Gebruiksaanwijzing /service van het product 500A van de fabrikant Fortinet
Ga naar pagina of 54
FortiGate 500A Installation Guide Esc Ent er A CON SOLE 56 USB LAN 12 3 4 L1 L2 L3 L4 10/ 100 10/ 100/1 000 Ve r s i o n 2 . 8 0 M R 5 15 October 2004 01-28005-01 01-20041015.
© Copyright 2004 Fortine t Inc. All rights reserved . No part of this publication incl uding text, examples, di agrams or illustration s may be reproduced, transmitted, or translated in any form or by any means, electronic, m echanical, m anual, optical or otherwise, for any purpose, without prio r written pe rmission of F ortinet I nc.
Contents FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 3 Table of Contents Introduction ............. .............................. ........................................................ ......... 5 Secure installation, configurat ion, and management .
Contents 4 01-28005-0101-2004101 5 Fortinet Inc. Transparent mode installation .... ............................................................... ......... 37 Preparing to configure Transparent mode ............ ................ ....................
FortiGate-500A Inst allation Guide V ersion 2.80 MR5 FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 5 Introduction FortiGate A ntivirus Firew alls improve n etwork securit y , red uce networ k misuse and abuse, and help you use communication s resources more efficiently without compromising the performance of yo ur netw ork.
6 01-28005-0101-2004101 5 Fortinet Inc. Web-based manage r Introduction Secure inst allation, configuration, and management The FortiGate unit default conf iguration includes default interface IP addr esses and is only a few steps away from protecting your netwo rk.
Introduction Command line interface FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 7 Command line interface Y ou can access the FortiGate command lin e interface (CLI) by connecting a management compute r serial port to the Fo rtiGate RS-232 serial console connector .
8 01-28005-0101-2004101 5 Fortinet Inc. Setup wizard Introduction set opmode {nat | transparent} Y ou can en ter set opmode nat or set opmode transparent .
Introduction Comments on Fortine t technical documenta tion FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 9 Fortinet document ation Information about FortiGate produ cts is av ailable fro.
10 01-28005-0101-2004101 5 Fortinet Inc. Comments on Fortinet technica l docume ntation Introduction Customer service and technical support For antiviru s and attack def inition up dates, firmware upd.
FortiGate-500A Inst allation Guide V ersion 2.80 MR5 FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 11 Getting st arted This section describes unp acking, setting up, and powering on a FortiGate Antivirus Firewall unit.
12 01-28005-0101-2004101 5 Fortinet Inc. Getting started Package content s The FortiGate-500A p ackage cont ains the following items: • FortiGate-500A Antivirus Firewall • one orange crossover eth.
Getting started FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 13 Power requirements • Power dissipation: 50 W (max) • AC input volt age: 100 to 2 40 V AC • AC input current: 1.
14 01-28005-0101-2004101 5 Fortinet Inc. Getting started T o power off the FortiGate unit Always shut down the FortiGate operatin g system properly bef ore turning off the power switch.
Getting started FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 15 3 S tart Internet Explorer and browse to the address http s://192.168.1.99. (r emember to include the “s” in https://). The FortiGate login is displayed. Figure 3: FortiG ate login 4 T ype admin in the Name field and select Login.
16 01-28005-0101-2004101 5 Fortinet Inc. Getting started 5 Press Enter to connect to the FortiGate CLI. The following prompt is displayed: FortiGate-500A login: 6 Ty p e admin and press Enter twice. The following prompt is displayed: Welcome ! T ype ? to list available commands.
Getting started Factory default NAT/Route mod e network configuration FortiGate-500A Installati on Guide 01-28005-0101-200 41015 17 Factory default NAT/Route m ode network configuration When the FortiGate unit is first p owered on , it is running in NA T/Rout e mode and has the basic ne twork config uration listed in Ta b l e 2 .
18 01-28005-0101-2004101 5 Fortinet Inc. Factory default Transpar ent mode network configuration Getting started Factory default Transparent mode network configuration In T ransparent mode, the FortiGate unit has the d efault network configuration listed in Ta b l e 3 .
Getting started Factory default protection profiles FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 19 Factory default protection profiles Use protection profiles to apply dif ferent protection settings for traf fic that is controlled by firewall po licies.
20 01-28005-0101-2004101 5 Fortinet Inc. NAT/Rout e mode Getting started Figure 4: We b protection profile settings Planning the FortiGate configuration Before you configure the FortiGate unit, you need to plan how to integrate the unit into the network.
Getting started NAT/Route mode with multiple external network conn ections FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 21 Y ou can add firewall policies to control w hether communications through the FortiGate unit operate in NA T or Route mode.
