Fortinet 800F инструкция обслуживания

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

Идти на страницу of

Хорошее руководство по эксплуатации

Законодательство обязывает продавца передать покупателю, вместе с товаром, руководство по эксплуатации Fortinet 800F. Отсутствие инструкции либо неправильная информация, переданная потребителю, составляют основание для рекламации в связи с несоответствием устройства с договором. В законодательстве допускается предоставлении руководства в другой, чем бумажная форме, что, в последнее время, часто используется, предоставляя графическую или электронную форму инструкции Fortinet 800F или обучающее видео для пользователей. Условием остается четкая и понятная форма.

Что такое руководство?

Слово происходит от латинского "instructio", тоесть привести в порядок. Следовательно в инструкции Fortinet 800F можно найти описание этапов поведения. Цель инструкции заключается в облегчении запуска, использования оборудования либо выполнения определенной деятельности. Инструкция является набором информации о предмете/услуге, подсказкой.

К сожалению немного пользователей находит время для чтения инструкций Fortinet 800F, и хорошая инструкция позволяет не только узнать ряд дополнительных функций приобретенного устройства, но и позволяет избежать возникновения большинства поломок.

Из чего должно состоять идеальное руководство по эксплуатации?

Прежде всего в инструкции Fortinet 800F должна находится:
- информация относительно технических данных устройства Fortinet 800F
- название производителя и год производства оборудования Fortinet 800F
- правила обслуживания, настройки и ухода за оборудованием Fortinet 800F
- знаки безопасности и сертификаты, подтверждающие соответствие стандартам

Почему мы не читаем инструкций?

Как правило из-за нехватки времени и уверенности в отдельных функциональностях приобретенных устройств. К сожалению само подсоединение и запуск Fortinet 800F это слишком мало. Инструкция заключает ряд отдельных указаний, касающихся функциональности, принципов безопасности, способов ухода (даже то, какие средства стоит использовать), возможных поломок Fortinet 800F и способов решения проблем, возникающих во время использования. И наконец то, в инструкции можно найти адресные данные сайта Fortinet, в случае отсутствия эффективности предлагаемых решений. Сейчас очень большой популярностью пользуются инструкции в форме интересных анимаций или видео материалов, которое лучше, чем брошюра воспринимаются пользователем. Такой вид инструкции позволяет пользователю просмотреть весь фильм, не пропуская спецификацию и сложные технические описания Fortinet 800F, как это часто бывает в случае бумажной версии.

Почему стоит читать инструкции?

Прежде всего здесь мы найдем ответы касательно конструкции, возможностей устройства Fortinet 800F, использования отдельных аксессуаров и ряд информации, позволяющей вполне использовать все функции и упрощения.

После удачной покупки оборудования/устройства стоит посвятить несколько минут для ознакомления с каждой частью инструкции Fortinet 800F. Сейчас их старательно готовят или переводят, чтобы они были не только понятными для пользователя, но и чтобы выполняли свою основную информационно-поддерживающую функцию.

Содержание руководства

  • Страница 1

    FortiGate 800/800F Installation Guide Esc Enter CONSOLE INTERNAL EXTERNAL DMZ H A 1 2 3 4 USB 800F PWR Esc Enter CONSOLE INTERNAL EXTERNAL DMZ HA 123 4 USB 8 PWR F or tiGate-800F F or tiGate-800 Ve r s i o n 2 . 8 0 M R 6 26 October 2004 01-28006-00 24-20041026[...]

  • Страница 2

    © Copyright 2004 Fortine t Inc. All rights reserved. No part of this publication incl uding text, examples , diagrams or illustrations may be reproduced, transmitted, or translated in any form or by an y means, electro nic, mechanical, manual, optical or otherwise, for any purpose, without prio r written permiss ion of Fortinet Inc. FortiGate-800/[...]

  • Страница 3

    Contents FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 3 Table of Contents Introduction ............. .............................. ........................................................ ......... 5 Secure installation, configurat ion, and management ................ ................... ................... .... 5 Web-based manag[...]

  • Страница 4

    Contents 4 01-28006-0024-2004102 6 Fortinet Inc. Using the setup wizard............. ................... .................... ................ ................... ............... 34 Starting the setup wizard .................. ................... .................... ................... .................. 35 Connecting the FortiGate unit to the net[...]

  • Страница 5

    FortiGate-800/800F Inst allati on Guide V ersion 2.80 MR6 FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 5 Introduction FortiGate A ntivirus Firewalls improve netwo rk security , reduc e network misu se and abuse, and help you use communication s resources more efficiently without compromising the performance of yo ur netw ork. Fort[...]

  • Страница 6

    6 01-28006-0024-2004102 6 Fortinet Inc. Web-based manage r Introduction The CLI or the web-based manager can then be used to complete configuration and to perform maintenance and administration. Web-based manager Using HTTP or a secure HTTPS connection from any co mputer running Internet Explorer , you can configure and manage th e FortiGate unit. [...]

  • Страница 7

    Introduction Setup wizard FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 7 Setup wizard The FortiGate setup wizard p rovides an easy way to configure the b asic initial settings for the FortiGate unit. Th e wizard walks through the con figuration of a new administrato r password, FortiGat e interfaces, D HCP server se ttings, intern[...]

  • Страница 8

    8 01-28006-0024-2004102 6 Fortinet Inc. Setup wizard Introduction set allowaccess {ping https ssh snmp http telnet} Y ou can enter an y of the following: set allowaccess ping set allowaccess ping https ssh set allowaccess https ping ssh set allowaccess snmp In most ca ses to make cha n ges to lists that contain options se parated by sp aces, you ne[...]

  • Страница 9

    Introduction FortiManager documentation FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 9 Related document ation Additional info rmation about Fortinet produc t s is available from the following related documentation . FortiManager documentation • FortiManager QuickS tart Guide Explains how to inst all the FortiManager Console , se[...]

  • Страница 10

    10 01-28006-0024-2004102 6 Fortinet Inc. FortiLog documentation Introduction FortiLog documentation • FortiLog Administration Guide Describes how to install and configure a FortiLog unit to collect FortiGa te and FortiMail log files. It also describes how to view FortiGate and FortiMail log files, generate and view log report s, and use the Forti[...]

  • Страница 11

    Introduction Comments on Fortine t technical documenta tion FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 11 Customer service and technical support For antiviru s and attack defi nition up dates, firmware updates, updated product documentation , technical support informatio n, and other r esources, please visit the Fortinet technic[...]

  • Страница 12

    12 01-28006-0024-2004102 6 Fortinet Inc. Comments on Fortinet technica l docume ntation Introduction[...]

  • Страница 13

    FortiGate-800/800F Inst allati on Guide V ersion 2.80 MR6 FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 13 Getting st arted This section describes unp acking, setting up, and powering on a For tiGate Antivirus Firewall unit. This section includes: • Package content s • Mounting • T u rning the F ortiGate unit power on and off[...]

  • Страница 14

    14 01-28006-0024-2004102 6 Fortinet Inc. Getting started Package content s The FortiGate-800 an d FortiGate-800F packa ge contains the following items: • FortiGate-800 or FortiGate-80 0F Antivirus Firewall • one orange crossover ethernet cable (F ortinet part number CC300248) • one grey regular ethernet cable (Fortin et part number CC300249) [...]

  • Страница 15

    Getting started FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 15 Mounting The FortiGate-800/8 00F unit can be mounte d in a standa rd 19-inch rack. It requires 1 U of vertical space in the rack. The FortiGate-800/8 00F unit can also be inst alled as a free-standing a ppliance on any stable surface. Dimensions • 16.75 x 12 x 1.75 [...]

  • Страница 16

    16 01-28006-0024-2004102 6 Fortinet Inc. Getting started T urning the FortiGate unit power on and off T a ble 2: FortiGate- 800F LED in dicators T o power off the FortiGate unit Always shut down the FortiGate operatin g system properly bef ore turning off the power switch. 1 From the web-ba sed manager , go to System > Maintenance > ShutDown [...]

  • Страница 17

    Getting started FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 17 T o connect to the web-based manager, you need: • a computer with an ethernet connection, • Internet Explorer version 6.0 or higher , • a crossover cable or an etherne t hub and two ethernet cable s. T o connect to the web-based manager 1 Set the IP address of t[...]

  • Страница 18

    18 01-28006-0024-2004102 6 Fortinet Inc. Getting started T o connect to the CLI 1 Connect the serial cable to the communication s port of your computer and to the FortiGate Console port. Use the RJ-45 to DB-9 conver tor if your PC communications port re quires a DB-9 connector . 2 Make sure that the FortiGa te unit is powered on. 3 S tart HyperT er[...]

