Fortinet FortiGate 110C Installation Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Gateway
  5. FortiGate 110C
  6. Installation manual
Fortinet FortiGate 110C Installation Manual

Fortinet FortiGate 110C Installation Manual

Fortios 3.0 mr6
Hide thumbs
Table of Contents

Advertisement

Quick Links

I N S T A L L G U I D E
FortiGate-110C
FortiOS 3.0 MR6
www.fortinet.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FortiGate 110C and is the answer not in the manual?

Questions and answers

Related Manuals for Fortinet FortiGate 110C

Summary of Contents for Fortinet FortiGate 110C

  • Page 1 I N S T A L L G U I D E FortiGate-110C FortiOS 3.0 MR6 www.fortinet.com...
  • Page 2 FortiOS 3.0 MR6 28 July 2008 01-30006-0481-20080728 © Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.

  • Page 3: Table Of Contents

    Document conventions... 6 Typographic conventions ... 7 Further Reading ... 7 Fortinet Knowledge Center ... 8 Comments on Fortinet technical documentation ... 8 Customer service and technical support ... 8 Installing ... 9 Environmental specifications... 9 Cautions and warnings ... 10 Grounding ...
  • Page 4 Advanced configuration... 31 FortiGate Firmware ... 37 Configure a DNS server ... 22 Adding a default route and gateway ... 22 Adding firewall policies ... 23 Configuring Transparent mode... 23 Using the web-based manager ... 24 Switching to Transparent mode... 24 Configure a DNS server ...
  • Page 5 Contents Installing firmware from a system reboot using the CLI... 42 Restoring the previous configuration... 44 Backup and Restore from a USB key ... 44 Using the USB Auto-Install... 45 Additional CLI Commands for a USB key ... 45 Testing new firmware before installing ... 46 Index...
  • Page 6 Contents FortiGate-110C FortiOS 3.0 MR6 Install Guide 01-30006-0481-20080728...

  • Page 7: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Introduction Introduction Welcome and thank you for selecting Fortinet products for your real-time network protection. The FortiGate Unified Threat Management System improves network security, reduces network misuse and abuse, and helps you use communications resources more efficiently without compromising the performance of your network.

  • Page 8: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    About the FortiGate-110C About the FortiGate-110C About this document Document conventions The FortiGate-110C is an ideal solution for SMB and and Medium to large-sized Enterprises with distributed branch offices. The FortiGate-110C features dual WAN 10/100/1000 link support for redundant internet connections, and an integrated 8-port 10/100 switch that eliminates the need for an external hub or switch, giving networked devices a direct connection to the FortiGate-110C.

  • Page 9: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    CLI command syntax Document names Menu commands Program output Variables Further Reading The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com. The following FortiGate • FortiGate QuickStart Guide Provides basic information about connecting and installing a FortiGate unit.

  • Page 10: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com. Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and operate reliably in your network.

  • Page 11: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Installing Installing This chapter describes installing your FortiGate unit in your server room, environmental specifications and how to mount the FortiGate in a rack if applicable. This chapter contains the following topics: • Environmental specifications • Cautions and warnings • Plugging in the FortiGate •...

  • Page 12: Cautions And Warnings

    Cautions and warnings Cautions and warnings Grounding Rack mount instructions Mounting • Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. • Consult the dealer or an experienced radio/TV technician for help. The equipment compliance with FCC radiation exposure limit set forth for uncontrolled Environment.
  • Page 13 Installing When placing the FortiGate unit on any flat, stable surface, ensure the unit has at least 1.5 inches (3.75 cm) of clearance on each side to ensure adequate airflow for cooling. For rack mounting, use the mounting brackets and screws included with the FortiGate unit.

  • Page 14: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Plugging in the FortiGate Plugging in the FortiGate Connecting to the network Figure 3: Mounting in a rack Use the following steps to connect the power supply to the FortiGate unit. To power on the FortiGate unit Ensure the power switch, located at the back of the FortiGate unit is in the off position, indicated by the “O”.

  • Page 15: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Installing Turning off the FortiGate unit Always shut down the FortiGate operating system properly before turning off the power switch to avoid potential hardware problems. To power off the FortiGate unit From the web-based manager, go to System > Status. In the Unit Operation display, select Shutdown, or from the CLI enter: execute shutdown Disconnect the power cables from the power supply.
  • Page 16 Turning off the FortiGate unit Installing FortiGate-110C FortiOS 3.0 MR6 Install Guide 01-30006-0481-20080728...

  • Page 17: Configuring

    Configuring Configuring This section provides an overview of the operating modes of the FortiGate unit, NAT/Route and Transparent, and how to configure the FortiGate unit for each mode. There are two ways you can configure the FortiGate unit, using the web-based manager or the command line interface (CLI).

