English dropdown-ico

Fortinet FortiGate 3600A manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

Go to page of

Similar user manuals

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Fortinet FortiGate 3600A, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Fortinet FortiGate 3600A one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Fortinet FortiGate 3600A. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Fortinet FortiGate 3600A should contain:
- informations concerning technical data of Fortinet FortiGate 3600A
- name of the manufacturer and a year of construction of the Fortinet FortiGate 3600A item
- rules of operation, control and maintenance of the Fortinet FortiGate 3600A item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Fortinet FortiGate 3600A alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Fortinet FortiGate 3600A, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Fortinet service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Fortinet FortiGate 3600A.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Fortinet FortiGate 3600A item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    www.fortinet.com For tiGate-3600A FortiO S 3 . 0 MR 6 INST ALL GUIDE[...]

  • Page 2

    FortiGate-3600A Install Guide FortiOS 3.0 MR6 18 March 2008 01-30006-04 57-20080318 © Copyright 2008 Fortine t, Inc. All rights reserved. No part of this publication including text, examples , diagrams or illustrations may be reproduced, tra nsmitted, or translated in any form or by any means, electronic, mechanical, manual, op tical or otherwise,[...]

  • Page 3

    Contents FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-2008031 8 3 Content s Introduction ............... ................................. .............................. .......... 7 Register your FortiGate unit ................ ................... ................ .................... ...... 7 About the FortiGate-3600A .. ..........[...]

  • Page 4

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 4 01-30006-0457-200803 18 Contents Adding a default route and gateway . ......... .................... ................ ....... 26 Adding firewall policies ..................... ...... ................ .................... .......... 27 Configuring Transparent mode ............... ................... ..[...]

  • Page 5

    Contents FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 5 FortiGate Firmware ............ .................................................. ............ 47 Downloading firmware ............... .................... ................ ................... .............. 47 Using the web-based manager ...................... ......[...]

  • Page 6

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 6 01-30006-0457-200803 18 Contents[...]

  • Page 7

    Introduction Register your FortiGate unit FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 7 Introduction Welcome an d thank you for selecting Fortinet product s for your real-time network protection. The FortiGate Unified Threat Man agement System improves network security , reduces network misuse and abuse, and help s you use[...]

  • Page 8

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 8 01-30006-0457-200803 18 About the FortiGate-3600A Introduction About the FortiGate-3600A The FortiGate -3600A multi-thr eat security appliance establishes a new level of price-performance and flexibility for mult i-gigabit capacity network s ecurity systems. With ten gigabit Ethernet interfa ces and u[...]

  • Page 9

    Introduction Further Reading FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 9 Document conventions The following document conventio ns are used in this guide: • In the examples, private IP addresses ar e used for both private and public IP addresses. • Notes and Cautions are used to provide import ant information: Typogra[...]

  • Page 10

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 10 01-30006-0457-200803 18 Further Reading Introduction • FortiGate online help Provides a context- sensitive and searchable ver sion of the Administr ation Guide in HTML format. Y ou can access online help from the web-based manager as you work. • FortiGate CLI Reference Describes how to use the Fo[...]

  • Page 11

    Introduction Customer service a nd technical su pport FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 11 Customer service and technical support Fortinet T echnical Support provides services designed to make sure that your Fortinet systems install quickly , config ure easily , and operate reliably in your network. Please visit [...]

  • Page 12

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 12 01-30006-0457-200803 18 Customer service and technical support Introduction[...]

  • Page 13

    Installing Environmental specifications FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 13 Inst alling This chapter describes in stalling your FortiGate unit in your server room, environmental specifications and how to mount the FortiGate in a rack if applicable. This chapter contains the follow ing topics: • Environmenta l [...]

  • Page 14

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 14 01-30006-0457-200803 18 Cautions and warnings Installing • Connect the equipment into an outlet on a circuit differen t from that to which the receiver is connecte d. • Consult the dealer or an experien ced radio/TV technician for help. The equipm ent compliance with FCC ra diation exposure limit[...]

  • Page 15

    Installing Cautions and warni ngs FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 15 When placing the For tiGate unit on an y flat , st able surface, ensure the unit has at least 1.5 inches (3.75 cm) of clearance on each side to ensure adequate airflow for cooling. For rack mounting, use the moun ting brackets and screws inclu[...]

