Resumen del contenido incluido en la página 1
FortiGate 500A
Installation Guide
CONSOLE USB LAN 10/100 10/100/1 000
Esc Enter
L1 L2 L3 L4 12 3 4 56
A
Version 2.80 MR5
15 October 2004
01-28005-0101-20041015
Resumen del contenido incluido en la página 2
© Copyright 2004 Fortinet Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet Inc. FortiGate-500A Installation Guide Version 2.80 MR5 15 October 2004 01-28005-0101-20041015 Trademarks Products mentioned in this document are trademarks or registered tr
Resumen del contenido incluido en la página 3
Contents Table of Contents Introduction ............................................................................................................ 5 Secure installation, configuration, and management.......................................................... 6 Web-based manager ...................................................................................................... 6 Command line interface ............................................................................................
Resumen del contenido incluido en la página 4
Contents Transparent mode installation............................................................................ 37 Preparing to configure Transparent mode ........................................................................ 37 Using the web-based manager......................................................................................... 38 Reconnecting to the web-based manager .................................................................... 39 Using the front control buttons and
Resumen del contenido incluido en la página 5
FortiGate-500A Installation Guide Version 2.80 MR5 Introduction FortiGate Antivirus Firewalls improve network security, reduce network misuse and abuse, and help you use communications resources more efficiently without compromising the performance of your network. FortiGate Antivirus Firewalls are ICSA-certified for firewall, IPSec, and antivirus services. The FortiGate Antivirus Firewall is a dedicated easily managed security device that delivers a full suite of capabilities that include:
Resumen del contenido incluido en la página 6
Web-based manager Introduction Secure installation, configuration, and management The FortiGate unit default configuration includes default interface IP addresses and is only a few steps away from protecting your network. There are several ways to configure basic FortiGate settings: • the web-based manager, • the front panel front keypad and LCD, • the command line interface (CLI), or • the setup wizard. The CLI or the web-based manager can then be used to complete configuration and to perfor
Resumen del contenido incluido en la página 7
Introduction Command line interface Command line interface You can access the FortiGate command line interface (CLI) by connecting a management computer serial port to the FortiGate RS-232 serial console connector. You can also use Telnet or a secure SSH connection to connect to the CLI from any network that is connected to the FortiGate unit, including the Internet. The CLI supports the same configuration and monitoring functionality as the web-based manager. In addition, you can use the CL
Resumen del contenido incluido en la página 8
Setup wizard Introduction set opmode {nat | transparent} You can enter set opmode nat or set opmode transparent. • Square brackets [ ] to indicate that a keyword or variable is optional. For example: show system interface [] To show the settings for all interfaces, you can enter show system interface. To show the settings for the internal interface, you can enter show system interface internal. • A space to separate options that can be entered in any combination and must be separate
Resumen del contenido incluido en la página 9
Introduction Comments on Fortinet technical documentation Fortinet documentation Information about FortiGate products is available from the following FortiGate Guides: • FortiGate QuickStart Guide Each QuickStart Guide provides the basic information required to connect and install a FortiGate model. • FortiGate Installation Guide Each Installation Guide provides detailed information required to install a FortiGate model. Includes hardware reference, default configuration, installation procedur
Resumen del contenido incluido en la página 10
Comments on Fortinet technical documentation Introduction Customer service and technical support For antivirus and attack definition updates, firmware updates, updated product documentation, technical support information, and other resources, please visit the Fortinet technical support web site at http://support.fortinet.com. You can also register FortiGate Antivirus Firewalls from http://support.fortinet.com and change your registration information at any time. Fortinet email support is avai
Resumen del contenido incluido en la página 11
