Fortinet FortiWiFi FortiWiFi-50B Скачать руководство пользователя | Manualshive

Страница: 27 / 68

background image

Configuring

Configuring Transparent mode

FortiWiFi-50B FortiOS 3.0 MR6 Install Guide
01-30006-0445-20080131

25

To add an outgoing traffic firewall policy

1

Go to

Firewall > Policy

.

2

Select Create New.

3

Set the following and select OK.

To add an incoming traffic firewall policy

1

Go to

Firewall > Policy

.

2

Select Create New.

3

Set the following and select OK.

Firewall policy configuration is the same in NAT/Route mode and Transparent
mode.

Note that these policies allow all traffic through. No protection profiles have been
applied. Ensure you create additional firewall policies to accommodate your
network requirements.

Using the CLI

After connecting to the CLI, you can use the following procedures to complete the
basic configuration of the FortiWiFi unit. Ensure you read the section

“Connecting

to the CLI” on page 17

before beginning.

Switching to Transparent mode

The FortiWiFi unit comes preset to NAT mode. You need to switch to Transparent
mode.

To switch to Transparent mode

config system settings

set opmode transparent
set manageip <address_ip> <netmask>
set gateway <address_gateway>

end

Source Interface

Select the port connected to the network.

Source Address

All

Destination Interface

Select the port connected to the Internet.

Destination Address

All

Schedule

always

Service

Any

Action

Accept

Source Interface

Select the port connected to the Internet.

Source Address

All

Destination Interface

Select the port connected to the network.

Destination Address

All

Schedule

always

Service

Any

Action

Accept

«
...
25
26
27
28
29
...
»

Содержание FortiWiFi FortiWiFi-50B

Страница 1: ...www fortinet com FortiWiFi 50B FortiOS 3 0 MR6 I N S T A L L G U I D E ...

Страница 2: ...revention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion FortiGuard Web FortiLog FortiAnalyzer FortiManager FortiOS FortiPartner FortiProtect FortiReporter FortiResponse FortiShield and FortiVoIP are trademarks of Fortinet Inc in the United States and or other countr...

Страница 3: ...ions and warnings 10 Grounding 10 Rack mount instructions 10 Mounting 10 Setting up a wireless network 11 Radio Frequency interface 12 Using multiple access points 12 Plugging in the FortiWiFi 13 Connecting to the network 13 Turning off the FortiWiFi unit 13 Configuring 15 NAT vs Transparent mode 15 NAT mode 15 Transparent mode 16 Connecting to the FortiWiFi unit 16 Connecting to the web based man...

Страница 4: ...fy the configuration 27 Backing up the configuration 27 Restoring a configuration 28 Additional configuration 28 Set the time and date 28 Set the Administrator password 28 Configure FortiGuard 29 Updating antivirus and IPS signatures 29 Advanced configuration 31 Protection profiles 31 Firewall policies 32 Configuring firewall policies 33 Antivirus options 33 AntiSpam options 34 Web filtering 35 Lo...

Страница 5: ...ver 47 Setting up the FortiWiFi unit as a client 47 Change to Client mode 47 Configure the wireless settings 48 Configure the address and default gateway 48 Set the default gateway 48 Configure the firewall policies 48 FortiWiFi Firmware 51 Downloading firmware 51 Using the web based manager 51 Upgrading the firmware 51 Reverting to a previous version 52 Backup and Restore from a USB key 53 Using ...

Страница 6: ...FortiWiFi 50B FortiOS 3 0 MR6 Install Guide 4 01 30006 0445 20080131 Contents ...

Страница 7: ...t Management System uses Fortinet s Dynamic Threat Prevention System DTPS technology which leverages breakthroughs in chip design networking security and content analysis The unique ASIC based architecture analyzes content and behavior in real time enabling key applications to be deployed right at the network edge where they are most effective at protecting your networks Register your FortiWiFi un...

Страница 8: ...lso includes how to install and upgrade new firmware versions on your FortiWiFi unit This document contains the following chapters Installing Describes setting up and powering on a FortiWiFi unit Configuring Provides an overview of the operating modes of the FortiWiFi unit and how to integrate the FortiWiFi unit into your network Advanced configuration Describes additional configuration you can pe...

Страница 9: ...and spam filtering and how to configure a VPN FortiWiFi online help Provides a context sensitive and searchable version of the Administration Guide in HTML format You can access online help from the web based manager as you work FortiGate CLI Reference Describes how to use the FortiWiFi CLI and contains a reference to all FortiWiFi CLI commands Note Highlights useful additional information Caution...

Страница 10: ...uide Explains how to configure a PPTP VPN using the web based manager FortiGate Certificate Management User Guide Contains procedures for managing digital certificates including generating certificate requests installing signed certificates importing CA root certificates and certificate revocation lists and backing up and restoring installed certificates and private keys FortiGate VLANs and VDOMs ...

Страница 11: ...re that the appliance has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate air flow and cooling This device complies with part FCC Class A Part 15 UL CUL C Tick CE and VCCI Operation is subject to the following two conditions This device may not cause harmful interference and This device must accept any interference received including interference that may cause undesired op...

Страница 12: ...the rack environment may be greater than room ambient Therefore consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature Tma specified by the manufacturer Reduced Air Flow Installation of the equipment in a rack should be such that the amount of air flow required for safe operation of the equipment is not compromised Mechanical Loa...

Страница 13: ...ng the FortiWiFi on the nails or screws from the brackets Setting up a wireless network When placing the FortiWiFi access point AP your main concern is providing a strong signal to all users A strong signal ensures a fast connection and the efficient transfer of data A weaker signal means a greater chance of data transmission errors and the need to re send information slowing down data transfer Co...

Страница 14: ...wireless devices at least 10 feet away from appliances such as microwave ovens and cordless phones If you must have a cordless phone select one that does not use the 2 4GHz frequency range for b g or 5GHZ frequency range for wireless a Consider more FortiWiFi APs to help strengthen the signal The weaker the signal the slower the transmission will be as it tries to compete against other wireless de...

Страница 15: ...he back of the FortiGate unit 2 Connect the AC adapter to the power cable 3 Connect the power cable to a power outlet The FortiGate unit starts and the Power and Status LEDs light up The Status LEDs flash while the FortiGate unit starts up and remain lit when the system is running Connecting to the network Using the supplied Ethernet cable connect one end of the cable to your router or modem whate...

Страница 16: ...FortiWiFi 50B FortiOS 3 0 MR6 Install Guide 14 01 30006 0445 20080131 Turning off the FortiWiFi unit Installing ...

Страница 17: ...mode and Transparent mode Both include the same robust network security features such as antispam antivirus VPN and firewall policies NAT mode In NAT Route mode the FortiWiFi unit is visible to the network Like a router all its interfaces are on different subnets In NAT mode each port is on a different subnet enabling you to have a single IP address available to the public Internet The FortiWiFi u...

Страница 18: ... using the web based manger a GUI interface using a current web browser such as FireFox or Internet Explorer using the command line interface CLI a command line interface similar to DOS or UNIX commands using an SSH terminal or Telnet terminal Connecting to the web based manager To connect to the web based manager you require a computer with an Ethernet connection Microsoft Internet Explorer versi...

Страница 19: ...he FortiWiFi unit redirects the connection This is an informational message Select OK to continue logging in 4 Type admin in the Name field and select Login Connecting to the CLI To connect to the FortiGate CLI you require a computer with an available communications port a serial cable either a RJ 45 to DB 9 or null modem cable whichever was included in your FortiGate package terminal emulation so...

Страница 20: ... gateway retrieved from the DHCP server The administrative distance specifies the relative priority of a route when there are multiple routes to the same destination A lower administrative distance indicates a more preferred route Retrieve default gateway from server Enable to retrieve a default gateway IP address from the DHCP server The default gateway is added to the static routing table Overri...

