Resumen del contenido incluido en la página 1
FortiGate 400
Installation and
Configuration Guide
CONSOLE 1 2 3 4 / HA
Esc Enter
FortiGate User Manual Volume 1
Version 2.50 MR2
18 August 2003
Resumen del contenido incluido en la página 2
© Copyright 2003 Fortinet Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet Inc. FortiGate-400 Installation and Configuration Guide Version 2.50 MR2 18 August 2003 Trademarks Products mentioned in this document are trademarks or registered trademarks
Resumen del contenido incluido en la página 3
Contents Table of Contents Introduction .......................................................................................................... 15 Antivirus protection ........................................................................................................... 15 Web content filtering ......................................................................................................... 16 Email filtering .......................................................................
Resumen del contenido incluido en la página 4
Contents Planning your FortiGate configuration .............................................................................. 39 NAT/Route mode .......................................................................................................... 39 NAT/Route mode with multiple external network connections...................................... 40 Transparent mode......................................................................................................... 41 Configuration options
Resumen del contenido incluido en la página 5
Contents Completing the configuration ............................................................................................ 64 Setting the date and time .............................................................................................. 64 Enabling antivirus protection......................................................................................... 64 Registering your FortiGate............................................................................................ 6
Resumen del contenido incluido en la página 6
Contents System status....................................................................................................... 93 Changing the FortiGate host name................................................................................... 94 Changing the FortiGate firmware...................................................................................... 94 Upgrade to a new firmware version .............................................................................. 95 Revert to a pre
Resumen del contenido incluido en la página 7
Contents Updating registration information.................................................................................... 128 Recovering a lost Fortinet support password.............................................................. 128 Viewing the list of registered FortiGate units .............................................................. 128 Registering a new FortiGate unit ................................................................................ 129 Adding or changing a FortiC
Resumen del contenido incluido en la página 8
Contents Adding RIP filters ............................................................................................................ 154 Adding a single RIP filter............................................................................................. 154 Adding a RIP filter list.................................................................................................. 155 Adding a neighbors filter ..................................................................................
Resumen del contenido incluido en la página 9
Contents Services .......................................................................................................................... 182 Predefined services .................................................................................................... 182 Providing access to custom services .......................................................................... 184 Grouping services .................................................................................................
Resumen del contenido incluido en la página 10
Contents IPSec VPN........................................................................................................... 209 Key management............................................................................................................ 210 Manual Keys ............................................................................................................... 210 Automatic Internet Key Exchange (AutoIKE) with pre-shared keys or certificates ..... 210 Manual key IPSec VPNs.....
Resumen del contenido incluido en la página 11
Contents Network Intrusion Detection System (NIDS) ................................................... 249 Detecting attacks ............................................................................................................ 249 Selecting the interfaces to monitor.............................................................................. 250 Disabling the NIDS...................................................................................................... 250 Configuring checksu
Resumen del contenido incluido en la página 12
Contents URL blocking................................................................................................................... 269 Using the FortiGate web filter ..................................................................................... 269 Using the Cerberian web filter..................................................................................... 272 Script filtering .....................................................................................................
Resumen del contenido incluido en la página 13
Contents Glossary ............................................................................................................. 295 Index .................................................................................................................... 299 FortiGate-400 Installation and Configuration Guide 13
Resumen del contenido incluido en la página 14
Contents 14 Fortinet Inc.
Resumen del contenido incluido en la página 15
FortiGate-400 Installation and Configuration Guide Version 2.50 MR2 Introduction The FortiGate Antivirus Firewall supports network-based deployment of application-level services—including antivirus protection and full-scan content filtering. FortiGate Antivirus Firewalls improve network security, reduce network misuse and abuse, and help you use communications resources more efficiently without compromising the performance of your network. FortiGate Antivirus Firewalls are ICSA-certified fo
Resumen del contenido incluido en la página 16
Web content filtering Introduction For extra protection, you also configure antivirus protection to block files of specified file types from passing through the FortiGate unit. You can use the feature to stop files that may contain new viruses. If the FortiGate unit contains a hard disk, infected or blocked files can be quarantined. The FortiGate administrator can download quarantined files, so that they can be virus scanned, cleaned, and forwarded to the intended recipient. You can also con
Resumen del contenido incluido en la página 17
Introduction Firewall You can configure Email blocking to tag email from all or some senders within organizations that are known to send spam email. To prevent unintentional tagging of email from legitimate senders, you can add sender address patterns to an exempt list that overrides the email block and banned word lists. Firewall The FortiGate ICSA-certified firewall protects your computer networks from the hostile environment of the Internet. ICSA has granted FortiGate firewalls version 4.
Resumen del contenido incluido en la página 18
VLAN Introduction Transparent mode Transparent mode provides the same basic firewall protection as NAT mode. Packets received by the FortiGate unit are intelligently forwarded or blocked according to firewall policies. The FortiGate unit can be inserted in your network at any point without the need to make changes to your network or any of its components. However, VPN, VLAN, multi-zone functionality, and some advanced firewall features are only available in NAT/Route mode. VLAN Fortigate An
Resumen del contenido incluido en la página 19
Introduction VPN VPN Using FortiGate virtual private networking (VPN), you can provide a secure connection between widely separated office networks or securely link telecommuters or travellers to an office network. FortiGate VPN features include the following: • Industry standard and ICSA-certified IPSec VPN including: • IPSec, ESP security in tunnel mode, • DES, 3DES (triple-DES), and AES hardware accelerated encryption, • HMAC MD5 and HMAC SHA1 authentication and data integrity, • AutoIKE ke
Resumen del contenido incluido en la página 20
Secure installation, configuration, and management Introduction Secure installation, configuration, and management Installation is quick and simple. The first time you turn on the FortiGate unit, it is already configured with default IP addresses and security policies. Connect to the web-based manager, set the operating mode, and use the setup wizard to customize FortiGate IP addresses for your network, and the FortiGate unit is set to protect your network. You can then use the web-based man