Fortinet FortiGate FortiGate-800 Administration Manual

Category
Software
Type
Administration Manual
www.fortinet.com
FortiGateâ„¢
Version 3.0 MR4
ADMINISTRATION GUIDE
FortiGateâ„¢ Administration Guide
Version 3.0 MR4
2 January 2007
01-30004-0203-20070102
© Copyright 2007 Fortinet, Inc. All rights reserved. No part of this
publication including text, examples, diagrams or illustrations may be
reproduced, transmitted, or translated in any form or by any means,
electronic, mechanical, manual, optical or otherwise, for any purpose,
without prior written permission of Fortinet, Inc.
Trademarks
Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC,
FortiBIOS, FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat
Management System, FortiGuard, FortiGuard-Antispam, FortiGuard-
Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer,
FortiManager, Fortinet, FortiOS, FortiPartner, FortiProtect, FortiReporter,
FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of
Fortinet, Inc. in the United States and/or other countries. The names of
actual companies and products mentioned herein may be the trademarks
of their respective owners.
Contents
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 3
Contents
Introduction...................................................................................... 17
Introducing the FortiGate units...................................................................... 18
FortiGate-5000 series chassis .................................................................... 18
About the FortiGate-5000 series modules .................................................. 19
FortiGate-3600A.......................................................................................... 19
FortiGate-3600............................................................................................ 20
FortiGate-3000............................................................................................ 20
FortiGate-1000A.......................................................................................... 20
FortiGate-1000AFA2................................................................................... 21
FortiGate-1000............................................................................................ 21
FortiGate-800.............................................................................................. 21
FortiGate-800F............................................................................................ 21
FortiGate-500A............................................................................................ 22
FortiGate-500.............................................................................................. 22
FortiGate-400A............................................................................................ 22
FortiGate-400.............................................................................................. 22
FortiGate-300A............................................................................................ 22
FortiGate-300.............................................................................................. 23
FortiGate-200A............................................................................................ 23
FortiGate-200.............................................................................................. 23
FortiGate-100A............................................................................................ 23
FortiGate-100.............................................................................................. 23
FortiGate-60/60M/ADSL.............................................................................. 24
FortiWiFi-60/60A/60AM............................................................................... 24
FortiGate-50B.............................................................................................. 24
FortiGate-50A.............................................................................................. 24
Fortinet family of products............................................................................. 25
FortiGuard Subscription Services ............................................................... 25
FortiAnalyzer............................................................................................... 25
FortiClient.................................................................................................... 25
FortiManager............................................................................................... 26
FortiBridge................................................................................................... 26
FortiMail ...................................................................................................... 26
FortiReporter............................................................................................... 26
About this document....................................................................................... 27
Document conventions................................................................................ 29
FortiGate documentation ............................................................................... 29
Fortinet Tools and Documentation CD........................................................ 31
Fortinet Knowledge Center ........................................................................ 31
Comments on Fortinet technical documentation ........................................ 31
Customer service and technical support...................................................... 31
FortiGate Version 3.0 MR4 Administration Guide
401-30004-0203-20070102
Contents
Web-based manager........................................................................ 33
Button bar features ......................................................................................... 34
Contact Customer Support ......................................................................... 34
Using the Online Help................................................................................. 34
Logout......................................................................................................... 36
Web-based manager pages............................................................................ 37
Web-based manager menu ........................................................................ 37
Lists............................................................................................................. 38
Icons ........................................................................................................... 38
System Status.................................................................................. 41
Status page...................................................................................................... 41
Viewing system status ................................................................................ 41
Changing system information........................................................................ 49
Configuring system time ............................................................................. 49
Changing the FortiGate unit host name...................................................... 50
Changing the FortiGate firmware................................................................... 51
Upgrading to a new firmware version ......................................................... 51
Reverting to a previous firmware version.................................................... 51
Viewing operational history............................................................................ 52
Manually updating FortiGuard definitions.................................................... 53
Viewing Statistics............................................................................................ 54
Viewing the session list............................................................................... 54
Viewing the Content Archive information.................................................... 55
Viewing the Attack Log ............................................................................... 56
Topology viewer.............................................................................................. 58
The Topology Viewer window..................................................................... 58
Customizing the topology diagram.............................................................. 60
........................................................................................................................... 60
Using virtual domains ..................................................................... 61
Virtual domains................................................................................................ 61
VDOM configuration settings ...................................................................... 62
Global configuration settings....................................................................... 63
Enabling VDOMs.............................................................................................. 64
Configuring VDOMs and global settings....................................................... 64
Working with VDOMs and global settings................................................... 65
Adding interfaces to a VDOM ..................................................................... 65
Assigning an administrator to a VDOM....................................................... 66
Changing the Management VDOM............................................................. 67
Contents
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 5
System Network............................................................................... 69
Interface............................................................................................................ 69
Switch Mode................................................................................................ 71
Interface settings......................................................................................... 72
Configuring an ADSL interface.................................................................... 74
Creating an 802.3ad aggregate interface.................................................... 75
Creating a redundant interface.................................................................... 76
Creating a wireless interface....................................................................... 77
Configuring DHCP on an interface.............................................................. 78
Configuring an interface for PPPoE or PPPoA ........................................... 80
Configuring Dynamic DNS service for an interface..................................... 81
Configuring a virtual IPSec interface........................................................... 82
Additional configuration for interfaces......................................................... 83
Zone.................................................................................................................. 87
