Documente Academic
Documente Profesional
Documente Cultură
QuickStart Guide
Internal External Green The correct cable is in use, and the
DMZ connected equipment has power.
(front and back) Flashing green (front) Network activity at this interface.
Flashing Amber (back)
Copyright 2004 Fortinet Incorporated. All rights reserved.
Off No link established. Trademarks
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
Factory default settings Regulatory Compliance
FCC Class A Part 15 CSA/CUS
NAT/Route mode Transparent mode 03 November 2004
1 Checking the package contents Check that the package contents are complete.
Front
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
Null-Modem Cable
Internal RJ-45 10/100Base_T Ethernet Connection to the internal network. (RS-232)
serial Provides access to the command line interface (CLI). Removable Power Power USER MANUAL POWER STATUS INTERNAL EXTERNAL DMZ
CONSOLE INTERNAL EXTERNAL DMZ
Documentation
2 Connecting the FortiGate-200
requires 1.5 inches clearance (3.75 cm) on each side to allow for
cooling. POWER STATUS INTERNAL EXTERNAL DMZ
CONSOLE INTERNAL EXTERNAL DMZ
Make sure the power switch on the back of the unit is turned off before or
connecting the power and network cables. Optional straight-through Ethernet cable connects to DMZ network
Straight-through Ethernet cable connects to Internet (public switch, router or modem)
Crossover Ethernet cable connects to management computer on internal network
Straight-through Ethernet cable connects to LAN or switch on internal network
3
NAT/Route mode
Planning the configuration
In NAT/Route mode, the FortiGate-200 is visible to the networks that it is connected to.
Before configuring the FortiGate-200, you need to plan how to integrate the unit into your
network. Your configuration plan is dependent upon the operating mode that you select: NAT/
Route mode (the default) or Transparent mode.
Transparent mode
In Transparent mode, the FortiGate-200 is invisible to the network. All of its interfaces
All of its interfaces are on different subnets. You must configure the internal and are on the same subnet. You only have to configure a management IP address so that
external interfaces with IP addresses. Optionally, you can also configure the DMZ you can make configuration changes.
interface. You would typically use the FortiGate-200 in Transparent mode on a private network
You would typically use NAT/Route mode when the FortiGate-200 is deployed as a behind an existing firewall or behind a router. In its default Transparent mode
gateway between private and public networks. In its default NAT/Route mode configuration, the unit functions as a firewall. By default, the unit has a single firewall
configuration, the unit functions as a firewall. Firewall policies control communications policy that allows users on the internal network segment to connect to the external
through the FortiGate-200 unit. network segment. No other traffic is possible until you have configured more policies.
Internet
External 10.10.10.3
Route mode policies External
204.23.1.5 (firewall, router) 10.10.10.1 Internal
POWER STATUS INTERNAL EXTERNAL DMZ
controlling traffic between
Internet
CONSOLE INTERNAL EXTERNAL DMZ
NAT/Route mode
Use these tables to record your FortiGate-200 configuration.
Transparent mode
IP: ____.____.____.____ IP: ____.____.____.____
Internal Interface: Management IP:
Netmask: ____.____.____.____ Netmask: ____.____.____.____
IP: ____.____.____.____
External Interface: The management IP address and netmask must be valid for the network from which
Netmask: ____.____.____.____ you will manage the FortiGate-200.
IP: ____.____.____.____ General settings
DMZ Interface
Netmask: ____.____.____.____ Administrator password:
The internal interface IP address and netmask must be valid for the internal network. Default Gateway: ____.____.____.____
Network Settings: Primary DNS Server: ____.____.____.____
Secondary DNS Server: ____.____.____.____
A default gateway is required for the FortiGate unit to route connections to the Internet.
Using the 1. Use the serial cable to connect the FortiGate Console port to the management computer serial port.
2. Start a terminal emulation program (HyperTerminal) on the management computer. Use these settings:
Command Line Interface Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and Flow Control None.
3. At the Login: prompt, type admin and press Enter twice (no password required).
NAT/Route mode Transparent mode
1. Configure the FortiGate-200 internal interface. 1. Change from NAT/Route mode to Transparent mode.
config system interface config system global
edit internal set opmode transparent
set mode static end
set ip <intf_ip> <netmask_ip>
end 2. Wait a moment and then log in again at the prompt.
2. Repeat to configure each interface, for example, to configure the external interface. 3. Configure the Management IP address.
config system interface config system manageip
edit external set ip <mng_ip> <netmask>
... end
3. Configure the primary and secondary DNS server IP addresses. Configure the DNS server IP address.
config system dns config system dns
set primary <dns-server_ip> set primary <dns-server_ip>
set secondary <dns-server_ip> set secondary <dns-server_ip>
end end
4. Configure the default gateway. 4. Configure the default route.
config router static config router static
edit 1 edit 1
set gateway <gateway_ip> set gateway <gateway_ip>
end end
Restarting the FortiGate-200 To restart the unit, go to System > Maintenance > CLI: execute reboot
ShutDown and select Reboot.
Should you mistakenly change a network setting and cannot connect to the unit, reboot
the unit and try again or to set the unit back to factory defaults and start over again. To reset the unit, go to System > Maintenance > CLI: execute factoryreset
Shutdown and select Reset to factory default.
You have finished configuring the basic settings. Your network is now protected amer_support@fortinet.com For customers in the United States, Canada, Mexico, Latin
from Internet-based threats. To explore the full range of configuration options, see America and South America.
the online help or the Documentation CD-ROM.
apac_support@fortinet.com For customers in Japan, Korea, China, Hong Kong,
Singapore, Malaysia, all other Asian countries, and Australia.
eu_support@fortinet.com For customers in the United Kingdom, Scandinavia,
Mainland Europe, Africa, and the Middle East.