  • Страница 19

    Getting started Factory default NAT/Route mod e network configuration FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 19 Factory default FortiGate configuration settings The FortiGate unit is shipped with a fa ct ory default co nfiguration. T he default configuration allows you to connect to and use the FortiGa te web-based manager t[...]

  • Страница 20

    20 01-28006-0024-2004102 6 Fortinet Inc. Factory default Transpar ent mode network configuration Getting started Factory default Transparent mode network configuration In T ransparent mode, th e FortiGate unit has the default network configurat ion listed in Ta b l e 4 . HA interface IP: 0.0.0.0 Netmask: 0.0.0.0 Administrative Access: Ping Port 1 I[...]

  • Страница 21

    Getting started Factory default firewall configurati on FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 21 Factory default firewall configuration FortiGate firewall policies cont rol how all traf fic is processed by the FortiGate unit. Until firewall p olicies are added , no traffic can be ac cepted by or pass th rough the FortiGate [...]

  • Страница 22

    22 01-28006-0024-2004102 6 Fortinet Inc. Factory default protection profiles Getting started Using protection profiles, you can build pr ot ection configurations that can be applied to different types of firewall policies. This allows you to customize types and levels of protection for dif ferent firewall policies. For example, while traf fic betwe[...]

  • Страница 23

    Getting started NAT/Route mode FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 23 Planning the FortiGate configuration Before you configure the F ortiGate unit, you need to plan how to integrate the unit into the network. Amo ng other things, yo u must decide whethe r you want the unit to be visible to the network, which firewall fun[...]

  • Страница 24

    24 01-28006-0024-2004102 6 Fortinet Inc. NAT/Route mode with multiple external network connecti ons Getting started NAT/Route mode with multiple external network connections In NA T/Route mode, you can configure th e FortiGate u nit with multiple redundant connections to the external networ k (usually the Intern et). For example, you could create t[...]

  • Страница 25

    Getting started Configuration options FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 25 Figure 8: Example T ra nsp arent mode networ k configuration Y ou can connect up to 8 network segment s to the FortiGate unit to control traffic between these network segment s. • External can connect to the external firewall or router . • In[...]

  • Страница 26

    26 01-28006-0024-2004102 6 Fortinet Inc. Configuration opti ons Getting started If you are configuring the FortiGate unit to operate in Tr ansparent mode, you can use the front k eypad and LCD to s witch to Transparent mode. Then you can add t he management IP addr ess and default gateway . If you are configuring the FortiGate unit to operate in Tr[...]

  • Страница 27

    FortiGate-800/800F Inst allati on Guide V ersion 2.80 MR6 FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 27 NA T/Route mode inst allation This chapter describes how to install the FortiGate un it in NA T/Route mode. For information about installing a FortiGate unit in T ransparent mode, see “T ransp arent mode inst allation” on [...]

  • Страница 28

    28 01-28006-0024-2004102 6 Fortinet Inc. DHCP or PPPoE confi guration NAT/Route mode installati on DHCP or PPPoE configuration Y ou can configure any FortiGate interface to acquire it s IP address from a DHCP or PPPoE server . Y our ISP may provide IP add resses using one of these protocols. T o use the FortiGate DHCP server , you need to configure[...]

  • Страница 29

    NAT/Route mode installation Configuring basic settings FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 29 PPPoE requires you to supp ly a user name and pass word. In addition, PPPoE unnumbered configu rations require you to supply an IP address. Use T able 7 to record the information you requi re for your PPPo E configuration. Using [...]

  • Страница 30

    30 01-28006-0024-2004102 6 Fortinet Inc. Configuring basic settin gs NAT/Route mode installati on T o configure DNS server settin gs 1 Go to System > Network > DNS . 2 Enter the IP address of the primary DNS se rver . 3 Enter the IP address of the secondary DNS server . 4 Select OK. T o add a default route Add a default route to configure wh [...]

  • Страница 31

    NAT/Route mode installation Configuring the Fo rtiGate unit to oper ate in NAT/Route mode FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 31 2 Use the up and down arrows to hi ghlight the name of the interface to change and press Enter . 3 Press Enter for IP address. 4 Use the up and down arrow keys to increase or decrea se the value[...]

  • Страница 32

    32 01-28006-0024-2004102 6 Fortinet Inc. Configur ing the FortiGat e unit to operate in NAT /Route mode NAT/Rout e mode installat ion config system admin edit admin set password <psswrd> end T o configure interfaces 1 Log in to the CLI. 2 Set the IP address and netmask of the internal interface to the internal IP address and netmask that you [...]

  • Страница 33

    NAT/Route mode installation Configuring the Fo rtiGate unit to oper ate in NAT/Route mode FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 33 config system external edit external set mode static set ip <address_ip> <netmask> end Example config system external edit external set mode static set ip <204.23.1.5> <255.[...]

  • Страница 34

    34 01-28006-0024-2004102 6 Fortinet Inc. Configur ing the FortiGat e unit to operate in NAT /Route mode NAT/Rout e mode installat ion T o add a default route Add a default route to configure wh ere the FortiGate unit sends traf fic that should be sent to an external netwo r k (usually the Internet). A dding the default route also defines which inte[...]

  • Страница 35

    NAT/Route mode installati on Starting the setup wizard FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 35 Starting the setup wizard 1 In the web-based manager, sele ct Easy Setup Wizard. Figure 9: Select the Easy Setup W izard 2 Follow the instructions on th e wizard pages and use the in formation that you gathered in T a ble 6 on pa[...]

  • Страница 36

    36 01-28006-0024-2004102 6 Fortinet Inc. Starting the setup wizard NAT/Route mode installati on Y ou are now finished the initial c onfiguration of the FortiGate unit. Connecting the FortiGate unit to the network(s) After you co mplete the initial configu ration, you can connect the FortiGate unit between the internal networ k and the Internet. Y o[...]

  • Страница 37

    NAT/Route mode installati on Starting the setup wizard FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 37 T o connect the FortiGate unit running in NA T/Route mode 1 Connect the Internal interfac e to the hub or switch connected to the internal network. 2 Connect the External interface to your public switch or ro uter . 3 Optionally [...]

  • Страница 38

    38 01-28006-0024-2004102 6 Fortinet Inc. Starting the setup wizard NAT/Route mode installati on 2 Repeat for all user-defined inter faces that you have configured. The example in Figure 1 1 shows an intern al network connected to user-defined interface 1 and an externa l network c onnected to user-defined interfa ce 4. Figure 1 1: Example FortiGate[...]

  • Страница 39

    NAT/Route mode installati on Starting the setup wizard FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 39 In standalone m ode, the mo dem interf ace is the c onnection fro m the FortiG ate unit to the Internet. When connect ing to the IS P , in either conf iguration, the F ortiGate unit m odem can automatica lly dial up to thr ee dia[...]

  • Страница 40

    40 01-28006-0024-2004102 6 Fortinet Inc. Starting the setup wizard NAT/Route mode installati on T o register , enter your contact informatio n and the serial numbers of the FortiGate units that you or your or ganization have purchased. Y ou can register multiple FortiGate units in a single session without re-entering your contact inform ation. T o [...]

  • Страница 41

    FortiGate-800/800F Inst allati on Guide V ersion 2.80 MR6 FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 41 T r ansp arent mode inst allation This chapter de scribes how to insta ll a FortiGate unit in T ransparent mode . If you want to install the FortiGate un it in NA T/Ro ute m ode, see “NA T/Route mode installa tion” on pag [...]

  • Страница 42

    42 01-28006-0024-2004102 6 Fortinet Inc. Transparen t mode installatio n Using the web-based manager Y ou can use the web-based manager to complete the initial configuration of the FortiGate unit. Y ou can continue to use the web-based mana ger for all FortiGate unit settings. For information about co nnecting to the web-based man ager, see “Conn[...]

  • Страница 43

    Transparent mode installatio n Reco nnecting to the web-based manager FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 43 2 Enter the IP address of the primary DNS se rver . 3 Enter the IP address of the secondary DNS server . 4 Select OK. T o configure the default gateway 1 Go to System > Network > Management . 2 Set Default Ga[...]

  • Страница 44

    44 01-28006-0024-2004102 6 Fortinet Inc. Reconnecting to the web-based manager Transparent mode installation T o add a default gateway 1 Press Enter to display the option list. 2 Use the down arrow to highl ight Default Gateway . 3 Press Enter and set the default gatewa y . 4 After you set the last digit of the default gateway , press Enter . 5 Pre[...]

  • Страница 45

    Transparent mode installatio n Reco nnecting to the web-based manager FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 45 config system manageip set ip 10.10.10.2 255.255.255.0 end 3 Confirm that the addre ss is correct. Enter: get system manageip The CLI lists the managemen t IP address and netmask. T o configure DNS server settin gs[...]

  • Страница 46

    46 01-28006-0024-2004102 6 Fortinet Inc. Reconnecting to the web-based manager Transparent mode installation The first tim e you connec t to the Fort iGate un it, it is configured to run in NA T/Route mode. T o switch to T ranspare nt mode using the web-based manag er 1 Go to System > S t atus . 2 Select Change beside the Operation Mode. 3 Selec[...]

  • Страница 47

    Transparent mode installatio n Reco nnecting to the web-based manager FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 47 There are 4 10/1 00 Base-TX connectors on the FortiGate-8 00: • user-defined interfaces 1 to 4 for connecti ng up to four additional networks to the FortiGate un it. FortiGate-800F There are 4 LC-SFP 1000 Base-SX[...]

  • Страница 48

    48 01-28006-0024-2004102 6 Fortinet Inc. Reconnecting to the web-based manager Transparent mode installation Figure 12: FortiGate-800/800F T r ansp arent mode connectio ns Next step s Y ou can use the following information to co nfigure FortiGat e system time, to register the FortiGate unit, and to configure ant ivirus and att ack definition update[...]

  • Страница 49

    Transparent mode installatio n Reco nnecting to the web-based manager FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 49 5 Select Set T ime and set the FortiGate system date and time. 6 Set the hour , minute, second, month, day , and year as required. 7 Select Apply . T o use NTP to set the FortiGate date and time 1 Go to System >[...]

  • Страница 50

    50 01-28006-0024-2004102 6 Fortinet Inc. Reconnecting to the web-based manager Transparent mode installation[...]

  • Страница 51

    FortiGate-800/800F Inst allati on Guide V ersion 2.80 MR6 FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 51 High availability inst allation This chapter describes how to install two or more FortiGate units in an HA cluster . HA installation involves three basic steps: • Configuring FortiGate un its for HA operation • Connecting [...]

  • Страница 52

    52 01-28006-0024-2004102 6 Fortinet Inc. High availability configuration se ttings High availability installation T a ble 10: High availability settings Mode Active-Active Load balancing and failo ve r HA. Each FortiGate unit in the HA cluster actively processes co nnections and monitors the statu s of the other FortiGat e units in the clu ster . T[...]

  • Страница 53

    High availability installation Configuring Fort iGate units for HA usi ng the web-based manager FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 53 Configuring FortiGate units for HA using the web-based manager Use the followin g procedure to configure e ach FortiGat e unit for HA op eration. T o change the FortiGate unit host name Ch[...]

  • Страница 54

    54 01-28006-0024-2004102 6 Fortinet Inc. Configuring FortiGate units for HA usin g the CLI High availability installati on T o configure a FortiGate unit for HA operation 1 Go to System > Config > HA . 2 Select High Availability . 3 Select the mode. 4 Select a Group ID for the HA cluster . 5 If required, change the Unit Priority . 6 If requir[...]

  • Страница 55

    High availability installation Configuring FortiGate units for HA using the CLI FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 55 T o configure the FortiGate unit for HA operation 1 Configure HA settings. Use the following command to: • Set the HA mode • Set the Group ID • Change the unit priority • Enab le override mast er [...]

  • Страница 56

    56 01-28006-0024-2004102 6 Fortinet Inc. Configuring FortiGate units for HA usin g the CLI High availability installati on Inserting an HA cluster into your networ k temporarily interrupt s communications on the network because new ph ysical connectio ns are being made to ro ute traffic throug h the cluster . Also, starting th e cluster in terrupts[...]

  • Страница 57

    High availability installation Configuring FortiGate units for HA using the CLI FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 57 Figure 13: HA network confi guration 2 Power on all the FortiGat e units in the cluster . As the units st art, they negotiate to choose the primary cluster un it and the subordinat e units. This negotiati[...]

  • Страница 58

    58 01-28006-0024-2004102 6 Fortinet Inc. Configuring FortiGate units for HA usin g the CLI High availability installati on The configurations of all of the FortiGate uni ts in the cluster are synchronized so that the FortiGate units can functi on as a cluster . Because of th is synchron ization, you configure and m anage the HA cluste r instead of [...]

  • Страница 59

    FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 59 FortiGate-800/800F Inst allati on Guide V ersion 2.80 MR6 Index C CLI 6 configuring IP addresses 44 configuring NAT/Route mode 31 connecting to 17 cluster connecting 55, 57 command line interface 6 connect cluster 55, 57 connecting to network 36 , 46 web-based manager 16 customer ser[...]

  • Страница 60

    60 01-28006-0024-2004102 6 Fortinet Inc. Index[...]