Fortinet FortiGate 50A Скачать руководство пользователя страница 21 | Manualshive

Страница: 21 / 52

Fortinet FortiGate 50A Скачать руководство пользователя страница 21

Getting started

Factory default FortiGate configuration settings

FortiGate-50A Installation Guide

01-28008-0017-20050128

21

Factory default Transparent mode network configuration

In Transparent mode, the FortiGate unit has the default network configuration listed in

Table 4

.

Factory default firewall configuration

FortiGate firewall policies control how all traffic is processed by the FortiGate unit.
Until firewall policies are added, no traffic can be accepted by or pass through the
FortiGate unit. The factory default configuration contains one firewall policy that allows
all traffic originating on the internal network to access the Internet. No other traffic is
allowed through the FortiGate unit. To allow traffic through the FortiGate unit you can
add firewall policies. See the

FortiGate Administration Guide

for information about

adding firewall policies.

The following firewall configuration settings are included in the default firewall
configuration to make it easier to add firewall policies.

The factory default firewall configuration is the same in NAT/Route and Transparent
mode.

Table 4: Factory default Transparent mode network configuration

Administrator
account

User name:

admin

Password:

(none)

Management IP

IP:

10.10.10.1

Netmask:

255.255.255.0

DNS

Primary DNS Server:

207.194.200.1

Secondary DNS Server:

207.194.200.129

Administrative access

Internal

HTTPS, Ping

External

Ping

Table 5: Default firewall configuration

Configuration setting Name

Description

Firewall policy

Internal

->

External Source: All Destination: All

Firewall address

All

Firewall address matches the source or

destination address of any packet.

Pre-defined service

More than 50

predefined services

Select from any of the 50 pre-defined services

to control traffic through the FortiGate unit that

uses that service.

Recurring schedule

Always

The recurring schedule is valid at any time.

Protection Profiles

Strict, Scan, Web,

Unfiltered

Control how the FortiGate unit applies virus

scanning, web content filtering, spam filtering,

and IPS.

«
...
19
20
21
22
23
...
»

Содержание FortiGate 50A

Страница 1: ...FortiGate 50A Installation Guide INTERNAL EXTERNAL LINK 100 LINK 100 PWR STATUS A Version 2 80 MR8 28 January 2005 01 28008 0017 20050128 ...

Страница 2: ...tion Guide Version 2 80 MR8 28 January 2005 01 28008 0017 20050128 Trademarks Products mentioned in this document are trademarks or registered trademarks of their respective holders Regulatory Compliance FCC Class A Part 15 CSA CUS CAUTION RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT TYPE DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS For technical support please visit http ww...

Страница 3: ... and off 15 Connecting to the web based manager 16 Connecting to the command line interface CLI 17 Quick installation using factory defaults 18 Factory default FortiGate configuration settings 19 Factory default DHCP server configuration 19 Factory default NAT Route mode network configuration 20 Factory default Transparent mode network configuration 21 Factory default firewall configuration 21 Fac...

Страница 4: ...Transparent mode 37 Using the web based manager 38 Reconnecting to the web based manager 39 Using the command line interface 39 Using the setup wizard 41 Reconnecting to the web based manager 41 Connecting the FortiGate unit to your network 42 Next steps 42 Configuring the modem interface 45 Selecting a modem mode 45 Redundant mode configuration 45 Standalone mode configuration 46 Configuring mode...

Страница 5: ...ng security and content analysis The unique ASIC based architecture analyzes content and behavior in real time enabling key applications to be deployed right at the network edge where they are most effective at protecting your networks The FortiGate 50A model is designed for telecommuters and small remote offices with 10 or fewer employees The FortiGate 50A provides complete real time network prot...

Страница 6: ...satisfied with a configuration you can download and save it The saved configuration can be restored at any time Figure 1 FortiGate web based manager and setup wizard Command line interface You can access the FortiGate command line interface CLI by connecting a management computer serial port to the FortiGate RJ 45 serial console connector You can also use Telnet or a secure SSH connection to conne...

Страница 7: ...g that uses the digits 0 9 and letters A F xxx_ipv4 indicates a dotted decimal IPv4 address xxx_v4mask indicates a dotted decimal IPv4 netmask xxx_ipv4mask indicates a dotted decimal IPv4 address followed by a dotted decimal IPv4 netmask xxx_ipv6 indicates a dotted decimal IPv6 address xxx_v6mask indicates a dotted decimal IPv6 netmask xxx_ipv6mask indicates a dotted decimal IPv6 address followed ...

Страница 8: ...dministration Guide Provides basic information about how to configure a FortiGate unit including how to define FortiGate protection profiles and firewall policies how to apply intrusion prevention antivirus protection web content filtering and spam filtering and how to configure a VPN FortiGate online help Provides a context sensitive and searchable version of the Administration Guide in HTML form...

