Fortinet MR8 - Manual

6 01-28008-0018-20050128 Fortinet Inc. Secure installation, configuration, and management Introduction The CLI or the web-based manager can then be used to complete configuration and to perform maintenance and administration. Web-based manager Using HTTP or a secure HTTPS connection from any compute...

Introduction Document conventions FortiGate-60 Installation Guide 01-28008-0018-20050128 7 Setup wizard The FortiGate setup wizard provides an easy way to configure the basic initial settings for the FortiGate unit. The wizard walks through the configuration of a new administrator password, FortiGat...

8 01-28008-0018-20050128 Fortinet Inc. FortiGate documentation Introduction For example: set allowaccess {ping https ssh snmp http telnet} You can enter any of the following: set allowaccess ping set allowaccess ping https ssh set allowaccess https ping ssh set allowaccess snmp In most cases to make...

Introduction Related documentation FortiGate-60 Installation Guide 01-28008-0018-20050128 9 • FortiGate IPS Guide Describes how to configure the FortiGate Intrusion Prevention System settings and how the FortiGate IPS deals with some common attacks. • FortiGate VPN Guide Explains how to configure VP...

10 01-28008-0018-20050128 Fortinet Inc. Customer service and technical support Introduction FortiMail documentation • FortiMail Administration Guide Describes how to install, configure, and manage a FortiMail unit in gateway mode and server mode, including how to configure the unit; create profiles ...

FortiGate-60 Installation Guide Version 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 13 Getting started This section describes unpacking, setting up, and powering on a FortiGate Antivirus Firewall unit. This section includes: • Package contents • Mounting • Turning the FortiGate u...

14 01-28008-0018-20050128 Fortinet Inc. Package contents Getting started Package contents The FortiGate-60 package contains the following items: • FortiGate-60 Antivirus Firewall• one orange crossover ethernet cable (Fortinet part number CC300248)• one gray regular ethernet cable (Fortinet part numb...

Getting started Turning the FortiGate unit power on and off FortiGate-60 Installation Guide 01-28008-0018-20050128 15 Power requirements • DC input voltage: 12 V• DC input current: 3 A Environmental specifications • Operating temperature: 32 to 104°F (0 to 40°C)• Storage temperature: -13 to 158°F (-...

16 01-28008-0018-20050128 Fortinet Inc. Connecting to the web-based manager Getting started Connecting to the web-based manager Use the following procedure to connect to the web-based manager for the first time. Configuration changes made with the web-based manager are effective immediately without ...

Getting started Connecting to the command line interface (CLI) FortiGate-60 Installation Guide 01-28008-0018-20050128 17 Connecting to the command line interface (CLI) As an alternative to the web-based manager, you can install and configure the FortiGate unit using the CLI. Configuration changes ma...

18 01-28008-0018-20050128 Fortinet Inc. Quick installation using factory defaults Getting started Quick installation using factory defaults You can quickly set up your FortiGate unit for a home or small office using the web-based manager and the factory default FortiGate configuration. All you need ...

Getting started Factory default FortiGate configuration settings FortiGate-60 Installation Guide 01-28008-0018-20050128 19 7 Select one of the following DNS settings• Obtain DNS server address automatically: select to get the DNS addresses from the ISP, select Apply • Use the following DNS server ad...

20 01-28008-0018-20050128 Fortinet Inc. Factory default FortiGate configuration settings Getting started Factory default NAT/Route mode network configuration When the FortiGate unit is first powered on, it is running in NAT/Route mode and has the basic network configuration listed in Table 3 on page...

Getting started Factory default FortiGate configuration settings FortiGate-60 Installation Guide 01-28008-0018-20050128 21 Factory default Transparent mode network configuration In Transparent mode, the FortiGate unit has the default network configuration listed in Table 4 . Factory default firewall...

22 01-28008-0018-20050128 Fortinet Inc. Factory default FortiGate configuration settings Getting started The factory default firewall configuration is the same in NAT/Route and Transparent mode. Factory default protection profiles Use protection profiles to apply different protection settings for tr...

Getting started Planning the FortiGate configuration FortiGate-60 Installation Guide 01-28008-0018-20050128 23 Figure 5: Web protection profile settings Planning the FortiGate configuration Before you configure the FortiGate unit, you need to plan how to integrate the unit into the network. Among ot...

24 01-28008-0018-20050128 Fortinet Inc. Planning the FortiGate configuration Getting started You must configure routing to support the redundant WAN1 and WAN2 internet connections. Routing can be used to automatically redirect connections from an interface if its connection to the external network f...

Getting started Planning the FortiGate configuration FortiGate-60 Installation Guide 01-28008-0018-20050128 25 Otherwise, security policy configuration is similar to a NAT/Route mode configuration with a single Internet connection. You would create NAT mode firewall policies to control traffic flowi...

26 01-28008-0018-20050128 Fortinet Inc. Next steps Getting started Configuration options Once you have selected Transparent or NAT/Route mode operation, you can complete the configuration plan and begin to configure the FortiGate unit. Choose among three different tools to configure the FortiGate un...

FortiGate-60 Installation Guide Version 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 27 NAT/Route mode installation This chapter describes how to install the FortiGate unit in NAT/Route mode. For information about installing a FortiGate unit in Transparent mode, see “Transparent m...

28 01-28008-0018-20050128 Fortinet Inc. Using the web-based manager NAT/Route mode installation DHCP or PPPoE configuration You can configure any FortiGate interface to acquire its IP address from a DHCP or PPPoE server. Your ISP may provide IP addresses using one of these protocols. To use the Fort...

NAT/Route mode installation Using the web-based manager FortiGate-60 Installation Guide 01-28008-0018-20050128 29 Configuring basic settings After connecting to the web-based manager you can use the following procedures to complete the basic configuration of the FortiGate unit. To add/change the adm...

30 01-28008-0018-20050128 Fortinet Inc. Using the command line interface NAT/Route mode installation 1 Go to System > Router > Static . 2 If the Static Route table contains a default route (IP and Mask set to 0.0.0.0), select the Delete icon to delete this route. 3 Select Create New. 4 Set Des...

NAT/Route mode installation Using the command line interface FortiGate-60 Installation Guide 01-28008-0018-20050128 31 Example config system interface edit internal set mode staticset ip <192.168.120.99> <255.255.255.0> end 3 Set the IP address and netmask of the WAN1 interface to the IP...

32 01-28008-0018-20050128 Fortinet Inc. Using the setup wizard NAT/Route mode installation To configure DNS server settings • Set the primary and secondary DNS server IP addresses. Enter config system dns set primary <address_ip>set secondary <address_ip> end Example config system dns se...

34 01-28008-0018-20050128 Fortinet Inc. Connecting the FortiGate unit to the network(s) NAT/Route mode installation Starting the setup wizard 1 In the web-based manager, select Easy Setup Wizard. Figure 9: Select the Easy Setup Wizard 2 Follow the instructions on the wizard pages and use the informa...

36 01-28008-0018-20050128 Fortinet Inc. Configuring the networks NAT/Route mode installation Configuring the networks If you are running the FortiGate unit in NAT/Route mode, your networks must be configured to route all Internet traffic to the IP address of the FortiGate interface to which they are...

NAT/Route mode installation Next steps FortiGate-60 Installation Guide 01-28008-0018-20050128 37 To set the date and time For effective scheduling and logging, the FortiGate system date and time must be accurate. You can either manually set the system date and time or configure the FortiGate unit to...

FortiGate-60 Installation Guide Version 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 39 Transparent mode installation This chapter describes how to install a FortiGate unit in Transparent mode. If you want to install the FortiGate unit in NAT/Route mode, see “NAT/Route mode instal...

40 01-28008-0018-20050128 Fortinet Inc. Using the web-based manager Transparent mode installation Using the web-based manager You can use the web-based manager to complete the initial configuration of the FortiGate unit. You can continue to use the web-based manager for all FortiGate unit settings. ...

Transparent mode installation Using the command line interface FortiGate-60 Installation Guide 01-28008-0018-20050128 41 To configure DNS server settings 1 Go to System > Network > DNS . 2 Enter the IP address of the primary DNS server. 3 Enter the IP address of the secondary DNS server. 4 Sel...

