Fortinet Fortiwifi fortiwifi-60 Administration Manual

www.fortinet.com

FortiGate™

Version 3.0 MR4

ADMINISTRATION GUIDE

FortiGate™ Administration Guide

Version 3.0 MR4

2 January 2007

01-30004-0203-20070102

publication including text, examples, diagrams or illustrations may be

reproduced, transmitted, or translated in any form or by any means,

electronic, mechanical, manual, optical or otherwise, for any purpose,

without prior written permission of Fortinet, Inc.

Trademarks

Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC,

FortiBIOS, FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat

Management System, FortiGuard, FortiGuard-Antispam, FortiGuard-

Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer,

FortiManager, Fortinet, FortiOS, FortiPartner, FortiProtect, FortiReporter,

FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of

Fortinet, Inc. in the United States and/or other countries. The names of

actual companies and products mentioned herein may be the trademarks

of their respective owners.

Contents

FortiGate Version 3.0 MR4 Administration Guide

01-30004-0203-20070102 3

Contents

Introduction...................................................................................... 17

Introducing the FortiGate units...................................................................... 18

FortiGate-5000 series chassis .................................................................... 18

About the FortiGate-5000 series modules .................................................. 19

FortiGate-3600A.......................................................................................... 19

FortiGate-3600............................................................................................ 20

FortiGate-3000............................................................................................ 20

FortiGate-1000A.......................................................................................... 20

FortiGate-1000AFA2................................................................................... 21

FortiGate-1000............................................................................................ 21

FortiGate-800.............................................................................................. 21

FortiGate-800F............................................................................................ 21

FortiGate-500A............................................................................................ 22

FortiGate-500.............................................................................................. 22

FortiGate-400A............................................................................................ 22

FortiGate-400.............................................................................................. 22

FortiGate-300A............................................................................................ 22

FortiGate-300.............................................................................................. 23

FortiGate-200A............................................................................................ 23

FortiGate-200.............................................................................................. 23

FortiGate-100A............................................................................................ 23

FortiGate-100.............................................................................................. 23

FortiGate-60/60M/ADSL.............................................................................. 24

FortiWiFi-60/60A/60AM............................................................................... 24

FortiGate-50B.............................................................................................. 24

FortiGate-50A.............................................................................................. 24

Fortinet family of products............................................................................. 25

FortiGuard Subscription Services ............................................................... 25

FortiAnalyzer............................................................................................... 25

FortiClient.................................................................................................... 25

FortiManager............................................................................................... 26

FortiBridge................................................................................................... 26

FortiMail ...................................................................................................... 26

FortiReporter............................................................................................... 26

About this document....................................................................................... 27

Document conventions................................................................................ 29

FortiGate documentation ............................................................................... 29

Fortinet Tools and Documentation CD........................................................ 31

Fortinet Knowledge Center ........................................................................ 31

Comments on Fortinet technical documentation ........................................ 31

Customer service and technical support...................................................... 31

FortiGate Version 3.0 MR4 Administration Guide

401-30004-0203-20070102

Contents

Web-based manager........................................................................ 33

Button bar features ......................................................................................... 34

Contact Customer Support ......................................................................... 34

Using the Online Help................................................................................. 34

Logout......................................................................................................... 36

Web-based manager pages............................................................................ 37

Web-based manager menu ........................................................................ 37

Lists............................................................................................................. 38

Icons ........................................................................................................... 38

System Status.................................................................................. 41

Status page...................................................................................................... 41

Viewing system status ................................................................................ 41

Changing system information........................................................................ 49

Configuring system time ............................................................................. 49

Changing the FortiGate unit host name...................................................... 50

Changing the FortiGate firmware................................................................... 51

Upgrading to a new firmware version ......................................................... 51

Reverting to a previous firmware version.................................................... 51

Viewing operational history............................................................................ 52

Manually updating FortiGuard definitions.................................................... 53

Viewing Statistics............................................................................................ 54

Viewing the session list............................................................................... 54

Viewing the Content Archive information.................................................... 55

Viewing the Attack Log ............................................................................... 56

Topology viewer.............................................................................................. 58

The Topology Viewer window..................................................................... 58

Customizing the topology diagram.............................................................. 60

........................................................................................................................... 60

Using virtual domains ..................................................................... 61

Virtual domains................................................................................................ 61

VDOM configuration settings ...................................................................... 62

Global configuration settings....................................................................... 63

Enabling VDOMs.............................................................................................. 64

Configuring VDOMs and global settings....................................................... 64

Working with VDOMs and global settings................................................... 65

Adding interfaces to a VDOM ..................................................................... 65

Assigning an administrator to a VDOM....................................................... 66