Zone settings............................................................................................... 87
Network Options.............................................................................................. 88
DNS Servers ............................................................................................... 89
Dead gateway detection.............................................................................. 89
Routing table (Transparent Mode)................................................................. 90
Transparent mode route settings ................................................................ 90
Configuring the modem interface.................................................................. 91
Configuring modem settings ....................................................................... 91
Redundant mode configuration................................................................... 93
Standalone mode configuration .................................................................. 94
Adding firewall policies for modem connections ......................................... 94
Connecting and disconnecting the modem................................................. 95
Checking modem status.............................................................................. 95
VLAN overview................................................................................................. 96
FortiGate units and VLANs ......................................................................... 96
VLANs in NAT/Route mode............................................................................. 97
Rules for VLAN IDs..................................................................................... 97
Rules for VLAN IP addresses ..................................................................... 97
Adding VLAN subinterfaces ........................................................................ 98
VLANs in Transparent mode .......................................................................... 99
Rules for VLAN IDs................................................................................... 101
Transparent mode virtual domains and VLANs ........................................ 101
Troubleshooting ARP Issues..................................................................... 104
FortiGate IPv6 support.................................................................................. 104
System Wireless............................................................................. 105
The FortiWiFi wireless LAN interface.......................................................... 105
Channel assignments.................................................................................... 106
System wireless settings (FortiWiFi-60)...................................................... 107
FortiGate Version 3.0 MR4 Administration Guide
601-30004-0203-20070102
Contents
System wireless settings (FortiWiFi-60A and 60AM)................................. 109
Wireless MAC Filter....................................................................................... 110
Wireless Monitor............................................................................................ 111
System DHCP................................................................................. 113
FortiGate DHCP servers and relays............................................................. 113
Configuring DHCP services.......................................................................... 114
Configuring an interface as a DHCP relay agent...................................... 115
Configuring a DHCP server ...................................................................... 115
Viewing address leases................................................................................ 116
Reserving IP addresses for specific clients .............................................. 117
System Config................................................................................ 119
HA ................................................................................................................... 119
HA options ................................................................................................ 119
Cluster members list ................................................................................. 122
Viewing HA statistics................................................................................. 125
Changing subordinate unit host name and device priority........................ 126
Disconnecting a cluster unit from a cluster............................................... 126
SNMP.............................................................................................................. 127
Configuring SNMP .................................................................................... 127
Configuring an SNMP community............................................................. 128
Fortinet MIBs............................................................................................. 130
FortiGate traps.......................................................................................... 131
Fortinet MIB fields..................................................................................... 133
Replacement messages................................................................................ 136
Replacement messages list...................................................................... 137
Changing replacement messages ............................................................ 138
Changing the authentication login page.................................................... 139
Changing the FortiGuard web filtering block override page...................... 140
Changing the SSL-VPN login message.................................................... 140
Changing the authentication disclaimer page........................................... 140
Operation mode and VDOM management access...................................... 141
Changing operation mode......................................................................... 141
Management access................................................................................. 142
System Admin................................................................................ 143
Administrators............................................................................................... 143
Configuring RADIUS authentication for administrators............................. 144
Viewing the administrators list .................................................................. 144
Configuring an administrator account....................................................... 146
Access profiles.............................................................................................. 148
Viewing the access profiles list ................................................................. 151
Configuring an access profile.................................................................... 152
Contents
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 7
FortiManager.................................................................................................. 153
Settings........................................................................................................... 153
Monitoring administrators ............................................................................ 154
System Maintenance...................................................................... 157
Backup and restore....................................................................................... 157
FortiGuard Center.......................................................................................... 161
FortiGuard Distribution Network................................................................ 161
FortiGuard Services .................................................................................. 161
Configuring the FortiGate unit for FDN and FortiGuard services.............. 162
Troubleshooting FDN connectivity ............................................................ 166
Updating antivirus and attack definitions................................................... 166
Enabling push updates.............................................................................. 168
License ........................................................................................................... 172
System Chassis (FortiGate-5000 series)...................................... 173
SMC (shelf manager card) ............................................................................ 173
Blades (FortiGate-5000 chassis slots)......................................................... 174
Chassis monitoring event log messages.................................................... 176
Router Static .................................................................................. 177
Routing concepts ......................................................................................... 177
How the routing table is built .................................................................... 178
How routing decisions are made .............................................................. 178
Multipath routing and determining the best route...................................... 178
How route sequence affects route priority ................................................ 179
Equal Cost Multipath (ECMP) Routes....................................................... 180
Static Route ................................................................................................... 180
Working with static routes ........................................................................ 180
Default route and default gateway ........................................................... 181
Adding a static route to the routing table .................................................. 184
Policy Route .................................................................................................. 185
Adding a route policy ................................................................................ 186
Moving a route policy ................................................................................ 187
Router Dynamic.............................................................................. 189
RIP................................................................................................................... 189
How RIP works.......................................................................................... 190
Viewing and editing basic RIP settings..................................................... 190
Selecting advanced RIP options ............................................................... 192
Overriding the RIP operating parameters on an interface......................... 193
FortiGate Version 3.0 MR4 Administration Guide
801-30004-0203-20070102
Contents
OSPF............................................................................................................... 194
