Instruction d'utilisation Fortinet FortiGate 400

Résumé du contenu de la page N° 1

FortiGate 400
Installation and
Configuration Guide
CONSOLE 1 2 3 4 / HA
Esc Enter
FortiGate User Manual Volume 1
Version 2.50 MR2
18 August 2003

Résumé du contenu de la page N° 2

© Copyright 2003 Fortinet Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet Inc. FortiGate-400 Installation and Configuration Guide Version 2.50 MR2 18 August 2003 Trademarks Products mentioned in this document are trademarks or registered trademarks

Résumé du contenu de la page N° 3

Contents Table of Contents Introduction .......................................................................................................... 15 Antivirus protection ........................................................................................................... 15 Web content filtering ......................................................................................................... 16 Email filtering .......................................................................

Résumé du contenu de la page N° 4

Contents Planning your FortiGate configuration .............................................................................. 39 NAT/Route mode .......................................................................................................... 39 NAT/Route mode with multiple external network connections...................................... 40 Transparent mode......................................................................................................... 41 Configuration options

Résumé du contenu de la page N° 5

Contents Completing the configuration ............................................................................................ 64 Setting the date and time .............................................................................................. 64 Enabling antivirus protection......................................................................................... 64 Registering your FortiGate............................................................................................ 6

Résumé du contenu de la page N° 6

Contents System status....................................................................................................... 93 Changing the FortiGate host name................................................................................... 94 Changing the FortiGate firmware...................................................................................... 94 Upgrade to a new firmware version .............................................................................. 95 Revert to a pre

Résumé du contenu de la page N° 7

Contents Updating registration information.................................................................................... 128 Recovering a lost Fortinet support password.............................................................. 128 Viewing the list of registered FortiGate units .............................................................. 128 Registering a new FortiGate unit ................................................................................ 129 Adding or changing a FortiC

Résumé du contenu de la page N° 8

Contents Adding RIP filters ............................................................................................................ 154 Adding a single RIP filter............................................................................................. 154 Adding a RIP filter list.................................................................................................. 155 Adding a neighbors filter ..................................................................................

Résumé du contenu de la page N° 9

Contents Services .......................................................................................................................... 182 Predefined services .................................................................................................... 182 Providing access to custom services .......................................................................... 184 Grouping services .................................................................................................

Résumé du contenu de la page N° 10

Contents IPSec VPN........................................................................................................... 209 Key management............................................................................................................ 210 Manual Keys ............................................................................................................... 210 Automatic Internet Key Exchange (AutoIKE) with pre-shared keys or certificates ..... 210 Manual key IPSec VPNs.....

Résumé du contenu de la page N° 11

Contents Network Intrusion Detection System (NIDS) ................................................... 249 Detecting attacks ............................................................................................................ 249 Selecting the interfaces to monitor.............................................................................. 250 Disabling the NIDS...................................................................................................... 250 Configuring checksu

Résumé du contenu de la page N° 12

Contents URL blocking................................................................................................................... 269 Using the FortiGate web filter ..................................................................................... 269 Using the Cerberian web filter..................................................................................... 272 Script filtering .....................................................................................................

Résumé du contenu de la page N° 13

Contents Glossary ............................................................................................................. 295 Index .................................................................................................................... 299 FortiGate-400 Installation and Configuration Guide 13

Résumé du contenu de la page N° 14

Contents 14 Fortinet Inc.

Résumé du contenu de la page N° 15

FortiGate-400 Installation and Configuration Guide Version 2.50 MR2 Introduction The FortiGate Antivirus Firewall supports network-based deployment of application-level services—including antivirus protection and full-scan content filtering. FortiGate Antivirus Firewalls improve network security, reduce network misuse and abuse, and help you use communications resources more efficiently without compromising the performance of your network. FortiGate Antivirus Firewalls are ICSA-certified fo

Résumé du contenu de la page N° 16

Web content filtering Introduction For extra protection, you also configure antivirus protection to block files of specified file types from passing through the FortiGate unit. You can use the feature to stop files that may contain new viruses. If the FortiGate unit contains a hard disk, infected or blocked files can be quarantined. The FortiGate administrator can download quarantined files, so that they can be virus scanned, cleaned, and forwarded to the intended recipient. You can also con

Résumé du contenu de la page N° 17

Introduction Firewall You can configure Email blocking to tag email from all or some senders within organizations that are known to send spam email. To prevent unintentional tagging of email from legitimate senders, you can add sender address patterns to an exempt list that overrides the email block and banned word lists. Firewall The FortiGate ICSA-certified firewall protects your computer networks from the hostile environment of the Internet. ICSA has granted FortiGate firewalls version 4.

Résumé du contenu de la page N° 18

VLAN Introduction Transparent mode Transparent mode provides the same basic firewall protection as NAT mode. Packets received by the FortiGate unit are intelligently forwarded or blocked according to firewall policies. The FortiGate unit can be inserted in your network at any point without the need to make changes to your network or any of its components. However, VPN, VLAN, multi-zone functionality, and some advanced firewall features are only available in NAT/Route mode. VLAN Fortigate An

Résumé du contenu de la page N° 19

Introduction VPN VPN Using FortiGate virtual private networking (VPN), you can provide a secure connection between widely separated office networks or securely link telecommuters or travellers to an office network. FortiGate VPN features include the following: • Industry standard and ICSA-certified IPSec VPN including: • IPSec, ESP security in tunnel mode, • DES, 3DES (triple-DES), and AES hardware accelerated encryption, • HMAC MD5 and HMAC SHA1 authentication and data integrity, • AutoIKE ke

Résumé du contenu de la page N° 20

Secure installation, configuration, and management Introduction Secure installation, configuration, and management Installation is quick and simple. The first time you turn on the FortiGate unit, it is already configured with default IP addresses and security policies. Connect to the web-based manager, set the operating mode, and use the setup wizard to customize FortiGate IP addresses for your network, and the FortiGate unit is set to protect your network. You can then use the web-based man