Sunteți pe pagina 1din 17

Installing the FortiGate Unit

Fortinet Technologies

Free-standing (All units)

requires 1.5 (3.75 cm) clearance on all sides requires 1U of vertical space

Rack-mounted (FortiGate 200 and higher)

Connecting to the Web-based Manager (1)

Fortinet Technologies

To connect to the web-based manager, you need: a computer with an Ethernet interface a cross-over Ethernet cable or an Ethernet hub/switch and two Ethernet cables an Internet browser

Internet Explorer version 4.0 or higher Mozzilla, etc.

Connecting to the Web-based Manager (2)

Fortinet Technologies

Set the static IP address of the computer with an Ethernet connection to Using the cross-over cable or the Ethernet hub and cables, connect the internal interface of the FortiGate unit to the computer Ethernet connection Start a browser and connect to the address Type admin in the Name field and click Login

Connecting to the CLI (1)

Fortinet Technologies

To connect to the FortiGate unit, you need: a computer with an available communications port depending on the FortiGate model, a null modem cable with a 9-pin connector or an RJ-45 serial cable and an RJ-45 to DB-9 converter terminal emulation software such as HyperTerminal for Windows, Secure CRT, etc. Connect the null modem cable to the communications port of your computer and to the FortiGate Console port

Connecting to the CLI (2)

Fortinet Technologies

Start HyperTerminal, enter a name for the connections, and click OK Configure HyperTerminal to connect directly to the communications port on the computer to which you have connected the null modem cable and click OK Select the following port settings and click OK

FortiGate 300 and FortiManager use 115200 bps

Bits per second Data bits Parity Stop bits Flow control 9600 8 None 1 None

Connecting to the CLI (3)

Fortinet Technologies

Press Enter to connect to the FortiGate CLI

The following prompt is displayed: FortiGate-60 login:

Type admin and press Enter twice

The following prompt is displayed: Type ? for a list of commands.

Factory Default Settings

Fortinet Technologies

The FortiGate unit is shipped with a factory default configuration that allows you to connect to and use the FortiGate web-based manager to configure the unit onto the network Internal interface

https, http, ssh, ping access is enabled ping is enabled

External interface

Firmware upgrade using TFTP is done using the internal interface only (interrupt boot process)

Factory Default Settings (Cont)

Fortinet Technologies

No password On low end models (50, 60, 100), a policy is added automatically to allow all traffic from internal to external Add an administrator password for security

Fortinet Technologies

After purchasing and installing a new FortiGate unit You must register the unit to be able to receive antivirus and attack signature updates After registration, you have

a three month period to receive free updates a one month free trial period for FortiGuard, Fortinets Web content blocking system

After you have registered your FortiGate unit, Fortinet sends a Support Login user name and password to your email address

System > Maintenance > Support > FDS Registration


Fortinet Technologies

Use the user name and password you received after registration to log on to the Fortinet support web site to:

view your list of FortiGate units register additional FortiGate units add or change FortiCare Support Contract numbers for each FortiGate unit view and change registration information download virus and attack definition updates download firmware upgrades modify registration information after an RMA open support tickets


Planning the Installation

Fortinet Technologies

NAT/Route mode the FortiGate unit is visible to the network all its interfaces are on different subnets can add security policies can configure the FortiGate unit with multiple redundant connections to the external network Transparent mode the FortiGate unit is invisible to the network


Setting the Time and Date

Fortinet Technologies

Ensure effective scheduling and logging Set the FortiGate system time manually or set the unit to synchronize with a Network Time Protocol (NTP) server for automatic time correction


Fortinet Technologies

Enhance security

set timeouts for access to the FortiGate unit, policy authentication, DGD for routing fail-over PIN protection for LCD panel


Fortinet Technologies

Report system information and send traps to SNMP managers Access SNMP traps and data from any FortiGate interface or VLAN configured for SNMP management access Fortinet proprietary MIBs RFC 2665 (Ethernet-like MIB) and RFC 1213 (MIB II)


DHCP Server and DHCP Relay

Fortinet Technologies

NAT/Route mode only Static IP address required Configure the server first Choose the interface to act as a DHCP server

System > DHCP > Service


IP/MAC Binding
Fortinet Technologies

Protects the FortiGate unit and your network from IP spoofing attacks IP/MAC pairs that do not match entries in the table are denied connection Packet filtering Dynamic binding allows for DHCP assignments

System > DCHP > IP/MAC Binding