OSPF autonomous systems ..................................................................... 194
Defining an OSPF AS ............................................................................... 195
Viewing and editing basic OSPF settings ................................................. 196
Selecting advanced OSPF options ........................................................... 198
Defining OSPF areas................................................................................ 199
Specifying OSPF networks....................................................................... 200
Selecting operating parameters for an OSPF interface ............................ 201
BGP................................................................................................................. 202
How BGP works........................................................................................ 202
Viewing and editing BGP settings............................................................. 203
Multicast......................................................................................................... 204
Viewing and editing multicast settings ...................................................... 204
Overriding the multicast settings on an interface...................................... 206
Router Monitor............................................................................... 209
Displaying routing information.................................................................... 209
Searching the FortiGate routing table......................................................... 211
Firewall Policy................................................................................ 213
About firewall policies .................................................................................. 213
How policy matching works....................................................................... 214
Viewing the firewall policy list...................................................................... 214
Adding a firewall policy ............................................................................. 215
Moving a policy to a different position in the policy list ............................. 216
Configuring firewall policies ........................................................................ 216
Firewall policy options............................................................................... 219
Adding authentication to firewall policies .................................................. 222
Adding traffic shaping to firewall policies .................................................. 223
IPSec firewall policy options ..................................................................... 226
SSL-VPN firewall policy options................................................................ 226
Options to check FortiClient on hosts....................................................... 227
Firewall policy examples .............................................................................. 228
Scenario one: SOHO sized business........................................................ 228
Scenario two: enterprise sized business................................................... 231
Firewall Address............................................................................ 235
About firewall addresses.............................................................................. 235
Viewing the firewall address list .................................................................. 236
Configuring addresses ................................................................................. 237
Viewing the address group list .................................................................... 237
Configuring address groups........................................................................ 238
Contents
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 9
Firewall Service.............................................................................. 239
Viewing the predefined service list.............................................................. 239
Viewing the custom service list ................................................................... 243
Configuring custom services....................................................................... 243
Viewing the service group list...................................................................... 245
Configuring service groups.......................................................................... 245
Firewall Schedule........................................................................... 247
Viewing the one-time schedule list.............................................................. 247
Configuring one-time schedules.................................................................. 248
Viewing the recurring schedule list ............................................................. 248
Configuring recurring schedules................................................................. 249
Firewall Virtual IP........................................................................... 251
Virtual IPs....................................................................................................... 251
How virtual IPs map connections through the FortiGate unit.................... 251
Viewing the virtual IP list .............................................................................. 255
Configuring virtual IPs.................................................................................. 255
Adding a static NAT virtual IP for a single IP address............................... 256
Adding a static NAT virtual IP for an IP address range............................. 258
Adding static NAT port forwarding for a single IP address and a
single port.................................................................................................. 260
Adding static NAT port forwarding for an IP address range and a
port range.................................................................................................. 261
Adding a load balance virtual IP for an IP address range or real servers. 263
Adding a load balance port forwarding virtual IP....................................... 265
Adding dynamic virtual IPs........................................................................ 266
Virtual IP Groups ........................................................................................... 267
Viewing the VIP group list............................................................................. 267
Configuring VIP groups ................................................................................ 268
IP pools........................................................................................................... 269
IP pools and dynamic NAT........................................................................ 269
IP Pools for firewall policies that use fixed ports....................................... 269
Viewing the IP pool list.................................................................................. 270
Configuring IP Pools..................................................................................... 270
Firewall Protection Profile............................................................. 271
What is a protection profile .......................................................................... 271
Default protection profiles ......................................................................... 272
Viewing the protection profile list................................................................ 272
FortiGate Version 3.0 MR4 Administration Guide
10 01-30004-0203-20070102
Contents
Configuring a protection profile................................................................... 272
Antivirus options........................................................................................ 273
Web filtering options ................................................................................. 275
FortiGuard-Web filtering options............................................................... 276
Spam filtering options ............................................................................... 277
IPS options................................................................................................ 279
Content archive options ............................................................................ 279
IM and P2P options................................................................................... 280
Logging options......................................................................................... 281
VoIP options.............................................................................................. 282
Adding a protection profile to a policy........................................................ 282
Protection profile CLI configuration............................................................ 283
VPN IPSEC ..................................................................................... 285
Overview of IPSec interface mode............................................................... 285
Auto Key......................................................................................................... 287
Creating a new phase 1 configuration ..................................................... 287
Defining phase 1 advanced settings......................................................... 290
Creating a new phase 2 configuration ..................................................... 292
Defining phase 2 advanced settings......................................................... 293
Internet browsing configuration................................................................. 295
Manual Key .................................................................................................... 296
Creating a new manual key configuration ................................................ 297
Concentrator ................................................................................................. 299
Defining concentrator options ................................................................... 299
Monitor .......................................................................................................... 300
VPN PPTP....................................................................................... 303
PPTP Range................................................................................................... 303
VPN SSL.......................................................................................... 305
Config ............................................................................................................ 305
Monitor ........................................................................................................... 307
VPN Certificates............................................................................. 309
Local Certificates .......................................................................................... 309
