Page 2 - Trademarks
FortiGate-310B Install Guide FortiOS 3.0 MR615 August 200801-30006-0472-20080815 © Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic,...
Page 3 - Contents
Contents FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 3 Contents Register your FortiGate unit ............................................................................. 7 About the FortiGate-310B ..................................................................................
Page 7 - Introduction; Register your FortiGate unit
Introduction Register your FortiGate unit FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 7 Introduction Welcome and thank you for selecting Fortinet products for your real-time network protection. The FortiGate Unified Threat Management System improves network security, reduces n...
Page 8 - About the FortiGate-310B; LACP configuration; About this document
FortiGate-310B FortiOS 3.0 MR6 Install Guide 8 01-30006-0472-20080815 About the FortiGate-310B Introduction About the FortiGate-310B The FortiGate-310B is designed to raise the expectations of mid-range security devices. Incorporating FortiASIC network processors for firewall/VPN acceleration and th...
Page 9 - Document conventions; Further Reading
Introduction Further Reading FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 9 • FortiGate Firmware – Describes how to install, update, restore and test firmware for the FortiGate device. • AMC modules – Describes inserting, removing and using Fortinet AMC single- width modules in...
Page 10 - Fortinet Knowledge Center
FortiGate-310B FortiOS 3.0 MR6 Install Guide 10 01-30006-0472-20080815 Further Reading Introduction • FortiGate Administration Guide Provides basic information about how to configure a FortiGate unit, including how to define FortiGate protection profiles and firewall policies; how to apply intrusion...
Page 11 - Comments on Fortinet technical documentation; Customer service and technical support
Introduction Customer service and technical support FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 11 Comments on Fortinet technical documentation Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet....
Page 13 - Installing; Environmental specifications
Installing Environmental specifications FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 13 Installing This chapter describes installing your FortiGate unit in your server room, environmental specifications and how to mount the FortiGate in a rack if applicable. This chapter contai...
Page 14 - Cautions and warnings; Grounding; Elevated Operating Ambient; Mounting
FortiGate-310B FortiOS 3.0 MR6 Install Guide 14 01-30006-0472-20080815 Cautions and warnings Installing • Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. • Consult the dealer or an experienced radio/TV technician for help. The equipment compl...
Page 15 - To install the FortiGate unit into a rack
Installing Cautions and warnings FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 15 When placing the FortiGate unit on any flat, stable surface, ensure the unit has at least 1.5 inches (3.75 cm) of clearance on each side to ensure adequate airflow for cooling. For rack mounting, u...
Page 16 - Plugging in the FortiGate; To power on the FortiGate unit; Connecting to the network; Turning off the FortiGate unit; To power off the FortiGate unit
FortiGate-310B FortiOS 3.0 MR6 Install Guide 16 01-30006-0472-20080815 Plugging in the FortiGate Installing Figure 3: Mounting in a rack Plugging in the FortiGate Use the following steps to connect the power supply to the FortiGate unit. To power on the FortiGate unit 1 Ensure the power switch, loca...
Page 17 - Configuring; NAT vs. Transparent mode; NAT mode
Configuring NAT vs. Transparent mode FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 17 Configuring This section provides an overview of the operating modes of the FortiGate unit, NAT/Route and Transparent, and how to configure the FortiGate unit for each mode. There are two ways ...
Page 18 - Transparent mode; Connecting to the FortiGate unit; Connecting to the web-based manager; To connect to the web-based manager
FortiGate-310B FortiOS 3.0 MR6 Install Guide 18 01-30006-0472-20080815 Connecting to the FortiGate unit Configuring Transparent mode In Transparent mode, the FortiGate unit is invisible to the network. Similar to a network bridge, all FortiGate interfaces must be on the same subnet. You only have to...
Page 19 - Connecting to the CLI; To connect to the CLI
Configuring Connecting to the FortiGate unit FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 19 To support a secure HTTPS authentication method, the FortiGate unit ships with a self-signed security certificate, which is offered to remote clients whenever they initiate a HTTPS conn...
Page 20 - Configuring NAT mode; Using the web-based manager; Configure the interfaces; To configure interfaces
FortiGate-310B FortiOS 3.0 MR6 Install Guide 20 01-30006-0472-20080815 Configuring NAT mode Configuring Configuring NAT mode Configuring NAT mode involves defining interface addresses and default routes, and simple firewall policies. You can use the web-based manager or the CLI to configure the Fort...
Page 21 - Configure a DNS server; To configure DNS server settings; Adding a default route and gateway
Configuring Configuring NAT mode FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 21 4 Select OK. 5 Repeat this procedure for each interface as required. Configure a DNS server A DNS server is a service that converts symbolic node names to IP addresses. A domain name server (DNS se...