FortiGate-500A Installation Guide Version 2.80 MR5 Getting started This section describes unpacking, setting up, and powering on a FortiGate Antivirus Firewall unit. This section includes: • Package contents • Mounting • Turning the FortiGate unit power on and off • Connecting to the web-based manager • Connecting to the command line interface (CLI) • Factory default FortiGate configuration settings • Planning the FortiGate configuration • Next steps FortiGate-500A Installation Guide 01-28005-0
Resumen del contenido incluido en la página 12
Getting started Package contents The FortiGate-500A package contains the following items: • FortiGate-500A Antivirus Firewall • one orange crossover ethernet cable (Fortinet part number CC300248) • one gray regular ethernet cable (Fortinet part number CC300249) • one RJ-45 serial cable (Fortinet part number CC300302) • FortiGate-500A QuickStart Guide • one power cable • CD containing the FortiGate user documentation • two 19-inch rack mount brackets Figure 2: FortiGate-500A package contents Ethe
Resumen del contenido incluido en la página 13
Getting started Power requirements • Power dissipation: 50 W (max) • AC input voltage: 100 to 240 VAC • AC input current: 1.6 A • Frequency: 50 to 60 H Environmental specifications • Operating temperature: 32 to 104°F (0 to 40°C) • Storage temperature: -13 to 158°F (-25 to 70°C) • Humidity: 5 to 95% non-condensing If you install the FortiGate-500A unit in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient. Make sure
Resumen del contenido incluido en la página 14
Getting started Table 1: FortiGate-500A LED indicators LED State Description Power Green The FortiGate unit is powered on. Off The FortiGate unit is powered off. LAN (L1, L2, Amber The correct cable is in use and the connected equipment has power. L3, L4), 1, 2, 3, 4, 5, 6 Flashing Network activity at this interface. Amber Green The interface is connected. • 1, 2, 3, and 4 connect at up to 100 Mbps. • 5 and 6 connect at up to 1000 Mbps. Off No link established. To power off the FortiGate unit
Resumen del contenido incluido en la página 15
Getting started 3 Start Internet Explorer and browse to the address https://192.168.1.99. (remember to include the “s” in https://). The FortiGate login is displayed. Figure 3: FortiGate login 4 Type admin in the Name field and select Login. Connecting to the command line interface (CLI) As an alternative to the web-based manager, you can install and configure the FortiGate unit using the CLI. Configuration changes made with the CLI are effective immediately without resetting the firewall or
Resumen del contenido incluido en la página 16
Getting started Bits per second 9600 Data bits 8 Parity None Stop bits 1 Flow control None 5 Press Enter to connect to the FortiGate CLI. The following prompt is displayed: FortiGate-500A login: 6 Type admin and press Enter twice. The following prompt is displayed: Welcome ! Type ? to list available commands. For information about how to use the CLI, see the FortiGate CLI Reference Guide. Factory default FortiGate configuration settings The FortiGate unit is shipped with a factory default conf
Resumen del contenido incluido en la página 17
Getting started Factory default NAT/Route mode network configuration Factory default NAT/Route mode network configuration When the FortiGate unit is first powered on, it is running in NAT/Route mode and has the basic network configuration listed in Table 2. This configuration allows you to connect to the FortiGate unit web-based manager and establish the configuration required to connect the FortiGate unit to the network. In Table 2, HTTPS administrative access means you can connect to the w
Resumen del contenido incluido en la página 18
Factory default Transparent mode network configuration Getting started Factory default Transparent mode network configuration In Transparent mode, the FortiGate unit has the default network configuration listed in Table 3. Table 3: Factory default Transparent mode network configuration Administrator User name: admin account Password: (none) IP: 10.10.10.1 Management IP Netmask: 255.255.255.0 Primary DNS Server: 207.194.200.1 DNS Secondary DNS Server: 207.194.200.129 LAN HTTPS, Ping Port 1 Ping
Resumen del contenido incluido en la página 19
Getting started Factory default protection profiles Factory default protection profiles Use protection profiles to apply different protection settings for traffic that is controlled by firewall policies. You can use protection profiles to: • Configure antivirus protection for HTTP, FTP, IMAP, POP3, and SMTP firewall policies • Configure Web filtering for HTTP firewall policies • Configure Web category filtering for HTTP firewall policies • Configure spam filtering for IMAP, POP3, and SMTP fire
Resumen del contenido incluido en la página 20
NAT/Route mode Getting started Figure 4: Web protection profile settings Planning the FortiGate configuration Before you configure the FortiGate unit, you need to plan how to integrate the unit into the network. Among other things, you must decide whether you want the unit to be visible to the network, which firewall functions you want it to provide, and how you want it to control the traffic flowing between its interfaces. Your configuration plan depends on the operating mode that you select