22 01-28005-0101-2004101 5 Fortinet Inc. Transparent mode Getting started Figure 6: Example NA T/Route multipl e internet connection configu ration Transparent mode In T ransparent mode, the Fo rtiGate unit is invisible to the network. Similar to a network bridge, all FortiGate inte rfaces must be on the same subnet.
Getting started Configuration options FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 23 Web-based manager and setup wizard The FortiGate web-based ma nager is a full featured management to ol. Y ou can use the web-based manager to confi gure most FortiGate settings.
24 01-28005-0101-2004101 5 Fortinet Inc. Configuration opti ons Getting started.
FortiGate-500A Inst allation Guide V ersion 2.80 MR5 FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 25 NA T/Route mode inst allation This chapter describes ho w to install the FortiGate un it in NA T/Route mode.
26 01-28005-0101-2004101 5 Fortinet Inc. DHCP or PPPoE confi guration NAT/Route mode installati on DHCP or PPPoE configuration Y ou can configure any FortiGate interface to acquire it s IP address from a DHCP or PPPoE server . Y our ISP may provide IP add resses using one of these protocols.
NAT/Route mode installation Configuring basic settings FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 27 Using the web-based manager Y ou can use the web-based manager for the in itial configuration of the FortiGate unit. Y ou can also continue to use the web-based mana ger for all FortiGate unit settings.
28 01-28005-0101-2004101 5 Fortinet Inc. Configuring basic settin gs NAT/Route mode installati on T o add a default route Add a default route to configure wh ere the FortiGate unit sends traf fic destined for an external ne twork (usua lly the Interne t).
NAT/Route mode installation Configuring the Fo rtiGate unit to oper ate in NAT/Route mode FortiGate-500A Installati on Guide 01-28005-0101-200 41015 29 T o add a default gateway to an interface The default gateway is usually configured for the interface connecte d to the Internet.
30 01-28005-0101-2004101 5 Fortinet Inc. Configur ing the FortiG ate unit to opera te in NAT/Ro ute mode NAT/Rout e mode instal lation Example T o set the IP address of the LAN interface to 192.16 8.2.99 and netmask to 255.255.255.0, enter: config system interface edit lan set ip 192.
NAT/Route mode installation Configuring the Fo rtiGate unit to oper ate in NAT/Route mode FortiGate-500A Installati on Guide 01-28005-0101-200 41015 31 6 Confirm that the addre sses are correct. Ente r: get system interface The CLI lists the IP address, netma sk, and other set tings for ea ch of the F ortiGate interfaces.
32 01-28005-0101-2004101 5 Fortinet Inc. Configur ing the FortiG ate unit to opera te in NAT/Ro ute mode NAT/Rout e mode instal lation Using the setup wizard From the web-based ma nager, you can use the setup wizard to complete the initial configuration of the FortiGate unit.
NAT/Route mode installati on Starting the setup wizard FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 33 Starting the setup wizard 1 In the web-based manager, sele ct Easy Setup Wizard.
34 01-28005-0101-2004101 5 Fortinet Inc. Starting the setup wizard NAT/Route mode installati on Connecting the FortiGate unit to the network(s) After you co mplete the initial configuration, you ca n connect the Fo rtiGate unit between the internal ne twork and the Internet.
NAT/Route mode installati on Starting the setup wizard FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 35 3 Optionally connect Ports 3, 4, 5, and 6 to other networks.
36 01-28005-0101-2004101 5 Fortinet Inc. Starting the setup wizard NAT/Route mode installati on T o register the FortiGate unit After pur chasing and inst alling a new FortiGat e unit, you can register th e unit by goin g to the System Update Support page, or usin g a web browser to connect to http://support.
FortiGate-500A Inst allation Guide V ersion 2.80 MR5 FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 37 T ransp arent mode inst allation This chapter de scribes how to inst all a FortiGate unit in T ransp arent mode. If you want to install the FortiGate un it in NA T/Ro ute mode, see “NA T/Route mode installation” on pag e 25 .
38 01-28005-0101-2004101 5 Fortinet Inc. Transparen t mode install ation Using the web-based manager Y ou can use the web-based manager to complete the initial configuration of the FortiGate unit. Y ou can continue to use the web-based manager for all FortiGate unit settings.
Transparent mode installatio n Reco nnecting to the web-based manager FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 39 T o configure the default gateway 1 Go to System > Network > Management . 2 Set Default Gateway to the default gatewa y IP address that you recorded in T able 8 on page 38 .
40 01-28005-0101-2004101 5 Fortinet Inc. Reconnecting to the web-based manager Transparent mode installation 4 After you set the last digit of the default gateway , press Enter . 5 Press Esc to return to the Main Menu. Y ou have now co mpleted the in itial configuration o f the FortiGate unit and you can proceed to “Next steps” on page 43 .
