Page 2 - Trademarks
FortiGate-3600A Install Guide FortiOS 3.0 MR618 March 200801-30006-0457-20080318 © Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic,...
Page 3 - Contents
Contents FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 3 Contents Introduction ........................................................................................ 7 Register your FortiGate unit ............................................................................. 7...
Page 7 - Introduction; Register your FortiGate unit
Introduction Register your FortiGate unit FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 7 Introduction Welcome and thank you for selecting Fortinet products for your real-time network protection. The FortiGate Unified Threat Management System improves network security, reduces ...
Page 8 - About this document
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 8 01-30006-0457-20080318 About the FortiGate-3600A Introduction About the FortiGate-3600A The FortiGate-3600A multi-threat security appliance establishes a new level of price-performance and flexibility for multi-gigabit capacity network security systems...
Page 9 - Document conventions; Typographic conventions; Further Reading
Introduction Further Reading FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 9 Document conventions The following document conventions are used in this guide: • In the examples, private IP addresses are used for both private and public IP addresses. • Notes and Cautions are used ...
Page 10 - Fortinet Knowledge Center
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 10 01-30006-0457-20080318 Further Reading Introduction • FortiGate online help Provides a context-sensitive and searchable version of the Administration Guide in HTML format. You can access online help from the web-based manager as you work. • FortiGate ...
Page 11 - Customer service and technical support
Introduction Customer service and technical support FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 11 Customer service and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and opera...
Page 13 - Environmental specifications
Installing Environmental specifications FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 13 Installing This chapter describes installing your FortiGate unit in your server room, environmental specifications and how to mount the FortiGate in a rack if applicable. This chapter conta...
Page 14 - Cautions and warnings; Grounding; Elevated Operating Ambient; Mounting
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 14 01-30006-0457-20080318 Cautions and warnings Installing • Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. • Consult the dealer or an experienced radio/TV technician for help. The equipment comp...
Page 15 - To install the FortiGate unit into a rack
Installing Cautions and warnings FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 15 When placing the FortiGate unit on any flat, stable surface, ensure the unit has at least 1.5 inches (3.75 cm) of clearance on each side to ensure adequate airflow for cooling. For rack mounting, ...
Page 16 - Plugging in the FortiGate; To power on the FortiGate unit
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 16 01-30006-0457-20080318 Plugging in the FortiGate Installing The following photos illustrate how the mounting brackets and FortiGate unit should be attached to the rack. Figure 2: Mounting in a rack Plugging in the FortiGate The FortiGate unit does not...
Page 17 - Connecting to the network; Turning off the FortiGate unit; To power off the FortiGate unit
Installing Turning off the FortiGate unit FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 17 Connecting to the network Using the supplied Ethernet cable, connect one end of the cable to your router or modem, whatever the connection is to the Internet. Connect the other end to the...
Page 19 - Configuring; NAT vs. Transparent mode; NAT mode
Configuring NAT vs. Transparent mode FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 19 Configuring This section provides an overview of the operating modes of the FortiGate unit, NAT/Route and Transparent, and how to configure the FortiGate unit for each mode. There are two ways...
Page 20 - Transparent mode; Connecting to the FortiGate unit; Connecting to the web-based manager; To connect to the web-based manager
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 20 01-30006-0457-20080318 Connecting to the FortiGate unit Configuring Transparent mode In Transparent mode, the FortiGate unit is invisible to the network. Similar to a network bridge, all FortiGate interfaces must be on the same subnet. You only have t...
Page 21 - Connecting to the CLI; To connect to the CLI
Configuring Connecting to the FortiGate unit FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 21 To support a secure HTTPS authentication method, the FortiGate unit ships with a self-signed security certificate, which is offered to remote clients whenever they initiate a HTTPS con...
Page 22 - Configuring NAT mode; Using the web-based manager; Configure the interfaces; To configure interfaces
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 22 01-30006-0457-20080318 Configuring NAT mode Configuring Configuring NAT mode Configuring NAT mode involves defining interface addresses and default routes, and simple firewall policies. You can use the web-based manager or the CLI to configure the For...
Page 23 - Configure a DNS server; To configure DNS server settings; Adding a default route and gateway
Configuring Configuring NAT mode FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 23 4 Select OK. 5 Repeat this procedure for each interface as required. Configure a DNS server A DNS server is a service that converts symbolic node names to IP addresses. A domain name server (DNS s...
Page 24 - To modify the default gateway; Adding firewall policies; To add an outgoing traffic firewall policy
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 24 01-30006-0457-20080318 Configuring NAT mode Configuring For an initial configuration, you must edit the factory configured static default route to specify a different default gateway for the FortiGate unit. This will enable the flow of data through th...