Changing the Management VDOM............................................................. 67

Contents

FortiGate Version 3.0 MR4 Administration Guide

01-30004-0203-20070102 5

System Network............................................................................... 69

Interface............................................................................................................ 69

Switch Mode................................................................................................ 71

Interface settings......................................................................................... 72

Configuring an ADSL interface.................................................................... 74

Creating an 802.3ad aggregate interface.................................................... 75

Creating a redundant interface.................................................................... 76

Creating a wireless interface....................................................................... 77

Configuring DHCP on an interface.............................................................. 78

Configuring an interface for PPPoE or PPPoA ........................................... 80

Configuring Dynamic DNS service for an interface..................................... 81

Configuring a virtual IPSec interface........................................................... 82

Additional configuration for interfaces......................................................... 83

Zone.................................................................................................................. 87

Zone settings............................................................................................... 87

Network Options.............................................................................................. 88

DNS Servers ............................................................................................... 89

Dead gateway detection.............................................................................. 89

Routing table (Transparent Mode)................................................................. 90

Transparent mode route settings ................................................................ 90

Configuring the modem interface.................................................................. 91

Configuring modem settings ....................................................................... 91

Redundant mode configuration................................................................... 93

Standalone mode configuration .................................................................. 94

Adding firewall policies for modem connections ......................................... 94

Connecting and disconnecting the modem................................................. 95

Checking modem status.............................................................................. 95

VLAN overview................................................................................................. 96

FortiGate units and VLANs ......................................................................... 96

VLANs in NAT/Route mode............................................................................. 97

Rules for VLAN IDs..................................................................................... 97

Rules for VLAN IP addresses ..................................................................... 97

Adding VLAN subinterfaces ........................................................................ 98

VLANs in Transparent mode .......................................................................... 99

Rules for VLAN IDs................................................................................... 101

Transparent mode virtual domains and VLANs ........................................ 101

Troubleshooting ARP Issues..................................................................... 104

FortiGate IPv6 support.................................................................................. 104

System Wireless............................................................................. 105

The FortiWiFi wireless LAN interface.......................................................... 105

Channel assignments.................................................................................... 106

System wireless settings (FortiWiFi-60)...................................................... 107

FortiGate Version 3.0 MR4 Administration Guide

601-30004-0203-20070102

Contents

System wireless settings (FortiWiFi-60A and 60AM)................................. 109

Wireless MAC Filter....................................................................................... 110

Wireless Monitor............................................................................................ 111

System DHCP................................................................................. 113

FortiGate DHCP servers and relays............................................................. 113

Configuring DHCP services.......................................................................... 114

Configuring an interface as a DHCP relay agent...................................... 115

Configuring a DHCP server ...................................................................... 115

Viewing address leases................................................................................ 116

Reserving IP addresses for specific clients .............................................. 117

System Config................................................................................ 119

HA ................................................................................................................... 119

HA options ................................................................................................ 119

Cluster members list ................................................................................. 122

Viewing HA statistics................................................................................. 125

Changing subordinate unit host name and device priority........................ 126

Disconnecting a cluster unit from a cluster............................................... 126

SNMP.............................................................................................................. 127

Configuring SNMP .................................................................................... 127

Configuring an SNMP community............................................................. 128

Fortinet MIBs............................................................................................. 130

FortiGate traps.......................................................................................... 131

Fortinet MIB fields..................................................................................... 133

Replacement messages................................................................................ 136

Replacement messages list...................................................................... 137

Changing replacement messages ............................................................ 138

Changing the authentication login page.................................................... 139

Changing the FortiGuard web filtering block override page...................... 140

Changing the SSL-VPN login message.................................................... 140

Changing the authentication disclaimer page........................................... 140

Operation mode and VDOM management access...................................... 141

Changing operation mode......................................................................... 141

Management access................................................................................. 142

System Admin................................................................................ 143

Administrators............................................................................................... 143

Configuring RADIUS authentication for administrators............................. 144

Viewing the administrators list .................................................................. 144

Configuring an administrator account....................................................... 146

Access profiles.............................................................................................. 148

Viewing the access profiles list ................................................................. 151

Configuring an access profile.................................................................... 152

Contents

FortiGate Version 3.0 MR4 Administration Guide

01-30004-0203-20070102 7

FortiManager.................................................................................................. 153

Settings........................................................................................................... 153

Monitoring administrators ............................................................................ 154

System Maintenance...................................................................... 157

Backup and restore....................................................................................... 157

FortiGuard Center.......................................................................................... 161

FortiGuard Distribution Network................................................................ 161

FortiGuard Services .................................................................................. 161

