Fortinet FortiGate 60B manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Fortinet FortiGate 60B, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Fortinet FortiGate 60B one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Fortinet FortiGate 60B. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Fortinet FortiGate 60B should contain:
- informations concerning technical data of Fortinet FortiGate 60B
- name of the manufacturer and a year of construction of the Fortinet FortiGate 60B item
- rules of operation, control and maintenance of the Fortinet FortiGate 60B item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Fortinet FortiGate 60B alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Fortinet FortiGate 60B, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Fortinet service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Fortinet FortiGate 60B.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Fortinet FortiGate 60B item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    www.fortinet.com FortiG at e -6 0B FortiO S 3 .0 MR 6 INST ALL GUIDE[...]

  • Page 2

    FortiGate-60 B Install Guide FortiOS 3.0 MR6 10 September 200 8 01-30006-04 46-20080910 © Copyright 2008 Fortine t, Inc. All rights reserved. No part of this publication including text, examples , diagrams or illustrations may be reproduced, tra nsmitted, or translated in any form or by any means, electronic, mechanical, man ual, optical or otherw[...]

  • Page 3

    Contents FortiGate-60B FortiOS 3.0 MR6 Install Guide 01-30006-0446-2008091 0 3 Content s Contents...................................................................... .............. .......... 3 Introduction ............... ................................. .............................. .......... 7 Register your FortiGate unit ................ .[...]

  • Page 4

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 4 01-30006-0446-200809 10 Contents Configure a DNS server ...................... ................... .................... .......... 22 Adding a default route and gateway . ......... ................. ................ .......... 22 Adding firewall policies . .................... ............. ............[...]

  • Page 5

    Contents FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 5 Configuring the PCMCIA modem card ......................... ................... .............. 45 FortiGate Firmware ............ .................................................. ............ 47 Downloading firmware .. ................ ................. ............[...]

  • Page 6

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 6 01-30006-0446-200809 10 Contents[...]

  • Page 7

    Introduction Register your FortiGate unit FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 7 Introduction Welcome and than k you for selecting Fortinet products fo r your real-time network protection. The FortiGate Unified Threat Man agement System improves network security , reduces network misuse and abuse, and help s you us[...]

  • Page 8

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 8 01-30006-0446-200809 10 About the FortiGate-60B Introduction About the FortiGate-60B The FortiGate-60B multi-thre at security solution of fers Small and Medium Business and SOHO/ROBO users en terprise -class protection against ble nded threats t argeting 3G broadband, wirele ss LAN and wired infrastruct[...]

  • Page 9

    Introduction Further Reading FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 9 Typographic conventions FortiGate document ation uses the fo llowing typographical conven tions: Further Reading The most up-to-date publication s and pr evious re leases of For tinet product documentation are available from the Fortinet T echnical[...]

  • Page 10

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 10 01-30006-0446-200809 10 Customer service and technical support Introduction • FortiGate Log Message Refe rence Available exclusively from the Fortinet Knowledge Center , the FortiG ate Log Message Reference describes the str uct ure of FortiGate log messages and provides information about the log mes[...]

  • Page 11

    Installing Environmental specifications FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 11 Inst alling This chapter describes in stalling your FortiGate unit in your server room, environmental specifications and how to mount the FortiGate in a rack if applicable. This chapter contains the follow ing topics: • Environmenta l[...]

  • Page 12

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 12 01-30006-0446-200809 10 Cautions and warnings Installing • Connect the equipment into a n outlet on a circuit differen t from that to which the receiver is connecte d. • Consult the dealer or an experien ced radio/TV technician for help. The equipme nt compliance with FCC radiation exposu re limit [...]

  • Page 13

    Installing Plugging in the FortiGate FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 13 Mounting If required to fit into a rack unit, remove the rubber feet from the bottom of the FortiGate u nit. Adhere the rubber fee t included in the package to the under side of the FortiGate unit, near the corners of the device. Place the[...]

  • Page 14

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 14 01-30006-0446-200809 10 T urning off the Fo rtiGate unit Installing[...]

  • Page 15

    Configuring NA T vs. T r ansparent mode FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 15 Configuring This section provides an overview of t he operating modes of the FortiGate unit, NA T/Route and T ranspa rent, and how to configure the FortiGate unit for each mode. There are two ways you can configure the Fo rtiGate unit, [...]

  • Page 16

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 16 01-30006-0446-200809 10 Connecting to the FortiGate unit Configuring Transparent mode In T ransparen t mode, the FortiGate u nit is invisible t o the network . Similar to a network bridge, all FortiGate interfaces must be on the same subnet. Y ou only have to configure a mana gement IP address to make [...]