  • Page 16

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 16 01-30006-0457-200803 18 Plugging in the FortiGa te Installing The following photos illustra te how the mounting bra ckets and FortiGate unit should be att ached to the rack. Figure 2: Mounting in a rack Plugging in the FortiGate The FortiGate unit does no t have an on/of f switch. T o power on the Fo[...]

  • Page 17

    Installing T urning off the FortiGate uni t FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 17 Connecting to the network Using the supplied Ethernet ca ble, connect one end of the cable to your router or modem, whatever the connection is to th e In ternet. Connect the other end to the FortiGate u nit. Connect t o either the Ex[...]

  • Page 18

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 18 01-30006-0457-200803 18 T urning off the Fo rtiGate unit Installing[...]

  • Page 19

    Configuring NA T vs. T ransparent mode FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 19 Configuring This section provides an overview of t he operating modes of the FortiGate unit, NA T/Route and T ransp arent, and how to configure the FortiGate unit for e ach mode. There are two ways you can configure the FortiGa te unit, u[...]

  • Page 20

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 20 01-30006-0457-200803 18 Connecting to the FortiGate unit Configuring Transparent mode In T ransparent m ode, the Fo rtiGate unit is invisible to the network. Simila r to a network bridge, all FortiGate interfaces must be on the same subnet. Y ou only have to configure a mana gement IP address to make[...]

  • Page 21

    Configuring Connecting to the FortiGate unit FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 21 T o support a secure HTTPS authentication method, the For tiGate unit ships with a self-signed security certific ate, which is offered to remote clients whenever they initiate a HTTPS connecti on to the FortiGate unit. When you conn[...]

  • Page 22

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 22 01-30006-0457-200803 18 Configuring NA T mode Configuring Configuring NA T mode Configuring NA T mode involves defining interface addresses and defa ult routes, and simple firewall policies. Y ou can use the web-based m anager or the CLI to configure the FortiGate unit in NA T/Route mode. Using the w[...]

  • Page 23

    Configuring Configuring NA T mode FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 23 4 Select OK. 5 Repeat this procedure for each interf ace as required. Configure a DNS server A DNS server is a service that conver ts symbolic node names to IP addresses. A domain name server (DNS server) implem ents the protocol. In simple te[...]

  • Page 24

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 24 01-30006-0457-200803 18 Configuring NA T mode Configuring For an initial configuration, you must edit the factor y configured static d efault route to specify a different defau lt gateway for the FortiGat e unit. This will enable the flow of data th rough the FortiGate unit. For details on add ing ad[...]

  • Page 25

    Configuring Configuring NA T mode FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 25 3 Set the following and select OK. Firewall policy configurati on is the same in NA T/Route mode and T ransp arent mode. Note that these policies allo w all traffic throug h. No protection profiles have been applied. Ensure you create additio [...]

  • Page 26

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 26 01-30006-0457-200803 18 Configuring NA T mode Configuring T o set an interface to use PPPo E addressing config system interface edit external set mode pppoe set username <name_str> set password <psswrd> set ipunnumbered <ip_address> set disc-retry-timeout <integer_seconds> set[...]

  • Page 27

    Configuring Configuring T r ansparent mode FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 27 For an initial configuration, you must edit th e factory configured st atic default route to specify a different default gateway for the FortiGate unit. This will enable the flow of data through the FortiGate unit. For details on ad d[...]

  • Page 28

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 28 01-30006-0457-200803 18 Configuring T ransparent mod e Configuring Using the web-based manager After conn ecting to the web-based manager , you can use the following procedures to complete the ba sic configur ation of the FortiGate unit. Ensure you read the section “Connectin g to the web-based man[...]

  • Page 29

    Configuring Configuring T r ansparent mode FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 29 T o add an outgoing traffic firewall policy 1 Go to Firewall > Polic y . 2 Select Create New . 3 Set the following and select OK. T o add an incoming traffic firewall policy 1 Go to Firewall > Polic y . 2 Select Create New . 3 S[...]

  • Page 30

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 30 01-30006-0457-200803 18 Configuring T ransparent mod e Configuring Configure a DNS server A DNS server is a service that convert s symbolic node names to IP addresses. A domain name server (DNS server ) implemen ts the protocol. In simple terms, it acts as a phone book for the Internet. A DNS server [...]