Configuring the FortiGate unit for FDN and FortiGuard services.............. 162

Troubleshooting FDN connectivity ............................................................ 166

Updating antivirus and attack definitions................................................... 166

Enabling push updates.............................................................................. 168

License ........................................................................................................... 172

System Chassis (FortiGate-5000 series)...................................... 173

SMC (shelf manager card) ............................................................................ 173

Blades (FortiGate-5000 chassis slots)......................................................... 174

Chassis monitoring event log messages.................................................... 176

Router Static .................................................................................. 177

Routing concepts ......................................................................................... 177

How the routing table is built .................................................................... 178

How routing decisions are made .............................................................. 178

Multipath routing and determining the best route...................................... 178

How route sequence affects route priority ................................................ 179

Equal Cost Multipath (ECMP) Routes....................................................... 180

Static Route ................................................................................................... 180

Working with static routes ........................................................................ 180

Default route and default gateway ........................................................... 181

Adding a static route to the routing table .................................................. 184

Policy Route .................................................................................................. 185

Adding a route policy ................................................................................ 186

Moving a route policy ................................................................................ 187

Router Dynamic.............................................................................. 189

RIP................................................................................................................... 189

How RIP works.......................................................................................... 190

Viewing and editing basic RIP settings..................................................... 190

Selecting advanced RIP options ............................................................... 192

Overriding the RIP operating parameters on an interface......................... 193

FortiGate Version 3.0 MR4 Administration Guide

801-30004-0203-20070102

Contents

OSPF............................................................................................................... 194

OSPF autonomous systems ..................................................................... 194

Defining an OSPF AS ............................................................................... 195

Viewing and editing basic OSPF settings ................................................. 196

Selecting advanced OSPF options ........................................................... 198

Defining OSPF areas................................................................................ 199

Specifying OSPF networks....................................................................... 200

Selecting operating parameters for an OSPF interface ............................ 201

BGP................................................................................................................. 202

How BGP works........................................................................................ 202

Viewing and editing BGP settings............................................................. 203

Multicast......................................................................................................... 204

Viewing and editing multicast settings ...................................................... 204

Overriding the multicast settings on an interface...................................... 206

Router Monitor............................................................................... 209

Displaying routing information.................................................................... 209

Searching the FortiGate routing table......................................................... 211

Firewall Policy................................................................................ 213

About firewall policies .................................................................................. 213

How policy matching works....................................................................... 214

Viewing the firewall policy list...................................................................... 214

Adding a firewall policy ............................................................................. 215

Moving a policy to a different position in the policy list ............................. 216

Configuring firewall policies ........................................................................ 216

Firewall policy options............................................................................... 219

Adding authentication to firewall policies .................................................. 222

Adding traffic shaping to firewall policies .................................................. 223

IPSec firewall policy options ..................................................................... 226

SSL-VPN firewall policy options................................................................ 226

Options to check FortiClient on hosts....................................................... 227

Firewall policy examples .............................................................................. 228

Scenario one: SOHO sized business........................................................ 228

Scenario two: enterprise sized business................................................... 231

Firewall Address............................................................................ 235

About firewall addresses.............................................................................. 235

Viewing the firewall address list .................................................................. 236

Configuring addresses ................................................................................. 237

Viewing the address group list .................................................................... 237

Configuring address groups........................................................................ 238

Contents

FortiGate Version 3.0 MR4 Administration Guide

01-30004-0203-20070102 9

Firewall Service.............................................................................. 239

Viewing the predefined service list.............................................................. 239

Viewing the custom service list ................................................................... 243

Configuring custom services....................................................................... 243

Viewing the service group list...................................................................... 245

Configuring service groups.......................................................................... 245

Firewall Schedule........................................................................... 247

Viewing the one-time schedule list.............................................................. 247

Configuring one-time schedules.................................................................. 248

Viewing the recurring schedule list ............................................................. 248

Configuring recurring schedules................................................................. 249

Firewall Virtual IP........................................................................... 251

Virtual IPs....................................................................................................... 251

How virtual IPs map connections through the FortiGate unit.................... 251

Viewing the virtual IP list .............................................................................. 255

Configuring virtual IPs.................................................................................. 255

Adding a static NAT virtual IP for a single IP address............................... 256

Adding a static NAT virtual IP for an IP address range............................. 258

Adding static NAT port forwarding for a single IP address and a

single port.................................................................................................. 260

Adding static NAT port forwarding for an IP address range and a

port range.................................................................................................. 261

Adding a load balance virtual IP for an IP address range or real servers. 263

Adding a load balance port forwarding virtual IP....................................... 265

Adding dynamic virtual IPs........................................................................ 266

Virtual IP Groups ........................................................................................... 267

Viewing the VIP group list............................................................................. 267

