ملخص المحتوى في الصفحة رقم 1
FortiGate 800
Installation and
Configuration Guide
INTERNAL EXTERNAL DMZ HA 12 3 4 CONSOLE USB
Esc Enter
PWR
8
FortiGate User Manual Volume 1
Version 2.50
January 15 2004
ملخص المحتوى في الصفحة رقم 2
© Copyright 2004 Fortinet Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet Inc. FortiGate-800 Installation and Configuration Guide Version 2.50 January 15 2004 Trademarks Products mentioned in this document are trademarks or registered trademarks of
ملخص المحتوى في الصفحة رقم 3
Contents Table of Contents Introduction .......................................................................................................... 15 Antivirus protection ........................................................................................................... 16 Web content filtering ......................................................................................................... 16 Email filtering .......................................................................
ملخص المحتوى في الصفحة رقم 4
Contents NAT/Route mode installation.............................................................................. 41 Preparing to configure NAT/Route mode.......................................................................... 41 Advanced NAT/Route mode settings............................................................................ 42 DMZ and user-defined interfaces.................................................................................. 43 Using the setup wizard................
ملخص المحتوى في الصفحة رقم 5
Contents Transparent mode configuration examples....................................................................... 64 Default routes and static routes .................................................................................... 65 Example default route to an external network............................................................... 65 Example static route to an external destination ............................................................ 67 Example static route to an intern
ملخص المحتوى في الصفحة رقم 6
Contents Displaying the FortiGate up time..................................................................................... 108 Displaying log hard disk status ....................................................................................... 108 Backing up system settings ............................................................................................ 108 Restoring system settings...............................................................................................
ملخص المحتوى في الصفحة رقم 7
Contents Network configuration....................................................................................... 137 Configuring zones........................................................................................................... 137 Adding zones .............................................................................................................. 138 Deleting zones ..........................................................................................................
ملخص المحتوى في الصفحة رقم 8
Contents Adding RIP filters ............................................................................................................ 165 Adding a RIP filter list.................................................................................................. 165 Assigning a RIP filter list to the neighbors filter........................................................... 166 Assigning a RIP filter list to the incoming filter ............................................................ 166 A
ملخص المحتوى في الصفحة رقم 9
Contents Services .......................................................................................................................... 200 Predefined services .................................................................................................... 200 Adding custom TCP and UDP services ...................................................................... 203 Adding custom ICMP services .................................................................................... 204 Add
ملخص المحتوى في الصفحة رقم 10
Contents IPSec VPN........................................................................................................... 231 Key management............................................................................................................ 232 Manual Keys ............................................................................................................... 232 Automatic Internet Key Exchange (AutoIKE) with pre-shared keys or certificates ..... 232 Manual key IPSec VPNs.....
ملخص المحتوى في الصفحة رقم 11
Contents Network Intrusion Detection System (NIDS) ................................................... 269 Detecting attacks ............................................................................................................ 269 Selecting the interfaces to monitor.............................................................................. 270 Disabling monitoring interfaces................................................................................... 270 Configuring checksum veri
ملخص المحتوى في الصفحة رقم 12
Contents URL blocking................................................................................................................... 293 Configuring FortiGate Web URL blocking................................................................... 293 Configuring FortiGate Web pattern blocking............................................................... 296 Configuring Cerberian URL filtering................................................................................ 296 Installing a Cerber
ملخص المحتوى في الصفحة رقم 13
Contents Viewing logs saved to memory ....................................................................................... 317 Viewing logs................................................................................................................ 317 Searching logs ............................................................................................................ 318 Viewing and managing logs saved to the hard disk........................................................ 318 View
ملخص المحتوى في الصفحة رقم 14
Contents 14 Fortinet Inc.
ملخص المحتوى في الصفحة رقم 15
FortiGate-800 Installation and Configuration Guide Version 2.50 Introduction FortiGate Antivirus Firewalls support network-based deployment of application-level services, including antivirus protection and full-scan content filtering. FortiGate Antivirus Firewalls improve network security, reduce network misuse and abuse, and help you use communications resources more efficiently without compromising the performance of your network. FortiGate Antivirus Firewalls are ICSA-certified for firew
ملخص المحتوى في الصفحة رقم 16
Antivirus protection Introduction Antivirus protection FortiGate ICSA-certified antivirus protection scans web (HTTP), file transfer (FTP), and email (SMTP, POP3, and IMAP) content as it passes through the FortiGate unit. If a virus is found, antivirus protection removes the file containing the virus from the content stream and forwards a replacement message to the intended recipient. For extra protection, you can configure antivirus protection to block specified file types from passing thro
ملخص المحتوى في الصفحة رقم 17
Introduction Email filtering Email filtering FortiGate email filtering can scan all IMAP and POP3 email content for unwanted senders or unwanted content. If there is a match between a sender address pattern on the email block list, or an email contains a word or phrase in the banned word list, the FortiGate adds an email tag to the subject line of the email. The recipient can use the mail client software to filter messages based on the email tag. You can configure email blocking to tag email
ملخص المحتوى في الصفحة رقم 18
VLANs and virtual domains Introduction NAT/Route mode In NAT/Route mode, you can create NAT mode policies and Route mode policies. • NAT mode policies use network address translation to hide the addresses in a more secure network from users in a less secure network. • Route mode policies accept or deny connections between networks without performing address translation. Transparent mode Transparent mode provides the same basic firewall protection as NAT mode. Packets that the FortiGate unit r
ملخص المحتوى في الصفحة رقم 19
Introduction VPN VPN Using FortiGate virtual private networking (VPN), you can provide a secure connection between widely separated office networks or securely link telecommuters or travellers to an office network. Service providers can also use the FortiGate unit to provide VPN services for their clients. FortiGate VPN features include the following: • Industry standard and ICSA-certified IPSec VPN, including: • IPSec, ESP security in tunnel mode, • DES, 3DES (triple-DES), and AES hardware a
ملخص المحتوى في الصفحة رقم 20
Secure installation, configuration, and management Introduction Secure installation, configuration, and management The first time you power on the FortiGate unit, it is already configured with default IP addresses and security policies. Connect to the web-based manager, set the operating mode, and use the Setup wizard to customize FortiGate IP addresses for your network, and the FortiGate unit is ready to protect your network. You can then use the web-based manager to customize advanced Fort