Fortinet 800F manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones Fortinet 800F. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica Fortinet 800F o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual Fortinet 800F se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales Fortinet 800F, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones Fortinet 800F debe contener:
- información acerca de las especificaciones técnicas del dispositivo Fortinet 800F
- nombre de fabricante y año de fabricación del dispositivo Fortinet 800F
- condiciones de uso, configuración y mantenimiento del dispositivo Fortinet 800F
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de Fortinet 800F no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de Fortinet 800F y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico Fortinet en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de Fortinet 800F, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo Fortinet 800F, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual Fortinet 800F. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    FortiGate 800/800F Installation Guide Esc Enter CONSOLE INTERNAL EXTERNAL DMZ H A 1 2 3 4 USB 800F PWR Esc Enter CONSOLE INTERNAL EXTERNAL DMZ HA 123 4 USB 8 PWR F or tiGate-800F F or tiGate-800 Ve r s i o n 2 . 8 0 M R 6 26 October 2004 01-28006-00 24-20041026[...]

  • Página 2

    © Copyright 2004 Fortine t Inc. All rights reserved. No part of this publication incl uding text, examples , diagrams or illustrations may be reproduced, transmitted, or translated in any form or by an y means, electro nic, mechanical, manual, optical or otherwise, for any purpose, without prio r written permiss ion of Fortinet Inc. FortiGate-800/[...]

  • Página 3

    Contents FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 3 Table of Contents Introduction ............. .............................. ........................................................ ......... 5 Secure installation, configurat ion, and management ................ ................... ................... .... 5 Web-based manag[...]

  • Página 4

    Contents 4 01-28006-0024-2004102 6 Fortinet Inc. Using the setup wizard............. ................... .................... ................ ................... ............... 34 Starting the setup wizard .................. ................... .................... ................... .................. 35 Connecting the FortiGate unit to the net[...]

  • Página 5

    FortiGate-800/800F Inst allati on Guide V ersion 2.80 MR6 FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 5 Introduction FortiGate A ntivirus Firewalls improve netwo rk security , reduc e network misu se and abuse, and help you use communication s resources more efficiently without compromising the performance of yo ur netw ork. Fort[...]

  • Página 6

    6 01-28006-0024-2004102 6 Fortinet Inc. Web-based manage r Introduction The CLI or the web-based manager can then be used to complete configuration and to perform maintenance and administration. Web-based manager Using HTTP or a secure HTTPS connection from any co mputer running Internet Explorer , you can configure and manage th e FortiGate unit. [...]

  • Página 7

    Introduction Setup wizard FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 7 Setup wizard The FortiGate setup wizard p rovides an easy way to configure the b asic initial settings for the FortiGate unit. Th e wizard walks through the con figuration of a new administrato r password, FortiGat e interfaces, D HCP server se ttings, intern[...]

  • Página 8

    8 01-28006-0024-2004102 6 Fortinet Inc. Setup wizard Introduction set allowaccess {ping https ssh snmp http telnet} Y ou can enter an y of the following: set allowaccess ping set allowaccess ping https ssh set allowaccess https ping ssh set allowaccess snmp In most ca ses to make cha n ges to lists that contain options se parated by sp aces, you ne[...]

  • Página 9

    Introduction FortiManager documentation FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 9 Related document ation Additional info rmation about Fortinet produc t s is available from the following related documentation . FortiManager documentation • FortiManager QuickS tart Guide Explains how to inst all the FortiManager Console , se[...]

  • Página 10

    10 01-28006-0024-2004102 6 Fortinet Inc. FortiLog documentation Introduction FortiLog documentation • FortiLog Administration Guide Describes how to install and configure a FortiLog unit to collect FortiGa te and FortiMail log files. It also describes how to view FortiGate and FortiMail log files, generate and view log report s, and use the Forti[...]

  • Página 11

    Introduction Comments on Fortine t technical documenta tion FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 11 Customer service and technical support For antiviru s and attack defi nition up dates, firmware updates, updated product documentation , technical support informatio n, and other r esources, please visit the Fortinet technic[...]