Configuring VIP groups ................................................................................ 268

IP pools........................................................................................................... 269

IP pools and dynamic NAT........................................................................ 269

IP Pools for firewall policies that use fixed ports....................................... 269

Viewing the IP pool list.................................................................................. 270

Configuring IP Pools..................................................................................... 270

Firewall Protection Profile............................................................. 271

What is a protection profile .......................................................................... 271

Default protection profiles ......................................................................... 272

Viewing the protection profile list................................................................ 272

FortiGate Version 3.0 MR4 Administration Guide

10 01-30004-0203-20070102

Contents

Configuring a protection profile................................................................... 272

Antivirus options........................................................................................ 273

Web filtering options ................................................................................. 275

FortiGuard-Web filtering options............................................................... 276

Spam filtering options ............................................................................... 277

IPS options................................................................................................ 279

Content archive options ............................................................................ 279

IM and P2P options................................................................................... 280

Logging options......................................................................................... 281

VoIP options.............................................................................................. 282

Adding a protection profile to a policy........................................................ 282

Protection profile CLI configuration............................................................ 283

VPN IPSEC ..................................................................................... 285

Overview of IPSec interface mode............................................................... 285

Auto Key......................................................................................................... 287

Creating a new phase 1 configuration ..................................................... 287

Defining phase 1 advanced settings......................................................... 290

Creating a new phase 2 configuration ..................................................... 292

Defining phase 2 advanced settings......................................................... 293

Internet browsing configuration................................................................. 295

Manual Key .................................................................................................... 296

Creating a new manual key configuration ................................................ 297

Concentrator ................................................................................................. 299

Defining concentrator options ................................................................... 299

Monitor .......................................................................................................... 300

VPN PPTP....................................................................................... 303

PPTP Range................................................................................................... 303

VPN SSL.......................................................................................... 305

Config ............................................................................................................ 305

Monitor ........................................................................................................... 307

VPN Certificates............................................................................. 309

Local Certificates .......................................................................................... 309

Generating a certificate request................................................................ 310

Downloading and submitting a certificate request .................................... 312

Importing a signed server certificate......................................................... 313

Importing an exported server certificate and private key .......................... 313

Importing separate server certificate and private key files........................ 314

Remote Certificates....................................................................................... 314

Importing Remote (OCSP) certificates...................................................... 315

Contents

FortiGate Version 3.0 MR4 Administration Guide

01-30004-0203-20070102 11

CA Certificates............................................................................................... 315

Importing CA certificates........................................................................... 316

CRL ................................................................................................................. 317

Importing a certificate revocation list......................................................... 317

User................................................................................................. 319

Configuring user authentication.................................................................. 319

Setting authentication timeout................................................................... 320

Setting user authentication protocol support............................................. 320

Local user accounts...................................................................................... 321

Configuring a user account ....................................................................... 321

RADIUS servers............................................................................................. 322

Configuring a RADIUS server ................................................................... 322

LDAP servers................................................................................................. 323

Configuring an LDAP server ..................................................................... 324

PKI authentication......................................................................................... 325

Configuring PKI users ............................................................................... 326

Windows AD servers..................................................................................... 326

Configuring a Windows AD server ............................................................ 327

User group...................................................................................................... 327

User group types....................................................................................... 328

User group list........................................................................................... 329

Configuring a user group........................................................................... 330

Configuring FortiGuard override options for a user group......................... 331

Configuring SSL VPN user group options................................................. 332

Configuring peers and peer groups............................................................. 334

AntiVirus......................................................................................... 335

Order of operations....................................................................................... 335

Antivirus elements......................................................................................... 335

FortiGuard antivirus................................................................................... 336

Antivirus settings and controls.................................................................... 337

File pattern ..................................................................................................... 338

Viewing the file pattern list catalog............................................................ 338

Creating a new file pattern list................................................................... 339

Viewing the file pattern list ........................................................................ 339

Configuring the file pattern list................................................................... 340

Quarantine...................................................................................................... 341

Viewing the Quarantined Files list............................................................. 341

Viewing the AutoSubmit list....................................................................... 342

Configuring the AutoSubmit list................................................................. 343

Configuring quarantine options ................................................................. 343

FortiGate Version 3.0 MR4 Administration Guide

12 01-30004-0203-20070102

Contents

Config............................................................................................................. 345

Viewing the virus list ................................................................................. 345

Viewing the grayware list .......................................................................... 346

Antivirus CLI configuration.......................................................................... 347

system global optimize.............................................................................. 347

config antivirus heuristic............................................................................ 348

config antivirus quarantine........................................................................ 348

config antivirus service <service_name>.................................................. 348