Страница 21: ...route is called the static default route If no other routes are present in the routing table and a packet needs to be forwarded beyond the FortiWiFi unit the factory configured static default route causes the FortiWiFi unit to forward the packet to the default gateway Initial PADT Timeout Initial PPPoE Active Discovery Terminate PADT timeout in seconds Use this timeout to shut down the PPPoE sessi...

Страница 22: ...rtiWiFi interfaces Firewall policies define how the FortiWiFi unit processes the packets in a communication session You can configure the firewall policies to allow only specific traffic users and specific times when traffic is allowed For the initial installation a single firewall policy that enables all traffic through will enable you to verify your configuration is working On lower end units su...

Страница 23: ...Connecting to the CLI on page 17 before beginning Configure the interfaces When shipped the FortiWiFi unit has a default address of 192 168 1 99 and a netmask of 255 255 255 0 for either the Port 1 or Internal interface You need to configure this and other ports for use on your network To set an interface to use a static address config system interface edit interface_name set mode static set ip ad...

Страница 24: ...the autosvr to enable you do not have to configure the primary or secondary DNS server IP addresses Adding a default route and gateway A route provides the FortiWiFi unit with the information it needs to forward a packet to a particular destination A static route causes packets to be forwarded to a destination other than the default gateway You define static routes manually Static routes control t...

Страница 25: ... verify your configuration is working On lower end units such a default firewall policy is already in place For the higher end FortiWiFi units you will need to add a firewall policy The following steps add two policies that allows all traffic through the FortiWiFi unit to enable you to continue testing the configuration on the network To add an outgoing traffic firewall policy config firewall prof...

Страница 26: ...hone book for the Internet A DNS server matches domain names with the computer IP address This enables you to use readable locations such as fortinet com when browsing the Internet DNS server IP addresses are typically provided by your internet service provider To configure DNS server settings 1 Go to System Network Options 2 Enter the IP address of the primary DNS server 3 Enter the IP address of...

Страница 27: ... the CLI you can use the following procedures to complete the basic configuration of the FortiWiFi unit Ensure you read the section Connecting to the CLI on page 17 before beginning Switching to Transparent mode The FortiWiFi unit comes preset to NAT mode You need to switch to Transparent mode To switch to Transparent mode config system settings set opmode transparent set manageip address_ip netma...

Страница 28: ...i unit process the packets in a communication session You can configure the firewall policies to allow only specific traffic users and specific times when traffic is allowed For the initial installation a single firewall policy that enables all traffic through will enable you to verify your configuration is working On lower end units such a default firewall policy is already in place For the highe...

Страница 29: ...backing up the configuration you ensure that if you need to reset the FortiWiFi unit for whatever reason you will be able to quickly return it to operation with minimal effort To back up the FortiWiFi configuration 1 Go to System Maintenance Backup Restore 2 Select to back up to your PC or to a USB key The USB Disk option will be grayed out if the FortiWiFi unit supports USB disks but none are con...

Страница 30: ...e not mandatory they will help in ensuring better control with the firewall Set the time and date For effective scheduling and logging the FortiGate system date and time must be accurate You can either manually set the system date and time or configure the FortiWiFi unit to automatically keep its time correct by synchronizing with a Network Time Protocol NTP server To set the date and time 1 Go to...

Страница 31: ...red your FortiWiFi unit you can update antivirus and IPS signatures The FortiGuard Center enables you to receive push updates allow push update to a specific IP address and schedule updates for daily weekly or hourly intervals To update antivirus definitions and IPS signatures 1 Go to System Maintenance FortiGuard 2 Select the blue arrow for AntiVirus and IPS Options to expand the options 3 Select...

Страница 32: ...FortiWiFi 50B FortiOS 3 0 MR6 Install Guide 30 01 30006 0445 20080131 Additional configuration Configuring ...

Страница 33: ... spam filtering content archiving instant messaging filtering and access control P2P access and bandwidth control logging options for policies and configurations within the policies rate limiting for VoIP protocols Using protection profiles you can customize types and levels of protection for different firewall policies For example while traffic between internal and external addresses might need s...

Страница 34: ...e firewall action for the connection The action can be to allow the connection deny the connection require authentication before the connection is allowed or process the packet as an IPSec VPN connection You can configure each firewall policy to route connections or apply network address translation NAT to translate source and destination IP addresses and ports You also add protection profiles to ...

Страница 35: ...you can apply FortiWiFi features such as virus scanning and authentication to the communication session accepted by the policy Add DENY policies to deny communication sessions Add IPSec encryption policies to enable IPSec tunnel mode VPN traffic and SSL VPN encryption policies to enable SSL VPN traffic Firewall encryption policies determine which types of IP traffic will be permitted during an IPS...

Страница 36: ... AntiVirus Config Grayware Antivirus settings are turned on in the protection profile In the protection profile you can enable antivirus options for specific services and which services will use the file patterns as a part of the antivirus process To configure antivirus protection profile settings go to Firewall Protection Profile Select edit for a profile and select the Anti Virus options For det...

Страница 37: ...s the email address of the message s sender to the email address list in sequence If a match is found the action associated with the email address is taken If no match is found the message is passed to the next enabled antispam filter To configure black white lists go to AntiSpam Black White List You enable antispam options for each mail service POP3 IMAP and SMTP in the protection profile To conf...

Страница 38: ... You need to have a FortiGuard subscription to take advantage of FortiGuard web filtering The FortiWiFi unit also enables you to override the FortiGuard filtering designation and you can add your own To customize your FortiGuard web filtering go to Web Filter FortiGuard Web Filter For details and configuration options for the web filtering features and settings see the FortiGate Administration Gui...

Страница 39: ...ireless network FortiWiFi operation modes Wireless Security Setting up the FortiWiFi unit as an access point Setting up the FortiWiFi unit as a client Setting up a wireless network In its simplest form a wireless network is an access point communicating with one wireless device An access point is a device that provides a communications hub for a wireless network The access point and the wireless d...

Страница 40: ...z Radio frequency RF interference occurs when other devices send RF signals during their normal operation that use the same frequency as the FortiWiFi unit Wireless devices such as cordless phones microwave ovens and Bluetooth devices can potentially interfere with packet transmissions on a wireless network To avoid RF interference Remove these devices from the immediate area where users are worki...

Страница 41: ... multiple access points set each FortiWiFi unit to a different channel to avoid interference in areas where signals from both FortiWiFi units can be received FortiWiFi operation modes The FortiWiFi unit has two modes Access Point and Client You can only change the wireless mode when the FortiWiFi unit is in NAT Route mode Access point mode When using the FortiWiFi unit in access point mode the dev...

Страница 42: ... does not have a wired infrastructure For example in a warehouse where shipping and receiving are on opposite sides of the building running cables is not an option due to the warehouse environment The FortiWiFi unit can support wired users using its Ethernet ports and can connect to another access point wirelessly as a Client This connects the wired users to the network using the 802 11 wireless s...

Страница 43: ...rmation from being intercepted by unwanted sources These are Wireless Equivalent Privacy WEP and WiFi Protected Access WPA WPA2 encryption Wireless encryption is only used between the wireless device and the access point The access point decrypts the data before sending it along the wired network The FortiWiFi unit supports both encryption methods Wireless Equivalent Privacy WEP WEP security uses ...

Страница 44: ...e key being used In a network setup where a RADIUS server is not a viable option WPA also provides authentication with preshared keys using Temporal Key Integrity Protocol TKIP Using TKIP the encryption key is continuously re keyed while the user is connected to the wireless network This creates a unique key on every data packet To further ensure data integrity a Message Integrity Code MIC also kn...