  • Page 31

    Configuring V erify the conf iguration FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 31 V erify the configuration Y our FortiGate unit is now configured and connected to the network. T o verify the FortiGate unit is connected and configure d correctly , use your web browser to browse a web site, or use your ema il client to [...]

  • Page 32

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 32 01-30006-0457-200803 18 Restoring a configuration Configuring Restoring a configuration Should you need to restore the config uration file, use the following steps. T o restore the FortiGat e configuration 1 Go to System > Maintenance > Backup & Restore . 2 Select to uplo ad the restore f i[...]

  • Page 33

    Configuring Addition al configurat ion FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 33 T o change the administrator p assword 1 Go to System > Admin > Administrators . 2 Select Change Password and enter a new p assword. 3 Select OK. Alternatively , you can also a dd new admini strator users by selecting Create New , h[...]

  • Page 34

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 34 01-30006-0457-200803 18 Additional confi guration Configuring[...]

  • Page 35

    Advanced configuration Protection profiles FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 35 Advanced configuration The FortiGate unit and the FortiOS o perating system provide a wide range of features that enable you to control netwo rk and internet traffic and pr otect your network. This chapter describes some of these opti[...]

  • Page 36

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 36 01-30006-0457-200803 18 Firewall p olicies Advanced configuration The best way to begin creating your own protection pr ofile is to open a predefined profile. This way you can see how a profile is set up, an d then modify it suit your requirement s. Y ou access Protecti on profile options by going to[...]

  • Page 37

    Advanced configuration Antivirus options FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 37 Configuring firewall policies T o add or edit a firewall policy go to Firewall > Policy and select Edit on an existing policy , or select Create New to add a policy . The source and des tination Interface/Zone match the firewall poli[...]

  • Page 38

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 38 01-30006-0457-200803 18 AntiSpam options Advanced configuration • Graywar e - These ar e unsolicited co mmercial so ftware programs th at are installed on computer s, often without the user's consent or knowledge. Grayware progr ams are generally consider ed an annoyance, b ut these programs c[...]

  • Page 39

    Advanced configuration Web fi ltering FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 39 Banned word lists are specific wor ds that may be typically found in email. The FortiGate u nit searches f or words or patterns in email messa ges. If matc hes are found, values assigned to the words are to ta lled. If the defined threshol[...]

  • Page 40

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 40 01-30006-0457-200803 18 Logging Advanced configuration T o configure content blockin g, go to Web Filter > Conte nt Block . URL filter enables you to control additional web sites that you can block or allow . This enables you greater con trol over ce rtain URLs or sub-URLs. The FortiGate unit allo[...]

  • Page 41

    AMC modules Installing AMC filler units FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-2008031 8 41 AMC modules FortiGate AMC module s enable you to ex pand your FortiGate unit and ne twork environment. These module s enable you to provide small p acket performance though optica l or copper t ransceivers. A har d disk module enables yo[...]

  • Page 42

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 42 01-30006-0457-200803 18 Removing modules AMC modules T o insert a module into a FortiGa te chassis 1 Ensure the FortiGate unit is powered off before proceeding. 2 Remove the panel block on the FortiGate unit using the hot swa p latch. 3 Pull the latch on the module to the extend ed position. 4 Insert[...]

  • Page 43

    AMC modules Using the AMC modules FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 43 Formatting the hard disk When you first inst all the ASM-S08 in the F ortiGate unit, the hard disk may not be formatted. This will result in an error in the console wh en starting up the FortiGate unit, indicating that the hard drive could not[...]

  • Page 44

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 44 01-30006-0457-200803 18 Using the AMC modul es AMC modules Log configuration using the CLI Configure the FortiGate unit to log to the ASM-S08 using the CLI within the FortiAnalyzer command config log disk setting enable . For details on log configuration, see the FortiGate CLI Reference . Viewing log[...]

  • Page 45

    AMC modules Using the AMC modules FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 45 For these mu lti-mode SFP inte rfaces, SerD es is the default mode. Y ou can use a CLI command to change the inte rface to operate in SGMII mode. Depending on th e type of transceivers you inst all, you need to configur e the FortiGate unit or[...]

  • Page 46

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 46 01-30006-0457-200803 18 Using the AMC modul es AMC modules T o change t he media type for the pro per transceiver , enter the following CL I command: config system interface edit <interface_number> set mediatype <sgmii-sfp | serdes-sfp> end For example : config system interface edit AMC-S[...]

