Fortinet 60B - Manual

FortiGate-60B FortiOS 3.0 MR6 Install Guide 8 01-30006-0446-20080910 About the FortiGate-60B Introduction About the FortiGate-60B The FortiGate-60B multi-threat security solution offers Small and Medium Business and SOHO/ROBO users enterprise-class protection against blended threats targeting 3G bro...

Introduction Further Reading FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 9 Typographic conventions FortiGate documentation uses the following typographical conventions: Further Reading The most up-to-date publications and previous releases of Fortinet product documentation are ...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 10 01-30006-0446-20080910 Customer service and technical support Introduction • FortiGate Log Message Reference Available exclusively from the Fortinet Knowledge Center , the FortiGate Log Message Reference describes the structure of FortiGate log messages...

Installing Environmental specifications FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 11 Installing This chapter describes installing your FortiGate unit in your server room, environmental specifications and how to mount the FortiGate in a rack if applicable. This chapter contain...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 12 01-30006-0446-20080910 Cautions and warnings Installing • Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. • Consult the dealer or an experienced radio/TV technician for help. The equipment compli...

Installing Plugging in the FortiGate FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 13 Mounting If required to fit into a rack unit, remove the rubber feet from the bottom of the FortiGate unit. Adhere the rubber feet included in the package to the underside of the FortiGate unit,...

Configuring NAT vs. Transparent mode FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 15 Configuring This section provides an overview of the operating modes of the FortiGate unit, NAT/Route and Transparent, and how to configure the FortiGate unit for each mode. There are two ways y...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 16 01-30006-0446-20080910 Connecting to the FortiGate unit Configuring Transparent mode In Transparent mode, the FortiGate unit is invisible to the network. Similar to a network bridge, all FortiGate interfaces must be on the same subnet. You only have to ...

Configuring Connecting to the FortiGate unit FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 17 To support a secure HTTPS authentication method, the FortiGate unit ships with a self-signed security certificate, which is offered to remote clients whenever they initiate a HTTPS conne...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 18 01-30006-0446-20080910 Configuring NAT mode Configuring Configuring NAT mode Configuring NAT mode involves defining interface addresses and default routes, and simple firewall policies. You can use the web-based manager or the CLI to configure the Forti...

Configuring Configuring NAT mode FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 19 4 Select OK. 5 Repeat this procedure for each interface as required. Configure a DNS server A DNS server is a service that converts symbolic node names to IP addresses. A domain name server (DNS ser...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 20 01-30006-0446-20080910 Configuring NAT mode Configuring For an initial configuration, you must edit the factory configured static default route to specify a different default gateway for the FortiGate unit. This will enable the flow of data through the ...

Configuring Configuring NAT mode FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 21 3 Set the following and select OK. Firewall policy configuration is the same in NAT/Route mode and Transparent mode. Note that these policies allow all traffic through. No protection profiles have b...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 22 01-30006-0446-20080910 Configuring NAT mode Configuring To set an interface to use PPPoE addressing config system interface edit external set mode pppoeset username <name_str>set password <psswrd>set ipunnumbered <ip_address>set disc-r...

Configuring Configuring Transparent mode FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 23 For an initial configuration, you must edit the factory configured static default route to specify a different default gateway for the FortiGate unit. This will enable the flow of data throu...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 24 01-30006-0446-20080910 Configuring Transparent mode Configuring Using the web-based manager After connecting to the web-based manager, you can use the following procedures to complete the basic configuration of the FortiGate unit. Ensure you read the se...

Configuring Configuring Transparent mode FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 25 To add an outgoing traffic firewall policy 1 Go to Firewall > Policy . 2 Select Create New. 3 Set the following and select OK. To add an incoming traffic firewall policy 1 Go to Firewall ...

Configuring Verify the configuration FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 27 Verify the configuration Your FortiGate unit is now configured and connected to the network. To verify the FortiGate unit is connected and configured correctly, use your web browser to browse a ...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 28 01-30006-0446-20080910 Restoring a configuration Configuring Restoring a configuration Should you need to restore the configuration file, use the following steps. To restore the FortiGate configuration 1 Go to System > Maintenance > Backup & R...

Configuring Additional configuration FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 29 To change the administrator password 1 Go to System > Admin > Administrators . 2 Select Change Password and enter a new password. 3 Select OK. Alternatively, you can also add new administr...

Advanced configuration Protection profiles FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 31 Advanced configuration The FortiGate unit and the FortiOS operating system provide a wide range of features that enable you to control network and internet traffic and protect your network...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 32 01-30006-0446-20080910 Firewall policies Advanced configuration The best way to begin creating your own protection profile is to open a predefined profile. This way you can see how a profile is set up, and then modify it suit your requirements. You acce...