  • Página 12

    12 01-28006-0024-2004102 6 Fortinet Inc. Comments on Fortinet technica l docume ntation Introduction[...]

  • Página 13

    FortiGate-800/800F Inst allati on Guide V ersion 2.80 MR6 FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 13 Getting st arted This section describes unp acking, setting up, and powering on a For tiGate Antivirus Firewall unit. This section includes: • Package content s • Mounting • T u rning the F ortiGate unit power on and off[...]

  • Página 14

    14 01-28006-0024-2004102 6 Fortinet Inc. Getting started Package content s The FortiGate-800 an d FortiGate-800F packa ge contains the following items: • FortiGate-800 or FortiGate-80 0F Antivirus Firewall • one orange crossover ethernet cable (F ortinet part number CC300248) • one grey regular ethernet cable (Fortin et part number CC300249) [...]

  • Página 15

    Getting started FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 15 Mounting The FortiGate-800/8 00F unit can be mounte d in a standa rd 19-inch rack. It requires 1 U of vertical space in the rack. The FortiGate-800/8 00F unit can also be inst alled as a free-standing a ppliance on any stable surface. Dimensions • 16.75 x 12 x 1.75 [...]

  • Página 16

    16 01-28006-0024-2004102 6 Fortinet Inc. Getting started T urning the FortiGate unit power on and off T a ble 2: FortiGate- 800F LED in dicators T o power off the FortiGate unit Always shut down the FortiGate operatin g system properly bef ore turning off the power switch. 1 From the web-ba sed manager , go to System > Maintenance > ShutDown [...]

  • Página 17

    Getting started FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 17 T o connect to the web-based manager, you need: • a computer with an ethernet connection, • Internet Explorer version 6.0 or higher , • a crossover cable or an etherne t hub and two ethernet cable s. T o connect to the web-based manager 1 Set the IP address of t[...]

  • Página 18

    18 01-28006-0024-2004102 6 Fortinet Inc. Getting started T o connect to the CLI 1 Connect the serial cable to the communication s port of your computer and to the FortiGate Console port. Use the RJ-45 to DB-9 conver tor if your PC communications port re quires a DB-9 connector . 2 Make sure that the FortiGa te unit is powered on. 3 S tart HyperT er[...]

  • Página 19

    Getting started Factory default NAT/Route mod e network configuration FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 19 Factory default FortiGate configuration settings The FortiGate unit is shipped with a fa ct ory default co nfiguration. T he default configuration allows you to connect to and use the FortiGa te web-based manager t[...]

  • Página 20

    20 01-28006-0024-2004102 6 Fortinet Inc. Factory default Transpar ent mode network configuration Getting started Factory default Transparent mode network configuration In T ransparent mode, th e FortiGate unit has the default network configurat ion listed in Ta b l e 4 . HA interface IP: 0.0.0.0 Netmask: 0.0.0.0 Administrative Access: Ping Port 1 I[...]

  • Página 21

    Getting started Factory default firewall configurati on FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 21 Factory default firewall configuration FortiGate firewall policies cont rol how all traf fic is processed by the FortiGate unit. Until firewall p olicies are added , no traffic can be ac cepted by or pass th rough the FortiGate [...]

  • Página 22

    22 01-28006-0024-2004102 6 Fortinet Inc. Factory default protection profiles Getting started Using protection profiles, you can build pr ot ection configurations that can be applied to different types of firewall policies. This allows you to customize types and levels of protection for dif ferent firewall policies. For example, while traf fic betwe[...]

  • Página 23

    Getting started NAT/Route mode FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 23 Planning the FortiGate configuration Before you configure the F ortiGate unit, you need to plan how to integrate the unit into the network. Amo ng other things, yo u must decide whethe r you want the unit to be visible to the network, which firewall fun[...]

