Resumen del contenido incluido en la página 1
FortiGate 50A
Installation and
Configuration Guide
PWR STATUS
INTERNAL EXTERNAL
LINK 100 LINK 100
A
FortiGate User Manual Volume 1
Version 2.50
29 February 2004
Resumen del contenido incluido en la página 2
© Copyright 2004 Fortinet Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet Inc. FortiGate-50A Installation and Configuration Guide Version 2.50 29 February 2004 Trademarks Products mentioned in this document are trademarks or registered trademarks of
Resumen del contenido incluido en la página 3
Contents Table of Contents Introduction .......................................................................................................... 13 NAT/Route mode and Transparent mode......................................................................... 13 NAT/Route mode .......................................................................................................... 13 Transparent mode.................................................................................................
Resumen del contenido incluido en la página 4
Contents Completing the configuration ............................................................................................ 38 Setting the date and time .............................................................................................. 38 Changing antivirus protection ....................................................................................... 38 Registering your FortiGate unit ..................................................................................... 39
Resumen del contenido incluido en la página 5
Contents Shutting down the FortiGate unit ...................................................................................... 66 System status ................................................................................................................... 67 Viewing CPU and memory status ................................................................................. 67 Viewing sessions and network status ........................................................................... 68 Viewi
Resumen del contenido incluido en la página 6
Contents Network configuration......................................................................................... 93 Configuring interfaces....................................................................................................... 93 Viewing the interface list ............................................................................................... 94 Changing the administrative status of an interface ....................................................... 94 Configuring
Resumen del contenido incluido en la página 7
Contents Changing system options................................................................................................ 122 Adding and editing administrator accounts..................................................................... 123 Adding new administrator accounts ............................................................................ 124 Editing administrator accounts.................................................................................... 124 Configuring SNMP .
Resumen del contenido incluido en la página 8
Contents Virtual IPs........................................................................................................................ 157 Adding static NAT virtual IPs ...................................................................................... 158 Adding port forwarding virtual IPs ............................................................................... 159 Adding policies with virtual IPs...................................................................................
Resumen del contenido incluido en la página 9
Contents AutoIKE IPSec VPNs...................................................................................................... 182 General configuration steps for an AutoIKE VPN ....................................................... 183 Adding a phase 1 configuration for an AutoIKE VPN.................................................. 183 Adding a phase 2 configuration for an AutoIKE VPN.................................................. 188 Managing digital certificates......................
Resumen del contenido incluido en la página 10
Contents Logging attacks............................................................................................................... 222 Logging attack messages to the attack log................................................................. 222 Reducing the number of NIDS attack log and email messages.................................. 222 Antivirus protection........................................................................................... 225 General configuration steps..........
Resumen del contenido incluido en la página 11
Contents Email block list ................................................................................................................ 248 Adding address patterns to the email block list........................................................... 248 Downloading the email block list................................................................................. 248 Uploading an email block list ...................................................................................... 249 Email e
Resumen del contenido incluido en la página 12
Contents 12 Fortinet Inc.
Resumen del contenido incluido en la página 13
FortiGate-50A Installation and Configuration Guide Version 2.50 Introduction The FortiGate-50A Antivirus Firewall is an easy-to-deploy and easy-to- administer solution that delivers PWR STATUS INTERNAL EXTERNAL exceptional value and performance for LINK 100 LINK 100 A small office and home office (SOHO) applications. Your FortiGate-50A is a dedicated easily managed security device that delivers a full suite of capabilities that include: • application-level services such as virus protection
Resumen del contenido incluido en la página 14
Document conventions Introduction Document conventions This guide uses the following conventions to describe CLI command syntax. • angle brackets < > to indicate variable keywords For example: execute restore config You enter restore config myfile.bak indicates an ASCII string variable keyword. indicates an integer variable keyword. indicates an IP address variable keyword. • vertical bar and curly brackets {|} to separate alternative, mutually exc
Resumen del contenido incluido en la página 15
Introduction Fortinet documentation Fortinet documentation Information about FortiGate products is available from the following FortiGate User Manual volumes: • Volume 1: FortiGate Installation and Configuration Guide Describes installation and basic configuration for the FortiGate unit. Also describes how to use FortiGate firewall policies to control traffic flow through the FortiGate unit and how to use firewall policies to apply antivirus protection, web content filtering, and email filte
Resumen del contenido incluido en la página 16
Customer service and technical support Introduction Customer service and technical support For antivirus and attack definition updates, firmware updates, updated product documentation, technical support information, and other resources, please visit the Fortinet technical support web site at http://support.fortinet.com. You can also register FortiGate Antivirus Firewalls from http://support.fortinet.com and modify your registration information at any time. Fortinet email support is available
Resumen del contenido incluido en la página 17
FortiGate-50A Installation and Configuration Guide Version 2.50 Getting started This chapter describes unpacking, setting up, and powering on a FortiGate Antivirus Firewall unit. When you have completed the procedures in this chapter, you can proceed to one of the following: • If you are going to operate the FortiGate unit in NAT/Route mode, go to “NAT/Route mode installation” on page 33. • If you are going to operate the FortiGate unit in Transparent mode, go to “Transparent mode installati
Resumen del contenido incluido en la página 18
Package contents Getting started Package contents The FortiGate-50A package contains the following items: • the FortiGate-50A Antivirus Firewall • one orange cross-over ethernet cable • one gray regular ethernet cable • one null-modem cable • FortiGate-50A QuickStart Guide • A CD containing the FortiGate user documentation • one AC adapter Figure 1: FortiGate-50A package contents Front Ethernet Cables: Orange - Crossover Grey - Straight-through PWR STATUS PWR STATUS INTERNAL EXTERNAL LINK 100 LI
Resumen del contenido incluido en la página 19
Getting started Powering on Environmental specifications • Operating temperature: 32 to 104°F (0 to 40°C) • Storage temperature: -13 to 158°F (-25 to 70°C) • Humidity: 5 to 95% non-condensing Powering on To power on the FortiGate-50A unit 1 Connect the AC adapter to the power connection at the back of the FortiGate-50 unit. 2 Connect the AC adapter to a power outlet. The FortiGate-50A starts up. The Power and Status lights light. The Status light flashes while the unit is starting up and turns
Resumen del contenido incluido en la página 20
Connecting to the command line interface (CLI) Getting started To connect to the web-based manager 1 Set the IP address of the computer with an ethernet connection to the static IP address 192.168.1.2 and a netmask of 255.255.255.0. You can also configure the management computer to obtain an IP address automatically using DHCP. The FortiGate DHCP server assigns the management computer an IP address in the range 192.168.1.1 to 192.168.1.254. 2 Using the crossover cable or the ethernet hub and