Documente Academic
Documente Profesional
Documente Cultură
BASIC Configuration
Interface Configuration
Zone’s
Management Interface
Page |3
DNS
SYSTEM CONFIGURATION
System time
Go to System > Config > Time to set the FortiGate system time.
Options
Go to System > Config > Options
Page |5
HA
Go to System > Config > HA
Configuring an HA cluster
16 Select Change to Transparent Mode and select OK to switch the FortiGate unit to
Transparent mode.
17 Power off the FortiGate unit.
18 Repeat this procedure for all of the FortiGate units in the cluster then continue with “To
connect a FortiGate HA cluster”
You can view, search and manage logs saved to memory or logs saved to the hard
disk, depending on the configuration of the cluster unit.
To monitor cluster units for failover
If the primary unit in the cluster fails, the units in the cluster renegotiate to select a new
primary unit. Failure of the primary unit results in the following:
• If SNMP is enabled, the new primary FortiGate unit sends the trap message “HA
switch”. This trap indicates that the primary unit in an HA cluster has failed and has
been replaced with a new primary unit.
• The cluster contains fewer FortiGate units. The failed primary unit no longer
appears on the Cluster Members list.
• The host name and serial number of the primary cluster unit changes.
• The new primary unit logs the following messages to the event log:
HA slave became master
Detected HA member dead
If a subordinate unit fails, the cluster continues to function normally. Failure of a
subordinate unit results in the following:
• The cluster contains fewer FortiGate units. The failed unit no longer appears on the
Cluster Members list.
• The master unit logs the following message to the event log:
Detected HA member dead
Page |8
SNMP
Go to System > Config > SNMP v1/v2c
SNMP community
Administrators
Administrators list
Administrators options
Access profiles
Go to System > Admin > Access Profile
Access profile list
Shutdown
Go to System > Maintenance > Shutdown.
P a g e | 13
Static Route
Go to Router > Static > Static Route.
Monitor
Go to Router > Monitor > Routing Monitor.
P a g e | 14
Policy Creation
Policy
Go to Firewall > Policy
Sample policy list
Move to options
Policy options
P a g e | 15
Address options
Configuring addresses
To add an address
1 Go to Firewall > Address.
P a g e | 16
To edit an address
Edit an address to change its IP information. You cannot edit the address name.
1 Go to Firewall > Address > Address.
2 Select the Edit icon beside the address you want to edit.
3 Make any required changes.
4 Select OK.
To delete an address
Deleting an address removes it from the address list. To delete an address that has
been added to a policy, you must first remove the address from the policy.
1 Go to Firewall > Address > Address.
2 Select the Delete icon beside the address you want to delete.
You cannot delete default addresses.
3 Select OK.
Service
Predefined service list
6 Select OK.
You can now add this custom service to a policy.
Schedule
Virtual IP (Natting)
IP pool
IP pool options
Configuring IP pools
To add an IP pool
1 Go to Firewall > IP Pool.
2 Select the interface to which to add the IP pool.
You can select a firewall interface or a VLAN subinterface.
3 Select Create New.
4 Enter the IP Range for the IP pool.
The IP range defines the start and end of an address range. The start of the range
must be lower than the end of the range. The start and end of the range must be on
the same subnet as the IP address of the interface to which you are adding the IP
pool.
5 Select OK.
To delete an IP pool
1 Go to Firewall > IP Pool.
2 Select the Delete icon beside the IP pool you want to delete.
3 Select OK.
To edit a IP pool
1 Go to Firewall > IP Pool.
2 For the IP pool that you want to edit, select Edit beside it.
3 Modify the IP pool as required.
4 Select OK to save the changes.
P a g e | 24
VPN
Phase 1
To configure phase 1 settings Go to VPN > IPSEC > Phase 1.
Phase 2
Manual Keys
To specify manual keys for creating a tunnel
Go to VPN > IPSEC > Manual Key and select Create New.
Monitor VPN
To view active tunnels Go to VPN > IPSEC > Monitor
PPTP
L2TP
IOS UPGRADATION
The FortiGate unit reverts to the old firmware version, resets the configuration to
factory defaults, and restarts. This process takes a few minutes.
8 Reconnect to the CLI.
9 To confirm that the new firmware image has been loaded, enter:
get system status
10 To restore your previous configuration if needed, use the command:
execute restore config <name_str> <tftp_ipv4>