Page 22 - To modify the default gateway; Adding firewall policies; To add an outgoing traffic firewall policy
FortiGate-310B FortiOS 3.0 MR6 Install Guide 22 01-30006-0472-20080815 Configuring NAT mode Configuring For an initial configuration, you must edit the factory configured static default route to specify a different default gateway for the FortiGate unit. This will enable the flow of data through the...
Page 23 - Using the CLI; To set an interface to use a static address; To set an interface to use DHCP addressing
Configuring Configuring NAT mode FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 23 3 Set the following and select OK. Firewall policy configuration is the same in NAT/Route mode and Transparent mode. Note that these policies allow all traffic through. No protection profiles have ...
Page 24 - To set an interface to use PPPoE addressing
FortiGate-310B FortiOS 3.0 MR6 Install Guide 24 01-30006-0472-20080815 Configuring NAT mode Configuring To set an interface to use PPPoE addressing config system interface edit external set mode pppoeset username <name_str>set password <psswrd>set ipunnumbered <ip_address>set disc-...
Page 26 - Configuring Transparent mode; Switching to Transparent mode; To switch to Transparent mode
FortiGate-310B FortiOS 3.0 MR6 Install Guide 26 01-30006-0472-20080815 Configuring Transparent mode Configuring Configuring Transparent mode Configuring Transparent mode involves switching to Transparent mode, configuring the management IP address, default routes, and simple firewall policies. You c...
Page 27 - To add an incoming traffic firewall policy
Configuring Configuring Transparent mode FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 27 For the initial installation, a single firewall policy that enables all traffic through will enable you to verify your configuration is working. On lower-end units such a default firewall p...
Page 29 - Verify the configuration; To back up the FortiGate configuration
Configuring Verify the configuration FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 29 Note that these policies allow all traffic through. No protection profiles have been applied. Ensure you create additional firewall policies to accommodate your network requirements. Verify the...
Page 30 - Restoring a configuration; To restore the FortiGate configuration; Additional configuration; Set the time and date; To set the date and time; Set the Administrator password
FortiGate-310B FortiOS 3.0 MR6 Install Guide 30 01-30006-0472-20080815 Restoring a configuration Configuring Restoring a configuration Should you need to restore the configuration file, use the following steps. To restore the FortiGate configuration 1 Go to System > Maintenance > Backup & ...
Page 31 - To change the administrator password; Configure FortiGuard; Updating antivirus and IPS signatures; To update antivirus definitions and IPS signatures
Configuring Additional configuration FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 31 To change the administrator password 1 Go to System > Admin > Administrators . 2 Select Change Password and enter a new password. 3 Select OK. Alternatively, you can also add new administ...
Page 33 - Advanced configuration; Protection profiles
Advanced configuration Protection profiles FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 33 Advanced configuration The FortiGate unit and the FortiOS operating system provide a wide range of features that enable you to control network and internet traffic and protect your networ...
Page 34 - Protection Profile; Firewall policies
FortiGate-310B FortiOS 3.0 MR6 Install Guide 34 01-30006-0472-20080815 Firewall policies Advanced configuration The best way to begin creating your own protection profile is to open a predefined profile. This way you can see how a profile is set up, and then modify it suit your requirements. You acc...
Page 35 - Configuring firewall policies; source and destination Interface/Zone; Antivirus options
Advanced configuration Antivirus options FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 35 Configuring firewall policies To add or edit a firewall policy go to Firewall > Policy and select Edit on an existing policy, or select Create New to add a policy. The source and destina...
Page 36 - Filter; AntiSpam options
FortiGate-310B FortiOS 3.0 MR6 Install Guide 36 01-30006-0472-20080815 AntiSpam options Advanced configuration • Grayware - These are unsolicited commercial software programs that are installed on computers, often without the user's consent or knowledge. Grayware programs are generally considered an...
Page 37 - Antispam > Banned Word; Web filtering; Firewall > Protection Profile
Advanced configuration Web filtering FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 37 Banned word lists are specific words that may be typically found in email. The FortiGate unit searches for words or patterns in email messages. If matches are found, values assigned to the word...
Page 38 - Web Filter > Content Block; Web Filter > URL Filter; Logging
FortiGate-310B FortiOS 3.0 MR6 Install Guide 38 01-30006-0472-20080815 Logging Advanced configuration To configure content blocking, go to Web Filter > Content Block . URL filter enables you to control additional web sites that you can block or allow. This enables you greater control over certain...
Page 39 - AMC modules; Installing AMC filler units; To install the filler module; Installing modules
AMC modules Installing AMC filler units FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 39 AMC modules FortiGate AMC modules enable you to expand your FortiGate unit and network environment. These modules enable you to provide small packet performance though optical or copper tran...
Page 40 - To insert a module into a FortiGate chassis; Removing modules; To remove a module; Using the AMC modules; Hard disk module
FortiGate-310B FortiOS 3.0 MR6 Install Guide 40 01-30006-0472-20080815 Removing modules AMC modules To insert a module into a FortiGate chassis 1 Ensure the FortiGate unit is powered off before proceeding. 2 Remove the panel block on the FortiGate unit using the hot swap latch. 3 Pull the latch on t...