42 01-28008-0018-20050128 Fortinet Inc. Using the command line interface Transparent mode installation The CLI displays the status of the FortiGate unit including the following line of text: Operation mode: Transparent To configure the management IP address 1 Make sure that you are logged into the C...

44 01-28008-0018-20050128 Fortinet Inc. Connecting the FortiGate unit to your network Transparent mode installation Connecting the FortiGate unit to your network When you have completed the initial configuration, you can connect the FortiGate unit between your internal network and the Internet using...

FortiGate-60 Installation Guide Version 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 47 High availability installation This chapter describes how to install two or more FortiGate units in an HA cluster. HA installation involves three basic steps: • Configuring FortiGate units for ...

High availability installation Configuring FortiGate units for HA operation FortiGate-60 Installation Guide 01-28008-0018-20050128 49 Configuring FortiGate units for HA using the web-based manager Use the following procedure to configure each FortiGate unit for HA operation. To change the FortiGate ...

50 01-28008-0018-20050128 Fortinet Inc. Configuring FortiGate units for HA operation High availability installation To configure a FortiGate unit for HA operation 1 Go to System > Config > HA . 2 Select High Availability. 3 Select the mode. 4 Select a Group ID for the HA cluster. 5 If required...

High availability installation Connecting the cluster to your networks FortiGate-60 Installation Guide 01-28008-0018-20050128 51 To configure the FortiGate unit for HA operation 1 Configure HA settings.Use the following command to:• Set the HA mode• Set the Group ID• Change the unit priority• Enable...

52 01-28008-0018-20050128 Fortinet Inc. Connecting the cluster to your networks High availability installation Inserting an HA cluster into your network temporarily interrupts communications on the network because new physical connections are being made to route traffic through the cluster. Also, st...

High availability installation Installing and configuring the cluster FortiGate-60 Installation Guide 01-28008-0018-20050128 53 2 Power on all the FortiGate units in the cluster.As the units start, they negotiate to choose the primary cluster unit and the subordinate units. This negotiation occurs w...

FortiGate-60 Installation Guide Version 2.80 MR8 FortiGate-60 Installation Guide 01-28008-0018-20050128 55 Configuring the modem interface The FortiGate-60 includes the option of an external modem for use as either a redundant interface or a standalone interface in NAT/Route mode. • In redundant mod...

56 01-28008-0018-20050128 Fortinet Inc. Selecting a modem mode Configuring the modem interface For the FortiGate unit to switch from an ethernet interface to the modem you must select the name of the interface in the modem configuration and configure a ping server for that interface. You must also c...

Configuring the modem interface Configuring modem settings FortiGate-60 Installation Guide 01-28008-0018-20050128 57 3 Configure other modem settings as required.See “Configuring modem settings” on page 57 . Make sure there is correct information in one or more Dialup Accounts. 4 Configure firewall ...

58 01-28008-0018-20050128 Fortinet Inc. Connecting and disconnecting the modem in Standalone mode Configuring the modem interface You can configure and use the modem in NAT/Route mode only. To configure modem settings 1 Go to System > Network > Modem . 2 Select Enable Modem. 3 Change any of th...

Configuring the modem interface Defining a Ping Server FortiGate-60 Installation Guide 01-28008-0018-20050128 59 5 Select Dial Now.The FortiGate unit initiates dialing into each dialup account in turn until the modem connects to an ISP.Modem status is one of the following: A green check mark indicat...

60 01-28008-0018-20050128 Fortinet Inc. Adding firewall policies for modem connections Configuring the modem interface 3 For Fail-over Detection, type a number of times that the connection test fails before the FortiGate unit assumes that the gateway is no longer functioning. 4 Select Apply. Adding ...

FortiGate-60 Installation Guide 01-28008-0018-20050128 61 FortiGate-60 Installation Guide Version 2.80 MR8 Index A auto-dial 57 C CLI 6 configuring IP addresses 41configuring NAT/Route mode 30connecting to 17 cluster connecting 51, 53 command line interface 6configuring redundant mode 55configuring ...