Installing the FortiGate Unit

8/12/2019 Installing the FortiGate Unit

1/17

Installing

theFortiGate

Unit


2/17

2

Fortinet Technologies

Installation

Free-standing (All units) requires 1.5 (3.75 cm) clearance on all sides

Rack-mounted (FortiGate 200 and higher)

requires 1U of vertical space


3/17

3


Connecting to the Web-based Manager (1)

To connect to the web-based manager, you need:

a computer with an Ethernet interface

a cross-over Ethernet cable or an Ethernet

hub/switch and two Ethernet cables

an Internet browser

Internet Explorer version 4.0 or higher

Mozzilla, etc.


4/17

4


Connecting to the Web-based Manager (2)

Set the static IP address of the computer with anEthernet connection to 192.168.1.2/255.255.255.0

Using the cross-over cable or the Ethernet hub

and cables, connect the internal interface of the

FortiGate unit to the computer Ethernetconnection

Start a browser and connect to the address

https://192.168.1.99

Type adminin the Name field and click Login
https://192.168.1.99/https://192.168.1.99/


5/17

5


Connecting to the CLI (1)

To connect to the FortiGate unit, you need: a computer with an available communications port

depending on the FortiGate model, a null modem

cable with a 9-pin connector or an RJ-45 serial

cable and an RJ-45 to DB-9 converter

terminal emulation software such as

HyperTerminal for Windows, Secure CRT, etc.

Connect the null modem cable to the communications

port of your computer and to the FortiGateConsole port


6/17

6



Start HyperTerminal, enter a name for theconnections, and click OK

Configure HyperTerminal to connect directly to the

communications port on the computer to which

you have connected the null modem cable and

click OK

Select the following port settings and click OK

FortiGate 300 and FortiManager use 115200 bps

Bits per second 9600Data bits 8

Parity None

Stop bits 1

Flow control None


7/17

7



Press Enter to connect to the FortiGate CLIThe following prompt is displayed:

FortiGate-60 login:

Type adminand press Enter twice

The following prompt is displayed:Type ? for a list of commands.


8/17

8


Factory Default Settings

The FortiGate unit is shipped with a factory defaultconfiguration that allows you to connect to and

use the FortiGate web-based manager to

configure the unit onto the network

Internal interface 192.168.1.99/24 https, http, ssh, ping access is enabled

External interface 192.168.100.99/24

ping is enabled

Firmware upgrade using TFTP is done using theinternal interface only (interrupt boot process)


9/17

9


Factory Default Settings (Cont)

No password On low end models (50, 60, 100), a policy is

added automatically to allow all traffic from

internal to external

Add an administrator password for security


10/17

10


Registration

After purchasing and installing a new FortiGateunit

You must register the unit to be able to receiveantivirus and attack signature updates

After registration, you have a three month period to receive free updates a one month free trial period for FortiGuard, Fortinets

Web content blocking system

After you have registered your FortiGate unit,

Fortinet sends a Support Login user name andpassword to your email address

System > Maintenance > Support > FDS Registration


11/17

11


Support

Use the user name and password you received

after registration to log on to the Fortinet support

web site to:

view your list of FortiGate units

register additional FortiGate units

add or change FortiCare Support Contract numbers foreach FortiGate unit

view and change registration information

download virus and attack definition updates

download firmware upgrades

modify registration information after an RMA

open support tickets


12/17


13/17

13


Setting the Time and Date

Ensure effective scheduling and logging Set the FortiGate system time manually or set the

unit to synchronize with a Network Time Protocol

(NTP) server for automatic time correction


14/17

14


Options

Enhance security

set timeouts for access to the FortiGate unit, policyauthentication, DGD for routing fail-over

PIN protection for LCD panel


15/17

15


SNMP

Report system information and send traps toSNMP managers

Access SNMP traps and data from any FortiGate

interface or VLAN configured for SNMP

management access Fortinet proprietary MIBs

RFC 2665 (Ethernet-like MIB) and RFC 1213 (MIB

II)


16/17

16


DHCP Server and DHCP Relay

NAT/Route mode only Static IP address required

Configure the server first

Choose the interface to act as a DHCP server

System > DHCP > Service


17/17

17


IP/MAC Binding

Protects the FortiGate unit and your network fromIP spoofing attacks

IP/MAC pairs that do not match entries in the table

are denied connection

Packet filtering Dynamic binding allows for DHCP assignments

System > DCHP > IP/MAC Binding

Documents

Installing the FortiGate Unit