Intrusion Protection....................................................................... 349

About intrusion protection........................................................................... 349

IPS settings and controls .......................................................................... 350

When to use IPS....................................................................................... 350

Predefined signatures................................................................................... 351

Viewing the predefined signature list ........................................................ 351

Configuring predefined signatures............................................................ 353

Fine tuning IPS predefined signatures for enhanced system performance 353

Custom signatures........................................................................................ 354

Viewing the custom signature list.............................................................. 354

Creating custom signatures...................................................................... 355

Protocol Decoders......................................................................................... 356

Viewing the protocol decoder list .............................................................. 356

Upgrading IPS protocol decoder list ......................................................... 357

Anomalies ...................................................................................................... 357

Viewing the traffic anomaly list.................................................................. 358

Configuring IPS traffic anomalies.............................................................. 358

IPS CLI configuration.................................................................................... 359

system autoupdate ips.............................................................................. 359

ips global fail-open.................................................................................... 359

ips global ip_protocol................................................................................ 359

ips global socket-size................................................................................ 359

(config ips anomaly) config limit................................................................ 359

Web Filter........................................................................................ 361

Order of web filtering.................................................................................... 361

How web filtering works ............................................................................... 361

Web filter controls......................................................................................... 362

Contents

FortiGate Version 3.0 MR4 Administration Guide

01-30004-0203-20070102 13

Content block................................................................................................. 364

Viewing the web content block list catalog................................................ 364

Creating a new web content block list....................................................... 365

Viewing the web content block list ............................................................ 365

Configuring the web content block list....................................................... 366

Viewing the web content exempt list catalog ............................................ 367

Creating a new web content exempt list ................................................... 367

Viewing the web content exempt list......................................................... 368

Configuring the web content exempt list ................................................... 369

URL filter......................................................................................................... 369

Viewing the URL filter list catalog.............................................................. 369

Creating a new URL filter list..................................................................... 370

Viewing the URL filter list .......................................................................... 370

Configuring the URL filter list .................................................................... 371

Moving URLs in the URL filter list ............................................................. 373

FortiGuard - Web Filter.................................................................................. 373

Configuring FortiGuard-Web filtering ........................................................ 374

Viewing the override list ............................................................................ 374

Configuring override rules......................................................................... 375

Creating local categories........................................................................... 377

Viewing the local ratings list...................................................................... 377

Configuring local ratings............................................................................ 378

Category block CLI configuration.............................................................. 379

FortiGuard-Web Filter reports ................................................................... 379

Antispam......................................................................................... 381

Antispam ........................................................................................................ 381

Order of Spam Filtering............................................................................. 381

Anti-spam filter controls............................................................................. 382

Banned word.................................................................................................. 384

Viewing the antispam banned word list catalog........................................ 384

Creating a new antispam banned word list............................................... 385

Viewing the antispam banned word list..................................................... 385

Configuring the antispam banned word list............................................... 386

Black/White List............................................................................................. 387

Viewing the antispam IP address list catalogue........................................ 387

Creating a new antispam IP address list................................................... 388

Viewing the antispam IP address list ........................................................ 388

Configuring the antispam IP address list................................................... 389

Viewing the antispam email address list catalog....................................... 389

Creating a new antispam email address list.............................................. 390

Viewing the antispam email address list ................................................... 390

Configuring the antispam email address list ............................................. 391

FortiGate Version 3.0 MR4 Administration Guide

14 01-30004-0203-20070102

Contents

Advanced antispam configuration............................................................... 392

config spamfilter mheader......................................................................... 392

config spamfilter rbl................................................................................... 393

Using Perl regular expressions.................................................................... 393

Regular expression vs. wildcard match pattern ........................................ 393

Word boundary ......................................................................................... 394

Case sensitivity......................................................................................... 394

Perl regular expression formats................................................................ 394

Example regular expressions.................................................................... 395

IM, P2P & VoIP................................................................................ 397

Overview......................................................................................................... 397

Configuring IM/P2P protocols...................................................................... 399

How to enable and disable IM/P2P options .............................................. 399

How to configure IM/P2P options within a protection profile..................... 399

How to configure IM/P2P decoder log settings......................................... 400

How to configure older versions of IM/P2P applications........................... 400

How to configure protocols that are not supported ................................... 400

Statistics......................................................................................................... 401

Viewing overview statistics ....................................................................... 401

Viewing statistics by protocol.................................................................... 402

User................................................................................................................. 403

Viewing the Current Users list................................................................... 403

Viewing the User List................................................................................ 404

Adding a new user to the User List........................................................... 404

Configuring a policy for unknown IM users............................................... 405

Log&Report.................................................................................... 407

