Fortinet Version 3.0の取扱説明書

ページ1に含まれる内容の要旨

Administration Guide
FortiBridge
Version 3.0
www.fortinet.com

ページ2に含まれる内容の要旨

FortiBridge Administration Guide Version 3.0 9 November 2006 09-30000-0163-20061109 © Copyright 2006 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc. Trademarks ABACAS, APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient, FortiG

ページ3に含まれる内容の要旨

Contents Contents Introduction ........................................................................................ 7 About FortiBridge.............................................................................................. 7 About this document......................................................................................... 7 Fortinet documentation..................................................................................... 8 Fortinet tools and documentation CD.......

ページ4に含まれる内容の要旨

Contents Completing the basic FortiBridge configuration.......................................... 26 Adding an administrator password.............................................................. 27 Changing the management IP address ...................................................... 27 Changing DNS server IP addresses ........................................................... 28 Adding static routes .................................................................................... 28 All

ページ5に含まれる内容の要旨

Contents system console................................................................................................ 61 system dns....................................................................................................... 62 get system status ............................................................................................ 63 system fail_close............................................................................................. 64 system global..................

ページ6に含まれる内容の要旨

Contents FortiBridge Version 3.0 Administration Guide 6 09-30000-0163-20061109

ページ7に含まれる内容の要旨

Introduction About FortiBridge Introduction This chapter introduces you to the FortiBridge-1000 and FortiBridge-1000F products that provide fail open protection for FortiGate Antivirus Firewalls operating in transparent mode. Fail open protection keeps network traffic flowing in the event of a FortiGate unit failure. This chapter contains the following topics: • About FortiBridge • About this document • Fortinet documentation • Customer service and technical support About FortiBridge The Fort

ページ8に含まれる内容の要旨

Fortinet documentation Introduction • Using the CLI describes how to use the FortiBridge CLI. • config CLI commands is the FortiBridge config CLI command reference. • execute CLI commands is the FortiBridge execute CLI command reference. Fortinet documentation The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com. The following FortiBridge product documentation is a

ページ9に含まれる内容の要旨

FortiBridge operating principles Example FortiBridge application FortiBridge operating principles This chapter describes a typical transparent mode FortiGate network and how to add a FortiBridge unit to this network to provide fail open protection. This chapter also contains detailed information about how FortiBridge units operate and concludes with descriptions of adding a FortiBridge unit to an HA cluster and connecting a FortiBridge unit other FortiGate interfaces. This chapter contains

ページ10に含まれる内容の要旨

Example FortiBridge application FortiBridge operating principles The FortiGate unit acts as an extra layer of protection for your internal network. While it is operating, the FortiGate unit protects the internal network from threats originating on the Internet. All users on the internal network connect through the FortiGate unit to the Internet. This also means that if a failure or other interruption caused the FortiGate unit to stop functioning, users on the internal network would not be a

ページ11に含まれる内容の要旨

FortiBridge operating principles Normal mode operation 1 Connect the FortiBridge-1000 INT 2 interface to the FortiGate internal interface. 2 Connect the FortiGate external interface to the FortiBridge-1000 EXT 2 interface. 3 Connect the internal network to the FortiBridge-1000 INT 1 interface. 4 Connect the FortiBridge-1000 EXT 1 interface to the router. Connecting the FortiBridge-1000F (fiber gigabit ethernet) The FortiBridge-1000F unit contains 4 multimode fiber optic gigabit interfaces that

ページ12に含まれる内容の要旨

Normal mode operation FortiBridge operating principles Figure 5: FortiBridge unit operating in normal mode sending probe packets (Normal mode) Internal network INT 1 EXT 1 Internet Router EXT 2 INT 2 Internal External Probe packets (Transparent mode) You can enable ICMP (ping), HTTP, FTP, POP3, SMTP, and IMAP probes to test connectivity through the FortiGate unit for each of these protocols. The FortiBridge unit simultaneously tests connectivity through the FortiGate unit for each probe that

ページ13に含まれる内容の要旨

FortiBridge operating principles Normal mode operation Table 1: FortiBridge probes and FortiGate firewall policy requirements (Continued) FortiGate Firewall policy Probe Description Direction Service POP3 POP3 packets are sent from a POP3 client Internal -> External POP3 or ANY at the INT 2 interface to a POP3 server at the EXT 2 interface. The POP3 server sends a response from the EXT 2 interface to the INT 2 interface. SMTP SMTP packets are sent from an SMTP Internal -> External SMTP or ANY

ページ14に含まれる内容の要旨

Bypass mode operation FortiBridge operating principles Bypass mode operation When the FortiBridge unit operates in bypass mode, the FortiBridge INT 1 and EXT 1 interfaces are directly connected. All traffic between the internal and external network segments flows, whether or not the FortiGate unit is operating normally. Because the INT 1 and EXT 1 interfaces are directly connected, you cannot use Telnet or SSH to connect to the FortiBridge CLI. Instead you must use a console connection. T

ページ15に含まれる内容の要旨

FortiBridge operating principles Example FortiGate HA cluster FortiBridge application Example FortiGate HA cluster FortiBridge application A FortiBridge unit can provide fail open protection for a FortiGate HA cluster operating in transparent mode in much the same way as for a standalone FortiGate unit. To provide fail open protection for an HA cluster, connect the FortiBridge unit to the switches that connect the internal and external interfaces of the cluster. Use the following steps to co

ページ16に含まれる内容の要旨

Example configuration with other FortiGate interfaces FortiBridge operating principles 1 Connect the FortiBridge-1000 INT 2 interface to the switch connected to the HA cluster internal interface. 2 Connect the switch connected to the HA cluster external interface to the FortiBridge-1000 EXT 2 interface. 3 Connect the internal network to the FortiBridge-1000 INT 1 interface. 4 Connect the FortiBridge-1000 EXT 1 interface to the router. Connecting the FortiBridge-1000F (fiber gigabit ethernet) T

ページ17に含まれる内容の要旨

FortiBridge operating principles Example configuration with other FortiGate interfaces 3 Connect the internal network to the FortiBridge-1000 INT 1 interface. 4 Connect the FortiBridge-1000 EXT 1 interface to the router. You must add port 5-> port 6 firewall policies to the FortiGate-500A unit configuration. FortiBridge Version 3.0 Administration Guide 09-30000-0163-20061109 17

ページ18に含まれる内容の要旨

Example configuration with other FortiGate interfaces FortiBridge operating principles FortiBridge Version 3.0 Administration Guide 18 09-30000-0163-20061109

ページ19に含まれる内容の要旨

Setting up FortiBridge units FortiBridge unit basic information Setting up FortiBridge units This chapter contains the information you need to unpack, connect, and configure your FortiBridge unit: • FortiBridge unit basic information • Connecting and turning on the FortiBridge unit • Connecting to the command line interface (CLI) • Completing the basic FortiBridge configuration • Resetting to the factory default configuration • Installing FortiBridge unit firmware When you complete the procedur

ページ20に含まれる内容の要旨

FortiBridge unit basic information Setting up FortiBridge units Figure 9: FortiBridge-1000 package contents Bypass Change Front Mode Mode 2 Orange Crossover Ethernet Cables INT 1 EXT 1 PWR STATUS BYPASS MODE MODE FACTORY RESET Esc Enter NORMAL PWR FortiGate INT 2 EXT 2 Power INT 1 EXT 1 Normal Factory INT 2 EXT 2 Mode Reset Power Cable Power Supply Back RJ-45 to TO FORTIGATE DC+5V DB-9 Serial Cable PWR CONSOLE EXT 2 INT 2 EXT 1 INT 1 FortiBridge-1000 INT 1 EXT 1 Esc Enter BYPASS MODE MODE FACTOR