English dropdown-ico

Fortinet FortiGate 224B manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

Go to page of

Similar user manuals

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Fortinet FortiGate 224B, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Fortinet FortiGate 224B one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Fortinet FortiGate 224B. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Fortinet FortiGate 224B should contain:
- informations concerning technical data of Fortinet FortiGate 224B
- name of the manufacturer and a year of construction of the Fortinet FortiGate 224B item
- rules of operation, control and maintenance of the Fortinet FortiGate 224B item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Fortinet FortiGate 224B alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Fortinet FortiGate 224B, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Fortinet service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Fortinet FortiGate 224B.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Fortinet FortiGate 224B item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    www.fortinet.com For tiGate-224B FortiO S 3 . 0 MR 6 INST ALL GUIDE[...]

  • Page 2

    FortiGate-224B Install Guide FortiOS 3.0 MR6 15 August 2008 01-30006-04 51-20080815 © Copyright 2008 Fortine t, Inc. All rights reserved. No part of this publication including text, examples , diagrams or illustrations may be reproduced, tra nsmitted, or translated in any form or by any means, electronic, mechanical, manual, op tical or otherwise,[...]

  • Page 3

    Contents FortiGate-224B FortiOS 3.0 MR6 Install Guide 01-30006-0451-2008081 5 3 Content s Contents...................................................................... .............. .......... 3 Introduction ............... ................................. .............................. .......... 7 Register your FortiGate unit ................ [...]

  • Page 4

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 4 01-30006-0451-200808 15 Contents Configure a DNS server ................ ................... ................ ................... . 22 Adding a default route and gateway . ......... ................. ................ .......... 22 Adding firewall policies .............. ....... ......... ..............[...]

  • Page 5

    Contents FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 5 Installing firmware from a system reboot using the CLI...... ................ ........ 42 Restoring the previous configuration ............................. ................ .............. 44 Backup and Restore from a USB key .... ............. ................ .......[...]

  • Page 6

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 6 01-30006-0451-200808 15 Contents[...]

  • Page 7

    Introduction Register your FortiGate unit FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 7 Introduction Welcome an d thank you for selecting Fortinet product s for your real-time network protection. The FortiGate Unified Threat Man agement System improves network security , reduces network misuse and abuse, and help s you use[...]

  • Page 8

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 8 01-30006-0451-200808 15 About the FortiGate-224B Introduction About the FortiGate-224B The FortiGa te-224B conv erges network and security products th at uniquely integrate multiple layers of threat protection with granular network access controls. The For tiGate-224B delivers configurable port-leve l [...]

  • Page 9

    Introduction Further Reading FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 9 Typographic conventions FortiGate document ation uses the fo llowing typographical co nventions: Further Reading The most up-to-date publication s and pr evious rele ases of Fortin et product documentation are available from the Fortinet T echnical [...]

  • Page 10

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 10 01-30006-0451-200808 15 Customer service and technical support Introduction • FortiGate Log Message Refe rence Available exclusively from the Fortinet Knowledge Center , the FortiGat e Log Message Reference describes the str uct ure of FortiGate log messages and provides information about the log me[...]

  • Page 11

    Installing Environmental specifications FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 11 Inst alling This chapter describes in stalling your FortiGate unit in your server room, environmental specifications and how to mount the FortiGate in a rack if applicable. This chapter contains the follow ing topics: • Environmenta l [...]

  • Page 12

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 12 01-30006-0451-200808 15 Cautions and warnings Installing • Connect the equipment into an outlet on a circuit differen t from that to which the receiver is connecte d. • Consult the dealer or an experien ced radio/TV technician for help. The equipm ent compliance with FCC radiation exposu re limit [...]

  • Page 13

    Installing Cautions and warni ngs FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 13 When placing the For tiGate unit on an y flat , st able surface, ensure the unit has at least 1.5 inches (3.75 cm) of clearance on each side to ensure adequate airflow for cooling. For rack mounting, use the moun ting brackets and screws inclu[...]

  • Page 14

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 14 01-30006-0451-200808 15 Plugging in the FortiGa te Installing Figure 3: Mounting in a rack Plugging in the FortiGate Use the following steps to conne ct the power supply to the FortiGate unit. T o power on the FortiGate unit 1 Ensure the power switch, located at the ba ck of the FortiGate unit is in t[...]

  • Page 15

    Configuring NA T vs. T ransparent mode FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 15 Configuring This section provides an overview of t he operating modes of the FortiGate unit, NA T/Route and T ransp arent, and how to configure the FortiGate unit for e ach mode. There are two ways you can configure the FortiGa te unit, u[...]

  • Page 16

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 16 01-30006-0451-200808 15 Connecting to the FortiGate unit Configuring Transparent mode In T ransparent m ode, the Fo rtiGate unit is invisible to the network . Similar to a network bridge, all FortiGate interfaces must be on the same subnet. Y ou only have to configure a mana gement IP address to make [...]

