ページ1に含まれる内容の要旨
FortiGate 100
Installation and
Configuration Guide
POWER
INTERNAL EXTERNAL DMZ
STATUS
FortiGate User Manual Volume 1
Version 2.50 MR2
18 August 2003����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
ページ2に含まれる内容の要旨
© Copyright 2003 Fortinet Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet Inc. FortiGate-100 Installation and Configuration Guide Version 2.50 MR2 18 August 2003 Trademarks Products mentioned in this document are trademarks or registered trademark
ページ3に含まれる内容の要旨
Contents Table of Contents Introduction .......................................................................................................... 13 Antivirus protection ........................................................................................................... 13 Web content filtering ......................................................................................................... 14 Email filtering .......................................................................
ページ4に含まれる内容の要旨
Contents Planning your FortiGate configuration .............................................................................. 37 NAT/Route mode .......................................................................................................... 37 NAT/Route mode with multiple external network connections...................................... 38 Transparent mode......................................................................................................... 38 Configuration options
ページ5に含まれる内容の要旨
Contents Completing the configuration ............................................................................................ 61 Setting the date and time .............................................................................................. 61 Enabling antivirus protection......................................................................................... 61 Registering your FortiGate............................................................................................ 6
ページ6に含まれる内容の要旨
Contents Virus and attack definitions updates and registration ..................................... 91 Updating antivirus and attack definitions .......................................................................... 91 Connecting to the FortiResponse Distribution Network ................................................ 92 Configuring scheduled updates .................................................................................... 93 Configuring update logging ..........................
ページ7に含まれる内容の要旨
Contents Configuring routing.......................................................................................................... 115 Adding a default route................................................................................................. 116 Adding destination-based routes to the routing table.................................................. 116 Adding routes in Transparent mode............................................................................ 117 Configuring the
ページ8に含まれる内容の要旨
Contents Configuring policy lists .................................................................................................... 149 Policy matching in detail ............................................................................................. 149 Changing the order of policies in a policy list.............................................................. 149 Enabling and disabling policies................................................................................... 150 Addr
ページ9に含まれる内容の要旨
Contents Configuring LDAP support .............................................................................................. 177 Adding LDAP servers.................................................................................................. 177 Deleting LDAP servers................................................................................................ 178 Configuring user groups.................................................................................................. 1
ページ10に含まれる内容の要旨
Contents Configuring L2TP............................................................................................................ 213 Configuring the FortiGate unit as a L2TP gateway ..................................................... 214 Configuring a Windows 2000 client for L2TP.............................................................. 217 Configuring a Windows XP client for L2TP ................................................................. 218 Network Intrusion Detection System
ページ11に含まれる内容の要旨
Contents Exempt URL list .............................................................................................................. 243 Adding URLs to the exempt URL list .......................................................................... 243 Email filter........................................................................................................... 245 General configuration steps............................................................................................ 24
ページ12に含まれる内容の要旨
Contents 12 Fortinet Inc.�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
ページ13に含まれる内容の要旨
FortiGate-100 Installation and Configuration Guide Version 2.50 MR2 Introduction The FortiGate Antivirus Firewall supports network-based deployment of application-level services—including antivirus protection and full-scan content filtering. FortiGate Antivirus Firewalls improve network security, reduce network misuse and abuse, and help you use communications resources more efficiently without compromising the performance of your network. FortiGate Antivirus Firewalls are ICSA-certified fo
ページ14に含まれる内容の要旨
Introduction For extra protection, you also configure antivirus protection to block files of specified file types from passing through the FortiGate unit. You can use the feature to stop files that may contain new viruses. If the FortiGate unit contains a hard disk, infected or blocked files can be quarantined. The FortiGate administrator can download quarantined files, so that they can be virus scanned, cleaned, and forwarded to the intended recipient. You can also configure the FortiGate
ページ15に含まれる内容の要旨
Introduction NAT/Route mode You can configure Email blocking to tag email from all or some senders within organizations that are known to send spam email. To prevent unintentional tagging of email from legitimate senders, you can add sender address patterns to an exempt list that overrides the email block and banned word lists. Firewall The FortiGate ICSA-certified firewall protects your computer networks from the hostile environment of the Internet. ICSA has granted FortiGate firewalls vers
ページ16に含まれる内容の要旨
Transparent mode Introduction Transparent mode Transparent mode provides the same basic firewall protection as NAT mode. Packets received by the FortiGate unit are intelligently forwarded or blocked according to firewall policies. The FortiGate unit can be inserted in your network at any point without the need to make changes to your network or any of its components. However, VPN and some advanced firewall features are only available in NAT/Route mode. Network intrusion detection The FortiG
ページ17に含まれる内容の要旨
Introduction Web-based manager • PPTP for easy connectivity with the VPN standard supported by the most popular operating systems. • L2TP for easy connectivity with a more secure VPN standard also supported by many popular operating systems. • Firewall policy based control of IPSec VPN traffic. • IPSec NAT traversal so that remote IPSec VPN gateways or clients behind a NAT can connect to an IPSec VPN tunnel. • VPN hub and spoke using a VPN concentrator to allow VPN traffic to pass from one t
ページ18に含まれる内容の要旨
Command line interface Introduction Figure 1: The FortiGate web-based manager and setup wizard Command line interface You can access the FortiGate command line interface (CLI) by connecting a management computer serial port to the FortiGate RS-232 serial Console connector. You can also use Telnet or a secure SSH connection to connect to the CLI from any network connected to the FortiGate, including the Internet. The CLI supports the same configuration and monitoring functionality as the web-
ページ19に含まれる内容の要旨
Introduction Logging and reporting Logging and reporting The FortiGate supports logging of various categories of traffic and of configuration changes. You can configure logging to: • report traffic that connects to the firewall, • report network services used, • report traffic permitted by firewall policies, • report traffic that was denied by firewall policies, • report events such as configuration changes and other management events, IPSec tunnel negotiation, virus detection, attacks, and we
ページ20に含まれる内容の要旨
Firewall Introduction DHCP server • Addition of a WINS server to DHCP configuration. • Reserve IP/MAC pair combinations for DHCP servers (CLI only). RIP • New RIP v1 and v2 functionality. See “RIP configuration” on page 121. SNMP • SNMP v1 and v2 support. • Support for RFC 1213 and RFC 2665 • Monitoring of all FortiGate configuration and functionality •See “Configuring SNMP” on page 134 Replacement messages You can customize messages sent by the FortiGate unit: • When a virus is detected, • Whe