  • Página 24

    24 01-28006-0024-2004102 6 Fortinet Inc. NAT/Route mode with multiple external network connecti ons Getting started NAT/Route mode with multiple external network connections In NA T/Route mode, you can configure th e FortiGate u nit with multiple redundant connections to the external networ k (usually the Intern et). For example, you could create t[...]

  • Página 25

    Getting started Configuration options FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 25 Figure 8: Example T ra nsp arent mode networ k configuration Y ou can connect up to 8 network segment s to the FortiGate unit to control traffic between these network segment s. • External can connect to the external firewall or router . • In[...]

  • Página 26

    26 01-28006-0024-2004102 6 Fortinet Inc. Configuration opti ons Getting started If you are configuring the FortiGate unit to operate in Tr ansparent mode, you can use the front k eypad and LCD to s witch to Transparent mode. Then you can add t he management IP addr ess and default gateway . If you are configuring the FortiGate unit to operate in Tr[...]

  • Página 27

    FortiGate-800/800F Inst allati on Guide V ersion 2.80 MR6 FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 27 NA T/Route mode inst allation This chapter describes how to install the FortiGate un it in NA T/Route mode. For information about installing a FortiGate unit in T ransparent mode, see “T ransp arent mode inst allation” on [...]

  • Página 28

    28 01-28006-0024-2004102 6 Fortinet Inc. DHCP or PPPoE confi guration NAT/Route mode installati on DHCP or PPPoE configuration Y ou can configure any FortiGate interface to acquire it s IP address from a DHCP or PPPoE server . Y our ISP may provide IP add resses using one of these protocols. T o use the FortiGate DHCP server , you need to configure[...]

  • Página 29

    NAT/Route mode installation Configuring basic settings FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 29 PPPoE requires you to supp ly a user name and pass word. In addition, PPPoE unnumbered configu rations require you to supply an IP address. Use T able 7 to record the information you requi re for your PPPo E configuration. Using [...]

  • Página 30

    30 01-28006-0024-2004102 6 Fortinet Inc. Configuring basic settin gs NAT/Route mode installati on T o configure DNS server settin gs 1 Go to System > Network > DNS . 2 Enter the IP address of the primary DNS se rver . 3 Enter the IP address of the secondary DNS server . 4 Select OK. T o add a default route Add a default route to configure wh [...]

  • Página 31

    NAT/Route mode installation Configuring the Fo rtiGate unit to oper ate in NAT/Route mode FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 31 2 Use the up and down arrows to hi ghlight the name of the interface to change and press Enter . 3 Press Enter for IP address. 4 Use the up and down arrow keys to increase or decrea se the value[...]

  • Página 32

    32 01-28006-0024-2004102 6 Fortinet Inc. Configur ing the FortiGat e unit to operate in NAT /Route mode NAT/Rout e mode installat ion config system admin edit admin set password <psswrd> end T o configure interfaces 1 Log in to the CLI. 2 Set the IP address and netmask of the internal interface to the internal IP address and netmask that you [...]

  • Página 33

    NAT/Route mode installation Configuring the Fo rtiGate unit to oper ate in NAT/Route mode FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 33 config system external edit external set mode static set ip <address_ip> <netmask> end Example config system external edit external set mode static set ip <204.23.1.5> <255.[...]

  • Página 34

    34 01-28006-0024-2004102 6 Fortinet Inc. Configur ing the FortiGat e unit to operate in NAT /Route mode NAT/Rout e mode installat ion T o add a default route Add a default route to configure wh ere the FortiGate unit sends traf fic that should be sent to an external netwo r k (usually the Internet). A dding the default route also defines which inte[...]

  • Página 35

    NAT/Route mode installati on Starting the setup wizard FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 35 Starting the setup wizard 1 In the web-based manager, sele ct Easy Setup Wizard. Figure 9: Select the Easy Setup W izard 2 Follow the instructions on th e wizard pages and use the in formation that you gathered in T a ble 6 on pa[...]

  • Página 36

    36 01-28006-0024-2004102 6 Fortinet Inc. Starting the setup wizard NAT/Route mode installati on Y ou are now finished the initial c onfiguration of the FortiGate unit. Connecting the FortiGate unit to the network(s) After you co mplete the initial configu ration, you can connect the FortiGate unit between the internal networ k and the Internet. Y o[...]

  • Página 37

    NAT/Route mode installati on Starting the setup wizard FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 37 T o connect the FortiGate unit running in NA T/Route mode 1 Connect the Internal interfac e to the hub or switch connected to the internal network. 2 Connect the External interface to your public switch or ro uter . 3 Optionally [...]

  • Página 38

    38 01-28006-0024-2004102 6 Fortinet Inc. Starting the setup wizard NAT/Route mode installati on 2 Repeat for all user-defined inter faces that you have configured. The example in Figure 1 1 shows an intern al network connected to user-defined interface 1 and an externa l network c onnected to user-defined interfa ce 4. Figure 1 1: Example FortiGate[...]

  • Página 39

    NAT/Route mode installati on Starting the setup wizard FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 39 In standalone m ode, the mo dem interf ace is the c onnection fro m the FortiG ate unit to the Internet. When connect ing to the IS P , in either conf iguration, the F ortiGate unit m odem can automatica lly dial up to thr ee dia[...]

  • Página 40

    40 01-28006-0024-2004102 6 Fortinet Inc. Starting the setup wizard NAT/Route mode installati on T o register , enter your contact informatio n and the serial numbers of the FortiGate units that you or your or ganization have purchased. Y ou can register multiple FortiGate units in a single session without re-entering your contact inform ation. T o [...]

  • Página 41

    FortiGate-800/800F Inst allati on Guide V ersion 2.80 MR6 FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 41 T r ansp arent mode inst allation This chapter de scribes how to insta ll a FortiGate unit in T ransparent mode . If you want to install the FortiGate un it in NA T/Ro ute m ode, see “NA T/Route mode installa tion” on pag [...]

  • Página 42

    42 01-28006-0024-2004102 6 Fortinet Inc. Transparen t mode installatio n Using the web-based manager Y ou can use the web-based manager to complete the initial configuration of the FortiGate unit. Y ou can continue to use the web-based mana ger for all FortiGate unit settings. For information about co nnecting to the web-based man ager, see “Conn[...]

  • Página 43

    Transparent mode installatio n Reco nnecting to the web-based manager FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 43 2 Enter the IP address of the primary DNS se rver . 3 Enter the IP address of the secondary DNS server . 4 Select OK. T o configure the default gateway 1 Go to System > Network > Management . 2 Set Default Ga[...]

  • Página 44

    44 01-28006-0024-2004102 6 Fortinet Inc. Reconnecting to the web-based manager Transparent mode installation T o add a default gateway 1 Press Enter to display the option list. 2 Use the down arrow to highl ight Default Gateway . 3 Press Enter and set the default gatewa y . 4 After you set the last digit of the default gateway , press Enter . 5 Pre[...]

  • Página 45

    Transparent mode installatio n Reco nnecting to the web-based manager FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 45 config system manageip set ip 10.10.10.2 255.255.255.0 end 3 Confirm that the addre ss is correct. Enter: get system manageip The CLI lists the managemen t IP address and netmask. T o configure DNS server settin gs[...]

  • Página 46

    46 01-28006-0024-2004102 6 Fortinet Inc. Reconnecting to the web-based manager Transparent mode installation The first tim e you connec t to the Fort iGate un it, it is configured to run in NA T/Route mode. T o switch to T ranspare nt mode using the web-based manag er 1 Go to System > S t atus . 2 Select Change beside the Operation Mode. 3 Selec[...]

  • Página 47

    Transparent mode installatio n Reco nnecting to the web-based manager FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 47 There are 4 10/1 00 Base-TX connectors on the FortiGate-8 00: • user-defined interfaces 1 to 4 for connecti ng up to four additional networks to the FortiGate un it. FortiGate-800F There are 4 LC-SFP 1000 Base-SX[...]

  • Página 48

    48 01-28006-0024-2004102 6 Fortinet Inc. Reconnecting to the web-based manager Transparent mode installation Figure 12: FortiGate-800/800F T r ansp arent mode connectio ns Next step s Y ou can use the following information to co nfigure FortiGat e system time, to register the FortiGate unit, and to configure ant ivirus and att ack definition update[...]

  • Página 49

    Transparent mode installatio n Reco nnecting to the web-based manager FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 49 5 Select Set T ime and set the FortiGate system date and time. 6 Set the hour , minute, second, month, day , and year as required. 7 Select Apply . T o use NTP to set the FortiGate date and time 1 Go to System >[...]

  • Página 50

    50 01-28006-0024-2004102 6 Fortinet Inc. Reconnecting to the web-based manager Transparent mode installation[...]

  • Página 51

    FortiGate-800/800F Inst allati on Guide V ersion 2.80 MR6 FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 51 High availability inst allation This chapter describes how to install two or more FortiGate units in an HA cluster . HA installation involves three basic steps: • Configuring FortiGate un its for HA operation • Connecting [...]

  • Página 52

    52 01-28006-0024-2004102 6 Fortinet Inc. High availability configuration se ttings High availability installation T a ble 10: High availability settings Mode Active-Active Load balancing and failo ve r HA. Each FortiGate unit in the HA cluster actively processes co nnections and monitors the statu s of the other FortiGat e units in the clu ster . T[...]

  • Página 53

    High availability installation Configuring Fort iGate units for HA usi ng the web-based manager FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 53 Configuring FortiGate units for HA using the web-based manager Use the followin g procedure to configure e ach FortiGat e unit for HA op eration. T o change the FortiGate unit host name Ch[...]

  • Página 54

    54 01-28006-0024-2004102 6 Fortinet Inc. Configuring FortiGate units for HA usin g the CLI High availability installati on T o configure a FortiGate unit for HA operation 1 Go to System > Config > HA . 2 Select High Availability . 3 Select the mode. 4 Select a Group ID for the HA cluster . 5 If required, change the Unit Priority . 6 If requir[...]

  • Página 55

    High availability installation Configuring FortiGate units for HA using the CLI FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 55 T o configure the FortiGate unit for HA operation 1 Configure HA settings. Use the following command to: • Set the HA mode • Set the Group ID • Change the unit priority • Enab le override mast er [...]

  • Página 56

    56 01-28006-0024-2004102 6 Fortinet Inc. Configuring FortiGate units for HA usin g the CLI High availability installati on Inserting an HA cluster into your networ k temporarily interrupt s communications on the network because new ph ysical connectio ns are being made to ro ute traffic throug h the cluster . Also, starting th e cluster in terrupts[...]

  • Página 57

    High availability installation Configuring FortiGate units for HA using the CLI FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 57 Figure 13: HA network confi guration 2 Power on all the FortiGat e units in the cluster . As the units st art, they negotiate to choose the primary cluster un it and the subordinat e units. This negotiati[...]

  • Página 58

    58 01-28006-0024-2004102 6 Fortinet Inc. Configuring FortiGate units for HA usin g the CLI High availability installati on The configurations of all of the FortiGate uni ts in the cluster are synchronized so that the FortiGate units can functi on as a cluster . Because of th is synchron ization, you configure and m anage the HA cluste r instead of [...]

  • Página 59

    FortiGate-800/800F Installati on Guide 01-28006-0024-2004102 6 59 FortiGate-800/800F Inst allati on Guide V ersion 2.80 MR6 Index C CLI 6 configuring IP addresses 44 configuring NAT/Route mode 31 connecting to 17 cluster connecting 55, 57 command line interface 6 connect cluster 55, 57 connecting to network 36 , 46 web-based manager 16 customer ser[...]

  • Página 60

    60 01-28006-0024-2004102 6 Fortinet Inc. Index[...]