  • Page 17

    Configuring Connecting to the FortiGate unit FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 17 T o support a secure HTTPS authentication method, the For tiGate unit ships with a self-signed security certific ate, which is offered to remote clients whenever they initiate a HTTPS connecti on to the FortiGate unit. When you conn[...]

  • Page 18

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 18 01-30006-0451-200808 15 Configuring NA T mode Configuring Configuring NA T mode Configuring NA T mode involves defining interface addresses and defa ult routes, and simple firewall policies. Y ou can use the web-based m anager or the CLI to configure the FortiGate unit in NA T/Route mode. Using the we[...]

  • Page 19

    Configuring Configuring NA T mode FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 19 4 Select OK. 5 Repeat this procedure for each interf ace as required. Configure a DNS server A DNS server is a service that conver ts symbolic node names to IP addresses. A domain name server (DNS server) impl ements the protoc ol. In simple t[...]

  • Page 20

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 20 01-30006-0451-200808 15 Configuring NA T mode Configuring For an initial configuration, you must edit the factor y configured static d efault route to specify a different defau lt gateway for the FortiGat e unit. This will enable the flow of data th rough the FortiGate unit. For details on add ing add[...]

  • Page 21

    Configuring Configuring NA T mode FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 21 3 Set the following and select OK. Firewall policy configurati on is the same in NA T/Route mode and T ransp arent mode. Note that these policies allo w all traffic throug h. No protection profiles have been applied. Ensure you create additio [...]

  • Page 22

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 22 01-30006-0451-200808 15 Configuring NA T mode Configuring T o set an interface to use PPPo E addressing config system interface edit external set mode pppoe set username <name_str> set password <psswrd> set ipunnumbered <ip_address> set disc-retry-timeout <integer_seconds> set [...]

  • Page 23

    Configuring Configuring NA T mode FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 23 In the factory default configuration, entr y number 1 in the S tatic Route list is associated with a destination address of 0.0.0.0/0.0.0.0, which means any/all destinations. This route is called the "sta tic default rout e". If no o[...]

  • Page 24

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 24 01-30006-0451-200808 15 Configuring T ransparent mod e Configuring Configuring T ra nsp arent mode Configuring T ransparent mode in volves switchin g to T ransparent mode, configurin g the management IP ad dress, default routes, and simple firewa ll policies. Y ou can use the web-based man ager or the[...]

  • Page 25

    Configuring Configuring T r ansparent mode FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 25 For the initial installation, a single firewa ll policy that enables all traffic through will enable you to verify your configur ation is working. On lower-end unit s such a default firewall policy is already in plac e. For the higher[...]

  • Page 26

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 26 01-30006-0451-200808 15 Configuring T ransparent mod e Configuring T o switch to T ransparent mode config system settings set opmode transparent set manageip <address_ip> <netmask> set gateway <address_gateway> end Configure a DNS server A DNS server is a service that convert s symbo[...]

  • Page 27

    Configuring V erify the conf iguration FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 27 Note that these policies allo w all traffic throug h. No protection profiles have been applied. Ensure you create additio nal firewall policies to accommodate you r network requirement s. V erify the configuration Y our FortiGate unit is [...]

  • Page 28

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 28 01-30006-0451-200808 15 Restoring a configuration Configuring Restoring a configuration Should you need to restore the config uration file, use the following steps. T o restore the FortiGat e configuration 1 Go to System > Maintenance > Backup & Restore . 2 Select to uplo ad the restor e f i[...]

  • Page 29

    Configuring Addition al configurat ion FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 29 T o change the administrator p assword 1 Go to System > Admin > Administrators . 2 Select Change Password and enter a new p assword. 3 Select OK. Alternatively , you can also a dd new admini strator users by selecting Create New , h[...]

  • Page 30

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 30 01-30006-0451-200808 15 Additional confi guration Configuring[...]

  • Page 31

    Advanced configuration Protection profiles FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 31 Advanced configuration The FortiGate unit and the FortiOS o perating system provide a wide range of features that enable you to control netwo rk and internet traffic and pr otect your network. This chapter describes some of these opti[...]

  • Page 32

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 32 01-30006-0451-200808 15 Firewall p olicies Advanced configuration The best way to begin creating your own protection pr ofile is to open a predefined profile. This way you can see how a profile is set up, an d then modify it suit your requirement s. Y ou access Protecti on profile options by going to [...]

  • Page 33

    Advanced configuration Antivirus options FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 33 Configuring firewall policies T o add or edit a firewall policy go to Firewall > Policy and select Edit on an existing policy , or select Create New to add a policy . The source and des tination Interface/Zone match the firewall poli[...]

  • Page 34

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 34 01-30006-0451-200808 15 AntiSpam options Advanced configuration • Graywar e - These are unsolicited commercial software programs that are installed on computer s, often without the user's consent or knowledge. Grayware progr ams are generally consider ed an annoyance, b ut these programs can ca[...]

  • Page 35

    Advanced configuration Web fi ltering FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 35 Banned word lists are specific wor ds that may be typically found in email. The FortiGate u nit searches f or words or patter ns in email me ssages. If m atches are found, values assigned to the words are to ta lled. If the defined thresho[...]

  • Page 36

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 36 01-30006-0451-200808 15 Logging Advanced configuration T o configure content blocking, go to W eb Filter > Content Block . URL filter enables you to control additional web sites that you can block or allow . This enables you greater con trol over ce rtain URLs or sub-URLs. The FortiGate unit allows[...]

  • Page 37

    FortiGate Firmware Downloading firmware FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 37 FortiGate Firmware Fortinet periodically updates the For tiGat e firmware to include new featur es and address issues. After yo u have registered yo ur FortiGate unit, you can download FortiGate firmware updates is available for download[...]

  • Page 38

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 38 01-30006-0451-200808 15 Using the web-based manage r FortiGate Firmware T o download firmware 1 Log into the site using your user n ame and password. 2 Go to Firmware Images > FortiGate . 3 Select the most recent FortiOS version, and MR release and p atch release. 4 Locate the firmware for your For[...]

  • Page 39

    FortiGate Firmware Using the web-based manager FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 39 T o revert to a previous firmwar e version 1 Copy the firmware image file to the managem ent computer . 2 Log into the FortiGate web- based manager . 3 Go to System > St atus . 4 Under System Information > Firmware V ersion [...]

  • Page 40

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 40 01-30006-0451-200808 15 Using the CLI FortiGate Firmware T o configure the USB Au to-Inst all 1 Go to System > Maintenance > Backup and Restore . 2 Select the blue arrow to expa nd the Advanced options. 3 Select the following: • On system restart, auto matically update FortiGate configuration [...]

  • Page 41

    FortiGate Firmware Using the CLI FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 41 5 Enter the fo llowing command to copy the firmwar e image from the TFTP se rver to the FortiGate unit: execute restore image <name_str> <tftp_ip4> Where <name_str> is the nam e of the firmware image file an d <tftp_ip4>[...]

  • Page 42

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 42 01-30006-0451-200808 15 Installing firmware from a system reboot using the CLI FortiGate Firmware 4 Make sure the FortiGate unit can connect to th e TFTP server . Y ou can use the following comm and to pin g the comput er running th e TFTP server . For example, if the TFTP serv er ’s IP address is 1[...]

  • Page 43

    FortiGate Firmware Installing firmware from a system reboot using the CLI FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 43 If you are revert ing to a previou s FortiOS version, you might not be able to restore the previous configuration from the backup configuration file . T o inst all firmware from a syste m reboot 1 Connec[...]

  • Page 44

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 44 01-30006-0451-200808 15 Installing firmware from a system reboot using the CLI FortiGate Firmware 9 T ype the address of the TFTP server and press Enter : The following message appears: Enter Local Address [192.168.1.188]: 10 T ype an IP address the FortiGate unit can use to connect to the TFTP server[...]

  • Page 45

    FortiGate Firmware Installing firmware from a system reboot using the CLI FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 45 T o restore configuration us ing the CLI 1 Log into the CLI. 2 Enter the following command to re store the configuration files: exec restore image usb <filename> The FortiGate unit responds with th[...]

  • Page 46

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 46 01-30006-0451-200808 15 T esting new firmware before installing FortiGate Firmware T esting new firmware before inst alling Y ou can test a new fi rmware image by installing the firmware image from a system reboot and saving it to system memory . After completing this procedu re, the FortiGate unit op[...]

  • Page 47

    FortiGate Firmware T esting new firmware before installing FortiGate-224B Forti OS 3.0 MR6 Install Guide 01-30006-0451-20080 815 47 8 T ype G to get t he new firm ware image from the TF TP server . The following m essage appears: Enter TFTP server address [192.168.1.168]: 9 T ype the address of the TFTP ser ver and press Enter: The following m essa[...]

  • Page 48

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 48 01-30006-0451-200808 15 T esting new firmware before installing FortiGate Firmware[...]

  • Page 49

    Index FortiGate-224B FortiOS 3.0 MR6 Install Guide 01-30006-0451-2008081 5 49 Index A adding a defa ult route 19, 22 additional resources 9 admin password 28 air flow 11 ambient te mperature 11 antispam options 34 antivirus options 33 auto-install 39 auto-install from CLI 45 B backing up 27 C certificate, security 17 CLI 17 upgrading the firmware 4[...]

  • Page 50

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 50 01-30006-0451-200808 15 Index P PADT timeout 19 password, changing 28 power off 14 PPPoE 22 protection profiles 31 R registering 7 restore 28 restoring previous firmware configuration 44 reverting firmware 38 S security certificate 17 shielded twisted pair 12 shut down 14 signatures, update 29 static [...]

  • Page 51

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 51 01-30006-0451-200808 15 Index[...]

  • Page 52

    FortiGate-224B FortiOS 3.0 MR6 Install Guide 52 01-30006-0451-200808 15 Index[...]

  • Page 53

    www.fortinet.com[...]

  • Page 54

    www.fortinet.com[...]