Provider Figure 9 FortiGate 500A NAT Route mode connections Note You...

Страница 35: ...information on configuring monitoring and maintaining the FortiGate unit To set the date and time For effective scheduling and logging the FortiGate system date and time must be accurate You can either manually set the system date and time or configure the FortiGate unit to automatically keep its time correct by synchronizing with a Network Time Protocol NTP server 1 Go to System Config Time 2 Sel...

Страница 36: ...u can configure the FortiGate unit to automatically keep virus grayware and attack definitions up to date 1 Go to System Maintenance Update Center 2 Select Refresh to test the FortiGate unit connectivity with the FortiProtect Distribution Network FDN To be able to connect to the FDN the FortiGate unit default route must point to a network such as the Internet to which a connection to the FDN can b...

Страница 37: ...ing the FortiGate configuration on page 20 This chapter describes Preparing to configure Transparent mode Using the web based manager Using the front control buttons and LCD Using the command line interface Using the setup wizard Connecting the FortiGate unit to your network Next steps Preparing to configure Transparent mode Use Table 8 to gather the information that you need to customize Transpar...

Страница 38: ...e Transparent mode management IP address The default FortiGate Transparent mode Management IP address is 10 10 10 1 To change the Management IP 1 Go to System Network Management 2 Enter the management IP address and netmask that you recorded in Table 8 on page 38 3 Select access methods and logging for any interfaces as required 4 Select Apply To configure DNS server settings 1 Go to System Networ...

Страница 39: ...ddresses Use the information that you recorded in Table 8 on page 38 to complete this procedure Starting with Main Menu displayed on the LCD use the front control buttons and LCD To change the management IP address and netmask 1 Press Enter to display the option list 2 Use the up and down arrows to highlight Manager interface 3 Set the management interface IP address Use the up and down arrow keys...

Страница 40: ...ered in Table 8 on page 38 to complete the following procedures To change to Transparent mode using the CLI 1 Make sure that you are logged into the CLI 2 Switch to Transparent mode Enter config system global set opmode transparent end The FortiGate unit restarts After a few seconds the login prompt appears 3 Type admin and press Enter The following prompt appears Welcome 4 Confirm that the FortiG...

Страница 41: ...onfig system dns set primary address_ip set secondary address_ip end Example config system dns set primary 293 44 75 21 set secondary 293 44 75 22 end To configure the default gateway 1 Make sure that you are logged into the CLI 2 Set the default route to the default gateway that you recorded in Table 8 on page 38 Enter config router static edit 1 set dst 0 0 0 0 0 0 0 0 set gateway address_gatewa...

Страница 42: ... Use the information that you gathered in Table 8 on page 38 to fill in the wizard fields Select the Next button to step through the wizard pages 3 Confirm your configuration settings and then select Finish and Close Reconnecting to the web based manager If you changed the IP address of the management interface while you were using the setup wizard you must reconnect to the web based manager using...

Страница 43: ...ed to your other networks the example shows a connection to port 5 Figure 10 FortiGate 500A Transparent mode connections Next steps You can use the following information to configure FortiGate system time to register the FortiGate unit and to configure antivirus and attack definition updates Refer to the FortiGate Administration Guide for complete information on configuring monitoring and maintain...

Страница 44: ...ize its time with the NTP server 5 Select Apply To register your FortiGate unit After purchasing and installing a new FortiGate unit you can register the unit by going to the System Update Support page or using a web browser to connect to http support fortinet com and selecting Product Registration To register enter your contact information and the serial numbers of the FortiGate units that you or...

Страница 45: ...de steps for changing the priorities of heartbeat devices or for configuring monitor priorities settings Both of these HA settings should be configured after the cluster is up and running Configuring FortiGate units for HA operation A FortiGate HA cluster consists of two or more FortiGate units with the same HA configuration This section describes how to configure each of the FortiGate units to be...

Страница 46: ...n the cluster get the same virtual MAC address This virtual MAC address is set according to the group ID Group ID MAC Address 0 00 09 0f 06 ff 00 1 00 09 0f 06 ff 01 2 00 09 0f 06 ff 02 3 00 09 0f 06 ff 03 63 00 09 0f 06 ff 3f If you have more than one HA cluster on the same network each cluster should have a different group ID If two clusters on the same network have same group ID the duplicate M...

Страница 47: ... using switches select Least connection to distribute traffic to the cluster unit with the fewest concurrent connections Round Robin Round robin load balancing If the FortiGate units are connected using switches select round robin to distribute traffic to the next available cluster unit Weighted Round Robin Weighted round robin load balancing Similar to round robin but weighted values are assigned...

Страница 48: ... Once all of the units are configured continue with Connecting the cluster to your networks on page 49 11 If you are configuring a Transparent mode cluster reconnect to the web based manager You may have to wait a few minutes before you can reconnect 12 Go to System Status 13 Select Change to Transparent Mode and select OK to switch the FortiGate unit to Transparent mode 14 Allow the FortiGate uni...

Страница 49: ... all the FortiGate units in the cluster Once all of the units are configured continue with Connecting the cluster to your networks on page 49 3 If you are configuring a Transparent mode cluster switch the FortiGate unit to Transparent mode config system global set opmode transparent end 4 Allow the FortiGate unit to restart in Transparent mode and then power off the FortiGate unit 5 Repeat this pr...

Страница 50: ...LAN interfaces of each FortiGate unit to a switch or hub connected to a network Connect port 1 of each FortiGate unit to a switch or hub connected to your internal network Connect port 2 of each FortiGate unit to a switch or hub connected to your external network Optionally connect ports 3 5 and 6 of each FortiGate unit to switches or hubs connected to other networks Connect port 4 of each FortiGa...

Страница 51: ...all of the FortiGate units in the cluster are synchronized so that the FortiGate units can function as a cluster Because of this synchronization you configure and manage the HA cluster instead of managing the individual FortiGate units in the cluster You can configure and manage the cluster by connecting to the cluster web based manager using any cluster interface configured for HTTPS administrati...

Страница 52: ...52 01 28005 0101 20041015 Fortinet Inc Configuring FortiGate units for HA using the CLI High availability installation ...

Страница 53: ...onfiguring FortiGate units for HA operation 45 connecting an HA cluster 49 51 High availability 45 HTTPS 6 I internal network configuring 35 IP addresses configuring from the CLI 40 configuring with front keypad and LCD 28 39 L LCD and keypad configuring IP address 28 M management IP address transparent mode 40 N NAT Route mode configuration from the CLI 29 NTP 35 44 NTP server 35 44 P power requi...

Страница 54: ...54 01 28005 0101 20041015 Fortinet Inc Index ...

Результаты поиска

Содержание FortiGate 500A

Отзывы:

Похожие инструкции для FortiGate 500A

Бренды по названию

Популярные бренды

Fortinet FortiGate 500A, Руководство по установке

Результаты поиска

Содержание FortiGate 500A

Отзывы:

Похожие инструкции для FortiGate 500A

Бренды по названию

Популярные бренды