Generating a certificate request................................................................ 310
Downloading and submitting a certificate request .................................... 312
Importing a signed server certificate......................................................... 313
Importing an exported server certificate and private key .......................... 313
Importing separate server certificate and private key files........................ 314
Remote Certificates....................................................................................... 314
Importing Remote (OCSP) certificates...................................................... 315
Contents
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 11
CA Certificates............................................................................................... 315
Importing CA certificates........................................................................... 316
CRL ................................................................................................................. 317
Importing a certificate revocation list......................................................... 317
User................................................................................................. 319
Configuring user authentication.................................................................. 319
Setting authentication timeout................................................................... 320
Setting user authentication protocol support............................................. 320
Local user accounts...................................................................................... 321
Configuring a user account ....................................................................... 321
RADIUS servers............................................................................................. 322
Configuring a RADIUS server ................................................................... 322
LDAP servers................................................................................................. 323
Configuring an LDAP server ..................................................................... 324
PKI authentication......................................................................................... 325
Configuring PKI users ............................................................................... 326
Windows AD servers..................................................................................... 326
Configuring a Windows AD server ............................................................ 327
User group...................................................................................................... 327
User group types....................................................................................... 328
User group list........................................................................................... 329
Configuring a user group........................................................................... 330
Configuring FortiGuard override options for a user group......................... 331
Configuring SSL VPN user group options................................................. 332
Configuring peers and peer groups............................................................. 334
AntiVirus......................................................................................... 335
Order of operations....................................................................................... 335
Antivirus elements......................................................................................... 335
FortiGuard antivirus................................................................................... 336
Antivirus settings and controls.................................................................... 337
File pattern ..................................................................................................... 338
Viewing the file pattern list catalog............................................................ 338
Creating a new file pattern list................................................................... 339
Viewing the file pattern list ........................................................................ 339
Configuring the file pattern list................................................................... 340
Quarantine...................................................................................................... 341
Viewing the Quarantined Files list............................................................. 341
Viewing the AutoSubmit list....................................................................... 342
Configuring the AutoSubmit list................................................................. 343
Configuring quarantine options ................................................................. 343
FortiGate Version 3.0 MR4 Administration Guide
12 01-30004-0203-20070102
Contents
Config............................................................................................................. 345
Viewing the virus list ................................................................................. 345
Viewing the grayware list .......................................................................... 346
Antivirus CLI configuration.......................................................................... 347
system global optimize.............................................................................. 347
config antivirus heuristic............................................................................ 348
config antivirus quarantine........................................................................ 348
config antivirus service <service_name>.................................................. 348
Intrusion Protection....................................................................... 349
About intrusion protection........................................................................... 349
IPS settings and controls .......................................................................... 350
When to use IPS....................................................................................... 350
Predefined signatures................................................................................... 351
Viewing the predefined signature list ........................................................ 351
Configuring predefined signatures............................................................ 353
Fine tuning IPS predefined signatures for enhanced system performance 353
Custom signatures........................................................................................ 354
Viewing the custom signature list.............................................................. 354
Creating custom signatures...................................................................... 355
Protocol Decoders......................................................................................... 356
Viewing the protocol decoder list .............................................................. 356
Upgrading IPS protocol decoder list ......................................................... 357
Anomalies ...................................................................................................... 357
Viewing the traffic anomaly list.................................................................. 358
Configuring IPS traffic anomalies.............................................................. 358
IPS CLI configuration.................................................................................... 359
system autoupdate ips.............................................................................. 359
ips global fail-open.................................................................................... 359
ips global ip_protocol................................................................................ 359
ips global socket-size................................................................................ 359
(config ips anomaly) config limit................................................................ 359
Web Filter........................................................................................ 361
Order of web filtering.................................................................................... 361
How web filtering works ............................................................................... 361
Web filter controls......................................................................................... 362
Contents
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 13
Content block................................................................................................. 364
Viewing the web content block list catalog................................................ 364
Creating a new web content block list....................................................... 365
Viewing the web content block list ............................................................ 365
Configuring the web content block list....................................................... 366
Viewing the web content exempt list catalog ............................................ 367
Creating a new web content exempt list ................................................... 367
Viewing the web content exempt list......................................................... 368
Configuring the web content exempt list ................................................... 369
URL filter......................................................................................................... 369
Viewing the URL filter list catalog.............................................................. 369
Creating a new URL filter list..................................................................... 370
Viewing the URL filter list .......................................................................... 370
Configuring the URL filter list .................................................................... 371
Moving URLs in the URL filter list ............................................................. 373
FortiGuard - Web Filter.................................................................................. 373
Configuring FortiGuard-Web filtering ........................................................ 374
Viewing the override list ............................................................................ 374
Configuring override rules......................................................................... 375
Creating local categories........................................................................... 377
Viewing the local ratings list...................................................................... 377
Configuring local ratings............................................................................ 378
Category block CLI configuration.............................................................. 379