Страница 9: ...ntation FortiManager documentation FortiManager QuickStart Guide Explains how to install the FortiManager Console set up the FortiManager Server and configure basic settings FortiManager System Administration Guide Describes how to use the FortiManager System to manage FortiGate devices FortiManager System online help Provides a searchable version of the Administration Guide in HTML format You can...

Страница 10: ...iew FortiGate and FortiMail log files generate and view log reports and use the FortiLog unit as a NAS server FortiLog online help Provides a searchable version of the Administration Guide in HTML format You can access online help from the web based manager as you work Customer service and technical support For antivirus and attack definition updates firmware updates updated product documentation ...

Страница 11: ...ide 01 28008 0017 20050128 11 When requesting technical support please provide the following information Your name Company name Location Email address Telephone number FortiGate unit serial number FortiGate model FortiGate FortiOS firmware version Detailed description of the problem ...

Страница 12: ...12 01 28008 0017 20050128 Fortinet Inc Customer service and technical support Introduction ...

Страница 13: ... up and powering on a FortiGate Antivirus Firewall unit This section includes Package contents Mounting Turning the FortiGate unit power on and off Connecting to the web based manager Connecting to the command line interface CLI Quick installation using factory defaults Factory default FortiGate configuration settings Planning the FortiGate configuration Next steps ...

Страница 14: ... unit has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate air flow and cooling Dimensions 8 63 x 6 13 x 1 38 in 21 9 x 15 6 x 3 5 cm Weight 1 5 lb 0 68 kg Power requirements DC input voltage 12 V DC input current 3 A PWR STATUS INTERNAL EXTERNAL LINK 100 LINK 100 PWR STATUS A Power LED Status LED External Interface Internal Interface Documentation Ethernet Cables Orange Cro...

Страница 15: ...lways shut down the FortiGate operating system properly before turning off the power switch 1 From the web based manager go to System Maintenance ShutDown select Shut Down and select Apply or from the CLI enter execute shutdown 2 Disconnect the power supply Table 1 FortiGate 50A LED indicators LED State Description Power Green The FortiGate unit is powered on Off The FortiGate unit is powered off ...

Страница 16: ...onnection to the static IP address 192 168 1 2 with a netmask of 255 255 255 0 You can also configure the management computer to obtain an IP address automatically using DHCP The FortiGate DHCP server assigns the management computer an IP address in the range 192 168 1 1 to 192 168 1 254 2 Using the crossover cable or the ethernet hub and cables connect the internal interface of the FortiGate unit...

Страница 17: ... to the communications port of your computer and to the FortiGate Console port 2 Make sure that the FortiGate unit is powered on 3 Start HyperTerminal enter a name for the connection and select OK 4 Configure HyperTerminal to connect directly to the communications port on your computer and select OK 5 Select the following port settings and select OK 6 Press Enter to connect to the FortiGate CLI Th...

Страница 18: ... the DNS server IP addresses added to the FortiGate unit configuration and returns lookup results to the internal network For more information about default DHCP server settings see Factory default DHCP server configuration on page 19 The following procedure describes how to configure your internal network and the FortiGate unit to use the FortiGate default settings 1 Connect the FortiGate unit be...

Страница 19: ...n to operate the FortiGate unit in Transparent mode you can switch to Transparent mode from the factory default configuration and then configure the FortiGate unit onto the network in Transparent mode Once the network configuration is complete you can perform additional configuration tasks such as setting system time configuring virus and attack definition updates and registering the FortiGate uni...

Страница 20: ... Interface Internal Default Gateway 192 168 1 99 IP Range 192 168 1 110 192 168 1 210 Network Mask 255 255 255 0 Lease Duration 7 days DNS Server 1 192 168 1 99 Table 3 Factory default NAT Route mode network configuration Administrator account User name admin Password none Internal interface IP 192 168 1 99 Netmask 255 255 255 0 Administrative Access HTTP HTTPS Ping External interface IP 192 168 1...

Страница 21: ...tings are included in the default firewall configuration to make it easier to add firewall policies The factory default firewall configuration is the same in NAT Route and Transparent mode Table 4 Factory default Transparent mode network configuration Administrator account User name admin Password none Management IP IP 10 10 10 1 Netmask 255 255 255 0 DNS Primary DNS Server 207 194 200 1 Secondary...

Страница 22: ...ses might need strict protection traffic between trusted internal addresses might need moderate protection You can configure firewall policies for different traffic services to use the same or different protection profiles You can add Protection profiles to NAT Route mode and Transparent mode firewall policies The FortiGate unit comes preconfigured with four protection profiles Strict To apply max...

Страница 23: ...uter all its interfaces are on different subnets The following interfaces are available in NAT Route mode External is the interface to the external network usually the Internet Internal is the interface to the internal network Modem is the interface for connecting an external modem to the FortiGate 50A See Configuring the modem interface on page 45 You can add firewall policies to control whether ...

