Instruction/ maintenance manual of the product FortiGate 800/800F Fortinet
Go to page of 54
www.fortinet.com For tiGate-800 and For tiGat e-800F FortiO S 3 . 0 M R6 INST ALL GUIDE.
FortiGate-80 0 and FortiG ate-800F In stall Guide FortiOS 3.0 MR6 10 September 200 8 01-30006-04 55-20080910 © Copyright 2008 Fortine t, Inc. All rights reserved.
Contents FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 01-30006-0455-2008091 0 3 Content s Contents...................................................................... .............. .......... 3 Introduction ............... .....
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 4 01-30006-0455-200809 10 Contents Configure a DNS server ................ ................... ................ ................... . 22 Adding a default route and gateway . ......... ..
Contents FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 5 Installing firmware from a system reboot using the CLI...... ................ ........ 42 Restoring the previous configuration ..........................
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 6 01-30006-0455-200809 10 Contents.
Introduction Register your FortiGate unit FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 7 Introduction Welcome an d thank you for selecting Fortinet product s for your real-time network protection.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 8 01-30006-0455-200809 10 About the FortiGate-800/8 00F Introduction About the FortiGate-800/800F The FortiGate-800/F Multi- Threat Security system pr ovides the performanc e, flexibility , and security necessary to protect today's most demanding large enterprise networks.
Introduction Further Reading FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 9 Typographic conventions FortiGate document ation uses the fo llowing typographical.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 10 01-30006-0455-200809 10 Customer service and technical support Introduction • FortiGate Log Message Refe rence Available exclusive.
Installing Environmental specifications FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 11 Inst alling This chapter describes in stalling your FortiGate unit in your server room, environmental specifications and how to mount the FortiGate in a rack if applicable.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 12 01-30006-0455-200809 10 Cautions and warnings Installing • Connect the equipment into an outlet on a circuit differen t from that to which the receiver is connecte d. • Consult the dealer or an experien ced radio/TV technician for help.
Installing Cautions and warni ngs FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 13 Mounting If required to fit into a rack unit, remove the rubber feet from the bottom of the FortiGate u nit. The FortiG ate unit can be placed on any fl at surface, or mounted in a st andard 19- inch rack unit.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 14 01-30006-0455-200809 10 Plugging in the FortiGa te Installing Figure 2: Mounting in a rack Plugging in the FortiGate Use the following steps to conne ct the power supply to the FortiGate unit.
Configuring NA T vs. T ransparent mode FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 15 Configuring This section provides an overview of t he operating modes of the FortiGate unit, NA T/Route and T ransp arent, and how to configure the FortiGate uni t for each mode.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 16 01-30006-0455-200809 10 Connecting to the FortiGate unit Configuring Transparent mode In T ransparent m ode, the Fo rtiGate unit is invisible to the network. Sim ilar to a network bridge, all FortiGate interfaces must be on the same subnet.
Configuring Connecting to the FortiGate unit FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 17 T o support a secure HTTPS authentication method, the For tiGate .
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 18 01-30006-0455-200809 10 Configuring NA T mode Configuring Configuring NA T mode Configuring NA T mode involves defining interface addresses and de fault routes, and simple firewall policies.
Configuring Configuring NA T mode FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 19 4 Select OK. 5 Repeat this procedure for each interf ace as required. Configure a DNS server A DNS server is a service that conver ts symbolic node nam es to IP addresses.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 20 01-30006-0455-200809 10 Configuring NA T mode Configuring For an initial configuration, you must edit the factor y configured static d efault route to specify a different defau lt gateway for the FortiGat e unit.
Configuring Configuring NA T mode FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 21 3 Set the following and select OK. Firewall policy configurati on is the same in NA T/Route mode and T ransp arent mode. Note that these policies allo w all traffic throug h.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 22 01-30006-0455-200809 10 Configuring NA T mode Configuring T o set an interface to use PPPo E addressing config system interface edit.
Configuring Configuring NA T mode FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 23 In the factory default configuration, entr y number 1 in the S tatic Route list is associated with a destination address of 0.0.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 24 01-30006-0455-200809 10 Configuring T ransparent mod e Configuring Configuring T ransparent mode Configuring T ransparent mode in volves switchin g to T ransparent mo de, configurin g the management IP ad dress, default rou tes, and simple firewa ll policies.
Configuring Configuring T r ansparent mode FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 25 For the initial installation, a single firewa ll policy that enables all traffic through will enable you to verify your configur ation is working.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 26 01-30006-0455-200809 10 Configuring T ransparent mod e Configuring T o switch to T ransparent mode config system settings set opmode.
Configuring V erify the conf iguration FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 27 Note that these policies allo w all traffic throug h. No protection profiles have been applied. Ensure you create additio nal firewall policies to accommo date your network requirement s.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 28 01-30006-0455-200809 10 Restoring a configuration Configuring Restoring a configuration Should you need to restore the config uration file, use the following steps. T o restore the FortiGat e configuration 1 Go to System > Maintenance > Backup & Restore .