Page 41 - Formatting the hard disk; To format the ASM-S08 hard disk enter the following command:; Log configuration using the web-based manager; To configure logging to the disk module from the web-based manager
AMC modules Using the AMC modules FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 41 Formatting the hard disk When you first install the ASM-S08 in the FortiGate unit, the hard disk may not be formatted. This will result in an error in the console when starting up the FortiGate un...
Page 42 - Log configuration using the CLI; Viewing logs; Changing interfaces to operate in SGMII or SerDes mode
FortiGate-310B FortiOS 3.0 MR6 Install Guide 42 01-30006-0472-20080815 Using the AMC modules AMC modules Log configuration using the CLI Configure the FortiGate unit to log to the ASM-S08 using the CLI within the FortiAnalyzer command config log disk setting enable . For details on log configuration...
Page 43 - Configure the speed
AMC modules Using the AMC modules FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 43 For these multi-mode SFP interfaces, SerDes is the default mode. You can use a CLI command to change the interface to operate in SGMII mode. Depending on the type of transceivers you install, you ...
Page 45 - Downloading firmware
FortiGate Firmware Downloading firmware FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 45 FortiGate Firmware Fortinet periodically updates the FortiGate firmware to include new features and address issues. After you have registered your FortiGate unit, you can download FortiGate ...
Page 46 - Upgrading the firmware; To upgrade the firmware; Reverting to a previous version
FortiGate-310B FortiOS 3.0 MR6 Install Guide 46 01-30006-0472-20080815 Using the web-based manager FortiGate Firmware To download firmware 1 Log into the site using your user name and password. 2 Go to Firmware Images > FortiGate . 3 Select the most recent FortiOS version, and MR release and patc...
Page 47 - Backup and Restore from a USB key
FortiGate Firmware Using the web-based manager FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 47 To revert to a previous firmware version 1 Copy the firmware image file to the management computer. 2 Log into the FortiGate web-based manager. 3 Go to System > Status . 4 Under Sy...
Page 48 - To configure the USB Auto-Install; To upgrade the firmware using the CLI
FortiGate-310B FortiOS 3.0 MR6 Install Guide 48 01-30006-0472-20080815 Using the CLI FortiGate Firmware To configure the USB Auto-Install 1 Go to System > Maintenance > Backup and Restore . 2 Select the blue arrow to expand the Advanced options. 3 Select the following:• On system restart, auto...
Page 49 - To revert to a previous firmware version using the CLI
FortiGate Firmware Using the CLI FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 49 5 Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit: execute restore image <name_str> <tftp_ip4> Where <name_str> is the name of th...
Page 50 - Installing firmware from a system reboot using the CLI
FortiGate-310B FortiOS 3.0 MR6 Install Guide 50 01-30006-0472-20080815 Installing firmware from a system reboot using the CLI FortiGate Firmware 4 Make sure the FortiGate unit can connect to the TFTP server. You can use the following command to ping the computer running the TFTP server. For example,...
Page 51 - To install firmware from a system reboot
FortiGate Firmware Installing firmware from a system reboot using the CLI FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 51 If you are reverting to a previous FortiOS version, you might not be able to restore the previous configuration from the backup configuration file. To insta...
Page 52 - Restoring the previous configuration; To backup configuration using the CLI
FortiGate-310B FortiOS 3.0 MR6 Install Guide 52 01-30006-0472-20080815 Installing firmware from a system reboot using the CLI FortiGate Firmware 9 Type the address of the TFTP server and press Enter: The following message appears: Enter Local Address [192.168.1.188]: 10 Type an IP address the FortiG...
Page 53 - To restore configuration using the CLI; Using the USB Auto-Install; To configure the USB Auto-Install using the CLI; Additional CLI Commands for a USB key
FortiGate Firmware Installing firmware from a system reboot using the CLI FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 53 To restore configuration using the CLI 1 Log into the CLI. 2 Enter the following command to restore the configuration files: exec restore image usb <file...
Page 54 - Testing new firmware before installing; To test the new firmware image
FortiGate-310B FortiOS 3.0 MR6 Install Guide 54 01-30006-0472-20080815 Testing new firmware before installing FortiGate Firmware Testing new firmware before installing You can test a new firmware image by installing the firmware image from a system reboot and saving it to system memory. After comple...
Page 57 - Index
Index FortiGate-310B FortiOS 3.0 MR6 Install Guide01-30006-0472-20080815 57 Index A adding a default route 21, 24additional resources 9admin password 30air flow 13ambient temperature 13antispam options 36antivirus options 35auto-install 47auto-install from CLI 53 B backing up 29 C certificate, secur...
