Fortinet 800/800F manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones Fortinet 800/800F. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica Fortinet 800/800F o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual Fortinet 800/800F se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales Fortinet 800/800F, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones Fortinet 800/800F debe contener:
- información acerca de las especificaciones técnicas del dispositivo Fortinet 800/800F
- nombre de fabricante y año de fabricación del dispositivo Fortinet 800/800F
- condiciones de uso, configuración y mantenimiento del dispositivo Fortinet 800/800F
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de Fortinet 800/800F no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de Fortinet 800/800F y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico Fortinet en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de Fortinet 800/800F, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo Fortinet 800/800F, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual Fortinet 800/800F. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    www.fortinet.com For tiGate-800 and For tiGat e-800F FortiO S 3 . 0 M R6 INST ALL GUIDE[...]

  • Página 2

    FortiGate-80 0 and FortiG ate-800F In stall Guide FortiOS 3.0 MR6 10 September 200 8 01-30006-04 55-20080910 © Copyright 2008 Fortine t, Inc. All rights reserved. No part of this publication including text, examples , diagrams or illustrations may be reproduced, tra nsmitted, or translated in any form or by any means, electronic, mechanical, manua[...]

  • Página 3

    Contents FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 01-30006-0455-2008091 0 3 Content s Contents...................................................................... .............. .......... 3 Introduction ............... ................................. .............................. .......... 7 Register your FortiGate un[...]

  • Página 4

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 4 01-30006-0455-200809 10 Contents Configure a DNS server ................ ................... ................ ................... . 22 Adding a default route and gateway . ......... ................. ................ .......... 22 Adding firewall policies ..................... .....[...]

  • Página 5

    Contents FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 5 Installing firmware from a system reboot using the CLI...... ................ ........ 42 Restoring the previous configuration ................................ ................ ........... 44 Backup and Restore from a USB key .... ............. .......[...]

  • Página 6

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 6 01-30006-0455-200809 10 Contents[...]

  • Página 7

    Introduction Register your FortiGate unit FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 7 Introduction Welcome an d thank you for selecting Fortinet product s for your real-time network protection. The FortiGate Unified Threat Man agement System improves network security , reduces network misuse and abuse, a[...]

  • Página 8

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 8 01-30006-0455-200809 10 About the FortiGate-800/8 00F Introduction About the FortiGate-800/800F The FortiGate-800/F Multi- Threat Security system pr ovides the performanc e, flexibility , and security necessary to protect today's most demanding large enterprise networks. The Fo[...]

  • Página 9

    Introduction Further Reading FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 9 Typographic conventions FortiGate document ation uses the fo llowing typographical co nventions: Further Reading The most up-to-date publication s and pr evious releas es of Fortin et product documentation are available from the For[...]

  • Página 10

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 10 01-30006-0455-200809 10 Customer service and technical support Introduction • FortiGate Log Message Refe rence Available exclusively from the Fortinet Knowledge Center , the FortiGat e Log Message Reference describes the str uct ure of FortiGate log messages and provides informat[...]

  • Página 11

    Installing Environmental specifications FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 11 Inst alling This chapter describes in stalling your FortiGate unit in your server room, environmental specifications and how to mount the FortiGate in a rack if applicable. This chapter contains the follow ing topics: ?[...]

  • Página 12

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 12 01-30006-0455-200809 10 Cautions and warnings Installing • Connect the equipment into an outlet on a circuit differen t from that to which the receiver is connecte d. • Consult the dealer or an experien ced radio/TV technician for help. The equipm ent compliance with FCC radiat[...]

  • Página 13

    Installing Cautions and warni ngs FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 13 Mounting If required to fit into a rack unit, remove the rubber feet from the bottom of the FortiGate u nit. The FortiG ate unit can be placed on any fl at surface, or mounted in a st andard 19- inch rack unit. When placing th[...]

  • Página 14

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 14 01-30006-0455-200809 10 Plugging in the FortiGa te Installing Figure 2: Mounting in a rack Plugging in the FortiGate Use the following steps to conne ct the power supply to the FortiGate unit. T o power on the FortiGate unit 1 Ensure the power switch, located at the ba ck of the Fo[...]

  • Página 15

    Configuring NA T vs. T ransparent mode FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 15 Configuring This section provides an overview of t he operating modes of the FortiGate unit, NA T/Route and T ransp arent, and how to configure the FortiGate uni t for each mode. There are two ways you can configure the F[...]

  • Página 16

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 16 01-30006-0455-200809 10 Connecting to the FortiGate unit Configuring Transparent mode In T ransparent m ode, the Fo rtiGate unit is invisible to the network. Sim ilar to a network bridge, all FortiGate interfaces must be on the same subnet. Y ou only have to configure a mana gement[...]