Страница 24: ...rivate network and the external public network usually the Internet Figure 7 Example NAT Route multiple internet connection configuration Transparent mode In Transparent mode the FortiGate unit is invisible to the network Similar to a network bridge all FortiGate interfaces must be on the same subnet You only have to configure a management IP address so that you can make configuration changes The ...

Страница 25: ...uire Ethernet connection between the FortiGate unit and a management computer Internet Explorer version 6 0 or higher on the management computer CLI The FortiGate CLI is a full featured management tool Use it to configure the administrator password the interface addresses the default gateway address and the DNS server addresses To connect to the CLI you require Serial connection between the FortiG...

Страница 26: ...te unit is operating you can proceed to configure it to connect to networks If you are going to operate the FortiGate unit in NAT Route mode go to NAT Route mode installation on page 27 If you are going to operate the FortiGate unit in Transparent mode go to Transparent mode installation on page 37 ...

Страница 27: ...etwork s Configuring the networks Configuring the modem interface Next steps Preparing to configure the FortiGate unit in NAT Route mode Use Table 6 on page 28 to gather the information that you need to customize NAT Route mode settings You can configure the FortiGate unit in several ways the web based manager GUI is a complete interface for configuring most settings See Using the web based manage...

Страница 28: ...an also continue to use the web based manager for all FortiGate unit settings For information about connecting to the web based manager see Connecting to the web based manager on page 16 Configuring basic settings After connecting to the web based manager you can use the following procedures to complete the basic configuration of the FortiGate unit Table 6 NAT Route mode settings Administrator Pas...

Страница 29: ...K 6 Repeat this procedure for each interface To configure DNS server settings 1 Go to System Network DNS 2 Enter the IP address of the primary DNS server 3 Enter the IP address of the secondary DNS server 4 Select OK To add a default route Add a default route to configure where the FortiGate unit sends traffic destined for an external network usually the Internet Adding the default route also defi...

Страница 30: ... you gathered in Table 6 on page 28 to complete the following procedures To add change the administrator password 1 Log in to the CLI 2 Change the admin administrator password Enter config system admin edit admin set password psswrd end To configure interfaces 1 Log in to the CLI 2 Set the IP address and netmask of the internal interface to the internal IP address and netmask that you recorded in ...

Страница 31: ...ce to use PPPoE enter config system interface edit external set mode pppoe set connection enable set username name_str set password psswrd end 4 Use the same syntax to set the IP address of each FortiGate interface as required 5 Confirm that the addresses are correct Enter get system interface The CLI lists the IP address netmask and other settings for each of the FortiGate interfaces To configure...

Страница 32: ...ay 204 23 1 2 set device external end Using the setup wizard From the web based manager you can use the setup wizard to complete the initial configuration of the FortiGate unit For information about connecting to the web based manager see Connecting to the web based manager on page 16 If you are configuring the FortiGate unit to operate in NAT Route mode the default you can use the setup wizard to...

Страница 33: ...Default Gateway _____ _____ _____ _____ DNS IP _____ _____ _____ _____ Your FortiGate firewall contains a DHCP server to automatically set up the addresses of computers on your internal network Internal servers Web Server _____ _____ _____ _____ SMTP Server _____ _____ _____ _____ POP3 Server _____ _____ _____ _____ IMAP Server _____ _____ _____ _____ FTP Server _____ _____ _____ _____ If you prov...

Страница 34: ...Internet Service Provider If you are a DSL or cable subscriber connect the External interface to the internal or LAN connection of your DSL or cable modem Figure 10 FortiGate 50A NAT Route mode connections Note If you change the IP address of the interface you are connecting to you must connect through a web browser again using the new address Browse to https followed by the new IP address of the ...

Страница 35: ... the internal network You should be able to connect to any Internet address Configuring the Modem interface In NAT Route mode you use the modem interface as either a redundant interface or standalone interface to the Internet In redundant mode the modem interface automatically takes over from a selected ethernet interface when that ethernet interface is unavailable In standalone mode the modem int...

Страница 36: ...ser to connect to http support fortinet com and selecting Product Registration To register enter your contact information and the serial numbers of the FortiGate units that you or your organization have purchased You can register multiple FortiGate units in a single session without re entering your contact information To configure virus attack and spam definition updates You can configure the Fort...

Страница 37: ...age 23 This chapter describes Preparing to configure Transparent mode Using the web based manager Using the command line interface Using the setup wizard Connecting the FortiGate unit to your network Next steps Preparing to configure Transparent mode Use Table 9 to gather the information that you need to customize Transparent mode settings You can configure Transparent mode using four methods the ...

Страница 38: ...of the management computer to 10 10 10 2 Connect to the internal interface and browse to https followed by the Transparent mode management IP address The default FortiGate Transparent mode management IP address is 10 10 10 1 To change the Management IP 1 Go to System Network Management 2 Enter the management IP address and netmask that you recorded in Table 9 on page 38 3 Select access methods and...

Страница 39: ...eb based manager by browsing to https 10 10 10 1 If you connect to the management interface through a router make sure that you have added a default gateway for that router to the management IP default gateway field Using the command line interface As an alternative to the web based manager or setup wizard you can begin the initial configuration of the FortiGate unit using the command line interfa...

Страница 40: ...system manageip set ip 10 10 10 2 255 255 255 0 end 3 Confirm that the address is correct Enter get system manageip The CLI lists the management IP address and netmask To configure DNS server settings 1 Set the primary and secondary DNS server IP addresses Enter config system dns set primary address_ip set secondary address_ip end Example config system dns set primary 293 44 75 21 set secondary 29...

Страница 41: ...nagement computer to 10 10 10 2 Connect to the internal interface and browse to https followed by the Transparent mode management IP address The default FortiGate Transparent mode management IP address is 10 10 10 1 To start the setup wizard 1 Select Easy Setup Wizard the middle button in the upper right corner of the web based manager 2 Use the information that you gathered in Table 9 on page 38 ...

Страница 42: ... switch connected to your internal network 2 Connect the External interface to network segment connected to the external firewall or router 3 Connect to the public switch or router provided by your Internet Service Provider Figure 11 FortiGate 50A network connections Next steps You can use the following information to configure FortiGate system time to register the FortiGate unit and to configure ...

Страница 43: ...nize its time with the NTP server 5 Select Apply To register your FortiGate unit After purchasing and installing a new FortiGate unit you can register the unit by going to the System Update Support page or using a web browser to connect to http support fortinet com and selecting Product Registration To register enter your contact information and the serial numbers of the FortiGate units that you o...

Страница 44: ...44 01 28008 0017 20050128 Fortinet Inc Next steps Transparent mode installation ...

Страница 45: ...dem settings Connecting and disconnecting the modem in Standalone mode Defining a Ping Server Adding firewall policies for modem connections Selecting a modem mode An external modem with the FortiGate 50A can work in one of two modes depending on your requirements redundant mode standalone mode Redundant mode configuration The redundant modem interface in redundant mode backs up a selected etherne...

Страница 46: ...tes as the primary connection to the Internet The FortiGate unit routes traffic through the modem interface which remains permanently connected to the dialup account If the connection to the dialup account fails the FortiGate unit automatically redials the modem The modem redials the ISP number based on the amount of times specified by the redial limit or until it connects to a dialup account In s...

Страница 47: ...necting connected disconnecting or hung up Standalone mode only Dial Now Hang Up Standalone mode only Select Dial Now to manually connect to a dialup account If the modem is connected you can select Hang Up to manually disconnect the modem Mode Select Standalone or Redundant mode In Standalone mode the modem is an independent interface In Redundant mode the modem is a backup facility for a selecte...

Страница 48: ...1 60 seconds that the FortiGate unit waits before switching from the modem interface to the primary interface after the primary interface has been restored The default is 1 second Configure a higher value if you find the FortiGate unit switching repeatedly between the primary interface and the modem interface Redial Limit The maximum number of times 1 10 that the FortiGate unit modem attempts to r...

Страница 49: ...an interface and select Edit 3 Set Ping Server to the IP address of the next hop router on the network connected to the interface 4 Select the Enable check box 5 Select OK to save the changes Dead gateway detection The FortiGate unit uses dead gateway detection to ping the Ping Server IP address to make sure that the FortiGate unit can connect to this IP address Modify dead gateway detection to co...

Страница 50: ...u can add one or more addresses to the modem interface For information about adding addresses see the FortiGate Administration Guide When you add addresses the modem interface appears on the policy grid You can configure firewall policies to control the flow of packets between the modem interface and the other interfaces on the FortiGate unit For information about adding firewall policies see the ...

Страница 51: ...irewall policies modem 50 firewall setup wizard 6 28 32 38 41 starting 28 33 38 41 Fortinet customer service 10 H hang up 47 holddown timer 48 HTTPS 6 I internal network configuring 35 IP addresses configuring from the CLI 39 L lease duration DHCP 20 M management IP address transparent mode 40 modem adding firewall policies 50 configuring settings 46 redundant mode 45 standalone mode 45 46 N NAT R...

Страница 52: ... NTP server 36 43 T technical support 10 time zone 36 43 Transparent mode changing to 39 configuring the default gateway 40 management IP address 40 W web based manager 6 connecting to 16 introduction 6 wizard setting up firewall 28 32 38 41 starting 28 33 38 41 ...

Отзывы:

Нет отзывов