Configuring Addition al configur ation FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 29 T o change the administrator p assword 1 Go to System > Admin > Administrators . 2 Select Change Password and enter a new p assword.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 30 01-30006-0455-200809 10 Additional confi guration Configuring.
Advanced configuration Protection profiles FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 31 Advanced configuration The FortiGate unit and the FortiOS o perating system provide a wide range of features that enable you to control netwo rk and internet traffic an d protect your network.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 32 01-30006-0455-200809 10 Firewall p olicies Advanced configuration The best way to begin creating your own protection pr ofile is to open a predefined profile. This way you can see how a profile is set up, an d then modify it suit your requirement s.
Advanced configuration Antivirus options FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 33 Configuring firewall policies T o add or edit a firewall policy go to Firewall > Policy and select Edit on an existing policy , or select Create New to add a policy .
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 34 01-30006-0455-200809 10 AntiSpam options Advanced configuration • Graywar e - These ar e unsolicited commercial software programs that are installed on computer s, often without the user's consent or knowledge.
Advanced configuration Web fi ltering FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 35 Banned word lists are specific wor ds that may be typically found in email. The FortiGate u nit searches f or words or patter ns in email me ssages.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 36 01-30006-0455-200809 10 Logging Advanced configuration T o configure content blocking, go to W eb Filter > Conte nt Block . URL filter enables you to control additional web sites that you can block or allow .
FortiGate Firmware Downloading firmware FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 37 FortiGate Firmware Fortinet periodically updates the For tiGat e firmware to inc lude new features and address issues.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 38 01-30006-0455-200809 10 Using the web-based manage r FortiGate Firmware T o download firmware 1 Log into the site using your user n ame and password. 2 Go to Firmware Images > FortiGate .
FortiGate Firmware Using the web-based manager FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 39 T o revert to a previous firmwar e version 1 Copy the firmware image file to the managem ent computer . 2 Log into the FortiGate web- based manager .
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 40 01-30006-0455-200809 10 Using the CLI FortiGate Firmware T o configure the USB Au to-Inst all 1 Go to System > Maintenance > Backup and Restore . 2 Select the blue arrow to expa nd the Advanced options.
FortiGate Firmware Using the CLI FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 41 5 Enter the fo llowing command to copy the firmwar e image from the TFTP se r.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 42 01-30006-0455-200809 10 Installing firmware from a system reboot using the CLI FortiGate Firmware 4 Make sure the FortiGate unit can connect to th e TFTP server . Y ou can use the f ollowing comma nd to ping the computer running the TFTP server .
FortiGate Firmware Installing firmware from a system reboot using the CLI FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 43 If you are revert ing to a previou s FortiOS version, you might not be ab le to restore the previous configuration from the backup configuration file .
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 44 01-30006-0455-200809 10 Installing firmware from a system reboot using the CLI FortiGate Firmware 9 T ype the address of the TFTP server and press Enter : The following message appears: Enter Local Address [192.
FortiGate Firmware Installing firmware from a system reboot using the CLI FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 45 T o restore configuration us ing the CLI 1 Log into the CLI.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 46 01-30006-0455-200809 10 T esti ng new firmware before installing FortiGate Firmware T esting new firmware before inst alling Y ou can test a new fi rmware image by installing the firmware image from a system reboot and saving it to system memory .
FortiGate Firmware T esting new firmware before installing FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide 01-30006-0455-20080 910 47 8 T ype G to get t he new firm ware image fr om the TF TP server . The following m essage appears: Enter TFTP server address [192.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 48 01-30006-0455-200809 10 T esti ng new firmware before installing FortiGate Firmware.
Index FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 01-30006-0455-2008091 0 49 Index A adding a defa ult route 19, 22 additional resources 9 admin password 28 air flow 11 ambient te.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 50 01-30006-0455-200809 10 Index P PADT timeout 19 password, changing 28 power off 14 PPPoE 22 protection profiles 31 R registering 7 r.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 51 01-30006-0455-200809 10 Index.
FortiGate-800 and FortiG ate-8 00F FortiOS 3.0 MR6 Install Guide 52 01-30006-0455-200809 10 Index.
www.fortinet.com.
www.fortinet.com.
An important point after buying a device Fortinet FortiGate 800/800F (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Fortinet FortiGate 800/800F yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Fortinet FortiGate 800/800F - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Fortinet FortiGate 800/800F you will learn all the available features of the product, as well as information on its operation. The information that you get Fortinet FortiGate 800/800F will certainly help you make a decision on the purchase.
If you already are a holder of Fortinet FortiGate 800/800F, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Fortinet FortiGate 800/800F.
However, one of the most important roles played by the user manual is to help in solving problems with Fortinet FortiGate 800/800F. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Fortinet FortiGate 800/800F along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center