Страница 45: ...ttings 2 Select the WLAN interface 3 Clear SSID Broadcast and select OK Setting up the FortiWiFi unit as an access point This section describes how to configure the FortiWiFi unit as an access point to allow network access for wireless workstations It also describes how to configure firewall policies and wireless security features to provide a secure wireless environment For initial setup use a de...

Страница 46: ...t a MAC address will use an IP address before it is released to the address pool If you have a large number of users connecting you will want to use a shorter lease time Advanced Use only to specify several DNS servers including WIN servers for the interface Note The IP range must match the subnet address of the network where the DHCP request was received Usually this would be the subnet connected...

Страница 47: ...ddresses and select to Allow or Deny them from the wireless network 8 Select OK Address Mode Enter a static IP and netmask for the interface DHCP and PPPoE are not available on a wireless interface Administrative Access Select the methods that administrators can connect to administer the FortiWiFi unit using the wireless interface Administrative Status Ensure this is set to Up Otherwise no traffic...

Страница 48: ...inistration Guide To create and outgoing firewall policy 1 Go to Firewall Policy 2 Select the blue arrow for WLAN to WAN1 3 Select Create New Configure the following settings and select OK Next create an incoming firewall policy that allows traffic from the Internet through to the wireless network port so wireless users can receive data from the Internet To create and incoming firewall policy 4 Go...

Страница 49: ...reless client As a client the FortiWiFi connects to another access point to connect to the Internet All other ports on the FortiWiFi are used to connect a remote network In simple terms it is a wireless client like a user with a laptop This type of setup enables a more remote area of a building which for logistical reasons cannot be wired to the main network For this setup to work you need to have...

Страница 50: ...y is the next hop for data packets leaving the FortiWiFi unit You need to add the default gateway to ensure traffic will get out to the Internet In this case it is the wireless WLAN port of the access point If you configured the WLAN port for DHCP you can configure the default gateway automatically For details on configuring the gateway see Adding a default route and gateway on page 19 Configure t...

Страница 51: ...lue arrow for Internal to WLAN 6 Select Create New Configure the following settings and select OK Interface Zone Source WLAN Interface Zone Destination Internal Address Name Source All Address Name Destination All Schedule Always Service ANY Action ACCEPT NAT Enable Protection Profile This setting is optional depending on the scanning or access point hardware you are using Interface Zone Source In...

Страница 52: ...FortiWiFi 50B FortiOS 3 0 MR6 Install Guide 50 01 30006 0445 20080131 Setting up the FortiWiFi unit as a client Using a wireless network ...

Страница 53: ...stem reboot using the CLI Testing new firmware before installing Downloading firmware Firmware images for all FortiWiFi units is available on the Fortinet Customer Support web site You must register your FortiWiFi unit to access firmware images Register the FortiWiFi unit by visiting http support fortinet com and select Product Registration To download firmware 1 Log into the site using your user ...

Страница 54: ...e able to restore the previous configuration from the backup configuration file To revert to a previous firmware version 1 Copy the firmware image file to the management computer 2 Log into the FortiWiFi web based manager 3 Go to System Status 4 Under System Information Firmware Version select Update 5 Type the path and filename of the firmware image file or select Browse and locate the file 6 Sel...

Страница 55: ...our system settings before shutting down or rebooting your FortiWiFi unit To configure the USB Auto Install 1 Go to System Maintenance Backup and Restore 2 Select the blue arrow to expand the Advanced options 3 Select the following On system restart automatically update FortiGate configuration file if default file name is available on the USB disk On system restart automatically update FortiGate f...

Страница 56: ...e FortiWiFi unit can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the IP address of the TFTP server is 192 168 1 168 execute ping 192 168 1 168 5 Enter the following command to copy the firmware image from the TFTP server to the FortiWiFi unit execute restore image name_str tftp_ip4 Where name_str is the name of the firmwa...

Страница 57: ...e sure the FortiWiFi unit can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the TFTP server s IP address is 192 168 1 168 execute ping 192 168 1 168 5 Enter the following command to copy the firmware image from the TFTP server to the FortiWiFi unit execute restore image name_str tftp_ipv4 Where name_str is the name of the f...

Страница 58: ... To use this procedure you must connect to the CLI using the FortiWiFi console port and a RJ 45 to DB 9 or null modem cable This procedure reverts the FortiWiFi unit to its factory default configuration For this procedure you install a TFTP server that you can connect to from the FortiWiFi internal interface The TFTP server should be on the same subnet as the internal interface Before beginning th...

Страница 59: ...server F Format boot device Q Quit menu and continue to boot with default firmware H Display this list of options Enter G F Q or H 8 Type G to get to the new firmware image form the TFTP server The following message appears Enter TFTP server address 192 168 1 168 9 Type the address of the TFTP server and press Enter The following message appears Enter Local Address 192 168 1 188 10 Type an IP addr...

Страница 60: ...USB port To backup configuration using the CLI 1 Log into the CLI 2 Enter the following command to backup the configuration files exec backup config usb filename 3 Enter the following command to check the configuration files are on the key exec usb disk list To restore configuration using the CLI 1 Log into the CLI 2 Enter the following command to restore the configuration files exec restore image...

Страница 61: ...ing the new firmware image with the current configuration This new firmware image is not permanently installed The next time the FortiWiFi unit restarts it operates with the originally installed firmware image using the current configuration If the new firmware image operates successfully you can install it permanently using the procedure Upgrading the firmware on page 51 To use this procedure you...

Страница 62: ...ges appears Press any key to display configuration menu 7 Immediately press any key to interrupt the system startup If you successfully interrupt the startup process the following messages appears G Get firmware image from TFTP server F Format boot device Q Quit menu and continue to boot with default firmware H Display this list of options Enter G F Q or H 8 Type G to get the new firmware image fr...

Страница 63: ...he following appears Save as Default firmware Backup firmware Run image without saving D B R 12 Type R The FortiWiFi image is installed to system memory and the FortiWiFi unit starts running the new firmware image but with its current configuration You can test the new firmware image as required When done testing you can reboot the FortiWiFi unit and the FortiWiFi unit will resume using the firmwa...

Страница 64: ...FortiWiFi 50B FortiOS 3 0 MR6 Install Guide 62 01 30006 0445 20080131 Testing new firmware before installing FortiWiFi Firmware ...

Страница 65: ...e 18 document conventions 6 documentation 7 domain name server configure 24 domain name server configure 19 22 downloading firmware 51 E earthing 10 execute shutdown 13 F firewall policies 20 23 32 firmware backup and restore from USB 58 download 51 from system reboot 56 installing 56 re installing current version 58 restore from CLI 58 restoring previous config 58 revert from CLI 55 reverting wit...

Страница 66: ...entifier SSID 43 shielded twisted pair 10 shut down 13 signatures update 29 static route 19 22 system reboot installing 56 T technical support 8 TFTP server 56 time and date 28 time zone 28 TKIP 42 Transparent mode 16 switching to 24 typographic conventions 7 U unnumbered IP 18 update signatures 29 updating antivirus and IPS web based manager 29 upgrading firmware using the CLI 54 USB 58 auto inst...

Страница 67: ...www fortinet com ...

Страница 68: ...www fortinet com ...

Отзывы:

Нет отзывов

Похожие инструкции для FortiWiFi FortiWiFi-50B

Бренд: Dojo Страницы: 34

Бренд: Watchguard Страницы: 22

Бренд: Tosibox Страницы: 44

Бренд: Watchguard Страницы: 24

Firebox SOHO 6 Wireless

Бренд: Watchguard Страницы: 2

Бренд: Check Point Страницы: 4

Quantum LightSpeed Appliance QLS250

Бренд: Check Point Страницы: 24

Бренд: AhnLab Страницы: 120

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды