background image

New features and changes 

Router

Upgrade Guide for FortiOS v3.0 
01-30000-0317-20060424

21

• an administration account with access profile that provides read and write 

access to 

• only the admin administrator account can configure a VDOM unless you create 

and assign a regular administrator to that VDOM

Router

The Router menu consists of the following menus: 

Static

Dynamic

Monitor

Static 

The Static menu has two tabs, Policy Route and Static Route. The Policy Route 
tab was previously a menu in the Router menu. 

Dynamic 

The Dynamic menu is new and includes four tabs to configure Routing Information 
Protocol (RIP), Open Shortest Path First (OSPF), Border Gateway Protocol 
(BGP), and Multicast protocols. 

Dynamic routing protocols enable the FortiGate unit to automatically share 
information about routes with neighboring routers, including learning about routers 
and networks advertised by neighboring routers. 

• RIP protocol is a distance-vector routing protocol for small networks, or similar 

networks. 

• OSPF is slightly different, and is a link-state routing protocol, most often used 

in large networks to share networking information among the routers in the 
same autonomous system. 

• BGP is an Internet routing protocol, typically used by ISPs to exchange routing 

information between different ISP networks. For example, a BGP enables the 
sharing of network paths between the ISP network and an autonomous system 
that uses RIP and/or OSPF to route packets within the autonomous system.

• Multicast enables the FortiGate unit to operate as a Protocol Independent 

Multicast (PIM) version 2 router in the root virtual domain. The PIM routers 
throughout the network ensure only one copy of the packet is forwarded until it 
reaches an end-point destination and at this destination copies of the packet 
are made only when required to deliver the information to multicast client 
applications requesting traffic destined for the multicast address. 

Note: 

The following are now in the CLI: 

Distribution list 

Offset list

Pre-fix list 

Route-Map

Key-chain

Access list

Содержание FortiOS 3.0

Страница 1: ...www fortinet com Upgrade Guide for FortiOS 3 0 U P G R A D E G U I D E...

Страница 2: ...hreat Prevention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard FortiGuard Antispam FortiGuard Antivirus FortiGuard In...

Страница 3: ...upport 9 Upgrade Notes 11 Backing up configuration files 11 Setup Wizard 11 FortiLog name change 11 LCD display changes 11 Web based manager changes 12 Changes to the web based manager 13 Command Line...

Страница 4: ...nt Block 26 URL Filter 26 FortiGuard Web Filter 26 AntiSpam formerly Spam Filter 27 Banned word 28 Black White list 28 IM P2P new 28 Statistics 29 User 29 Log Report 29 Log Config 29 Log Access 30 Rep...

Страница 5: ...36 Reverting to FortiOS v2 80MR11 37 Backing up your FortiOS 3 0 configuration 37 Backing up to a FortiUSB key 37 Downgrading to FortiOS v2 80MR11 using web based manager 38 Verifying the downgrade 38...

Страница 6: ...Upgrade Guide for FortiOS v3 0 6 01 30000 0317 20060424 Contents...

Страница 7: ...ing chapters Upgrade Notes Provides information on changes and new features for FortiOS 3 0 New features and changes Provides information on what has changed from FortiOS v2 80MR11 Upgrading to FortiO...

Страница 8: ...Guide Provides basic information about how to configure a FortiGate unit including how to define FortiGate protection profiles and firewall policies how to apply intrusion prevention antivirus protect...

Страница 9: ...r Guide Explains how to configure a PPTP VPN using the web based manager FortiGate Certificate Management User Guide Contains procedures for managing digital certificates including generating certific...

Страница 10: ...Upgrade Guide for FortiOS v3 0 10 01 30000 0317 20060424 Customer service and technical support Introduction...

Страница 11: ...FortiLog name change LCD display changes Web based manager changes Web based manager changes Command Line Interface changes USB support Other Backing up configuration files You now have the option to...

Страница 12: ...w categorized and additional features added to better monitor your FortiGate unit Figure 3 System Dashboard of a FortiGate 60 Menu Fortigat NAT Standalone Menu Fortigat Transparent Standalone System I...

Страница 13: ...formation Also some FortiOS 2 80MR11 web based manager features have been moved to the CLI See the New features and changes on page 17 for information on these changes Firmware Version The current fir...

Страница 14: ...be aware of not included in the above sections or in New features and changes on page 17 Antivirus scanning blocking and quarantine is available for instant messaging file transfers with AIM MSN Yaho...

Страница 15: ...d forward You need to manually configure these settings after upgrading Lists from FortiOS 2 80MR11 cannot be restored in FortiOS 3 0 Make sure to document these lists before upgrading If you upgrade...

Страница 16: ...Upgrade Guide for FortiOS v3 0 16 01 30000 0317 20060424 Other Upgrade Notes...

Страница 17: ...e following documents to familiarize yourself the new features and changes FortiGate Administration Guide FortiGate CLI Reference The following topics are included in this section System Firewall VPN...

Страница 18: ...ed manager changes on page 12 for more information on the System Dashboard Sessions The Sessions information is now located in System Status Statistics Network The Network tab appears in the System me...

Страница 19: ...options available for backing up and restoring configuration files From this tab you can backup or restore a configuration file and select to encrypt the configuration file You also select your Local...

Страница 20: ...u enable this option you must log back into the web based manager to configure VDOM settings Both the web based manager and CLI change as follows to reflect VDOM Global and per VDOM configurations are...

Страница 21: ...distance vector routing protocol for small networks or similar networks OSPF is slightly different and is a link state routing protocol most often used in large networks to share networking informati...

Страница 22: ...nal options Protection Profile and Log Allowed Traffic When you select Traffic Shaping you can then select guaranteed bandwidth maximum bandwidth and the traffic priority Address The Address menu now...

Страница 23: ...enable this protocol through the CLI in the VPN chapter See the FortiGate CLI Reference for more information on SSL Also you can enable the use of digital certificates for authenticating remote client...

Страница 24: ...enables you to configure your FortiGate unit on a Windows Active Directory AD network so it can transparently authenticate the user without asking for their username and password From the Windows AD...

Страница 25: ...nd you can configure file and email size limits including grayware blocking Config The Config menu includes the Virus List and Grayware tabs The Config tab is now located in the CLI under Antivirus Se...

Страница 26: ...of the following menus It is now located under Intrusion Protection Content Block URL Filter FortiGuard Web Filter Content Block The Content Block menu has a new tab called Web Content Exempt URL Fil...

Страница 27: ...additional features for FortiGate 800 units and above In the Banned word list you can create new antispam banned word list view antispam banned word catalog You can also configure the following for th...

Страница 28: ...ender to the IP address in sequence when doing an IP address list check If the FortiGate unit finds a match the action associated with the IP address is taken If there is no match then the message pas...

Страница 29: ...a new menu Report Log Report consists of the following menus Log Config Log Access Report Log Config The Log Config menu has a new tab Event Log The Event Log tab enables you to choose the events you...

Страница 30: ...choose from over a thousand of FortiAnalyzer reports to display logs Also you can customize a default report for your FortiGate unit You can also select what you want included in your report from News...

Страница 31: ...oad and install to your SNMP management system SNMP traps and variables that used hyphens for example xxx yyy have dropped the hyphen and capitalized the second term xxxYyy The v3 0 MIB file also has...

Страница 32: ...e fnHaSchedule fnHaGroupID fnHaGroupID fnHaPriority No longer available fnHaOverride No longer available fnHaAutoSync No longer available Options fnOptAuthTimeout New fnOptionLanguage New fnOptLcdProt...

Страница 33: ...r configuration file s for FortiOS v2 80MR11 in either the web based manager or the CLI Backing up your configuration using the web based manager Use the following procedure to backup your current con...

Страница 34: ...rmware images such as FortiOS 2 80MR11 and FortiOS 3 0 for downgrading upgrading purposes Use the Fortinet Knowlege Center article 2 80MR11 to 3 0MR1 upgrade downgrade dual boot to configure a dual bo...

Страница 35: ...is running 2 Copy the new firmware image file to the root directory of the TFTP server 3 Log into the CLI 4 Make sure the FortiGate unit can connect to the TFTP server You can use the following comma...

Страница 36: ...ettings have been carried forward For example if you go to System Network Options you can see your DNS settings carried forward from your FortiOS v2 80MR11 configuration settings Even though your conf...

Страница 37: ...following procedure to backup your configuration onto your PC To backup your configuration to your PC 1 Go to System Maintenance Backup Restore 2 Select Local PC from Backup Configuration to list If...

Страница 38: ...ersion 2 Select Update 3 Type the location of the firmware version or select Browse 4 Select OK The following message appears The new image does not support CC mode Do you want to continue to upgrade...

Страница 39: ...of the firmware image file and tftp_ipv4 is the IP address of the TFTP server For example if the firmware image file name is image out and the IP address of the TFTP server er is 192 168 1 168 enter e...

Страница 40: ...assword for the configuration file 5 Type the location of the file or select Browse to locate the file 6 Select OK The FortiGate unit restores the configuration settings for FortiOS v2 80MR11 This may...

Страница 41: ...IP address of the TFTP server is 192 168 1 168 and the password is ghrffdt123 execute restore allconfig confall 192 168 1 168 ghrffdt123 The FortiGate unit responds with the message This operation wil...

Страница 42: ...Update Guide for FortiOS v3 0 42 01 30000 0317 20060424 Restoring your configuration Reverting to FortiOS v2 80MR11...

Страница 43: ...Center system menu 20 FortiLog name change 11 Fortinet customer service 9 documentation 8 Knowledge Center 9 I IM P2P menu statistics menu 29 user 29 intrusion protection protocol anomaly menu 26 sign...

Страница 44: ...11 USB support 14 web based manager 12 web based manager changes 13 upgrading 3 0 using the CLI 35 3 0 using web based manager 34 config using CLI 34 FortiGate unit to 3 0 34 using the web based mana...

Страница 45: ...www fortinet com...

Страница 46: ...www fortinet com...

Отзывы: