Русский dropdown-ico

Fortinet 60c инструкция обслуживания

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

Идти на страницу of

Похожие руководства по эксплуатации

Хорошее руководство по эксплуатации

Законодательство обязывает продавца передать покупателю, вместе с товаром, руководство по эксплуатации Fortinet 60c. Отсутствие инструкции либо неправильная информация, переданная потребителю, составляют основание для рекламации в связи с несоответствием устройства с договором. В законодательстве допускается предоставлении руководства в другой, чем бумажная форме, что, в последнее время, часто используется, предоставляя графическую или электронную форму инструкции Fortinet 60c или обучающее видео для пользователей. Условием остается четкая и понятная форма.

Что такое руководство?

Слово происходит от латинского "instructio", тоесть привести в порядок. Следовательно в инструкции Fortinet 60c можно найти описание этапов поведения. Цель инструкции заключается в облегчении запуска, использования оборудования либо выполнения определенной деятельности. Инструкция является набором информации о предмете/услуге, подсказкой.

К сожалению немного пользователей находит время для чтения инструкций Fortinet 60c, и хорошая инструкция позволяет не только узнать ряд дополнительных функций приобретенного устройства, но и позволяет избежать возникновения большинства поломок.

Из чего должно состоять идеальное руководство по эксплуатации?

Прежде всего в инструкции Fortinet 60c должна находится:
- информация относительно технических данных устройства Fortinet 60c
- название производителя и год производства оборудования Fortinet 60c
- правила обслуживания, настройки и ухода за оборудованием Fortinet 60c
- знаки безопасности и сертификаты, подтверждающие соответствие стандартам

Почему мы не читаем инструкций?

Как правило из-за нехватки времени и уверенности в отдельных функциональностях приобретенных устройств. К сожалению само подсоединение и запуск Fortinet 60c это слишком мало. Инструкция заключает ряд отдельных указаний, касающихся функциональности, принципов безопасности, способов ухода (даже то, какие средства стоит использовать), возможных поломок Fortinet 60c и способов решения проблем, возникающих во время использования. И наконец то, в инструкции можно найти адресные данные сайта Fortinet, в случае отсутствия эффективности предлагаемых решений. Сейчас очень большой популярностью пользуются инструкции в форме интересных анимаций или видео материалов, которое лучше, чем брошюра воспринимаются пользователем. Такой вид инструкции позволяет пользователю просмотреть весь фильм, не пропуская спецификацию и сложные технические описания Fortinet 60c, как это часто бывает в случае бумажной версии.

Почему стоит читать инструкции?

Прежде всего здесь мы найдем ответы касательно конструкции, возможностей устройства Fortinet 60c, использования отдельных аксессуаров и ряд информации, позволяющей вполне использовать все функции и упрощения.

После удачной покупки оборудования/устройства стоит посвятить несколько минут для ознакомления с каждой частью инструкции Fortinet 60c. Сейчас их старательно готовят или переводят, чтобы они были не только понятными для пользователя, но и чтобы выполняли свою основную информационно-поддерживающую функцию.

Содержание руководства

  • Страница 1

    FortiGate 60 Installation Guide INTERNAL DMZ 4 3 2 1 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 LINK 100 WAN 1 WAN 2 PWR ST A TUS Ve r s i o n 2 . 8 0 M R 8 28 January 2005 01-28008-00 18-2005012 8[...]

  • Страница 2

    © Copyright 2005 Fortine t Inc. All rights rese rved. No part of this publication incl uding text, examples , diagrams or illustrations may be reproduced, transmitted, or translated in any form or by an y means, electro nic, mechanical, manual, optical or otherwise, for any purpose, without prio r written pe rmission of Fort inet Inc. FortiGate-60[...]

  • Страница 3

    Contents FortiGate-60 Installation Guide 01-28008-0018-20050128 3 Table of Contents Introduction ............. .............................. ........................................................ ......... 5 Secure installation, configurat ion, and management ................ ...................... .................... 5 Web-based manager ......[...]

  • Страница 4

    Contents 4 01-28008-0018-2005012 8 Fortinet Inc. Using the command line interface... ......................... ....................... ....................... ........... 30 Configuring the FortiGate unit to operate in NAT/Route mode ...... ....................... ........ 30 Using the setup wizard............. ....................... .............[...]

  • Страница 5

    FortiGate-60 Inst allation Guide V ersion 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 5 Introduction FortiGate A ntivirus Firewalls im prove network se curity , reduce network misu se and abuse, and help you use communication s resources more efficiently without compromising the performance of yo ur netw ork. FortiGate Antivirus[...]

  • Страница 6

    6 01-28008-0018-2005012 8 Fortinet Inc. Secure installation, configurat ion, and management Introduction The CLI or the web-based manager can then be used to comple te configuration and to perform maintenance and administration. Web-based manager Using HTTP or a secure HTTPS connection from any co mputer running Internet Explorer , you can configur[...]

  • Страница 7

    Introduction Document conventions FortiGate-60 Installation Guide 01-28008-0018-20050128 7 Setup wizard The FortiGate setup wizard p r ovides an easy way to configure the basic initial settings for the FortiGate unit. Th e wizard walks through the con f iguration of a ne w administrato r password, FortiGate interfaces, DHCP server settings, inte rn[...]

  • Страница 8

    8 01-28008-0018-2005012 8 Fortinet Inc. FortiGate documentation Introduction For example: set allowaccess {ping https ssh snmp http telnet} Y ou can enter any of the following: set allowaccess ping set allowaccess ping https ssh set allowaccess https ping ssh set allowaccess snmp In most ca ses to make chan ges to list s that cont ain options separ[...]

  • Страница 9

    Introduction Related documentati on FortiGate-60 Installation Guide 01-28008-0018-20050128 9 • FortiGate I PS Guide Describes how to configure the FortiGate Intrusion Prevention System setting s and how the FortiGate IPS deals with some common att a cks. • FortiGate VPN Guide Explains how to configur e VPNs using the web-b a sed mana ger . Fort[...]

  • Страница 10

    10 01-28008-0018-2005012 8 Fortinet Inc. Customer service and technical support Introduction FortiMail documentation • FortiMail Administration Guide Describes how to install, configure, and manage a FortiMail unit in gateway mode and server mode, including how to configure the unit; create profiles and policies; configure antisp a m and antiviru[...]

  • Страница 11

    Introduction Customer service a nd technical suppo rt FortiGate-60 Installation Guide 01-28008-0018-20050128 11 For information on Fortinet tele phone su pport, see http://support.fortinet .com. When requesting tech nical support, please provide the following informa tion: • Y our name • Compa ny name •L o c a t i o n • Email address • T [...]

  • Страница 12

    12 01-28008-0018-2005012 8 Fortinet Inc. Customer service and technical support Introduction[...]

  • Страница 13

    FortiGate-60 Inst allation Guide V ersion 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 13 Getting st arted This section describes unp acking, setting up, and powering on a FortiGate Antivirus Firewall unit. This section includes: • Package content s • Mounting • T urning the FortiGate unit power on and of f • Connecting t[...]

  • Страница 14

    14 01-28008-0018-2005012 8 Fortinet Inc. Package contents Getting started Package content s The FortiGate-60 p ackage contains the following items: • FortiGate-6 0 Antivirus Firewall • one orange crossover ethe rnet cable (Fortinet part number CC300248) • one gray regular ethern et cable (Fortinet pa rt number CC300249) • one RS-232 null mo[...]

  • Страница 15

    Getting sta rted Turning the Fo rtiGa te unit power on and off FortiGate-60 Installation Guide 01-28008-0018-20050128 15 Power requirements • DC input voltage: 12 V • DC input current: 3 A Environmental specifications • Operating temperature: 32 to 10 4°F (0 to 40°C) • S torage temperature: -13 to 158°F (-25 to 70°C) • Humidity: 5 to [...]

  • Страница 16

    16 01-28008-0018-2005012 8 Fortinet Inc. Connecting to the web-based manager Getting started Connecting to the web-based manager Use the followin g procedure to connect to the web-based manager for the first time. Configuration changes ma de with the web- based m anager are effective immediately without resetting the firewall or in terrupting servi[...]

  • Страница 17

    Getting started Connecting to the command line interface (CLI) FortiGate-60 Installation Guide 01-28008-0018-20050128 17 Connecting to the command line interface (CLI) As an alternative to the web-based ma nager , you can install and configure the FortiGate unit using the CLI. Configuration changes mad e with the CLI are effective immediately witho[...]

  • Страница 18

    18 01-28008-0018-2005012 8 Fortinet Inc. Quick installation us ing factory defaults Getting started Quick inst allation using factory default s Y ou can quickly set up your FortiGate unit for a home or sm all office using the web- based manager a nd the factory default FortiG ate configur ation. All you need to do is set your network computers to o[...]

  • Страница 19

    Getting started Factory default FortiGate configurati on settings FortiGate-60 Installation Guide 01-28008-0018-20050128 19 7 Select one of the following DNS settings • Obtain DNS se rver address automatically: select to get the DNS addresses from the ISP , select Apply • Use the following DNS server addresse s: select and ente r the DNS server[...]

  • Страница 20

    20 01-28008-0018-2005012 8 Fortinet Inc. Factory default FortiGate confi guration settings Getting started Factory default NAT/Route m ode network configuration When the FortiGate unit is first p o wered on , it is running in NA T/Rout e mode and has the basic netw ork configuration list ed in T able 3 on pag e 20 . This configuration allows you to[...]

  • Страница 21

    Getting started Factory default FortiGate configurati on settings FortiGate-60 Installation Guide 01-28008-0018-20050128 21 Factory default Transparent mode network configuration In T ransparent mode, the FortiGate un it has the default network configuration listed in Ta b l e 4 . Factory default firewall configuration FortiGate firewall policies c[...]

  • Страница 22

    22 01-28008-0018-2005012 8 Fortinet Inc. Factory default FortiGate confi guration settings Getting started The factory default firewall configu ration is the same in NA T/Route and T ranspar ent mode. Factory default protection profiles Use protection profiles to apply dif ferent protection settings for traffic that is controlled by firewall po lic[...]

  • Страница 23

    Getting started Planning the FortiGate configura tion FortiGate-60 Installation Guide 01-28008-0018-20050128 23 Figure 5: Web protection profile settings Planning the FortiGate configuration Before you configure the Fo rtiGate unit, you need to plan how to integrate the unit into the network. Amo ng other things, you mu st decide whether you wan t [...]

  • Страница 24

    24 01-28008-0018-2005012 8 Fortinet Inc. Planning the FortiGa te configuration Getting started Y ou must configure routing to support the redundant W AN1 and W AN2 internet connections. Routing can be used to au tomatically redirect connections from an interface if its connectio n to the external network fails. Y ou c an add firewall policies to co[...]

  • Страница 25

    Getting started Planning the FortiGate configura tion FortiGate-60 Installation Guide 01-28008-0018-20050128 25 Otherwise, security policy configuration is similar to a NA T/Route mode configuration with a single Internet connection. Y ou wo uld create NA T mode firewall policies to control traffic flowing between the internal, private networ k and[...]

  • Страница 26

    26 01-28008-0018-2005012 8 Fortinet Inc. Next steps Getting started Configuration options Once you have selected T ranspar ent or NA T/Route mode operatio n, you can complete the configuration plan an d begin to configure the FortiGate unit. Choose among three dif ferent tools to configure the FortiGate unit. Web-based manager and setup wizard The [...]

  • Страница 27

    FortiGate-60 Inst allation Guide V ersion 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 27 NA T/Route mode inst allation This chapter describes how to inst all the FortiGate un it in NA T/Route mode. For information about installing a FortiGate unit in T ransparent mode, see “Tr ansparent mode inst allation” on pag e 39 . For [...]

  • Страница 28

    28 01-28008-0018-2005012 8 Fortinet Inc. Using the web-based ma nager NAT/Route mode installa tion DHCP or PPPoE configuration Y ou can configure any FortiGate interface to acquire its IP address from a DHCP or PPPoE server . Y our ISP may provide IP add resses using one of these protocols. T o use the FortiGate DHCP server , you need to configure [...]

  • Страница 29

    NAT/Route mode installati on Using the web-based manager FortiGate-60 Installation Guide 01-28008-0018-20050128 29 Configuring basic settings After conne c ting to the web-based manager you can use the following procedures to complete the basic configurat ion of th e FortiGate unit. T o add/change the administrator p assword 1 Go to System > Adm[...]

  • Страница 30

    30 01-28008-0018-2005012 8 Fortinet Inc. Using the command line interface NAT/Route mode installa tion 1 Go to System > Router > St atic . 2 If the S tatic Route t able contai ns a default route (IP and Mask set to 0.0.0.0) , select the Delete icon to delete this route. 3 Select Create New . 4 Set Destination IP to 0. 0.0.0. 5 Set Mask to 0.0[...]

  • Страница 31

    NAT/Route mode installation Using the command line interface FortiGate-60 Installation Guide 01-28008-0018-20050128 31 Example config system interface edit internal set mode static set ip <192.168.120.99> <255.255.255.0> end 3 Set the IP address an d netmask of the WAN1 interface to the IP addr ess and netmask that you recorded in T abl[...]

  • Страница 32

    32 01-28008-0018-2005012 8 Fortinet Inc. Using the setu p wizard NAT/Route mode installa tion T o configure DNS server sett ings • Set the primar y and secondary DNS server IP addresses. Enter config system dns set primary <address_ip> set secondary <address_ip> end Example config system dns set primary 293.44.75.21 set secondary 293.[...]

  • Страница 33

    NAT/Route mode installati on Using the setup wizard FortiGate-60 Installation Guide 01-28008-0018-20050128 33 If you are configuring the FortiGate unit to operate in NA T/Route mode (the default), you can use the setup wizar d to: • add the administration p assword • configure the inter nal interface address • choose either a manual (static) [...]

  • Страница 34

    34 01-28008-0018-2005012 8 Fortinet Inc. Connecting the FortiGate unit to the network(s) NAT/Route mode installati on Starting the setup wizard 1 In the web-based manager, sele ct Easy Setup Wizard. Figure 9: Select the Easy Setup W izard 2 Follow the instructions on th e wizard pages and use the in formation that you gathered in T able 6 on page 2[...]

  • Страница 35

    NAT/Route mode installati on Connecting the FortiGate unit to the ne twork(s) FortiGate-60 Installation Guide 01-28008-0018-20050128 35 • One DMZ port for connectin g to a DMZ network. • Modem is the interface for connecting an external modem to the FortiGate-60 . See “Configuring the Modem interface” on p age 36 T o connect the FortiGate u[...]

  • Страница 36

    36 01-28008-0018-2005012 8 Fortinet Inc. Configuring the netw orks NAT/Route mode installati on Configuring the networks If you are running the FortiGate unit in NA T/Route mode, your networks must be configured to route all Internet traf fic to t he IP address of the FortiGate interface to which they are connected. • For the internal ne twork, c[...]

  • Страница 37

    NAT/Route mode installati on Next steps FortiGate-60 Installation Guide 01-28008-0018-20050128 37 T o set the date and time For effective scheduling and logging, the FortiGate syst em date and time must be accurate. Y ou can either man ually set the system date and time or configure the FortiGate unit to automatically keep it s ti me correct by syn[...]

  • Страница 38

    38 01-28008-0018-2005012 8 Fortinet Inc. Next steps NAT/Route mode installati on 1 Go to System > Maintenance > Up date Center . 2 Select Refresh to test the FortiGate unit connectivity with the FortiProte ct Distribution Network (FDN). T o be able to connect to the FDN the Fort iGate unit default route must point to a network such as the Int[...]

