Sunteți pe pagina 1din 17

Installing the FortiGate Unit

Installation
Fortinet Technologies

Free-standing (All units)

requires 1.5 (3.75 cm) clearance on all sides requires 1U of vertical space

Rack-mounted (FortiGate 200 and higher)

Connecting to the Web-based Manager (1)


Fortinet Technologies

To connect to the web-based manager, you need: a computer with an Ethernet interface a cross-over Ethernet cable or an Ethernet hub/switch and two Ethernet cables an Internet browser

Internet Explorer version 4.0 or higher Mozzilla, etc.

Connecting to the Web-based Manager (2)


Fortinet Technologies

Set the static IP address of the computer with an Ethernet connection to 192.168.1.2/255.255.255.0 Using the cross-over cable or the Ethernet hub and cables, connect the internal interface of the FortiGate unit to the computer Ethernet connection Start a browser and connect to the address https://192.168.1.99 Type admin in the Name field and click Login

Connecting to the CLI (1)


Fortinet Technologies

To connect to the FortiGate unit, you need: a computer with an available communications port depending on the FortiGate model, a null modem cable with a 9-pin connector or an RJ-45 serial cable and an RJ-45 to DB-9 converter terminal emulation software such as HyperTerminal for Windows, Secure CRT, etc. Connect the null modem cable to the communications port of your computer and to the FortiGate Console port

Connecting to the CLI (2)


Fortinet Technologies

Start HyperTerminal, enter a name for the connections, and click OK Configure HyperTerminal to connect directly to the communications port on the computer to which you have connected the null modem cable and click OK Select the following port settings and click OK

FortiGate 300 and FortiManager use 115200 bps


Bits per second Data bits Parity Stop bits Flow control 9600 8 None 1 None
6

Connecting to the CLI (3)


Fortinet Technologies

Press Enter to connect to the FortiGate CLI


The following prompt is displayed: FortiGate-60 login:

Type admin and press Enter twice


The following prompt is displayed: Type ? for a list of commands.

Factory Default Settings


Fortinet Technologies

The FortiGate unit is shipped with a factory default configuration that allows you to connect to and use the FortiGate web-based manager to configure the unit onto the network Internal interface 192.168.1.99/24

https, http, ssh, ping access is enabled ping is enabled

External interface 192.168.100.99/24

Firmware upgrade using TFTP is done using the internal interface only (interrupt boot process)

Factory Default Settings (Cont)


Fortinet Technologies

No password On low end models (50, 60, 100), a policy is added automatically to allow all traffic from internal to external Add an administrator password for security

Registration
Fortinet Technologies

After purchasing and installing a new FortiGate unit You must register the unit to be able to receive antivirus and attack signature updates After registration, you have

a three month period to receive free updates a one month free trial period for FortiGuard, Fortinets Web content blocking system

After you have registered your FortiGate unit, Fortinet sends a Support Login user name and password to your email address

System > Maintenance > Support > FDS Registration


10

Support
Fortinet Technologies

Use the user name and password you received after registration to log on to the Fortinet support web site to:

view your list of FortiGate units register additional FortiGate units add or change FortiCare Support Contract numbers for each FortiGate unit view and change registration information download virus and attack definition updates download firmware upgrades modify registration information after an RMA open support tickets

11

Planning the Installation


Fortinet Technologies

NAT/Route mode the FortiGate unit is visible to the network all its interfaces are on different subnets can add security policies can configure the FortiGate unit with multiple redundant connections to the external network Transparent mode the FortiGate unit is invisible to the network

12

Setting the Time and Date


Fortinet Technologies

Ensure effective scheduling and logging Set the FortiGate system time manually or set the unit to synchronize with a Network Time Protocol (NTP) server for automatic time correction

13

Options
Fortinet Technologies

Enhance security

set timeouts for access to the FortiGate unit, policy authentication, DGD for routing fail-over PIN protection for LCD panel

14

SNMP
Fortinet Technologies

Report system information and send traps to SNMP managers Access SNMP traps and data from any FortiGate interface or VLAN configured for SNMP management access Fortinet proprietary MIBs RFC 2665 (Ethernet-like MIB) and RFC 1213 (MIB II)

15

DHCP Server and DHCP Relay


Fortinet Technologies

NAT/Route mode only Static IP address required Configure the server first Choose the interface to act as a DHCP server

System > DHCP > Service

16

IP/MAC Binding
Fortinet Technologies

Protects the FortiGate unit and your network from IP spoofing attacks IP/MAC pairs that do not match entries in the table are denied connection Packet filtering Dynamic binding allows for DHCP assignments

System > DCHP > IP/MAC Binding


17