  • Page 17

    Configuring Connecting to the FortiGate unit FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 17 T o support a secure HTTPS authentication method, the FortiGate unit ships with a self-signed security certific ate, which is offered to remote clients whenever they initiate a HTTPS connecti on to the FortiGate unit. When you conn[...]

  • Page 18

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 18 01-30006-0446-200809 10 Configuring NA T mode Configuring Configuring NA T mode Configuring NA T mode involves defining interface addresses an d default routes, and simple firewall p olicies. Y ou can use the web-based manage r or the CLI to configure the FortiGate unit in NA T/Route mode. Using the we[...]

  • Page 19

    Configuring Configuring NA T mode FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 19 4 Select OK. 5 Repeat this procedure for each interf ace as required. Configure a DNS server A DNS server is a service that conver ts symbolic node names to IP add resses. A domain name server (DNS server) implem ents the protoc ol. In simple[...]

  • Page 20

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 20 01-30006-0446-200809 10 Configuring NA T mode Configuring For an initial configuration, you must edit the fa ctory configured static defau lt route to specify a different defau lt gateway for the FortiGat e unit. This will enable the flow of data th rough the FortiGate unit. For details on adding ad di[...]

  • Page 21

    Configuring Configuring NA T mode FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 21 3 Set the following and select OK. Firewall policy configurati on is the same in NA T/Route mode and T ransp arent mode. Note that these policies allo w all traffic throug h. No protection profiles have been applied. Ensure you create additio[...]

  • Page 22

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 22 01-30006-0446-200809 10 Configuring NA T mode Configuring T o set an interface to use PPPo E addressing config system interface edit external set mode pppoe set username <name_str> set password <psswrd> set ipunnumbered <ip_address> set disc-retry-timeout <integer_seconds> set p[...]

  • Page 23

    Configuring Configuring T ransparent mode FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 23 For an initial configuration, you must edit th e factory configured st atic default route to specify a different default gateway for the FortiGate unit. This will enable the flow of data through the FortiGate unit. For details on addi[...]

  • Page 24

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 24 01-30006-0446-200809 10 Configuring T ransparent mod e Configuring Using the web-based manager After conn ecting to the web-based manager , you can use the following procedures to complete the ba sic configur ation of the FortiGate unit. Ensure you read the section “Connectin g to the web-based manag[...]

  • Page 25

    Configuring Configuring T ransparent mode FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 25 T o add an outgoing traffic firewall policy 1 Go to Firewall > Policy . 2 Select Create New . 3 Set the following and select OK. T o add an incoming traffic firewall policy 1 Go to Firewall > Policy . 2 Select Create New . 3 Set[...]

  • Page 26

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 26 01-30006-0446-200809 10 Configuring T ransparent mod e Configuring Configure a DNS server A DNS server is a service that convert s symbolic node names to IP addresses. A domain name server (DNS server ) implemen ts the protocol. In simple te rms, it acts as a phone book for the Internet. A DNS server m[...]

  • Page 27

    Configuring V erify the co nfiguration FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 27 V erify the configuration Y our FortiGate unit is now configured and connected to the network. T o verify the FortiGate unit is connected and configured cor rectly , use your web browser to browse a web site, or use your ema il client to[...]

  • Page 28

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 28 01-30006-0446-200809 10 Restoring a configuration Configuring Restoring a configuration Should you need to restore the config uration file, use the following steps. T o restore the FortiGate co nfiguration 1 Go to System > Maintenance > Backup & Restore . 2 Select to uplo ad the restore f ile[...]

  • Page 29

    Configuring Addition al configurat ion FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 29 T o change the administrator p assword 1 Go to System > Admin > Administrators . 2 Select Change Password and enter a new p assword. 3 Select OK. Alternatively , you can also add new admini strator users by selecting Create New , h[...]

  • Page 30

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 30 01-30006-0446-200809 10 Additional confi guration Configuring[...]

  • Page 31

    Advanced configuration Protection profiles FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 31 Advanced configuration The FortiGate unit and the FortiOS o perating system provide a wide range of features that enable you to control netwo rk and internet traffic an d protect your network. This chapter describes some of these opt[...]

  • Page 32

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 32 01-30006-0446-200809 10 Firewall p olicies Advanced configuration The best way to begin creating your own protectio n profile is to open a predefined profile. This way you can see how a profile is set up, and th en modify it suit your requirements. Y ou access Protecti on profile options by going to Fi[...]

  • Page 33

    Advanced configuration Antivirus options FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 33 Configuring firewall policies T o add or edit a firewall policy go to Firewall > Policy and select Edit on an existing policy , or select Create New to add a policy . The source and des tination Interface/Zone match the firewall pol[...]

  • Page 34

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 34 01-30006-0446-200809 10 AntiSpam options Advanced configuration • Graywar e - These ar e unsolicited commercial so ftware programs th at are installed on computer s, often without the user's consent or knowledge. Grayware progr ams are generally consider ed an annoyance, but thes e programs can [...]

  • Page 35

    Advanced configuration We b filtering FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 35 Banned word lists are specific w ords that may be typically found in email. The FortiGate un it searches f or words or patter ns in email me ssages. If mat ches are found, values assigned to the words are to ta lled. If the defined thresh[...]

  • Page 36

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 36 01-30006-0446-200809 10 Logging Advanced configuration T o configure content blocking, go to W eb Filter > Content Block . URL filter enables you to control additional web sites that you can block or allow . This enables you greater con trol over ce rtain URLs or sub-URLs. The FortiGa te unit allows[...]

  • Page 37

    Configuring the modem interface Selecting a modem mode FortiGate-60B FortiOS 3.0 MR6 Install Guide 01-30006-0446-2008091 0 37 Configuring the modem interface This chapter describes th e modem inte rfac e configuration options. The FortiGate unit supports the mod em interface only when running in NA T/Route mode. Y ou can configure the modem interfa[...]

  • Page 38

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 38 01-30006-0446-200809 10 Configuring modem settings Configuring the modem in terface When the Ether net interface can co nnect to its network again, the FortiGate unit disconnects the modem interf ace and swit ches back to the Ethernet in terface. Stand alone mode In stand alone mo de, the modem interfa[...]

  • Page 39

    Configuring the modem interface Configuring modem setti ngs FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 39 Y ou can configure and use the modem in NA T/Route mode only . T o configure modem settings 1 Go to System > Network > Modem . 2 Select Enable Modem. 3 Change any of the dial-up connection settings. 4 Enter the[...]

  • Page 40

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 40 01-30006-0446-200809 10 Configuring the modem using the CL I Configuring the modem in terface Configuring the modem using the CLI Configure the modem setting s using the CLI. Syntax config system modem set account_relation {equal | fallback} set altmode {enable | disable} set auto-dial {enable | disabl[...]

  • Page 41

    Configuring the modem interface Configuring th e modem using the CLI FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 41 Keyword s and variables Descri ption Default account_relation {equal | fallback} When using a PCMCIA wireless modem, set the relationship betwe en the wireless modem and the internal modem. equal - both acco[...]

  • Page 42

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 42 01-30006-0446-200809 10 Configuring the modem using the CL I Configuring the modem in terface holddown-timer <seconds> Used only wh en the modem is configured as a backup for an interface. Set the ti me (1-60 seconds) that the FortiGate unit waits before switching from the modem interface to the [...]

  • Page 43

    Configuring the modem interface Configuring th e modem using the CLI FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 43 Example This example shows how to en able the modem and configure the modem to ac t as a backup for the WAN1 interface. On ly one dial-u p account is c onfigured. Th e FortiGate unit and modem will a ttempt [...]

  • Page 44

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 44 01-30006-0446-200809 10 Adding a Ping Server Configuring the modem in terface config system modem set action dial set status enable set holddown-timer 5 set interface wan1 set passwd1 acct1passwd set phone1 1234567891 set redial 10 set username1 acct1user end Adding a Ping Server Adding a ping server i[...]

  • Page 45

    Configuring the modem interface Adding firewall policie s for modem connections FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 45 Adding firewall policies for modem connections The modem interface requ ires firewall addresses and policies. Y ou can add one or more addresses to the modem inte rface. For information about addi[...]

  • Page 46

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 46 01-30006-0446-200809 10 Configuring the PCMCIA modem card Configuring the modem inte rface 7 If a security pin is required, enter in the Extra Initialization S tring field in the following format: at+cpin=5555 where 5555 is the pin provide d to you by your ISP . 8 Select Apply . Create a static route, [...]

  • Page 47

    FortiGate Firmware Downloading firmware FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 47 FortiGate Firmware Fortinet periodically updates th e FortiGat e firmware to include new featur es and address issues. After yo u have registered your FortiGate unit, you can download FortiGate firmware updates is available for download[...]

  • Page 48

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 48 01-30006-0446-200809 10 Using the web-based ma nager FortiGate Firmware T o download firmware 1 Log into the site using your user n ame and password. 2 Go to Firmware Images > FortiGate . 3 Select the most recent FortiOS version, and MR release and p atch release. 4 Locate the firmware for your Fort[...]

  • Page 49

    FortiGate Firmware Using the web-based manager FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 49 T o revert to a previous firm ware version 1 Copy the firmware image file to the managem ent computer . 2 Log into the FortiGate web- based manager . 3 Go to System > St atus . 4 Under System Information > Firmware V ersion[...]

  • Page 50

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 50 01-30006-0446-200809 10 Using the CLI FortiGate Firmware T o configure the USB Auto- Insta ll 1 Go to System > Maintenance > Backup and Restore . 2 Select the blue arrow to expa nd the Advanced options. 3 Select the following: • On system restart, auto matically update FortiGate configuration f[...]

  • Page 51

    FortiGate Firmware Using the CLI FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 51 5 Enter the fo llowing command to copy the firmware image from the TFTP server to the FortiGate unit: execute restore image <name_str> <tftp_ip4> Where <name_str> is the nam e of the firmware image file an d <tftp_ip4> [...]

  • Page 52

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 52 01-30006-0446-200809 10 Installing firmware from a system reboot using the CLI FortiGate Firmware 4 Make sure the FortiGate unit can conne ct to the TFTP server . Y ou can use the f ollowing comma nd to ping the computer running the TFTP server . For example, if the TFTP serv er ’s IP address is 192.[...]

  • Page 53

    FortiGate Firmware Installing firmware from a system reboot using the CLI FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 53 If you are revert ing to a previou s FortiOS version, you might not be ab le to restore the previous configuration from the backup configuration file . T o install firmware from a sys tem reboot 1 Conne[...]

  • Page 54

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 54 01-30006-0446-200809 10 Installing firmware from a system reboot using the CLI FortiGate Firmware 9 T ype the address of the TFTP server and press Enter: The following message appears: Enter Local Address [192.168.1.188]: 10 T ype an IP address the FortiGate unit can use to connect to the TFTP server .[...]

  • Page 55

    FortiGate Firmware Installing firmware from a system reboot using the CLI FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 55 T o restore configuration us ing the CLI 1 Log into the CLI. 2 Enter the following command to re store the configuration files: exec restore image usb <filename> The FortiGate unit responds with t[...]

  • Page 56

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 56 01-30006-0446-200809 10 T esti ng new firmware before installing FortiGate Firmware T esting new firmware before inst alling Y ou can test a new fi rmware image by installing the firmware image from a system reboot and saving it to system memory . After completing this pro cedure, the FortiGate unit op[...]

  • Page 57

    FortiGate Firmware T esting new firmware before installing FortiGate-6 0B FortiOS 3.0 MR 6 Install G uide 01-30006-0446-20080 910 57 8 T ype G to get t he new firmwar e image fr om the TFTP server . The following m essage appears: Enter TFTP server address [192.168.1.168]: 9 T ype the address of the TFTP server an d press Enter: The following m ess[...]

  • Page 58

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 58 01-30006-0446-200809 10 T esti ng new firmware before installing FortiGate Firmware[...]

  • Page 59

    Index FortiGate-60B FortiOS 3.0 MR6 Install Guide 01-30006-0446-2008091 0 59 Index A adding a default ro ute 19, 22 additional resources 9 admin password 28 air flow 11 altmode system modem 41 ambient te mperature 11 antispam options 34 antivirus options 33 auto-dial 38 system modem 41 auto-install 49 auto-install from CLI 55 B backing up 27 C cert[...]

  • Page 60

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 60 01-30006-0446-200809 10 Index Initial Disc Timeout 18 interface system modem 42 interface, configure 21 interface, configuring 18 K Knowledge Center 10 L loggin g 36 M management IP 24 mode system modem 42 modem adding firewall policies 45 auto-dial 41 backup switchover 42 dial-on-demand 41 mode 38 red[...]

  • Page 61

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 61 01-30006-0446-200809 10 Index[...]

  • Page 62

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 62 01-30006-0446-200809 10 Index[...]

  • Page 63

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 63 01-30006-0446-200809 10 Index[...]

  • Page 64

    FortiGate-60B FortiOS 3.0 MR6 Install Guide 64 01-30006-0446-200809 10 Index[...]

  • Page 65

    www.fortinet.com[...]

  • Page 66

    www.fortinet.com[...]