Advanced configuration Antivirus options FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 33 Configuring firewall policies To add or edit a firewall policy go to Firewall > Policy and select Edit on an existing policy, or select Create New to add a policy. The source and destinat...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 34 01-30006-0446-20080910 AntiSpam options Advanced configuration • Grayware - These are unsolicited commercial software programs that are installed on computers, often without the user's consent or knowledge. Grayware programs are generally considered an ...

Advanced configuration Web filtering FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 35 Banned word lists are specific words that may be typically found in email. The FortiGate unit searches for words or patterns in email messages. If matches are found, values assigned to the words...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 36 01-30006-0446-20080910 Logging Advanced configuration To configure content blocking, go to Web Filter > Content Block . URL filter enables you to control additional web sites that you can block or allow. This enables you greater control over certain ...

Configuring the modem interface Selecting a modem mode FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 37 Configuring the modem interface This chapter describes the modem interface configuration options. The FortiGate unit supports the modem interface only when running in NAT/Route...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 38 01-30006-0446-20080910 Configuring modem settings Configuring the modem interface When the Ethernet interface can connect to its network again, the FortiGate unit disconnects the modem interface and switches back to the Ethernet interface. Stand alone m...

Configuring the modem interface Configuring modem settings FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 39 You can configure and use the modem in NAT/Route mode only. To configure modem settings 1 Go to System > Network > Modem . 2 Select Enable Modem. 3 Change any of the ...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 40 01-30006-0446-20080910 Configuring the modem using the CLI Configuring the modem interface Configuring the modem using the CLI Configure the modem settings using the CLI. Syntax config system modem set account_relation {equal | fallback} set altmode {en...

Configuring the modem interface Configuring the modem using the CLI FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 43 Example This example shows how to enable the modem and configure the modem to act as a backup for the WAN1 interface. Only one dial-up account is configured. The F...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 44 01-30006-0446-20080910 Adding a Ping Server Configuring the modem interface config system modem set action dialset status enableset holddown-timer 5set interface wan1set passwd1 acct1passwdset phone1 1234567891set redial 10set username1 acct1user end Ad...

Configuring the modem interface Adding firewall policies for modem connections FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 45 Adding firewall policies for modem connections The modem interface requires firewall addresses and policies. You can add one or more addresses to the mo...

FortiGate Firmware Downloading firmware FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 47 FortiGate Firmware Fortinet periodically updates the FortiGate firmware to include new features and address issues. After you have registered your FortiGate unit, you can download FortiGate f...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 48 01-30006-0446-20080910 Using the web-based manager FortiGate Firmware To download firmware 1 Log into the site using your user name and password. 2 Go to Firmware Images > FortiGate . 3 Select the most recent FortiOS version, and MR release and patch...

FortiGate Firmware Using the web-based manager FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 49 To revert to a previous firmware version 1 Copy the firmware image file to the management computer. 2 Log into the FortiGate web-based manager. 3 Go to System > Status . 4 Under Sys...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 50 01-30006-0446-20080910 Using the CLI FortiGate Firmware To configure the USB Auto-Install 1 Go to System > Maintenance > Backup and Restore . 2 Select the blue arrow to expand the Advanced options. 3 Select the following:• On system restart, autom...

FortiGate Firmware Using the CLI FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 51 5 Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit: execute restore image <name_str> <tftp_ip4> Where <name_str> is the name of the...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 52 01-30006-0446-20080910 Installing firmware from a system reboot using the CLI FortiGate Firmware 4 Make sure the FortiGate unit can connect to the TFTP server. You can use the following command to ping the computer running the TFTP server. For example, ...

FortiGate Firmware Installing firmware from a system reboot using the CLI FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 53 If you are reverting to a previous FortiOS version, you might not be able to restore the previous configuration from the backup configuration file. To instal...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 54 01-30006-0446-20080910 Installing firmware from a system reboot using the CLI FortiGate Firmware 9 Type the address of the TFTP server and press Enter: The following message appears: Enter Local Address [192.168.1.188]: 10 Type an IP address the FortiGa...

FortiGate Firmware Installing firmware from a system reboot using the CLI FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 55 To restore configuration using the CLI 1 Log into the CLI. 2 Enter the following command to restore the configuration files: exec restore image usb <filen...

FortiGate-60B FortiOS 3.0 MR6 Install Guide 56 01-30006-0446-20080910 Testing new firmware before installing FortiGate Firmware Testing new firmware before installing You can test a new firmware image by installing the firmware image from a system reboot and saving it to system memory. After complet...

Index FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 59 Index A adding a default route 19, 22additional resources 9admin password 28air flow 11altmode system modem 41 ambient temperature 11antispam options 34antivirus options 33auto-dial 38 system modem 41 auto-install 49auto-inst...