FortiGate Logging ......................................................................................... 407

Log severity levels ........................................................................................ 408

Storing Logs .................................................................................................. 409

Logging to a FortiAnalyzer unit................................................................. 409

Connecting to FortiAnalyzer using Automatic Discovery .......................... 410

Testing the FortiAnalyzer configuration .................................................... 411

Logging to memory................................................................................... 412

Logging to a Syslog server ....................................................................... 413

Logging to WebTrends.............................................................................. 413

Logging to FortiGuard Log and Analysis server........................................ 414

High Availability cluster logging.................................................................. 415

Contents

FortiGate Version 3.0 MR4 Administration Guide

01-30004-0203-20070102 15

Log types........................................................................................................ 415

Traffic log .................................................................................................. 415

Event log................................................................................................... 416

Antivirus log............................................................................................... 417

Web filter log ............................................................................................. 417

Attack log .................................................................................................. 418

Spam filter log ........................................................................................... 418

IM and P2P log.......................................................................................... 418

VoIP log..................................................................................................... 419

Log Access..................................................................................................... 419

Accessing log messages stored in memory.............................................. 420

Accessing log message stored in the hard disk........................................ 420

Accessing logs stored on the FortiAnalyzer unit ....................................... 421

Accessing logs on the FortiGuard Log & Analysis server ......................... 422

Viewing log information............................................................................. 422

Column settings ........................................................................................ 423

Filtering log messages .............................................................................. 423

Deleting logs stored on the FortiGuard Log & Analysis server ................. 424

Content Archive............................................................................................. 425

Alert Email...................................................................................................... 426

Configuring Alert Email ............................................................................. 426

Reports........................................................................................................... 428

Basic traffic reports ................................................................................... 428

FortiAnalyzer reports................................................................................. 429

Configuring a FortiAnalyzer report ........................................................... 430

Editing FortiAnalyzer reports..................................................................... 437

Printing your FortiAnalyzer report ............................................................. 437

Viewing FortiAnalyzer reports from a FortiGate unit ................................. 438

Viewing parts of a FortiAnalyzer report..................................................... 438

Index................................................................................................ 439

FortiGate Version 3.0 MR4 Administration Guide

16 01-30004-0203-20070102

Contents

Introduction

FortiGate Version 3.0 MR4 Administration Guide

01-30004-0203-20070102 17

Introduction

Welcome and thank you for selecting Fortinet products for your real-time network

protection.

FortiGate™ ASIC-accelerated multi-threat security systems improve network

security, reduce network misuse and abuse, and help you use communications

resources more efficiently without compromising the performance of your

network. FortiGate Systems are ICSA-certified for Antivirus, Firewall, IPSec,

SSL-TLS, IPS, Intrusion detection, and AntiSpyware services.

FortiGate Systems are dedicated, easily managed security device that delivers a

full suite of capabilities including:

• Application-level services such as virus protection, intrusion protection, spam

filtering, web content filtering, IM, P2P, and VoIP filtering

• Network-level services such as firewall, intrusion detection, IPSec and SSL

VPN, and traffic shaping

• Management services such as user authentication, logging, reporting with

FortiAnalyzer, administration profiles, secure web and CLI administrative

access, and SNMP

The FortiGate security system uses Fortinet’s Dynamic Threat Prevention System

(DTPS™) technology, which leverages breakthroughs in chip design, networking,

security and content analysis. The unique ASIC-accelerated architecture analyzes

content and behavior in real-time, enabling key applications to be deployed right

at the network edge where they are most effective at protecting your networks.

This chapter contains the following sections:

•Introducing the FortiGate units

•Fortinet family of products

•About this document

•FortiGate documentation

•Customer service and technical support

FortiGate Version 3.0 MR4 Administration Guide

18 01-30004-0203-20070102

Introducing the FortiGate units Introduction

Introducing the FortiGate units

All FortiGate Unified Threat Management Systems from the FortiGate-50B to the

FortiGate-5000 series deliver similar SOHO or enterprise-class network-based

antivirus, content filtering, firewall, VPN, and network-based intrusion

detection/prevention features.

FortiGate-5000 series chassis

The FortiGate-5000 series Security Systems are chassis-based systems that

MSSPs and large enterprises can use to provide subscriber security services

such as firewall, VPN, antivirus protection, spam filtering, web filtering and

intrusion prevention (IPS). The wide variety of system configurations available

with FortiGate-5000 series provide flexibility to meet the changing needs of

growing high performance networks. The FortiGate-5000 series chassis support

multiple hot-swappable FortiGate-5000 series modules and power supplies. This

modular approach provides a scalable, high-performance and failure-proof

solution.

