English dropdown-ico

Fortinet 60c manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

Go to page of

Similar user manuals

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Fortinet 60c, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Fortinet 60c one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Fortinet 60c. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Fortinet 60c should contain:
- informations concerning technical data of Fortinet 60c
- name of the manufacturer and a year of construction of the Fortinet 60c item
- rules of operation, control and maintenance of the Fortinet 60c item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Fortinet 60c alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Fortinet 60c, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Fortinet service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Fortinet 60c.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Fortinet 60c item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    FortiGate 60 Installation Guide INTERNAL DMZ 4 3 2 1 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 WAN 1 WAN 2 PWR ST A TUS Ve r s i o n 2 . 8 0 M R 8 28 January 2005 01-28008-00 18-2005012 8[...]

  • Page 2

    © Copyright 2005 Fortine t Inc. All rights rese rved. No part of this publication incl uding text, examples , diagrams or illustrations may be reproduced, transmitted, or translated in any form or by an y means, electro nic, mechanical, manual, optical or otherwise, for any purpose, without prio r written pe rmission of Fort inet Inc. FortiGate-60[...]

  • Page 3

    Contents FortiGate-60 Installation Guide 01-28008-0018-20050128 3 Table of Contents Introduction ............. .............................. ........................................................ ......... 5 Secure installation, configurat ion, and management ................ ...................... .................... 5 Web-based manager ......[...]

  • Page 4

    Contents 4 01-28008-0018-2005012 8 Fortinet Inc. Using the command line interface... ......................... ....................... ....................... ........... 30 Configuring the FortiGate unit to operate in NAT/Route mode ...... ....................... ........ 30 Using the setup wizard............. ....................... .............[...]

  • Page 5

    FortiGate-60 Inst allation Guide V ersion 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 5 Introduction FortiGate A ntivirus Firewalls im prove network se curity , reduce network misu se and abuse, and help you use communication s resources more efficiently without compromising the performance of yo ur netw ork. FortiGate Antivirus[...]

  • Page 6

    6 01-28008-0018-2005012 8 Fortinet Inc. Secure installation, configurat ion, and management Introduction The CLI or the web-based manager can then be used to comple te configuration and to perform maintenance and administration. Web-based manager Using HTTP or a secure HTTPS connection from any co mputer running Internet Explorer , you can configur[...]

  • Page 7

    Introduction Document conventions FortiGate-60 Installation Guide 01-28008-0018-20050128 7 Setup wizard The FortiGate setup wizard p r ovides an easy way to configure the basic initial settings for the FortiGate unit. Th e wizard walks through the con f iguration of a ne w administrato r password, FortiGate interfaces, DHCP server settings, inte rn[...]

  • Page 8

    8 01-28008-0018-2005012 8 Fortinet Inc. FortiGate documentation Introduction For example: set allowaccess {ping https ssh snmp http telnet} Y ou can enter any of the following: set allowaccess ping set allowaccess ping https ssh set allowaccess https ping ssh set allowaccess snmp In most ca ses to make chan ges to list s that cont ain options separ[...]

  • Page 9

    Introduction Related documentati on FortiGate-60 Installation Guide 01-28008-0018-20050128 9 • FortiGate I PS Guide Describes how to configure the FortiGate Intrusion Prevention System setting s and how the FortiGate IPS deals with some common att a cks. • FortiGate VPN Guide Explains how to configur e VPNs using the web-b a sed mana ger . Fort[...]

  • Page 10

    10 01-28008-0018-2005012 8 Fortinet Inc. Customer service and technical support Introduction FortiMail documentation • FortiMail Administration Guide Describes how to install, configure, and manage a FortiMail unit in gateway mode and server mode, including how to configure the unit; create profiles and policies; configure antisp a m and antiviru[...]

  • Page 11

    Introduction Customer service a nd technical suppo rt FortiGate-60 Installation Guide 01-28008-0018-20050128 11 For information on Fortinet tele phone su pport, see http://support.fortinet .com. When requesting tech nical support, please provide the following informa tion: • Y our name • Compa ny name •L o c a t i o n • Email address • T [...]

  • Page 12

    12 01-28008-0018-2005012 8 Fortinet Inc. Customer service and technical support Introduction[...]

  • Page 13

    FortiGate-60 Inst allation Guide V ersion 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 13 Getting st arted This section describes unp acking, setting up, and powering on a FortiGate Antivirus Firewall unit. This section includes: • Package content s • Mounting • T urning the FortiGate unit power on and of f • Connecting t[...]

  • Page 14

    14 01-28008-0018-2005012 8 Fortinet Inc. Package contents Getting started Package content s The FortiGate-60 p ackage contains the following items: • FortiGate-6 0 Antivirus Firewall • one orange crossover ethe rnet cable (Fortinet part number CC300248) • one gray regular ethern et cable (Fortinet pa rt number CC300249) • one RS-232 null mo[...]

  • Page 15

    Getting sta rted Turning the Fo rtiGa te unit power on and off FortiGate-60 Installation Guide 01-28008-0018-20050128 15 Power requirements • DC input voltage: 12 V • DC input current: 3 A Environmental specifications • Operating temperature: 32 to 10 4°F (0 to 40°C) • S torage temperature: -13 to 158°F (-25 to 70°C) • Humidity: 5 to [...]

  • Page 16

    16 01-28008-0018-2005012 8 Fortinet Inc. Connecting to the web-based manager Getting started Connecting to the web-based manager Use the followin g procedure to connect to the web-based manager for the first time. Configuration changes ma de with the web- based m anager are effective immediately without resetting the firewall or in terrupting servi[...]

  • Page 17

    Getting started Connecting to the command line interface (CLI) FortiGate-60 Installation Guide 01-28008-0018-20050128 17 Connecting to the command line interface (CLI) As an alternative to the web-based ma nager , you can install and configure the FortiGate unit using the CLI. Configuration changes mad e with the CLI are effective immediately witho[...]

  • Page 18

    18 01-28008-0018-2005012 8 Fortinet Inc. Quick installation us ing factory defaults Getting started Quick inst allation using factory default s Y ou can quickly set up your FortiGate unit for a home or sm all office using the web- based manager a nd the factory default FortiG ate configur ation. All you need to do is set your network computers to o[...]

  • Page 19

    Getting started Factory default FortiGate configurati on settings FortiGate-60 Installation Guide 01-28008-0018-20050128 19 7 Select one of the following DNS settings • Obtain DNS se rver address automatically: select to get the DNS addresses from the ISP , select Apply • Use the following DNS server addresse s: select and ente r the DNS server[...]

  • Page 20

    20 01-28008-0018-2005012 8 Fortinet Inc. Factory default FortiGate confi guration settings Getting started Factory default NAT/Route m ode network configuration When the FortiGate unit is first p o wered on , it is running in NA T/Rout e mode and has the basic netw ork configuration list ed in T able 3 on pag e 20 . This configuration allows you to[...]

  • Page 21

    Getting started Factory default FortiGate configurati on settings FortiGate-60 Installation Guide 01-28008-0018-20050128 21 Factory default Transparent mode network configuration In T ransparent mode, the FortiGate un it has the default network configuration listed in Ta b l e 4 . Factory default firewall configuration FortiGate firewall policies c[...]

  • Page 22

    22 01-28008-0018-2005012 8 Fortinet Inc. Factory default FortiGate confi guration settings Getting started The factory default firewall configu ration is the same in NA T/Route and T ranspar ent mode. Factory default protection profiles Use protection profiles to apply dif ferent protection settings for traffic that is controlled by firewall po lic[...]

  • Page 23

    Getting started Planning the FortiGate configura tion FortiGate-60 Installation Guide 01-28008-0018-20050128 23 Figure 5: Web protection profile settings Planning the FortiGate configuration Before you configure the Fo rtiGate unit, you need to plan how to integrate the unit into the network. Amo ng other things, you mu st decide whether you wan t [...]

  • Page 24

    24 01-28008-0018-2005012 8 Fortinet Inc. Planning the FortiGa te configuration Getting started Y ou must configure routing to support the redundant W AN1 and W AN2 internet connections. Routing can be used to au tomatically redirect connections from an interface if its connectio n to the external network fails. Y ou c an add firewall policies to co[...]

  • Page 25

    Getting started Planning the FortiGate configura tion FortiGate-60 Installation Guide 01-28008-0018-20050128 25 Otherwise, security policy configuration is similar to a NA T/Route mode configuration with a single Internet connection. Y ou wo uld create NA T mode firewall policies to control traffic flowing between the internal, private networ k and[...]

  • Page 26

    26 01-28008-0018-2005012 8 Fortinet Inc. Next steps Getting started Configuration options Once you have selected T ranspar ent or NA T/Route mode operatio n, you can complete the configuration plan an d begin to configure the FortiGate unit. Choose among three dif ferent tools to configure the FortiGate unit. Web-based manager and setup wizard The [...]

  • Page 27

    FortiGate-60 Inst allation Guide V ersion 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 27 NA T/Route mode inst allation This chapter describes how to inst all the FortiGate un it in NA T/Route mode. For information about installing a FortiGate unit in T ransparent mode, see “Tr ansparent mode inst allation” on pag e 39 . For [...]

  • Page 28

    28 01-28008-0018-2005012 8 Fortinet Inc. Using the web-based ma nager NAT/Route mode installa tion DHCP or PPPoE configuration Y ou can configure any FortiGate interface to acquire its IP address from a DHCP or PPPoE server . Y our ISP may provide IP add resses using one of these protocols. T o use the FortiGate DHCP server , you need to configure [...]

  • Page 29

    NAT/Route mode installati on Using the web-based manager FortiGate-60 Installation Guide 01-28008-0018-20050128 29 Configuring basic settings After conne c ting to the web-based manager you can use the following procedures to complete the basic configurat ion of th e FortiGate unit. T o add/change the administrator p assword 1 Go to System > Adm[...]

  • Page 30

    30 01-28008-0018-2005012 8 Fortinet Inc. Using the command line interface NAT/Route mode installa tion 1 Go to System > Router > St atic . 2 If the S tatic Route t able contai ns a default route (IP and Mask set to 0.0.0.0) , select the Delete icon to delete this route. 3 Select Create New . 4 Set Destination IP to 0. 0.0.0. 5 Set Mask to 0.0[...]

  • Page 31

    NAT/Route mode installation Using the command line interface FortiGate-60 Installation Guide 01-28008-0018-20050128 31 Example config system interface edit internal set mode static set ip <192.168.120.99> <255.255.255.0> end 3 Set the IP address an d netmask of the WAN1 interface to the IP addr ess and netmask that you recorded in T abl[...]

  • Page 32

    32 01-28008-0018-2005012 8 Fortinet Inc. Using the setu p wizard NAT/Route mode installa tion T o configure DNS server sett ings • Set the primar y and secondary DNS server IP addresses. Enter config system dns set primary <address_ip> set secondary <address_ip> end Example config system dns set primary 293.44.75.21 set secondary 293.[...]

  • Page 33

    NAT/Route mode installati on Using the setup wizard FortiGate-60 Installation Guide 01-28008-0018-20050128 33 If you are configuring the FortiGate unit to operate in NA T/Route mode (the default), you can use the setup wizar d to: • add the administration p assword • configure the inter nal interface address • choose either a manual (static) [...]

  • Page 34

    34 01-28008-0018-2005012 8 Fortinet Inc. Connecting the FortiGate unit to the network(s) NAT/Route mode installati on Starting the setup wizard 1 In the web-based manager, sele ct Easy Setup Wizard. Figure 9: Select the Easy Setup W izard 2 Follow the instructions on th e wizard pages and use the in formation that you gathered in T able 6 on page 2[...]

  • Page 35

    NAT/Route mode installati on Connecting the FortiGate unit to the ne twork(s) FortiGate-60 Installation Guide 01-28008-0018-20050128 35 • One DMZ port for connectin g to a DMZ network. • Modem is the interface for connecting an external modem to the FortiGate-60 . See “Configuring the Modem interface” on p age 36 T o connect the FortiGate u[...]

  • Page 36

    36 01-28008-0018-2005012 8 Fortinet Inc. Configuring the netw orks NAT/Route mode installati on Configuring the networks If you are running the FortiGate unit in NA T/Route mode, your networks must be configured to route all Internet traf fic to t he IP address of the FortiGate interface to which they are connected. • For the internal ne twork, c[...]

  • Page 37

    NAT/Route mode installati on Next steps FortiGate-60 Installation Guide 01-28008-0018-20050128 37 T o set the date and time For effective scheduling and logging, the FortiGate syst em date and time must be accurate. Y ou can either man ually set the system date and time or configure the FortiGate unit to automatically keep it s ti me correct by syn[...]

  • Page 38

    38 01-28008-0018-2005012 8 Fortinet Inc. Next steps NAT/Route mode installati on 1 Go to System > Maintenance > Up date Center . 2 Select Refresh to test the FortiGate unit connectivity with the FortiProte ct Distribution Network (FDN). T o be able to connect to the FDN the Fort iGate unit default route must point to a network such as the Int[...]

  • Page 39

    FortiGate-60 Inst allation Guide V ersion 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 39 T ransp arent mode inst allation This chapter de scribes how to install a FortiGate unit in T ranspar ent mode. If you want to install the FortiGate un it in NA T/Ro ute m ode, see “NA T/Route mode installation” on pag e 27 . If you want[...]

  • Page 40

    40 01-28008-0018-2005012 8 Fortinet Inc. Using the web-based manage r Transparent mode installa tion Using the web-based manager Y ou can use the web-based manager to complete the initial configuration of the FortiGate unit. Y ou can continue to use the web-based manager for all FortiGate unit settings. For information about co nnecting to the web-[...]

  • Page 41

    Transparent mode installatio n Using the command line interface FortiGate-60 Installation Guide 01-28008-0018-20050128 41 T o configure DNS server sett ings 1 Go to System > Network > DNS . 2 Enter the IP address of the primary DNS se rver . 3 Enter the IP address of the secondary DNS server . 4 Select OK. T o configure the default gateway 1 [...]

  • Page 42

    42 01-28008-0018-2005012 8 Fortinet Inc. Using the command line interface Transparent mode i nstallation The CLI displa ys the status of the For tiGat e unit including the following line of text: Operation mode: Transparent T o configure the management IP address 1 Make sure that you are logge d into the CLI. 2 Set the management IP addr ess and ne[...]

  • Page 43

    Transparent mode installatio n Using the setup wizard FortiGate-60 Installation Guide 01-28008-0018-20050128 43 Example If the default gate way IP is 204.23.1.2 and this gateway is connected to port 2: config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway 204.23.1.2 set device port2 end Using the setup wizard From the web-based manager, y[...]

  • Page 44

    44 01-28008-0018-2005012 8 Fortinet Inc. Connecting the FortiGate unit to your network Transparent mode installation Connecting the FortiGate unit to your network When you have com pleted the initial conf iguration, you can conne ct the FortiGate unit between yo ur internal netw ork and the Inter net using the In ternal and WAN1 interfaces. Y ou ca[...]

  • Page 45

    Transparent mode installatio n Next steps FortiGate-60 Installation Guide 01-28008-0018-20050128 45 Next step s Y ou can use the following information to co nfigure FortiGate system t ime, to register the FortiGate unit, and to configure ant ivirus and attack definition updates. Refer to the FortiGate Administration Guide for complete informat ion [...]

  • Page 46

    46 01-28008-0018-2005012 8 Fortinet Inc. Next steps Transparen t mode installation 1 Go to System > Maintenance > Up date Center . 2 Select Refresh to test the FortiGate unit connectivity with the FortiProte ct Distribution Network (FDN). T o be able to connect to the FDN the Fort iGate unit default route must point to a network such as the I[...]

  • Page 47

    FortiGate-60 Inst allation Guide V ersion 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 47 High availability inst allation This chapter describes how to install two or more FortiGate units in an HA cluster . HA installation involves three basic steps: • Configuring FortiGate un its for HA operation • Connecting the cluster to [...]

  • Page 48

    48 01-28008-0018-2005012 8 Fortinet Inc. Configuring FortiGate units for HA operation High availability installati on T a ble 10: High availability settings Mode Active-Active Load balancing and failo ve r HA. Each FortiGate unit in the HA cluster actively processes co nnections and monitors the statu s of the ot her FortiGate units in the cluster [...]

  • Page 49

    High availability installation Confi guring FortiGate units for HA operation FortiGate-60 Installation Guide 01-28008-0018-20050128 49 Configuring FortiGate units for HA using the web-based manager Use the followin g procedure to configure each FortiGate unit f or HA operation. T o change the FortiGate unit host name Changing th e host name is op t[...]

  • Page 50

    50 01-28008-0018-2005012 8 Fortinet Inc. Configuring FortiGate units for HA operation High availability installati on T o configure a FortiGate unit for HA operation 1 Go to System > Config > HA . 2 Select High Availability . 3 Select the mode. 4 Select a Group ID for the HA cluster . 5 If required, change the Unit Priority . 6 If required, s[...]

  • Page 51

    High availability installation Conne cting the cluste r to your networks FortiGate-60 Installation Guide 01-28008-0018-20050128 51 T o configure the FortiGate unit for HA operation 1 Configure HA settings. Use the following command to: • Set the HA mode • Set the Group ID • Change the unit priority • Enable ov erride master • Enter an HA [...]

  • Page 52

    52 01-28008-0018-2005012 8 Fortinet Inc. Connecting the cluster to your ne tworks High availability installation Inserting an HA cluster into your networ k temporar ily interrupt s communications on the network because new phys ical connections are being made to route traf fic through the cluster . Also, starting th e cluster interrup ts network tr[...]

  • Page 53

    High availability installation Inst alling and configu ring the cluster FortiGate-60 Installation Guide 01-28008-0018-20050128 53 2 Power on all the FortiGat e units in the cluster . As the units st art, they negotiate to choose the primary cluster unit and the subordinat e units. This negotiation occurs with no user inte rvention and normally just[...]

  • Page 54

    54 01-28008-0018-2005012 8 Fortinet Inc. Installing and configuring the cluster High availability installati on[...]

  • Page 55

    FortiGate-60 Inst allation Guide V ersion 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 55 Configuring the modem interface The FortiG ate-60 includes th e option of an external modem for use as e ither a redundant interface or a st andalone interface in NA T/Route mode. • In redundant mode , the modem interface au tomatically ta[...]

  • Page 56

    56 01-28008-0018-2005012 8 Fortinet Inc. Selecting a modem mode Configuring the modem interface For the For tiGate unit to switc h from an ethe rnet interface t o the modem yo u must select the name of the interf ace in the modem configuration and configure a ping server for that interface. Y ou must also configure firewall policies for connections[...]

  • Page 57

    Configuring the modem i nterface Configuring modem settings FortiGate-60 Installation Guide 01-28008-0018-20050128 57 3 Configure other modem settings as required. See “Configuring modem settings” on page 5 7 . Make sure there is correct info rmation in one or more Dialup Accounts. 4 Configure firewall policies for conn ections to the mode m in[...]

  • Page 58

    58 01-28008-0018-2005012 8 Fortinet Inc. Connecting and disconnecting the modem in Stand alone mode Configuring the modem interface Y ou can configure and use the modem in NA T/Route mode only . T o configure modem settings 1 Go to System > Network > Modem . 2 Select Enable Modem. 3 Change any of the followin g dialup connection settin gs: 4 [...]

  • Page 59

    Configuri ng the modem interface Defining a Ping Server FortiGate-60 Installation Guide 01-28008-0018-20050128 59 5 Select Dial Now . The FortiGate unit initiates dialing into ea ch dialup acco unt in turn until the modem connect s to an ISP . Modem status is one of the following: A green check mark indicates the active dialup account. The IP addre[...]

  • Page 60

    60 01-28008-0018-2005012 8 Fortinet Inc. Adding firewall policies for modem conn ections Configuring the modem interface 3 For Fail-over Detection, type a number of times that th e connec tion test fails before the FortiGate unit assumes that t he gateway is no longer function ing. 4 Select Apply . Adding firewall policies for modem connections The[...]

  • Page 61

    FortiGate-60 Installation Guide 01-28008-0018-20050128 61 FortiGate-60 Inst allation Guide V ersion 2.80 MR8 Index A auto-dial 57 C CLI 6 configuring IP addresses 41 configuring NAT/Route mode 30 connecting to 17 cluster connecting 51, 53 command line interface 6 configuring redundant mode 55 configuring standalone mode 56 connect cluster 51, 53 co[...]

  • Page 62

    62 01-28008-0018-2005012 8 Fortinet Inc. Index S set time 37, 45 setup wizard 28, 32, 40, 43 starting 2 9, 34, 40, 43 standalone mode configuring 56 modem 55, 56 starting I P DHCP 20 synchronize with NTP server 37, 45 T technical support 10 time zone 37, 45 Transparen t mode changing to 41 configuring the defa ult gateway 42 management IP address 4[...]