  • Page 47

    FortiGate Firmware Downloading firmware FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 47 FortiGate Firmware Fortinet periodically updates the For tiGat e firmware to include new features and address issues. After yo u have registered yo ur FortiGate unit, you can download FortiGate firmware updates is available for download [...]

  • Page 48

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 48 01-30006-0457-200803 18 Using the web-based manage r FortiGate Firmware T o upgrade the firmwa re 1 Download the firmware ima ge file to your management computer . 2 Log into the web-ba sed manager as the admin administra tive user . 3 Go to System > St atus . 4 Under System Information > Firmw[...]

  • Page 49

    FortiGate Firmware Using the web-based manager FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 49 Backup and Restore from a USB key Use a USB key to either backup a configurat ion file or restore a configuration file. Y ou should always make sure a USB key is properly install be fore proceeding since the FortiGate unit must re[...]

  • Page 50

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 50 01-30006-0457-200803 18 Using the CLI FortiGate Firmware Using the CLI Installing firmware replaces your curren t antivirus and attack definitions, along with the definitions included with the firmware release you are in stalling. After you install new firm ware, make sure that antivi rus and att ack[...]

  • Page 51

    FortiGate Firmware Using the CLI FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 51 Reverting to a previous version This procedure revert s the FortiGate unit to its fa ctory default configuration and deletes IPS custom signatures, web content lists, email filterin g lists, and cha nges to replacement messages. Before beginnin[...]

  • Page 52

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 52 01-30006-0457-200803 18 Installing firmware from a system reboot using the CLI FortiGate Firmware The FortiGate unit uploads the firmware image file. After th e file uploads, a message similar to the following appears: Get image from tftp server OK. Check image OK. This operation will downgrade the c[...]

  • Page 53

    FortiGate Firmware Installing firmware from a system reboot using the CLI FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 53 5 T o confirm the FortiGate unit can connect to the TFTP server , use the following command to ping the computer running the TFTP server . For example, if the IP address of the TF TP server is 192.168.1.[...]

  • Page 54

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 54 01-30006-0457-200803 18 Installing firmware from a system reboot using the CLI FortiGate Firmware 12 T ype D . The FortiGate unit installs the ne w firmware image and restart s. The installation might take a few minutes to complete. Restoring the previ ous configuration Change the internal inter face[...]

  • Page 55

    FortiGate Firmware T esting new firmware before installing FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 55 T o configure the USB Auto-Inst all using the CLI 1 Log into the CLI. 2 Enter the following command: config system auto-install set default-config-file <filename> set auto-intall-config {enable | disable} set def[...]

  • Page 56

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 56 01-30006-0457-200803 18 T esting new firmware before installing FortiGate Firmware T o test the new firm ware image 1 Connect to the CLI using a RJ-45 to DB-9 or null mode m cable. 2 Make sure the TFTP server is running. 3 Copy the new firmware image file to th e root directory of the TFTP ser ver . [...]

  • Page 57

    FortiGate Firmware T esting new firmware before installing FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-20080 318 57 11 Enter the firmware image file name an d press Enter . The TFTP server uploads the firmware image file to the FortiGate unit an d the following appears. Save as Default firmware/Backup firmware/Run image without savi[...]

  • Page 58

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 58 01-30006-0457-200803 18 T esting new firmware before installing FortiGate Firmware[...]

  • Page 59

    Index FortiGate-3600A FortiOS 3.0 MR6 Install Guide 01-30006-0457-2008031 8 59 Index A adding a defa ult route 23, 26 additional resources 9 admin password 32 air flow 13 ambient te mperature 13 antispam options 38 antivirus options 37 auto-install 49 auto-install from CLI 54 B backing up 31 C certificate, security 21 CLI 21 upgrading the firmware [...]

  • Page 60

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 60 01-30006-0457-200803 18 Index P PADT timeout 23 password, changing 32 power off 17 PPPoE 26 protection profiles 35 R registering 7 restore 32 restoring previous firmware configuration 54 reverting firmware 48 S security certificate 21 shielded twisted pair 14 shut down 17 signatures, update 33 static[...]

  • Page 61

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 61 01-30006-0457-200803 18 Index[...]

  • Page 62

    FortiGate-3600A FortiOS 3.0 MR6 Install Guide 62 01-30006-0457-200803 18 Index[...]

  • Page 63

    www.fortinet.com[...]

  • Page 64

    www.fortinet.com[...]