  • Página 17

    Configuring Connecting to the FortiGate unit FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 17 T o support a secure HTTPS authentication method, the For tiGate unit ships with a self-signed security certific ate, which is offered to remote clients whenever they initiate a HTTPS connecti on to the FortiGate un[...]

  • Página 18

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 18 01-30006-0455-200809 10 Configuring NA T mode Configuring Configuring NA T mode Configuring NA T mode involves defining interface addresses and de fault routes, and simple firewall policies. Y ou can use the web-based m anager or the CLI to configure the FortiGate unit in NA T/Rout[...]

  • Página 19

    Configuring Configuring NA T mode FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 19 4 Select OK. 5 Repeat this procedure for each interf ace as required. Configure a DNS server A DNS server is a service that conver ts symbolic node nam es to IP addresses. A domain name server (DNS server) impl ements the prot[...]

  • Página 20

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 20 01-30006-0455-200809 10 Configuring NA T mode Configuring For an initial configuration, you must edit the factor y configured static d efault route to specify a different defau lt gateway for the FortiGat e unit. This will enable the flow of data th rough the FortiGate unit. For de[...]

  • Página 21

    Configuring Configuring NA T mode FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 21 3 Set the following and select OK. Firewall policy configurati on is the same in NA T/Route mode and T ransp arent mode. Note that these policies allo w all traffic throug h. No protection profiles have been applied. Ensure yo[...]

  • Página 22

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 22 01-30006-0455-200809 10 Configuring NA T mode Configuring T o set an interface to use PPPo E addressing config system interface edit external set mode pppoe set username <name_str> set password <psswrd> set ipunnumbered <ip_address> set disc-retry-timeout <inte[...]

  • Página 23

    Configuring Configuring NA T mode FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 23 In the factory default configuration, entr y number 1 in the S tatic Route list is associated with a destination address of 0.0.0.0/0.0.0.0, which means any/all destinations. This route is called the "sta tic default rout[...]

  • Página 24

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 24 01-30006-0455-200809 10 Configuring T ransparent mod e Configuring Configuring T ransparent mode Configuring T ransparent mode in volves switchin g to T ransparent mo de, configurin g the management IP ad dress, default rou tes, and simple firewa ll policies. Y ou can use the web-b[...]

  • Página 25

    Configuring Configuring T r ansparent mode FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 25 For the initial installation, a single firewa ll policy that enables all traffic through will enable you to verify your configur ation is working. On lower-end unit s such a default firewall policy is already in plac [...]

  • Página 26

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 26 01-30006-0455-200809 10 Configuring T ransparent mod e Configuring T o switch to T ransparent mode config system settings set opmode transparent set manageip <address_ip> <netmask> set gateway <address_gateway> end Configure a DNS server A DNS server is a service [...]

  • Página 27

    Configuring V erify the conf iguration FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 27 Note that these policies allo w all traffic throug h. No protection profiles have been applied. Ensure you create additio nal firewall policies to accommo date your network requirement s. V erify the configuration Y our F[...]

  • Página 28

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 28 01-30006-0455-200809 10 Restoring a configuration Configuring Restoring a configuration Should you need to restore the config uration file, use the following steps. T o restore the FortiGat e configuration 1 Go to System > Maintenance > Backup & Restore . 2 Select to uplo[...]

  • Página 29

    Configuring Addition al configur ation FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 29 T o change the administrator p assword 1 Go to System > Admin > Administrators . 2 Select Change Password and enter a new p assword. 3 Select OK. Alternatively , you can also add new admini strator users by selectin[...]

  • Página 30

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 30 01-30006-0455-200809 10 Additional confi guration Configuring[...]

  • Página 31

    Advanced configuration Protection profiles FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 31 Advanced configuration The FortiGate unit and the FortiOS o perating system provide a wide range of features that enable you to control netwo rk and internet traffic an d protect your network. This chapter describes s[...]

  • Página 32

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 32 01-30006-0455-200809 10 Firewall p olicies Advanced configuration The best way to begin creating your own protection pr ofile is to open a predefined profile. This way you can see how a profile is set up, an d then modify it suit your requirement s. Y ou access Protecti on profile [...]

  • Página 33

    Advanced configuration Antivirus options FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 33 Configuring firewall policies T o add or edit a firewall policy go to Firewall > Policy and select Edit on an existing policy , or select Create New to add a policy . The source and des tination Interface/Zone match [...]

  • Página 34

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 34 01-30006-0455-200809 10 AntiSpam options Advanced configuration • Graywar e - These ar e unsolicited commercial software programs that are installed on computer s, often without the user's consent or knowledge. Grayware progr ams are generally cons idered an annoyance , but [...]

  • Página 35

    Advanced configuration Web fi ltering FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 35 Banned word lists are specific wor ds that may be typically found in email. The FortiGate u nit searches f or words or patter ns in email me ssages. If mat ches are found, values assigned to the words are to ta lled. If th[...]

  • Página 36

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 36 01-30006-0455-200809 10 Logging Advanced configuration T o configure content blocking, go to W eb Filter > Conte nt Block . URL filter enables you to control additional web sites that you can block or allow . This enables you greater con trol over ce rtain URLs or sub-URLs. The [...]

  • Página 37

    FortiGate Firmware Downloading firmware FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 37 FortiGate Firmware Fortinet periodically updates the For tiGat e firmware to inc lude new features and address issues. After yo u have registered yo ur FortiGate unit, you can download FortiGate firmware updates is avail[...]

  • Página 38

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 38 01-30006-0455-200809 10 Using the web-based manage r FortiGate Firmware T o download firmware 1 Log into the site using your user n ame and password. 2 Go to Firmware Images > FortiGate . 3 Select the most recent FortiOS version, and MR release and p atch release. 4 Locate the f[...]

  • Página 39

    FortiGate Firmware Using the web-based manager FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 39 T o revert to a previous firmwar e version 1 Copy the firmware image file to the managem ent computer . 2 Log into the FortiGate web- based manager . 3 Go to System > St atus . 4 Under System Information > F[...]

  • Página 40

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 40 01-30006-0455-200809 10 Using the CLI FortiGate Firmware T o configure the USB Au to-Inst all 1 Go to System > Maintenance > Backup and Restore . 2 Select the blue arrow to expa nd the Advanced options. 3 Select the following: • On system restart, auto matically update Fort[...]

  • Página 41

    FortiGate Firmware Using the CLI FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 41 5 Enter the fo llowing command to copy the firmwar e image from the TFTP se rver to the FortiGate unit: execute restore image <name_str> <tftp_ip4> Where <name_str> is the nam e of the firmware image file an d[...]

  • Página 42

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 42 01-30006-0455-200809 10 Installing firmware from a system reboot using the CLI FortiGate Firmware 4 Make sure the FortiGate unit can connect to th e TFTP server . Y ou can use the f ollowing comma nd to ping the computer running the TFTP server . For example, if the TFTP serv er ?[...]

  • Página 43

    FortiGate Firmware Installing firmware from a system reboot using the CLI FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 43 If you are revert ing to a previou s FortiOS version, you might not be ab le to restore the previous configuration from the backup configuration file . T o inst all firmware from a syste[...]

  • Página 44

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 44 01-30006-0455-200809 10 Installing firmware from a system reboot using the CLI FortiGate Firmware 9 T ype the address of the TFTP server and press Enter : The following message appears: Enter Local Address [192.168.1.188]: 10 T ype an IP address the FortiGate unit can use to connec[...]

  • Página 45

    FortiGate Firmware Installing firmware from a system reboot using the CLI FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 45 T o restore configuration us ing the CLI 1 Log into the CLI. 2 Enter the following command to re store the configuration files: exec restore image usb <filename> The FortiGate unit[...]

  • Página 46

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 46 01-30006-0455-200809 10 T esti ng new firmware before installing FortiGate Firmware T esting new firmware before inst alling Y ou can test a new fi rmware image by installing the firmware image from a system reboot and saving it to system memory . After completing this proc edure, [...]

  • Página 47

    FortiGate Firmware T esting new firmware before installing FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 47 8 T ype G to get t he new firm ware image fr om the TF TP server . The following m essage appears: Enter TFTP server address [192.168.1.168]: 9 T ype the address of the TFTP ser ver and press Enter: Th[...]

  • Página 48

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 48 01-30006-0455-200809 10 T esti ng new firmware before installing FortiGate Firmware[...]

  • Página 49

    Index FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 01-30006-0455-2008091 0 49 Index A adding a defa ult route 19, 22 additional resources 9 admin password 28 air flow 11 ambient te mperature 11 antispam options 34 antivirus options 33 auto-install 39 auto-install from CLI 45 B backing up 27 C certificate, security 17 CLI 17 upgr[...]

  • Página 50

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 50 01-30006-0455-200809 10 Index P PADT timeout 19 password, changing 28 power off 14 PPPoE 22 protection profiles 31 R registering 7 restore 28 restoring previous firmware configuration 44 reverting firmware 38 S security certificate 17 shielded twisted pair 12 shut down 14 signature[...]

  • Página 51

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 51 01-30006-0455-200809 10 Index[...]

  • Página 52

    FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 52 01-30006-0455-200809 10 Index[...]

  • Página 53

    www.fortinet.com[...]

  • Página 54

    www.fortinet.com[...]