  • Page 18: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Connecting to the FortiGate unit Transparent mode Connecting to the FortiGate unit Connecting to the web-based manager In Transparent mode, the FortiGate unit is invisible to the network. Similar to a network bridge, all FortiGate interfaces must be on the same subnet. You only have to configure a management IP address to make configuration changes.

  • Page 19: Connecting To The Cli

    Configuring To support a secure HTTPS authentication method, the FortiGate unit ships with a self-signed security certificate, which is offered to remote clients whenever they initiate a HTTPS connection to the FortiGate unit. When you connect, the FortiGate unit displays two security warnings in a browser. The first warning prompts you to accept and optionally install the FortiGate unit’s self-signed security certificate.

  • Page 20: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Configuring NAT mode Configuring NAT mode Using the web-based manager Configuring NAT mode involves defining interface addresses and default routes, and simple firewall policies. You can use the web-based manager or the CLI to configure the FortiGate unit in NAT/Route mode. After connecting to the web-based manager, you can use the following procedures to complete the basic configuration of the FortiGate unit.

  • Page 21: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet. DNS server IP addresses are typically provided by your internet service provider.

  • Page 22: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Configuring NAT mode For an initial configuration, you must edit the factory configured static default route to specify a different default gateway for the FortiGate unit. This will enable the flow of data through the FortiGate unit. For details on adding additional static routes, see the FortiGate Administration Guide.

  • Page 23: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Configuring Set the following and select OK. Source Interface Source Address Destination Interface Select the port connected to the network. Destination Address All Schedule Service Action Firewall policy configuration is the same in NAT/Route mode and Transparent mode. Note that these policies allow all traffic through. No protection profiles have been applied.

  • Page 24: Configure A Dns Server

    Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet. DNS server IP addresses are typically provided by your internet service provider.

  • Page 25: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Configuring For an initial configuration, you must edit the factory configured static default route to specify a different default gateway for the FortiGate unit. This will enable the flow of data through the FortiGate unit. For details on adding additional static routes, see the FortiGate Administration Guide.

  • Page 26: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet. DNS server IP addresses are typically provided by your internet service provider.

  • Page 27: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Configuring To add an outgoing traffic firewall policy Go to Firewall > Policy. Select Create New. Set the following and select OK. Source Interface Source Address Destination Interface Select the port connected to the Internet. Destination Address All Schedule Service Action To add an incoming traffic firewall policy Go to Firewall >...

  • Page 28: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet. DNS server IP addresses are typically provided by your internet service provider.

  • Page 29: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Configuring Verify the configuration Your FortiGate unit is now configured and connected to the network. To verify the FortiGate unit is connected and configured correctly, use your web browser to browse a web site, or use your email client to send and receive email. If you cannot browse to the web site or retrieve/send email from your account, review the previous steps to ensure all information was entered correctly and try again.

  • Page 30: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Restoring a configuration Restoring a configuration Additional configuration Set the time and date Set the Administrator password Should you need to restore the configuration file, use the following steps. To restore the FortiGate configuration Go to System > Maintenance > Backup & Restore. Select to upload the restore file from your PC or a USB key.

  • Page 31: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    FortiGate unit. Before you can begin receiving updates, you must register your FortiGate unit from the Fortinet web page. For information about registering your FortiGate unit, “Register your FortiGate unit” on page...
  • Page 32 Additional configuration Configuring FortiGate-110C FortiOS 3.0 MR6 Install Guide 01-30006-0481-20080728...

  • Page 33: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Advanced configuration Advanced configuration The FortiGate unit and the FortiOS operating system provide a wide range of features that enable you to control network and internet traffic and protect your network. This chapter describes some of these options and how to configure them.

  • Page 34: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Firewall policies Firewall policies Apply virus scanning and web content blocking to HTTP traffic. Unfiltered Apply no scanning, blocking or IPS. Use the unfiltered content profile if no content protection for content traffic is required. Add this protection profile to firewall policies for connections between highly trusted or highly secure networks where content does not need to be protected.

  • Page 35: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    • Virus scan - The virus definitions are kept up to date through the FortiNet Distribution Network. The list is updated on a regular basis so you do not have to wait for a firmware upgrade. Note that you must register the FortiGate unit to and purchase FortiGuard services to use virus scanning through the FDN.

  • Page 36: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    FortiGuard is an antispam system from Fortinet that includes an IP address black list, a URL black list, and spam filtering tools. The FortiGuard Center accepts submission of spam email messages as well as well as reports of false positives.

  • Page 37: Web Filtering

    Advanced configuration Banned word lists are specific words that may be typically found in email. The FortiGate unit searches for words or patterns in email messages. If matches are found, values assigned to the words are totalled. If the defined threshold value is exceeded, the message is marked as spam.

  • Page 38: Logging

    To configure URL filters, go to Web Filter > URL Filter. FortiGuard web filtering is a managed web filtering solution provided by Fortinet. FortiGuard web filtering sorts hundreds of millions of web pages into a wide range of categories users can allow, block, or monitor.

  • Page 39: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    • Testing new firmware before installing Downloading firmware Firmware images for all FortiGate units is available on the Fortinet Customer Support web site. You must register your FortiGate unit to access firmware images. Register the FortiGate unit by visiting select Product Registration.

  • Page 40: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    Using the web-based manager Using the web-based manager Upgrading the firmware Reverting to a previous version To download firmware Log into the site using your user name and password. Go to Firmware Images > FortiGate. Select the most recent FortiOS version, and MR release and patch release. Locate the firmware for your FortiGate unit, right-click the link and select the Download option for your browser.

  • Page 41: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    FortiGate Firmware Note: To use this procedure, you must log in using the admin administrator account, or an administrator account that has system configuration read and write privileges. To revert to a previous firmware version Copy the firmware image file to the management computer. Log into the FortiGate web-based manager.

  • Page 42: Using The Cli

    Using the CLI Using the CLI Note: You need an unencrypted configuration file for this feature. Also the default files, image.out and system.conf, must be in the root directory of the USB key. Note: Make sure at least FortiOS v3.0MR1 is installed on the FortiGate unit before installing.

  • Page 43: Fortigate-110C Fortios 3.0 Mr6 Install Guide

    FortiGate Firmware Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit: execute restore image <name_str> <tftp_ip4> Where <name_str> is the name of the firmware image file and <tftp_ip4> is the IP address of the TFTP server. For example, if the firmware image file name is image.out and the IP address of the TFTP server is 192.168.1.168, enter: execute restore image image.out 192.168.1.168 The FortiGate unit responds with the message:...

  • Page 44: Installing Firmware From A System Reboot Using The Cli

    Installing firmware from a system reboot using the CLI Installing firmware from a system reboot using the CLI Make sure the FortiGate unit can connect to the TFTP server. You can use the following command to ping the computer running the TFTP server.
  • Page 45 FortiGate Firmware If you are reverting to a previous FortiOS version, you might not be able to restore the previous configuration from the backup configuration file. Note: Installing firmware replaces your current antivirus and attack definitions, along with the definitions included with the firmware release you are installing. After you install new firmware, make sure that antivirus and attack definitions are up to date.

  • Page 46: Restoring The Previous Configuration

    Installing firmware from a system reboot using the CLI Restoring the previous configuration Backup and Restore from a USB key Type the address of the TFTP server and press Enter: The following message appears: Enter Local Address [192.168.1.188]: Type an IP address the FortiGate unit can use to connect to the TFTP server. The IP address can be any IP address that is valid for the network the interface is connected to.

  • Page 47: Using The Usb Auto-Install

    FortiGate Firmware To restore configuration using the CLI Log into the CLI. Enter the following command to restore the configuration files: exec restore image usb <filename> The FortiGate unit responds with the following message: This operation will replace the current firmware version! Do you want to continue? (y/n) Type y.

  • Page 48: Testing New Firmware Before Installing

    Testing new firmware before installing Testing new firmware before installing You can test a new firmware image by installing the firmware image from a system reboot and saving it to system memory. After completing this procedure, the FortiGate unit operates using the new firmware image with the current configuration.
  • Page 49 FortiGate Firmware Type G to get the new firmware image from the TFTP server. The following message appears: Enter TFTP server address [192.168.1.168]: Type the address of the TFTP server and press Enter: The following message appears: Enter Local Address [192.168.1.188]: Type an IP address of the FortiGate unit to connect to the TFTP server.
  • Page 50 Testing new firmware before installing FortiGate Firmware FortiGate-110C FortiOS 3.0 MR6 Install Guide 01-30006-0481-20080728...

  • Page 51: Index

    46 testing new firmware 46 upgrade from CLI 40 upgrade with web-based manager 38 upgrading using the CLI 40 FortiGuard 29 Fortinet Knowledge Center 8 further reading 7 gateway 19 grounding 10 humidity 9 Initial Disc Timeout 18...
  • Page 52 PADT timeout 19 password, changing 28 power off 13 PPPoE 22 protection profiles 31 registering 5 restore 28 restoring previous firmware configuration 44 reverting firmware 38 security certificate 17 shielded twisted pair 10 shut down 13 signatures, update 29 static route 19 system reboot, installing 42 technical support 8 TFTP server 42...
  • Page 53 Index FortiGate-110C FortiOS 3.0 MR6 Install Guide 01-30006-0481-20080728...
  • Page 54 Index FortiGate-110C FortiOS 3.0 MR6 Install Guide 01-30006-0481-20080728...
  • Page 55 www.fortinet.com...
  • Page 56 www.fortinet.com...

This manual is also suitable for:

Fortigate-110c

Table of Contents

Save PDF