FortiGuard-Web Filter reports ................................................................... 379
Antispam......................................................................................... 381
Antispam ........................................................................................................ 381
Order of Spam Filtering............................................................................. 381
Anti-spam filter controls............................................................................. 382
Banned word.................................................................................................. 384
Viewing the antispam banned word list catalog........................................ 384
Creating a new antispam banned word list............................................... 385
Viewing the antispam banned word list..................................................... 385
Configuring the antispam banned word list............................................... 386
Black/White List............................................................................................. 387
Viewing the antispam IP address list catalogue........................................ 387
Creating a new antispam IP address list................................................... 388
Viewing the antispam IP address list ........................................................ 388
Configuring the antispam IP address list................................................... 389
Viewing the antispam email address list catalog....................................... 389
Creating a new antispam email address list.............................................. 390
Viewing the antispam email address list ................................................... 390
Configuring the antispam email address list ............................................. 391
FortiGate Version 3.0 MR4 Administration Guide
14 01-30004-0203-20070102
Contents
Advanced antispam configuration............................................................... 392
config spamfilter mheader......................................................................... 392
config spamfilter rbl................................................................................... 393
Using Perl regular expressions.................................................................... 393
Regular expression vs. wildcard match pattern ........................................ 393
Word boundary ......................................................................................... 394
Case sensitivity......................................................................................... 394
Perl regular expression formats................................................................ 394
Example regular expressions.................................................................... 395
IM, P2P & VoIP................................................................................ 397
Overview......................................................................................................... 397
Configuring IM/P2P protocols...................................................................... 399
How to enable and disable IM/P2P options .............................................. 399
How to configure IM/P2P options within a protection profile..................... 399
How to configure IM/P2P decoder log settings......................................... 400
How to configure older versions of IM/P2P applications........................... 400
How to configure protocols that are not supported ................................... 400
Statistics......................................................................................................... 401
Viewing overview statistics ....................................................................... 401
Viewing statistics by protocol.................................................................... 402
User................................................................................................................. 403
Viewing the Current Users list................................................................... 403
Viewing the User List................................................................................ 404
Adding a new user to the User List........................................................... 404
Configuring a policy for unknown IM users............................................... 405
Log&Report.................................................................................... 407
FortiGate Logging ......................................................................................... 407
Log severity levels ........................................................................................ 408
Storing Logs .................................................................................................. 409
Logging to a FortiAnalyzer unit................................................................. 409
Connecting to FortiAnalyzer using Automatic Discovery .......................... 410
Testing the FortiAnalyzer configuration .................................................... 411
Logging to memory................................................................................... 412
Logging to a Syslog server ....................................................................... 413
Logging to WebTrends.............................................................................. 413
Logging to FortiGuard Log and Analysis server........................................ 414
High Availability cluster logging.................................................................. 415
Contents
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 15
Log types........................................................................................................ 415
Traffic log .................................................................................................. 415
Event log................................................................................................... 416
Antivirus log............................................................................................... 417
Web filter log ............................................................................................. 417
Attack log .................................................................................................. 418
Spam filter log ........................................................................................... 418
IM and P2P log.......................................................................................... 418
VoIP log..................................................................................................... 419
Log Access..................................................................................................... 419
Accessing log messages stored in memory.............................................. 420
Accessing log message stored in the hard disk........................................ 420
Accessing logs stored on the FortiAnalyzer unit ....................................... 421
Accessing logs on the FortiGuard Log & Analysis server ......................... 422
Viewing log information............................................................................. 422
Column settings ........................................................................................ 423
Filtering log messages .............................................................................. 423
Deleting logs stored on the FortiGuard Log & Analysis server ................. 424
Content Archive............................................................................................. 425
Alert Email...................................................................................................... 426
Configuring Alert Email ............................................................................. 426
Reports........................................................................................................... 428
Basic traffic reports ................................................................................... 428
FortiAnalyzer reports................................................................................. 429
Configuring a FortiAnalyzer report ........................................................... 430
Editing FortiAnalyzer reports..................................................................... 437
Printing your FortiAnalyzer report ............................................................. 437
Viewing FortiAnalyzer reports from a FortiGate unit ................................. 438
Viewing parts of a FortiAnalyzer report..................................................... 438
Index................................................................................................ 439
FortiGate Version 3.0 MR4 Administration Guide
16 01-30004-0203-20070102
Contents
Introduction
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 17
Introduction
Welcome and thank you for selecting Fortinet products for your real-time network
protection.
FortiGateâ„¢ ASIC-accelerated multi-threat security systems improve network
security, reduce network misuse and abuse, and help you use communications
resources more efficiently without compromising the performance of your
network. FortiGate Systems are ICSA-certified for Antivirus, Firewall, IPSec,
SSL-TLS, IPS, Intrusion detection, and AntiSpyware services.
FortiGate Systems are dedicated, easily managed security device that delivers a
full suite of capabilities including:
• Application-level services such as virus protection, intrusion protection, spam
filtering, web content filtering, IM, P2P, and VoIP filtering
• Network-level services such as firewall, intrusion detection, IPSec and SSL
VPN, and traffic shaping
• Management services such as user authentication, logging, reporting with
FortiAnalyzer, administration profiles, secure web and CLI administrative
access, and SNMP
The FortiGate security system uses Fortinet’s Dynamic Threat Prevention System
(DTPSâ„¢) technology, which leverages breakthroughs in chip design, networking,
security and content analysis. The unique ASIC-accelerated architecture analyzes
content and behavior in real-time, enabling key applications to be deployed right
at the network edge where they are most effective at protecting your networks.
This chapter contains the following sections:
•Introducing the FortiGate units
•Fortinet family of products
•About this document
•FortiGate documentation
•Customer service and technical support
FortiGate Version 3.0 MR4 Administration Guide
18 01-30004-0203-20070102
Introducing the FortiGate units Introduction
Introducing the FortiGate units
All FortiGate Unified Threat Management Systems from the FortiGate-50B to the
FortiGate-5000 series deliver similar SOHO or enterprise-class network-based
antivirus, content filtering, firewall, VPN, and network-based intrusion
detection/prevention features.