Page 25 - Using the CLI; To set an interface to use a static address; To set an interface to use DHCP addressing
Configuring Configuring NAT mode FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 25 3 Set the following and select OK. Firewall policy configuration is the same in NAT/Route mode and Transparent mode. Note that these policies allow all traffic through. No protection profiles have...
Page 26 - To set an interface to use PPPoE addressing
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 26 01-30006-0457-20080318 Configuring NAT mode Configuring To set an interface to use PPPoE addressing config system interface edit external set mode pppoeset username <name_str>set password <psswrd>set ipunnumbered <ip_address>set disc...
Page 27 - Configuring Transparent mode
Configuring Configuring Transparent mode FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 27 For an initial configuration, you must edit the factory configured static default route to specify a different default gateway for the FortiGate unit. This will enable the flow of data thr...
Page 28 - Switching to Transparent mode; To switch to Transparent mode
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 28 01-30006-0457-20080318 Configuring Transparent mode Configuring Using the web-based manager After connecting to the web-based manager, you can use the following procedures to complete the basic configuration of the FortiGate unit. Ensure you read the ...
Page 29 - To add an incoming traffic firewall policy
Configuring Configuring Transparent mode FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 29 To add an outgoing traffic firewall policy 1 Go to Firewall > Policy . 2 Select Create New. 3 Set the following and select OK. To add an incoming traffic firewall policy 1 Go to Firewal...
Page 31 - Verify the configuration; To back up the FortiGate configuration
Configuring Verify the configuration FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 31 Verify the configuration Your FortiGate unit is now configured and connected to the network. To verify the FortiGate unit is connected and configured correctly, use your web browser to browse ...
Page 32 - Restoring a configuration; To restore the FortiGate configuration; Additional configuration; Set the time and date; To set the date and time; Set the Administrator password
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 32 01-30006-0457-20080318 Restoring a configuration Configuring Restoring a configuration Should you need to restore the configuration file, use the following steps. To restore the FortiGate configuration 1 Go to System > Maintenance > Backup &...
Page 33 - To change the administrator password; Configure FortiGuard; Updating antivirus and IPS signatures; To update antivirus definitions and IPS signatures
Configuring Additional configuration FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 33 To change the administrator password 1 Go to System > Admin > Administrators . 2 Select Change Password and enter a new password. 3 Select OK. Alternatively, you can also add new adminis...
Page 35 - Advanced configuration; Protection profiles
Advanced configuration Protection profiles FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 35 Advanced configuration The FortiGate unit and the FortiOS operating system provide a wide range of features that enable you to control network and internet traffic and protect your netwo...
Page 36 - Protection Profile; Firewall policies
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 36 01-30006-0457-20080318 Firewall policies Advanced configuration The best way to begin creating your own protection profile is to open a predefined profile. This way you can see how a profile is set up, and then modify it suit your requirements. You ac...
Page 37 - Configuring firewall policies; source and destination Interface/Zone; Antivirus options
Advanced configuration Antivirus options FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 37 Configuring firewall policies To add or edit a firewall policy go to Firewall > Policy and select Edit on an existing policy, or select Create New to add a policy. The source and destin...
Page 38 - Filter; AntiSpam options
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 38 01-30006-0457-20080318 AntiSpam options Advanced configuration • Grayware - These are unsolicited commercial software programs that are installed on computers, often without the user's consent or knowledge. Grayware programs are generally considered a...
Page 39 - Antispam > Banned Word; Web filtering; Firewall > Protection Profile
Advanced configuration Web filtering FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 39 Banned word lists are specific words that may be typically found in email. The FortiGate unit searches for words or patterns in email messages. If matches are found, values assigned to the wor...
Page 40 - Web Filter > Content Block; Web Filter > URL Filter; Logging
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 40 01-30006-0457-20080318 Logging Advanced configuration To configure content blocking, go to Web Filter > Content Block . URL filter enables you to control additional web sites that you can block or allow. This enables you greater control over certai...
Page 41 - AMC modules; Installing AMC filler units; To install the filler module; Installing modules
AMC modules Installing AMC filler units FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 41 AMC modules FortiGate AMC modules enable you to expand your FortiGate unit and network environment. These modules enable you to provide small packet performance though optical or copper tra...
Page 42 - To insert a module into a FortiGate chassis; Removing modules; To remove a module; Using the AMC modules; Hard disk module
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 42 01-30006-0457-20080318 Removing modules AMC modules To insert a module into a FortiGate chassis 1 Ensure the FortiGate unit is powered off before proceeding. 2 Remove the panel block on the FortiGate unit using the hot swap latch. 3 Pull the latch on ...
Page 43 - Formatting the hard disk; To format the ASM-S08 hard disk enter the following command:; Log configuration using the web-based manager; To configure logging to the disk module from the web-based manager
AMC modules Using the AMC modules FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 43 Formatting the hard disk When you first install the ASM-S08 in the FortiGate unit, the hard disk may not be formatted. This will result in an error in the console when starting up the FortiGate u...
Page 44 - Log configuration using the CLI; Viewing logs; Changing interfaces to operate in SGMII or SerDes mode
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 44 01-30006-0457-20080318 Using the AMC modules AMC modules Log configuration using the CLI Configure the FortiGate unit to log to the ASM-S08 using the CLI within the FortiAnalyzer command config log disk setting enable . For details on log configuratio...
Page 46 - Configure the speed
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 46 01-30006-0457-20080318 Using the AMC modules AMC modules To change the media type for the proper transceiver, enter the following CLI command: config system interface edit <interface_number>set mediatype <sgmii-sfp | serdes-sfp> end For ex...
Page 47 - FortiGate Firmware; Downloading firmware; To download firmware; Firmware Images > FortiGate; Upgrading the firmware
FortiGate Firmware Downloading firmware FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 47 FortiGate Firmware Fortinet periodically updates the FortiGate firmware to include new features and address issues. After you have registered your FortiGate unit, you can download FortiGate...
Page 48 - To upgrade the firmware; Reverting to a previous version; To revert to a previous firmware version
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 48 01-30006-0457-20080318 Using the web-based manager FortiGate Firmware To upgrade the firmware 1 Download the firmware image file to your management computer. 2 Log into the web-based manager as the admin administrative user. 3 Go to System > Status...
Page 49 - Backup and Restore from a USB key
FortiGate Firmware Using the web-based manager FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 49 Backup and Restore from a USB key Use a USB key to either backup a configuration file or restore a configuration file. You should always make sure a USB key is properly install befor...
Page 50 - To upgrade the firmware using the CLI
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 50 01-30006-0457-20080318 Using the CLI FortiGate Firmware Using the CLI Installing firmware replaces your current antivirus and attack definitions, along with the definitions included with the firmware release you are installing. After you install new f...
Page 51 - To revert to a previous firmware version using the CLI
FortiGate Firmware Using the CLI FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 51 Reverting to a previous version This procedure reverts the FortiGate unit to its factory default configuration and deletes IPS custom signatures, web content lists, email filtering lists, and chan...
Page 52 - Installing firmware from a system reboot using the CLI; To install firmware from a system reboot
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 52 01-30006-0457-20080318 Installing firmware from a system reboot using the CLI FortiGate Firmware The FortiGate unit uploads the firmware image file. After the file uploads, a message similar to the following appears: Get image from tftp server OK.Chec...
Page 54 - Restoring the previous configuration; To backup configuration using the CLI; To restore configuration using the CLI; Using the USB Auto-Install
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 54 01-30006-0457-20080318 Installing firmware from a system reboot using the CLI FortiGate Firmware 12 Type D . The FortiGate unit installs the new firmware image and restarts. The installation might take a few minutes to complete. Restoring the previous...
Page 55 - To configure the USB Auto-Install using the CLI; Additional CLI Commands for a USB key; Testing new firmware before installing
FortiGate Firmware Testing new firmware before installing FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 55 To configure the USB Auto-Install using the CLI 1 Log into the CLI. 2 Enter the following command: config system auto-install set default-config-file <filename>set a...
Page 56 - To test the new firmware image
FortiGate-3600A FortiOS 3.0 MR6 Install Guide 56 01-30006-0457-20080318 Testing new firmware before installing FortiGate Firmware To test the new firmware image 1 Connect to the CLI using a RJ-45 to DB-9 or null modem cable. 2 Make sure the TFTP server is running. 3 Copy the new firmware image file ...
Page 59 - Index
Index FortiGate-3600A FortiOS 3.0 MR6 Install Guide01-30006-0457-20080318 59 Index A adding a default route 23, 26additional resources 9admin password 32air flow 13ambient temperature 13antispam options 38antivirus options 37auto-install 49auto-install from CLI 54 B backing up 31 C certificate, secu...
Fortinet 1000A-LENC
Manual
Fortinet ADM-FB8
Manual
Fortinet 224B
Manual
Fortinet 3810A-LENC
Manual
Fortinet 05DS693
Manual
Fortinet 2 SXRC
Manual
Fortinet 2002F
Manual
Fortinet 3016B
Manual
Fortinet ASM-CE4
Manual
Fortinet FortiDB-400B
Manual
Fortinet KS13
Manual
Fortinet FortiLog-800
Manual
Fortinet 400
Manual
Fortinet FortiDB-1000B
Manual
Fortinet ASM-FX2
Manual
Fortinet IPS
Manual