  • Страница 39

    FortiGate-60 Inst allation Guide V ersion 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 39 T ransp arent mode inst allation This chapter de scribes how to install a FortiGate unit in T ranspar ent mode. If you want to install the FortiGate un it in NA T/Ro ute m ode, see “NA T/Route mode installation” on pag e 27 . If you want[...]

  • Страница 40

    40 01-28008-0018-2005012 8 Fortinet Inc. Using the web-based manage r Transparent mode installa tion Using the web-based manager Y ou can use the web-based manager to complete the initial configuration of the FortiGate unit. Y ou can continue to use the web-based manager for all FortiGate unit settings. For information about co nnecting to the web-[...]

  • Страница 41

    Transparent mode installatio n Using the command line interface FortiGate-60 Installation Guide 01-28008-0018-20050128 41 T o configure DNS server sett ings 1 Go to System > Network > DNS . 2 Enter the IP address of the primary DNS se rver . 3 Enter the IP address of the secondary DNS server . 4 Select OK. T o configure the default gateway 1 [...]

  • Страница 42

    42 01-28008-0018-2005012 8 Fortinet Inc. Using the command line interface Transparent mode i nstallation The CLI displa ys the status of the For tiGat e unit including the following line of text: Operation mode: Transparent T o configure the management IP address 1 Make sure that you are logge d into the CLI. 2 Set the management IP addr ess and ne[...]

  • Страница 43

    Transparent mode installatio n Using the setup wizard FortiGate-60 Installation Guide 01-28008-0018-20050128 43 Example If the default gate way IP is 204.23.1.2 and this gateway is connected to port 2: config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway 204.23.1.2 set device port2 end Using the setup wizard From the web-based manager, y[...]

  • Страница 44

    44 01-28008-0018-2005012 8 Fortinet Inc. Connecting the FortiGate unit to your network Transparent mode installation Connecting the FortiGate unit to your network When you have com pleted the initial conf iguration, you can conne ct the FortiGate unit between yo ur internal netw ork and the Inter net using the In ternal and WAN1 interfaces. Y ou ca[...]

  • Страница 45

    Transparent mode installatio n Next steps FortiGate-60 Installation Guide 01-28008-0018-20050128 45 Next step s Y ou can use the following information to co nfigure FortiGate system t ime, to register the FortiGate unit, and to configure ant ivirus and attack definition updates. Refer to the FortiGate Administration Guide for complete informat ion [...]

  • Страница 46

    46 01-28008-0018-2005012 8 Fortinet Inc. Next steps Transparen t mode installation 1 Go to System > Maintenance > Up date Center . 2 Select Refresh to test the FortiGate unit connectivity with the FortiProte ct Distribution Network (FDN). T o be able to connect to the FDN the Fort iGate unit default route must point to a network such as the I[...]

  • Страница 47

    FortiGate-60 Inst allation Guide V ersion 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 47 High availability inst allation This chapter describes how to install two or more FortiGate units in an HA cluster . HA installation involves three basic steps: • Configuring FortiGate un its for HA operation • Connecting the cluster to [...]

  • Страница 48

    48 01-28008-0018-2005012 8 Fortinet Inc. Configuring FortiGate units for HA operation High availability installati on T a ble 10: High availability settings Mode Active-Active Load balancing and failo ve r HA. Each FortiGate unit in the HA cluster actively processes co nnections and monitors the statu s of the ot her FortiGate units in the cluster [...]

  • Страница 49

    High availability installation Confi guring FortiGate units for HA operation FortiGate-60 Installation Guide 01-28008-0018-20050128 49 Configuring FortiGate units for HA using the web-based manager Use the followin g procedure to configure each FortiGate unit f or HA operation. T o change the FortiGate unit host name Changing th e host name is op t[...]

  • Страница 50

    50 01-28008-0018-2005012 8 Fortinet Inc. Configuring FortiGate units for HA operation High availability installati on T o configure a FortiGate unit for HA operation 1 Go to System > Config > HA . 2 Select High Availability . 3 Select the mode. 4 Select a Group ID for the HA cluster . 5 If required, change the Unit Priority . 6 If required, s[...]

  • Страница 51

    High availability installation Conne cting the cluste r to your networks FortiGate-60 Installation Guide 01-28008-0018-20050128 51 T o configure the FortiGate unit for HA operation 1 Configure HA settings. Use the following command to: • Set the HA mode • Set the Group ID • Change the unit priority • Enable ov erride master • Enter an HA [...]

  • Страница 52

    52 01-28008-0018-2005012 8 Fortinet Inc. Connecting the cluster to your ne tworks High availability installation Inserting an HA cluster into your networ k temporar ily interrupt s communications on the network because new phys ical connections are being made to route traf fic through the cluster . Also, starting th e cluster interrup ts network tr[...]

  • Страница 53

    High availability installation Inst alling and configu ring the cluster FortiGate-60 Installation Guide 01-28008-0018-20050128 53 2 Power on all the FortiGat e units in the cluster . As the units st art, they negotiate to choose the primary cluster unit and the subordinat e units. This negotiation occurs with no user inte rvention and normally just[...]

  • Страница 54

    54 01-28008-0018-2005012 8 Fortinet Inc. Installing and configuring the cluster High availability installati on[...]

  • Страница 55

    FortiGate-60 Inst allation Guide V ersion 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 55 Configuring the modem interface The FortiG ate-60 includes th e option of an external modem for use as e ither a redundant interface or a st andalone interface in NA T/Route mode. • In redundant mode , the modem interface au tomatically ta[...]

  • Страница 56

    56 01-28008-0018-2005012 8 Fortinet Inc. Selecting a modem mode Configuring the modem interface For the For tiGate unit to switc h from an ethe rnet interface t o the modem yo u must select the name of the interf ace in the modem configuration and configure a ping server for that interface. Y ou must also configure firewall policies for connections[...]

  • Страница 57

    Configuring the modem i nterface Configuring modem settings FortiGate-60 Installation Guide 01-28008-0018-20050128 57 3 Configure other modem settings as required. See “Configuring modem settings” on page 5 7 . Make sure there is correct info rmation in one or more Dialup Accounts. 4 Configure firewall policies for conn ections to the mode m in[...]

  • Страница 58

    58 01-28008-0018-2005012 8 Fortinet Inc. Connecting and disconnecting the modem in Stand alone mode Configuring the modem interface Y ou can configure and use the modem in NA T/Route mode only . T o configure modem settings 1 Go to System > Network > Modem . 2 Select Enable Modem. 3 Change any of the followin g dialup connection settin gs: 4 [...]

  • Страница 59

    Configuri ng the modem interface Defining a Ping Server FortiGate-60 Installation Guide 01-28008-0018-20050128 59 5 Select Dial Now . The FortiGate unit initiates dialing into ea ch dialup acco unt in turn until the modem connect s to an ISP . Modem status is one of the following: A green check mark indicates the active dialup account. The IP addre[...]

  • Страница 60

    60 01-28008-0018-2005012 8 Fortinet Inc. Adding firewall policies for modem conn ections Configuring the modem interface 3 For Fail-over Detection, type a number of times that th e connec tion test fails before the FortiGate unit assumes that t he gateway is no longer function ing. 4 Select Apply . Adding firewall policies for modem connections The[...]

  • Страница 61

    FortiGate-60 Installation Guide 01-28008-0018-20050128 61 FortiGate-60 Inst allation Guide V ersion 2.80 MR8 Index A auto-dial 57 C CLI 6 configuring IP addresses 41 configuring NAT/Route mode 30 connecting to 17 cluster connecting 51, 53 command line interface 6 configuring redundant mode 55 configuring standalone mode 56 connect cluster 51, 53 co[...]

  • Страница 62

    62 01-28008-0018-2005012 8 Fortinet Inc. Index S set time 37, 45 setup wizard 28, 32, 40, 43 starting 2 9, 34, 40, 43 standalone mode configuring 56 modem 55, 56 starting I P DHCP 20 synchronize with NTP server 37, 45 T technical support 10 time zone 37, 45 Transparen t mode changing to 41 configuring the defa ult gateway 42 management IP address 4[...]