FortiGate-5140 chassis

You can install up to 14 FortiGate-5000 series modules in the 14 slots of the

FortiGate-5140 ATCA chassis. The FortiGate-5140 is a 12U chassis that contains

two redundant hot swappable DC power entry modules that connect to -48 VDC

Data Center DC power. The FortiGate-5140 chassis also includes three hot

swappable cooling fan trays.

FortiGate-5050 chassis

You can install up to five FortiGate-5000 series modules in the five slots of the

FortiGate-5050 ATCA chassis. The FortiGate-5050 is a 5U chassis that contains

two redundant DC power connections that connect to -48 VDC Data Center DC

power. The FortiGate-5050 chassis also includes a hot swappable cooling fan

tray.

FAN TRAY FAN TRAYFAN TRAY

1311975312468101214

5140

PWR STA IPM

CONSOLE USB 1 2 3 4 5 6 7 8

ACC

PWR STA IPM

CONSOLE USB 1 2 3 4 5 6 7 8

ACC

PWR STA IPM

CONSOLE USB 1 2 3 4 5 6 7 8

ACC

PWR STA IPM

CONSOLE USB 1 2 3 4 5 6 7 8

ACC

PWR STA IPM

CONSOLE USB 1 2 3 4 5 6 7 8

ACC

PWR STA IPM

CONSOLE USB 1 2 3 4 5 6 7 8

ACC

MANAGEMENT

SYSTEM

E1

ZRE

LED MODE

1514

1312

1110

98

76

54

32

10

E2

OKCLK INTEXT FLT

HOT SWAP

RESET

FLT

CONSOLE

E

T

H

O

R

S

2

3

2

Z

R

E

0

Z

R

E

1

Z

R

E

2

MANAGEMENT

SYSTEM

E1

ZRE

LED MODE

1514

1312

1110

98

76

54

32

10

E2

OKCLK INTEXT FLT

HOT SWAP

RESET

FLT

CONSOLE

E

T

H

O

R

S

2

3

2

Z

R

E

0

Z

R

E

1

Z

R

E

2

PWR ACC STA IPM

CONSOLE USB 3 4

1 2 5 6 7 8

PWR ACC STA IPM

CONSOLE USB 3 4

1 2 5 6 7 8

PWR ACC STA IPM

CONSOLE USB 3 4

1 2 5 6 7 8

PWR ACC STA IPM

CONSOLE USB 3 4

1 2 5 6 7 8

PWR ACC STA IPM

CONSOLE USB 3 4

1 2 5 6 7 8

PWR ACC STA IPM

CONSOLE USB 3 4

1 2 5 6 7 8

CRITICAL

RESET

MAJOR

MINOR

USER1

USER2

USER3

5140SAP

SERIAL 1 SERIAL 2 ALARM

FILTER

12

012

10/100

link/Act

ETH0

Service

RESET

STATUS

Hot Swap

link/Act

ETH0 ETH1

10/100

5000SM

10/100

link/Act

ETH0

Service

RESET

STATUS

Hot Swap

link/Act

ETH0 ETH1

10/100

5000SM

PSU A

PSU B

PWR IPM

USB

5

3 4 5 6

CONSOLE

STATUS

1

6

2

ALT

ON/OFF

RESET

PWR IPM

USB

5

3 4 5 6

CONSOLE

STATUS

1

6

2

ALT

ON/OFF

RESET

1

2

3

4

5

SMC

1

SMC

POWER

5050SAP

SERIAL

1SERIAL

2

ALARM

10/100

link/Act

ETH0

Service

RESET

STATUS

Hot Swap

link/Act

ETH0 ETH1

10/100

5000SM

10/100

link/Act

ETH0

Service

RESET

STATUS

Hot Swap

link/Act

ETH0 ETH1

10/100

5000SM

MANAGEMENT

SYSTEM

E1

ZRE

LED MODE

1514

1312

1110

98

76

54

32

10

E2

OKCLK INTEXT FLT

HOT SWAP

RESET

FLT

CONSOLE

E

T

H

O

R

S

2

3

2

Z

R

E

0

Z

R

E

1

Z

R

E

2

MANAGEMENT

SYSTEM

E1

ZRE

LED MODE

1514

1312

1110

98

76

54

32

10

E2

OKCLK INTEXT FLT

HOT SWAP

RESET

FLT

CONSOLE

E

T

H

O

R

S

2

3

2

Z

R

E

0

Z

R

E

1

Z

R

E

2

PWR STA IPM

CONSOLE USB 1 2 3 4 5 6 7 8

ACC

PWR STA IPM

CONSOLE USB 1 2 3 4 5 6 7 8

ACC

PWR STA IPM

CONSOLE USB 1 2 3 4 5 6 7 8

ACC

Introduction Introducing the FortiGate units

FortiGate Version 3.0 MR4 Administration Guide

01-30004-0203-20070102 19

FortiGate-5020 chassis

You can install one or two FortiGate-5000 series modules in the two slots of the

FortiGate-5020 ATCA chassis. The FortiGate-5020 is a 4U chassis that contains

two redundant AC to DC power supplies that connect to AC power. The

FortiGate-5020 chassis also includes an internal cooling fan tray.

About the FortiGate-5000 series modules

Each FortiGate-5000 series module is a standalone security system that can also

function as part of an HA cluster. All FortiGate-5000 series modules are also hot

swappable. All FortiGate-5000 series units are high capacity security systems

with multiple gigabit interfaces, multiple virtual domain capacity, and other high

end FortiGate features.

FortiGate-5005FA2 module

The FortiGate-5001SX module is an independent high-performance security

system with eight Gigabit ethernet interfaces; two of which include Fortinet

technology to accelerate small packet performance. The FortiGate-5005FA2

module also supports high-end features including 802.1Q VLANs and multiple

virtual domains.

FortiGate-5001SX module

The FortiGate-5001SX module is an independent high-performance security

system with eight Gigabit ethernet interfaces. The FortiGate-5001SX module

supports high-end features including 802.1Q VLANs and multiple virtual domains.

FortiGate-5001FA2 module

The FortiGate-5001FA2 module is an independent high-performance security

system with six Gigabit ethernet interfaces. The FortiGate-5001FA2 module is

similar to the FortiGate-5001SX module except that two of the FortiGate-5001FA2

interfaces include Fortinet technology to accelerate small packet performance.

FortiGate-5002FB2 module

The FortiGate-5002FB2 module is an independent high-performance FortiGate

security system with a total of 6 Gigabit ethernet interfaces. Two of the

FortiGate-5002FB2 interfaces include Fortinet technology to accelerate small

packet performance.

FortiGate-3600A

The FortiGate-3600A

unit provides carrier-

class levels of

performance and

reliability demanded by

large enterprises and

service providers. The

unit uses multiple CPUs and FortiASIC chips to deliver throughput of 4Gbps,

PWR

Hi-Temp

Esc Enter

USB

MODEM

CONSOLE

7

8

5

6

3

4

1

29

10

FortiGate Version 3.0 MR4 Administration Guide

20 01-30004-0203-20070102

Introducing the FortiGate units Introduction

meeting the needs of the most demanding applications. The FortiGate-3600A unit

includes redundant power supplies, which minimize single-point failures, and

supports load-balanced operation. The high-capacity, reliability and easy

management makes the FortiGate-3600A a natural choice for managed service

offerings.

FortiGate-3600

The FortiGate-3600

unit provides carrier-

class levels of

performance and

reliability demanded by

large enterprises and

service providers. The

unit uses multiple CPUs and FortiASIC chips to deliver throughput of 4Gbps,

meeting the needs of the most demanding applications. The FortiGate-3600 unit

includes redundant power supplies, which minimize single-point failures, and

supports load-balanced operation. The high-capacity, reliability and easy

management makes the FortiGate-3600 a natural choice for managed service

offerings.

FortiGate-3000

The FortiGate-3000

unit provides the

carrier-class levels of

performance and

reliability demanded

by large enterprises

and service providers. The unit uses multiple CPUs and FortiASIC chips to deliver

a throughput of 3Gbps, meeting the needs of the most demanding applications.

The FortiGate-3000 unit includes redundant power supplies to minimize single-

point failures, including load-balanced operation and redundant failover with no

interruption in service. The high capacity, reliability, and easy management of the

FortiGate-3000 makes it a natural choice for managed service offerings.

FortiGate-1000A

The FortiGate-1000A

Security System is a

high-performance

solution for the most

demanding large

enterprise and service

providers. The

FortiGate-1000A automatically keeps up to date information on Fortinet’s

FortiGuard Subscription Services by the FortiGuard Distribution Network,

ensuring around-the-clock protection against the latest viruses, worms, trojans

and other threats. The FortiGate-1000A has flexible architecture to quickly adapt

to emerging technologies such as IM, P2P or VOIP including identity theft

methods such as spyware, phishing and pharming attacks.

Esc Enter

POWER

Hi-Temp 4

123

5/HA INT EXT

123 4 5/HA INTERNAL EXTERNAL

POWER

Hi-Temp

123

INT EXT

4/HA

Esc Enter

123 4/HA INTERNAL EXTERNAL

Page is loading ...

Fortinet Fortiwifi fortiwifi-60 Administration Manual

Related papers

Other documents