manualshive.com logo in svg

Fortinet FortiGate 60, Руководство по установке, Страница: 20 / 62

Поделиться
Скачать
Fortinet FortiGate 60 Скачать руководство пользователя страница 20

20

01-28008-0018-20050128

Fortinet Inc.

Factory default FortiGate configuration settings

Getting started

Factory default NAT/Route mode network configuration

When the FortiGate unit is first powered on, it is running in NAT/Route mode and has 
the basic network configuration listed in 

Table 3 on page 20

. This configuration allows 

you to connect to the FortiGate unit web-based manager and establish the 
configuration required to connect the FortiGate unit to the network. In 

Table 3 on 

page 20

, HTTPS administrative access means you can connect to the web-based 

manager using HTTPS protocol through this interface. Ping administrative access 
means this interface responds to ping requests.

Table 2: FortiGate DHCP Server default configuration

Name

internal_dhcp_server

Interface

Internal

Default Gateway

192.168.1.99

IP Range

192.168.1.110 – 192.168.1.210

Network Mask

255.255.255.0

Lease Duration

7 days

DNS Server 1

192.168.1.99

Table 3: Factory default NAT/Route mode network configuration

Administrator 
account

User name:

admin

Password:

(none)

Internal interface

IP:

192.168.1.99

Netmask:

255.255.255.0

Administrative Access:

HTTP, HTTPS, 

Ping

WAN1 interface

IP:

192.168.100.99

Netmask:

255.255.255.0

Administrative Access:

Ping

WAN2 interface

IP:

192.168.101.99

Netmask:

255.255.255.0

Administrative Access:

Ping

DMZ interface

IP:

10.10.10.1

Netmask:

255.255.255.0

Administrative Access:

HTTPS, Ping

Modem interface

IP:

0.0.0.0

Netmask:

0.0.0.0

Administrative Access:

Содержание FortiGate 60

Страница 1: ...FortiGate 60 Installation Guide INTERNAL DMZ 4 3 2 1 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 WAN1 WAN2 PWR STATUS Version 2 80 MR8 28 January 2005 01 28008 0018 20050128...

Страница 2: ...rior written permission of Fortinet Inc FortiGate 60 Installation Guide Version 2 80 MR8 28 January 2005 01 28008 0018 20050128 Trademarks Products mentioned in this document are trademarks or registe...

Страница 3: ...nd off 15 Connecting to the web based manager 16 Connecting to the command line interface CLI 17 Quick installation using factory defaults 18 Factory default FortiGate configuration settings 19 Factor...

Страница 4: ...Connecting the FortiGate unit to your network 44 Next steps 45 High availability installation 47 Priorities of heartbeat device and monitor priorities 47 Configuring FortiGate units for HA operation...

Страница 5: ...architecture analyzes content and behavior in real time enabling key applications to be deployed right at the network edge where they are most effective at protecting your networks The FortiGate 60 m...

Страница 6: ...esetting the firewall or interrupting service Once you are satisfied with a configuration you can download and save it The saved configuration can be restored at any time Figure 1 FortiGate web based...

Страница 7: ...string that uses the digits 0 9 and letters A F xxx_ipv4 indicates a dotted decimal IPv4 address xxx_v4mask indicates a dotted decimal IPv4 netmask xxx_ipv4mask indicates a dotted decimal IPv4 address...

Страница 8: ...edures connection procedures and basic configuration procedures Choose the guide for your product model number FortiGate Administration Guide Provides basic information about how to configure a FortiG...

Страница 9: ...Related documentation Additional information about Fortinet products is available from the following related documentation FortiManager documentation FortiManager QuickStart Guide Explains how to ins...

Страница 10: ...log files It also describes how to view FortiGate and FortiMail log files generate and view log reports and use the FortiLog unit as a NAS server FortiLog online help Provides a searchable version of...

Страница 11: ...ation on Fortinet telephone support see http support fortinet com When requesting technical support please provide the following information Your name Company name Location Email address Telephone num...

Страница 12: ...12 01 28008 0018 20050128 Fortinet Inc Customer service and technical support Introduction...

Страница 13: ...p and powering on a FortiGate Antivirus Firewall unit This section includes Package contents Mounting Turning the FortiGate unit power on and off Connecting to the web based manager Connecting to the...

Страница 14: ...de to allow for adequate air flow and cooling Dimensions 8 63 x 6 13 x 1 38 in 21 9 x 15 6 x 3 5 cm Weight 1 5 lb 0 68 kg INTERNAL DMZ 4 3 2 1 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LIN...

Страница 15: ...s The Power and Status LEDs are on To power off the FortiGate unit Always shut down the FortiGate operating system properly before turning off the power switch 1 From the web based manager go to Syste...

Страница 16: ...ion to the static IP address 192 168 1 2 with a netmask of 255 255 255 0 You can also configure the management computer to obtain an IP address automatically using DHCP The FortiGate DHCP server assig...

Страница 17: ...the communications port of your computer and to the FortiGate Console port 2 Make sure that the FortiGate unit is powered on 3 Start HyperTerminal enter a name for the connection and select OK 4 Conf...

Страница 18: ...sses added to the FortiGate unit configuration and returns lookup results to the internal network For more information about default DHCP server settings see Factory default DHCP server configuration...

Страница 19: ...to operate the FortiGate unit in Transparent mode you can switch to Transparent mode from the factory default configuration and then configure the FortiGate unit onto the network in Transparent mode O...

Страница 20: ...strative access means this interface responds to ping requests Table 2 FortiGate DHCP Server default configuration Name internal_dhcp_server Interface Internal Default Gateway 192 168 1 99 IP Range 19...

Страница 21: ...for information about adding firewall policies The following firewall configuration settings are included in the default firewall configuration to make it easier to add firewall policies Network Setti...

Страница 22: ...c between trusted internal addresses might need moderate protection You can configure firewall policies for different traffic services to use the same or different protection profiles Protection profi...

Страница 23: ...ute mode In NAT Route mode the FortiGate unit is visible to the network Like a router all its interfaces are on different subnets The following interfaces are available in NAT Route mode Internal is t...

Страница 24: ...ition to the internal private network you could create route mode firewall policies for traffic flowing between them Figure 6 Example NAT Route mode network configuration NAT Route mode with multiple...

Страница 25: ...ehind an existing firewall or behind a router The FortiGate unit performs firewall functions IPSec VPN virus scanning IPS web content filtering and Spam filtering Figure 8 Example Transparent mode net...

Страница 26: ...Explorer version 6 0 or higher on the management computer CLI The FortiGate CLI is a full featured management tool Use it to configure the administrator password the interface addresses the default g...

Страница 27: ...g the setup wizard Connecting the FortiGate unit to the network s Configuring the networks Configuring the modem interface Next steps Preparing to configure the FortiGate unit in NAT Route mode Use Ta...

Страница 28: ...FortiGate unit You can also continue to use the web based manager for all FortiGate unit settings For information about connecting to the web based manager see Connecting to the web based manager on...

Страница 29: ...nd any other required settings For information about how to configure these and other interface settings see the FortiGate online help or the FortiGate Administration Guide 5 Select OK 6 Repeat this p...

Страница 30: ...g the command line interface CLI For information about connecting to the CLI see Connecting to the command line interface CLI on page 17 Configuring the FortiGate unit to operate in NAT Route mode Use...

Страница 31: ...static set ip address_ip netmask end Example config system interface edit wan1 set mode static set ip 204 23 1 5 255 255 255 0 end To set the WAN1 interface to use DHCP enter config system interface...

Страница 32: ...is connected to an external network The default route is not required if the interface connected to the external network is configured using DHCP or PPPoE Set the default route to the Default Gateway...

Страница 33: ...ttings Table 8 Setup wizard settings Password Prepare an administrator password Internal Interface Use the information you gathered in Table 6 on page 28 External Interface Use the information you gat...

Страница 34: ...r connecting to a second public switch or router and the Internet for a redundant Internet connection Antivirus High Create a protection profile that enables virus scanning file blocking and blocking...

Страница 35: ...ternal or LAN connection of your DSL or cable modem 3 Optionally connect the WAN2 interface to the Internet Connect to the public switch or router usually provided by a different Internet Service Prov...

Страница 36: ...ate unit is functioning properly by connecting to the Internet from a computer on the internal network You should be able to connect to any Internet address Configuring the Modem interface In NAT Rout...

Страница 37: ...Config Time 2 Select Synchronize with NTP Server to configure the FortiGate unit to use NTP to automatically set the system time and date 3 Enter the IP address or domain name of the NTP server that t...

Страница 38: ...work such as the Internet to which a connection to the FDN can be established If FortiProtect Distribution Network changes to Available then the FortiGate unit can connect to the FDN 3 Select Schedule...

Страница 39: ...nt mode see Planning the FortiGate configuration on page 23 This chapter describes Preparing to configure Transparent mode Using the web based manager Using the command line interface Using the setup...

Страница 40: ...e management computer to 10 10 10 2 Connect to the internal or DMZ interface and browse to https followed by the Transparent mode management IP address The default FortiGate Transparent mode managemen...

Страница 41: ...b based manager by browsing to https 10 10 10 1 If you connect to the management interface through a router make sure that you have added a default gateway for that router to the management IP default...

Страница 42: ...ystem manageip set ip 10 10 10 2 255 255 255 0 end 3 Confirm that the address is correct Enter get system manageip The CLI lists the management IP address and netmask To configure DNS server settings...

Страница 43: ...ent computer to 10 10 10 2 Connect to the internal or DMZ interface and browse to https followed by the Transparent mode management IP address The default FortiGate Transparent mode management IP addr...

Страница 44: ...onnect the Internal interface connectors to PCs and other network devices in your internal network The Internal interface functions as a switch allowing up to four devices to be connected to the inter...

Страница 45: ...tem date and time 6 Set the hour minute second month day and year as required 7 Select Apply To use NTP to set the FortiGate date and time 1 Go to System Config Time 2 Select Synchronize with NTP Serv...

Страница 46: ...e FDN the FortiGate unit default route must point to a network such as the Internet to which a connection to the FDN can be established If FortiProtect Distribution Network changes to Available then t...

Страница 47: ...steps for changing the priorities of heartbeat devices or for configuring monitor priorities settings Both of these HA settings should be configured after the cluster is up and running Configuring For...

Страница 48: ...in the cluster get the same virtual MAC address This virtual MAC address is set according to the group ID Group ID MAC Address 0 00 09 0f 06 ff 00 1 00 09 0f 06 ff 01 2 00 09 0f 06 ff 02 3 00 09 0f 06...

Страница 49: ...ches select Least connection to distribute traffic to the cluster unit with the fewest concurrent connections Round Robin Round robin load balancing If the FortiGate units are connected using switches...

Страница 50: ...ce all of the units are configured continue with Connecting the cluster to your networks on page 51 11 If you are configuring a Transparent mode cluster reconnect to the web based manager You may have...

Страница 51: ...he FortiGate units in the cluster Once all of the units are configured continue with Connecting the cluster to your networks on page 51 3 If you are configuring a Transparent mode cluster switch the F...

Страница 52: ...ach FortiGate unit to a switch or hub connected to your internal network Connect the WAN1 interfaces of each FortiGate unit to a switch or hub connected to your external network Connect the DMZ interf...

Страница 53: ...the FortiGate units in the cluster are synchronized so that the FortiGate units can function as a cluster Because of this synchronization you configure and manage the HA cluster instead of managing th...

Страница 54: ...54 01 28008 0018 20050128 Fortinet Inc Installing and configuring the cluster High availability installation...

Страница 55: ...ngs Connecting and disconnecting the modem in Standalone mode Defining a Ping Server Adding firewall policies for modem connections Selecting a modem mode The external modem when connected to the Fort...

Страница 56: ...account The modem interface operates as the primary connection to the Internet The FortiGate unit routes traffic through the modem interface which remains permanently connected to the dialup account...

Страница 57: ...FortiGate interface that the modem is redundant for Figure 13 Modem settings Standalone and Redundant Enable Modem or Enable USB Modem Select to enable the FortiGate modem Depending on the model the m...

Страница 58: ...ut Standalone mode only Enter the timeout duration in minutes After this period of inactivity the modem disconnects Holddown Timer Redundant mode only Enter the time 1 60 seconds that the FortiGate un...

Страница 59: ...interface To add a ping server to an interface 1 Go to System Network Interface 2 Choose an interface and select Edit 3 Set Ping Server to the IP address of the next hop router on the network connecte...

Страница 60: ...or modem connections The modem interface requires firewall addresses and policies You can add one or more addresses to the modem interface For information about adding addresses see the FortiGate Admi...

Страница 61: ...vironmental specifications 15 F firewall policies modem 60 firewall setup wizard 6 28 32 40 43 starting 29 34 40 43 Fortinet customer service 10 H HA configuring FortiGate units for HA operation 47 co...

Страница 62: ...onfiguring 56 modem 55 56 starting IP DHCP 20 synchronize with NTP server 37 45 T technical support 10 time zone 37 45 Transparent mode changing to 41 configuring the default gateway 42 management IP...

Отзывы:

Нет отзывов