FortiGate-5000 series chassis
The FortiGate-5000 series Security Systems are chassis-based systems that
MSSPs and large enterprises can use to provide subscriber security services
such as firewall, VPN, antivirus protection, spam filtering, web filtering and
intrusion prevention (IPS). The wide variety of system configurations available
with FortiGate-5000 series provide flexibility to meet the changing needs of
growing high performance networks. The FortiGate-5000 series chassis support
multiple hot-swappable FortiGate-5000 series modules and power supplies. This
modular approach provides a scalable, high-performance and failure-proof
solution.
FortiGate-5140 chassis
You can install up to 14 FortiGate-5000 series modules in the 14 slots of the
FortiGate-5140 ATCA chassis. The FortiGate-5140 is a 12U chassis that contains
two redundant hot swappable DC power entry modules that connect to -48 VDC
Data Center DC power. The FortiGate-5140 chassis also includes three hot
swappable cooling fan trays.
FortiGate-5050 chassis
You can install up to five FortiGate-5000 series modules in the five slots of the
FortiGate-5050 ATCA chassis. The FortiGate-5050 is a 5U chassis that contains
two redundant DC power connections that connect to -48 VDC Data Center DC
power. The FortiGate-5050 chassis also includes a hot swappable cooling fan
tray.
FAN TRAY FAN TRAYFAN TRAY
1311975312468101214
5140
PWR STA IPM
CONSOLE USB 1 2 3 4 5 6 7 8
ACC
PWR STA IPM
CONSOLE USB 1 2 3 4 5 6 7 8
ACC
PWR STA IPM
CONSOLE USB 1 2 3 4 5 6 7 8
ACC
PWR STA IPM
CONSOLE USB 1 2 3 4 5 6 7 8
ACC
PWR STA IPM
CONSOLE USB 1 2 3 4 5 6 7 8
ACC
PWR STA IPM
CONSOLE USB 1 2 3 4 5 6 7 8
ACC
MANAGEMENT
SYSTEM
E1
ZRE
LED MODE
1514
1312
1110
98
76
54
32
10
E2
OKCLK INTEXT FLT
HOT SWAP
RESET
FLT
CONSOLE
E
T
H
O
R
S
2
3
2
Z
R
E
0
Z
R
E
1
Z
R
E
2
MANAGEMENT
SYSTEM
E1
ZRE
LED MODE
1514
1312
1110
98
76
54
32
10
E2
OKCLK INTEXT FLT
HOT SWAP
RESET
FLT
CONSOLE
E
T
H
O
R
S
2
3
2
Z
R
E
0
Z
R
E
1
Z
R
E
2
PWR ACC STA IPM
CONSOLE USB 3 4
1 2 5 6 7 8
PWR ACC STA IPM
CONSOLE USB 3 4
1 2 5 6 7 8
PWR ACC STA IPM
CONSOLE USB 3 4
1 2 5 6 7 8
PWR ACC STA IPM
CONSOLE USB 3 4
1 2 5 6 7 8
PWR ACC STA IPM
CONSOLE USB 3 4
1 2 5 6 7 8
PWR ACC STA IPM
CONSOLE USB 3 4
1 2 5 6 7 8
CRITICAL
RESET
MAJOR
MINOR
USER1
USER2
USER3
5140SAP
SERIAL 1 SERIAL 2 ALARM
FILTER
12
012
10/100
link/Act
ETH0
Service
RESET
STATUS
Hot Swap
link/Act
ETH0 ETH1
10/100
5000SM
10/100
link/Act
ETH0
Service
RESET
STATUS
Hot Swap
link/Act
ETH0 ETH1
10/100
5000SM
PSU A
PSU B
PWR IPM
USB
5
3 4 5 6
CONSOLE
STATUS
1
6
2
ALT
ON/OFF
RESET
PWR IPM
USB
5
3 4 5 6
CONSOLE
STATUS
1
6
2
ALT
ON/OFF
RESET
1
2
2
3
4
5
SMC
1
SMC
POWER
5050SAP
SERIAL
1SERIAL
2
ALARM
10/100
link/Act
ETH0
Service
RESET
STATUS
Hot Swap
link/Act
ETH0 ETH1
10/100
5000SM
10/100
link/Act
ETH0
Service
RESET
STATUS
Hot Swap
link/Act
ETH0 ETH1
10/100
5000SM
MANAGEMENT
SYSTEM
E1
ZRE
LED MODE
1514
1312
1110
98
76
54
32
10
E2
OKCLK INTEXT FLT
HOT SWAP
RESET
FLT
CONSOLE
E
T
H
O
R
S
2
3
2
Z
R
E
0
Z
R
E
1
Z
R
E
2
MANAGEMENT
SYSTEM
E1
ZRE
LED MODE
1514
1312
1110
98
76
54
32
10
E2
OKCLK INTEXT FLT
HOT SWAP
RESET
FLT
CONSOLE
E
T
H
O
R
S
2
3
2
Z
R
E
0
Z
R
E
1
Z
R
E
2
PWR STA IPM
CONSOLE USB 1 2 3 4 5 6 7 8
ACC
PWR STA IPM
CONSOLE USB 1 2 3 4 5 6 7 8
ACC
PWR STA IPM
CONSOLE USB 1 2 3 4 5 6 7 8
ACC
Introduction Introducing the FortiGate units
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 19
FortiGate-5020 chassis
You can install one or two FortiGate-5000 series modules in the two slots of the
FortiGate-5020 ATCA chassis. The FortiGate-5020 is a 4U chassis that contains
two redundant AC to DC power supplies that connect to AC power. The
FortiGate-5020 chassis also includes an internal cooling fan tray.