Transparent mode installatio n Reco nnecting to the web-based manager FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 41 Example config system manageip set ip 10.10.10.2 255.255.255.0 end 3 Confirm that the addre ss is correct. Enter: get system manageip The CLI lists the managemen t IP address and netmask.
42 01-28005-0101-2004101 5 Fortinet Inc. Reconnecting to the web-based manager Transparent mode installation Using the setup wizard From the web-based manager, you can use th e setup wizard to begin the initial configuration of the FortiGate unit.
Transparent mode installatio n Reco nnecting to the web-based manager FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 43 For example, you can connect the Fort iGate-500A using the following ste ps: 1 Connect port 1 to the hub or switch connected to your internal network.
44 01-28005-0101-2004101 5 Fortinet Inc. Reconnecting to the web-based manager Transparent mode installation T o set the date and time For effective scheduling and logging, the FortiGate syst em date and time must be accurate.
FortiGate-500A Inst allation Guide V ersion 2.80 MR5 FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 45 High availability inst allation This chapter describes how to install two or more FortiGate units in an HA cluster .
46 01-28005-0101-2004101 5 Fortinet Inc. High availability configuration se ttings High availability installation T able 9: Hig h availability settings Mode Active-Active Load balancing and failo ve r HA. Each FortiGate unit in the HA cluster actively processes co nnections and monitors the statu s of the other Forti Gate unit s in the cluster .
High availability installation Configuring Fort iGate units for HA usi ng the web-based manager FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 47 Configuring FortiGate units for HA using the web-based manager Use the followin g procedur e to configu re each For tiGate unit f or HA opera tion.
48 01-28005-0101-2004101 5 Fortinet Inc. Configuring FortiGate units for HA usin g the CLI High availability installati on T o configure a FortiGate unit for HA operation 1 Go to System > Config > HA . 2 Select High Availability . 3 Select the mode.
High availability installation Configuring FortiGate units for HA using the CLI FortiGate-500A Installati on Guide 01-28005-0101-200 41015 49 T o configure the FortiGate unit for HA operation 1 Configure HA settings.
50 01-28005-0101-2004101 5 Fortinet Inc. Configuring FortiGate units for HA usin g the CLI High availability installati on Inserting an HA cluster into your networ k temporarily interrupt s communications on the network because ne w physical conn ections are being made to route traf fic through the cluster .
High availability installation Configuring FortiGate units for HA using the CLI FortiGate-500A Installati on Guide 01-28005-0101-200 41015 51 2 Power on all the FortiGat e units in the cluster . As the units st art, they negotiate to choose the primary cluste r unit and the subordinat e units.
52 01-28005-0101-2004101 5 Fortinet Inc. Configuring FortiGate units for HA usin g the CLI High availability installati on.
FortiGate-500A Installati on Guide 01-28005-0101-2004101 5 53 FortiGate-500A Inst allation Guide V ersion 2.80 MR5 Index C CLI 7 configuring IP addresses 40 configuring NAT/Route mode 29 connecting to.
54 01-28005-0101-2004101 5 Fortinet Inc. Index.
Een belangrijk punt na aankoop van elk apparaat Fortinet 500A (of zelfs voordat je het koopt) is om de handleiding te lezen. Dit moeten wij doen vanwege een paar simpele redenen:
Als u nog geen Fortinet 500A heb gekocht dan nu is een goed moment om kennis te maken met de basisgegevens van het product. Eerst kijk dan naar de eerste pagina\'s van de handleiding, die je hierboven vindt. Je moet daar de belangrijkste technische gegevens Fortinet 500A vinden. Op dit manier kan je controleren of het apparaat aan jouw behoeften voldoet. Op de volgende pagina's van de handleiding Fortinet 500A leer je over alle kenmerken van het product en krijg je informatie over de werking. De informatie die je over Fortinet 500A krijgt, zal je zeker helpen om een besluit over de aankoop te nemen.
In een situatie waarin je al een beziter van Fortinet 500A bent, maar toch heb je de instructies niet gelezen, moet je het doen voor de hierboven beschreven redenen. Je zult dan weten of je goed de alle beschikbare functies heb gebruikt, en of je fouten heb gemaakt die het leven van de Fortinet 500A kunnen verkorten.
Maar de belangrijkste taak van de handleiding is om de gebruiker bij het oplossen van problemen te helpen met Fortinet 500A . Bijna altijd, zal je daar het vinden Troubleshooting met de meest voorkomende storingen en defecten #MANUAl# samen met de instructies over hun opplosinge. Zelfs als je zelf niet kan om het probleem op te lossen, zal de instructie je de weg wijzen naar verdere andere procedure, bijv. door contact met de klantenservice of het dichtstbijzijnde servicecentrum.