Upload
manoj22490
View
224
Download
0
Embed Size (px)
Citation preview
8/12/2019 Installing the FortiGate Unit
1/17
Installing
theFortiGate
Unit
8/12/2019 Installing the FortiGate Unit
2/17
2
Fortinet Technologies
Installation
Free-standing (All units) requires 1.5 (3.75 cm) clearance on all sides
Rack-mounted (FortiGate 200 and higher)
requires 1U of vertical space
8/12/2019 Installing the FortiGate Unit
3/17
3
Fortinet Technologies
Connecting to the Web-based Manager (1)
To connect to the web-based manager, you need:
a computer with an Ethernet interface
a cross-over Ethernet cable or an Ethernet
hub/switch and two Ethernet cables
an Internet browser
Internet Explorer version 4.0 or higher
Mozzilla, etc.
8/12/2019 Installing the FortiGate Unit
4/17
4
Fortinet Technologies
Connecting to the Web-based Manager (2)
Set the static IP address of the computer with anEthernet connection to 192.168.1.2/255.255.255.0
Using the cross-over cable or the Ethernet hub
and cables, connect the internal interface of the
FortiGate unit to the computer Ethernetconnection
Start a browser and connect to the address
https://192.168.1.99
Type adminin the Name field and click Login
https://192.168.1.99/https://192.168.1.99/8/12/2019 Installing the FortiGate Unit
5/17
5
Fortinet Technologies
Connecting to the CLI (1)
To connect to the FortiGate unit, you need: a computer with an available communications port
depending on the FortiGate model, a null modem
cable with a 9-pin connector or an RJ-45 serial
cable and an RJ-45 to DB-9 converter
terminal emulation software such as
HyperTerminal for Windows, Secure CRT, etc.
Connect the null modem cable to the communications
port of your computer and to the FortiGateConsole port
8/12/2019 Installing the FortiGate Unit
6/17
6
Fortinet Technologies
Connecting to the CLI (2)
Start HyperTerminal, enter a name for theconnections, and click OK
Configure HyperTerminal to connect directly to the
communications port on the computer to which
you have connected the null modem cable and
click OK
Select the following port settings and click OK
FortiGate 300 and FortiManager use 115200 bps
Bits per second 9600Data bits 8
Parity None
Stop bits 1
Flow control None
8/12/2019 Installing the FortiGate Unit
7/17
7
Fortinet Technologies
Connecting to the CLI (3)
Press Enter to connect to the FortiGate CLIThe following prompt is displayed:
FortiGate-60 login:
Type adminand press Enter twice
The following prompt is displayed:Type ? for a list of commands.
8/12/2019 Installing the FortiGate Unit
8/17
8
Fortinet Technologies
Factory Default Settings
The FortiGate unit is shipped with a factory defaultconfiguration that allows you to connect to and
use the FortiGate web-based manager to
configure the unit onto the network
Internal interface 192.168.1.99/24 https, http, ssh, ping access is enabled
External interface 192.168.100.99/24
ping is enabled
Firmware upgrade using TFTP is done using theinternal interface only (interrupt boot process)
8/12/2019 Installing the FortiGate Unit
9/17
9
Fortinet Technologies
Factory Default Settings (Cont)
No password On low end models (50, 60, 100), a policy is
added automatically to allow all traffic from
internal to external
Add an administrator password for security
8/12/2019 Installing the FortiGate Unit
10/17
10
Fortinet Technologies
Registration
After purchasing and installing a new FortiGateunit
You must register the unit to be able to receiveantivirus and attack signature updates
After registration, you have a three month period to receive free updates a one month free trial period for FortiGuard, Fortinets
Web content blocking system
After you have registered your FortiGate unit,
Fortinet sends a Support Login user name andpassword to your email address
System > Maintenance > Support > FDS Registration
8/12/2019 Installing the FortiGate Unit
11/17
11
Fortinet Technologies
Support
Use the user name and password you received
after registration to log on to the Fortinet support
web site to:
view your list of FortiGate units
register additional FortiGate units
add or change FortiCare Support Contract numbers foreach FortiGate unit
view and change registration information
download virus and attack definition updates
download firmware upgrades
modify registration information after an RMA
open support tickets
8/12/2019 Installing the FortiGate Unit
12/17
8/12/2019 Installing the FortiGate Unit
13/17
13
Fortinet Technologies
Setting the Time and Date
Ensure effective scheduling and logging Set the FortiGate system time manually or set the
unit to synchronize with a Network Time Protocol
(NTP) server for automatic time correction
8/12/2019 Installing the FortiGate Unit
14/17
14
Fortinet Technologies
Options
Enhance security
set timeouts for access to the FortiGate unit, policyauthentication, DGD for routing fail-over
PIN protection for LCD panel
8/12/2019 Installing the FortiGate Unit
15/17
15
Fortinet Technologies
SNMP
Report system information and send traps toSNMP managers
Access SNMP traps and data from any FortiGate
interface or VLAN configured for SNMP
management access Fortinet proprietary MIBs
RFC 2665 (Ethernet-like MIB) and RFC 1213 (MIB
II)
8/12/2019 Installing the FortiGate Unit
16/17
16
Fortinet Technologies
DHCP Server and DHCP Relay
NAT/Route mode only Static IP address required
Configure the server first
Choose the interface to act as a DHCP server
System > DHCP > Service
8/12/2019 Installing the FortiGate Unit
17/17
17
Fortinet Technologies
IP/MAC Binding
Protects the FortiGate unit and your network fromIP spoofing attacks
IP/MAC pairs that do not match entries in the table
are denied connection
Packet filtering Dynamic binding allows for DHCP assignments
System > DCHP > IP/MAC Binding