About the FortiGate-5000 series modules
Each FortiGate-5000 series module is a standalone security system that can also
function as part of an HA cluster. All FortiGate-5000 series modules are also hot
swappable. All FortiGate-5000 series units are high capacity security systems
with multiple gigabit interfaces, multiple virtual domain capacity, and other high
end FortiGate features.
FortiGate-5005FA2 module
The FortiGate-5001SX module is an independent high-performance security
system with eight Gigabit ethernet interfaces; two of which include Fortinet
technology to accelerate small packet performance. The FortiGate-5005FA2
module also supports high-end features including 802.1Q VLANs and multiple
virtual domains.
FortiGate-5001SX module
The FortiGate-5001SX module is an independent high-performance security
system with eight Gigabit ethernet interfaces. The FortiGate-5001SX module
supports high-end features including 802.1Q VLANs and multiple virtual domains.
FortiGate-5001FA2 module
The FortiGate-5001FA2 module is an independent high-performance security
system with six Gigabit ethernet interfaces. The FortiGate-5001FA2 module is
similar to the FortiGate-5001SX module except that two of the FortiGate-5001FA2
interfaces include Fortinet technology to accelerate small packet performance.
FortiGate-5002FB2 module
The FortiGate-5002FB2 module is an independent high-performance FortiGate
security system with a total of 6 Gigabit ethernet interfaces. Two of the
FortiGate-5002FB2 interfaces include Fortinet technology to accelerate small
packet performance.
FortiGate-3600A
The FortiGate-3600A
unit provides carrier-
class levels of
performance and
reliability demanded by
large enterprises and
service providers. The
unit uses multiple CPUs and FortiASIC chips to deliver throughput of 4Gbps,
PWR
Hi-Temp
Esc Enter
USB
MODEM
CONSOLE
7
8
5
6
3
4
1
29
10
FortiGate Version 3.0 MR4 Administration Guide
20 01-30004-0203-20070102
Introducing the FortiGate units Introduction
meeting the needs of the most demanding applications. The FortiGate-3600A unit
includes redundant power supplies, which minimize single-point failures, and
supports load-balanced operation. The high-capacity, reliability and easy
management makes the FortiGate-3600A a natural choice for managed service
offerings.
FortiGate-3600
The FortiGate-3600
unit provides carrier-
class levels of
performance and
reliability demanded by
large enterprises and
service providers. The
unit uses multiple CPUs and FortiASIC chips to deliver throughput of 4Gbps,
meeting the needs of the most demanding applications. The FortiGate-3600 unit
includes redundant power supplies, which minimize single-point failures, and
supports load-balanced operation. The high-capacity, reliability and easy
management makes the FortiGate-3600 a natural choice for managed service
offerings.
FortiGate-3000
The FortiGate-3000
unit provides the
carrier-class levels of
performance and
reliability demanded
by large enterprises
and service providers. The unit uses multiple CPUs and FortiASIC chips to deliver
a throughput of 3Gbps, meeting the needs of the most demanding applications.
The FortiGate-3000 unit includes redundant power supplies to minimize single-
point failures, including load-balanced operation and redundant failover with no
interruption in service. The high capacity, reliability, and easy management of the
FortiGate-3000 makes it a natural choice for managed service offerings.
FortiGate-1000A
The FortiGate-1000A
Security System is a
high-performance
solution for the most
demanding large
enterprise and service
providers. The
FortiGate-1000A automatically keeps up to date information on Fortinet’s
FortiGuard Subscription Services by the FortiGuard Distribution Network,
ensuring around-the-clock protection against the latest viruses, worms, trojans
and other threats. The FortiGate-1000A has flexible architecture to quickly adapt
to emerging technologies such as IM, P2P or VOIP including identity theft
methods such as spyware, phishing and pharming attacks.
Esc Enter
POWER
Hi-Temp 4
123
5/HA INT EXT
123 4 5/HA INTERNAL EXTERNAL
POWER
Hi-Temp
123
INT EXT
4/HA
Esc Enter
123 4/HA INTERNAL EXTERNAL
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168
  • Page 169 169
  • Page 170 170
  • Page 171 171
  • Page 172 172
  • Page 173 173
  • Page 174 174
  • Page 175 175
  • Page 176 176
  • Page 177 177
  • Page 178 178
  • Page 179 179
  • Page 180 180
  • Page 181 181
  • Page 182 182
  • Page 183 183
  • Page 184 184
  • Page 185 185
  • Page 186 186
  • Page 187 187
  • Page 188 188
  • Page 189 189
  • Page 190 190
  • Page 191 191
  • Page 192 192
  • Page 193 193
  • Page 194 194
  • Page 195 195
  • Page 196 196
  • Page 197 197
  • Page 198 198
  • Page 199 199
  • Page 200 200
  • Page 201 201
  • Page 202 202
  • Page 203 203
  • Page 204 204
  • Page 205 205
  • Page 206 206
  • Page 207 207
  • Page 208 208
  • Page 209 209
  • Page 210 210
  • Page 211 211
  • Page 212 212
  • Page 213 213
  • Page 214 214
  • Page 215 215
  • Page 216 216
  • Page 217 217
  • Page 218 218
  • Page 219 219
  • Page 220 220
  • Page 221 221
  • Page 222 222
  • Page 223 223
  • Page 224 224
  • Page 225 225
  • Page 226 226
  • Page 227 227
  • Page 228 228
  • Page 229 229
  • Page 230 230
  • Page 231 231
  • Page 232 232
  • Page 233 233
  • Page 234 234
  • Page 235 235
  • Page 236 236
  • Page 237 237
  • Page 238 238
  • Page 239 239
  • Page 240 240
  • Page 241 241
  • Page 242 242
  • Page 243 243
  • Page 244 244
  • Page 245 245
  • Page 246 246
  • Page 247 247
  • Page 248 248
  • Page 249 249
  • Page 250 250
  • Page 251 251
  • Page 252 252
  • Page 253 253
  • Page 254 254
  • Page 255 255
  • Page 256 256
  • Page 257 257
  • Page 258 258
  • Page 259 259
  • Page 260 260
  • Page 261 261
  • Page 262 262
  • Page 263 263
  • Page 264 264
  • Page 265 265
  • Page 266 266
  • Page 267 267
  • Page 268 268
  • Page 269 269
  • Page 270 270
  • Page 271 271
  • Page 272 272
  • Page 273 273
  • Page 274 274
  • Page 275 275
  • Page 276 276
  • Page 277 277
  • Page 278 278
  • Page 279 279
  • Page 280 280
  • Page 281 281
  • Page 282 282
  • Page 283 283
  • Page 284 284
  • Page 285 285
  • Page 286 286
  • Page 287 287
  • Page 288 288
  • Page 289 289
  • Page 290 290
  • Page 291 291
  • Page 292 292
  • Page 293 293
  • Page 294 294
  • Page 295 295
  • Page 296 296
  • Page 297 297
  • Page 298 298
  • Page 299 299
  • Page 300 300
  • Page 301 301
  • Page 302 302
  • Page 303 303
  • Page 304 304
  • Page 305 305
  • Page 306 306
  • Page 307 307
  • Page 308 308
  • Page 309 309
  • Page 310 310
  • Page 311 311
  • Page 312 312
  • Page 313 313
  • Page 314 314
  • Page 315 315
  • Page 316 316
  • Page 317 317
  • Page 318 318
  • Page 319 319
  • Page 320 320
  • Page 321 321
  • Page 322 322
  • Page 323 323
  • Page 324 324
  • Page 325 325
  • Page 326 326
  • Page 327 327
  • Page 328 328
  • Page 329 329
  • Page 330 330
  • Page 331 331
  • Page 332 332
  • Page 333 333
  • Page 334 334
  • Page 335 335
  • Page 336 336
  • Page 337 337
  • Page 338 338
  • Page 339 339
  • Page 340 340
  • Page 341 341
  • Page 342 342
  • Page 343 343
  • Page 344 344
  • Page 345 345
  • Page 346 346
  • Page 347 347
  • Page 348 348
  • Page 349 349
  • Page 350 350
  • Page 351 351
  • Page 352 352
  • Page 353 353
  • Page 354 354
  • Page 355 355
  • Page 356 356
  • Page 357 357
  • Page 358 358
  • Page 359 359
  • Page 360 360
  • Page 361 361
  • Page 362 362
  • Page 363 363
  • Page 364 364
  • Page 365 365
  • Page 366 366
  • Page 367 367
  • Page 368 368
  • Page 369 369
  • Page 370 370
  • Page 371 371
  • Page 372 372
  • Page 373 373
  • Page 374 374
  • Page 375 375
  • Page 376 376
  • Page 377 377
  • Page 378 378
  • Page 379 379
  • Page 380 380
  • Page 381 381
  • Page 382 382
  • Page 383 383
  • Page 384 384
  • Page 385 385
  • Page 386 386
  • Page 387 387
  • Page 388 388
  • Page 389 389
  • Page 390 390
  • Page 391 391
  • Page 392 392
  • Page 393 393
  • Page 394 394
  • Page 395 395
  • Page 396 396
  • Page 397 397
  • Page 398 398
  • Page 399 399
  • Page 400 400
  • Page 401 401
  • Page 402 402
  • Page 403 403
  • Page 404 404
  • Page 405 405
  • Page 406 406
  • Page 407 407
  • Page 408 408
  • Page 409 409
  • Page 410 410
  • Page 411 411
  • Page 412 412
  • Page 413 413
  • Page 414 414
  • Page 415 415
  • Page 416 416
  • Page 417 417
  • Page 418 418
  • Page 419 419
  • Page 420 420
  • Page 421 421
  • Page 422 422
  • Page 423 423
  • Page 424 424
  • Page 425 425
  • Page 426 426
  • Page 427 427
  • Page 428 428
  • Page 429 429
  • Page 430 430
  • Page 431 431
  • Page 432 432
  • Page 433 433
  • Page 434 434
  • Page 435 435
  • Page 436 436
  • Page 437 437
  • Page 438 438
  • Page 439 439
  • Page 440 440
  • Page 441 441
  • Page 442 442
  • Page 443 443
  • Page 444 444
  • Page 445 445
  • Page 446 446
  • Page 447 447
  • Page 448 448
  • Page 449 449
  • Page 450 450
  • Page 451 451
  • Page 452 452
  • Page 453 453
  • Page 454 454
  • Page 455 455
  • Page 456 456
  • Page 457 457
  • Page 458 458

Fortinet FortiGate FortiGate-800 Administration Manual

Category
Software
Type
Administration Manual

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI