Page 1
Esc Enter
DMZ2DMZ1INTERNAL WAN1 WAN2CONSOLE USB
1234
A
Power Cable
Rack-Mount Brackets
Documentation
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
USER MANUAL
FortiGate-200A
QuickStart Guide
Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.
Front
LCD
Control
Buttons
Internal
(4-port switch)
Power
LED
DMZ
1, 2
WAN
1, 2
Esc Enter
DMZ2DMZ1INTERNAL WAN1 WAN2CONSOLEUSB
1234
A
Back
Power
Connection
Power
Switch
USB
(future)
Serial
Port
RJ-45 to
DB-9 Serial Cable
Esc Enter
DMZ2DMZ1INTERNAL WAN1 WAN2CONSOLE USB
1234
A
Straight-through Ethernet cables connect
to Internet (public switch, router, or modem)
Optional Ethernet connection to 1 or 2 DMZ networks
Straight-through
Ethernet cables
connect to computers on internal network
Optional RJ-45 serial cable connects to management computer
Power cable connects to power outlet
Esc Enter
DMZ2DMZ1INTERNAL WAN1 WAN2CONSOLE USB
1234
A
Connector Type Speed Protocol Description
Internal RJ-45 10/100Base_T Ethernet
4-port switch connection to up to four network
devices or the internal network.
WAN1 and 2 RJ-45 10/100Base_T Ethernet Redundant connections to the Internet.
DMZ1 and 2 RJ-45 10/100Base_T Ethernet
Optional connections to one or two DMZ networks,
or to other FortiGate-200A units for HA. For details,
see the Documentation CD-ROM.
CONSOLE RJ-45 9600 bps
RS-232
serial
Optional connection to the management computer.
Provides access to the command line interface
(CLI).
FortiGate-200A LED Indicators
LED State Description
Power
Green The FortiGate unit is powered on.
Off The FortiGate unit is powered off.
Internal
WAN1
WAN2
DMZ1
DMZ2
Amber
The correct cable is in use and the connected
equipment has power.
Flashing
Amber
Network activity at this interface.
Green The interface is connected at 100 Mbps.
Off No link established.
Connect the FortiGate-200A unit to a power outlet and to networks.
NAT/Route mode
In NAT/Route mode, the FortiGate-200A is visible to the networks that it is connected
to. All of its interfaces are on different subnets. You must configure the internal and
WAN1 interfaces with IP addresses. Optionally, you can also configure the WAN2
DMZ1, and DMZ2 interfaces.
You would typically use NAT/Route mode when the FortiGate-200A is deployed as a
gateway between private and public networks. In its default NAT/Route mode
configuration, the unit functions as a firewall. Firewall policies control communications
through the FortiGate-200A unit.
In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In
NAT mode, the FortiGate-200A performs network address translation before IP packets
are sent to the destination network. In Route mode, no translation takes place. By
default, the unit has a single NAT mode policy that allows users on the internal network
to securely access and download content from the Internet. No other traffic is possible
until you have configured more policies.
Transparent mode
In Transparent mode, the FortiGate-200A is invisible to the network. All of its interfaces
are on the same subnet. You only have to configure a management IP address so that
you can make configuration changes.
You would typically use the FortiGate-200A in Transparent mode on a private network
behind an existing firewall or behind a router. In its default Transparent mode
configuration, the unit functions as a firewall. By default, the unit has a single firewall
policy that allows users on the internal network segment to connect to the external
network segment. No other traffic is possible until you have configured more policies.
You can connect up to 5 network segments to the FortiGate-200A unit to control traffic
between these network segments.
FortiGate-200A Unit
in NAT/Route mode
Route mode policies
controlling traffic between
internal networks.
Internal network
DMZ network
Internal
192.168.1.99
DMZ1
10.10.10.1
192.168.1.3
10.10.10.2
WAN1
204.23.1.5
NAT mode policies controlling
traffic between internal and
external networks.
Internet
Esc Enter
DMZ2DMZ1INTERNAL WAN1 WAN2CONSOLE USB
1234
A
FortiGate-200A Unit
in Transparent mode
Internet
10.10.10.1
Management IP
10.10.10.3
WAN1 Internal
10.10.10.2
Transparent mode policies
controlling traffic between
internal and external networks
204.23.1.5
(firewall, router)
Gateway to
public network
Internal network
Esc Enter
DMZ2DMZ1INTERNAL WAN1 WAN2CONSOLE USB
1234
A
Before configuring the FortiGate-200A, you need to plan how to integrate the unit into your
network. Your configuration plan is dependent upon the operating mode that you select: NAT/
Route mode (the default) or Transparent mode.
Choose among three different tools to configure the FortiGate-200A.
QuickStart Guide
FortiGate-200A
Check that the package contents are complete.
• Place the unit on a stable surface or mount it in a 19-inch rack. It
requires 1.5 inches clearance (3.75 cm) on each side to allow for
cooling.
• Make sure the power switch on the back of the unit is turned off before
connecting the power and network cables.
Checking the package contents
1
Connecting the FortiGate-200A
2
Planning the configuration
3
Choosing a configuration tool
4
© Copyright 2004 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
02 November 2004
For technical support please visit http://www.fortinet.com.
Factory default settings
NAT/Route mode Transparent mode
Internal interface 192.168.1.99 Management IP 10.10.10.1
WAN1 interface 192.168.100.99
Administrative account settings
WAN2 interface 192.168.101.99 User name admin
DMZ1 interface 10.10.10.1 Password (none)
Web-based
manager &
Setup Wizard
The FortiGate web-based
manager Setup Wizard
guides you through the
initial configuration steps.
Use it to configure the administrator password, the
interface addresses, the default gateway address, and
the DNS server addresses. Optionally, use the Setup
Wizard to configure the internal server settings for
NAT/Route mode.
Requirements:
• Ethernet connection between the FortiGate-200A
and management computer.
• Internet Explorer version 6.0 or higher on the
management computer.
Command
Line Interface
(CLI)
The CLI is a full-featured
management tool.
Use it to configure the
administrator password,
the interface addresses,
the default gateway
address, and the DNS server addresses. To configure
advanced settings, see the Documentation CD-ROM.
Requirements:
• Serial connection between the FortiGate-200A and
management computer.
• A terminal emulation application (HyperTerminal for
Windows) on the management computer.
Control
Buttons &
LCD
The control buttons and LCD are located on the front
panel of the FortiGate-200A. Use them to configure the
internal, WAN1 and DMZ 1 interface addresses, and the
default gateway address. To configure the other
interface addresses, the DNS server addresses and
other settings, use the web-based manager, or the CLI.
Requirements:
• Physical access to the FortiGate-200A.
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, Web content filtering, Spam filtering, intrusion
prevention (IPS), and virtual private networking (VPN).
01-28005-0070-20041102
Page 2
2. Configure the management computer to be on the same subnet as the internal interface of the FortiGate-200A. To do this,
change the IP address of the management computer to 192.168.1.2 and the netmask to 255.255.255.0.
3. To access the FortiGate web-based manager, start Internet Explorer and browse to https://192.168.1.99 (remember to
include the “s” in https://).
4. Type admin in the Name field and select Login.
Web-based manager
and Setup Wizard
NAT/Route mode
To configure the FortiGate-200A using the Setup Wizard, select the
Easy Setup Wizard button and follow the prompts.
To change the administrator password
1. Go to System > Admin > Administrators.
2. Select Change Password for the admin administrator and enter a new password.
To configure interfaces
1. Go to System > Network > Interface.
2. Select the edit icon for each interface to configure.
3. Set the addressing mode for the interface (see the online help for information).
• For manual addressing, enter the IP address and netmask for the interface.
• For DHCP addressing, select DHCP and any required settings.
• For PPPoE addressing, select PPPoE, and enter the username and password
and any other required settings.
To configure the Primary and Secondary DNS server IP addresses
1. Go to System > Network > DNS, enter the Primary and Secondary DNS IP
addresses that you recorded above and select Apply.
To configure a Default Gateway
1. Go to Router > Static and select Edit icon for the static route.
2. Set Gateway to the Default Gateway IP address that you recorded above and select
OK.
Transparent mode
To switch from NAT/Route mode to transparent mode
1. Go to System > Status, select Change beside Operation Mode, and select OK.
2. Change the IP address of the management computer to 10.10.10.2 and use
Internet Explorer to browse to https://10.10.10.1.
To configure the FortiGate-200A using the Setup Wizard, select the Easy Setup Wizard
button and follow the prompts.
To change the administrator password
1. Go to System > Admin > Administrators.
2. Select Change Password for the admin administrator and enter a new password.
To configure the management interface
1. Go to System > Network > Management.
2. Enter the Management IP address and netmask that you recorded above.
3. Select administrative access options if required and select OK.
To configure the Primary and Secondary DNS server IP addresses
1. Go to System > Network > DNS, enter the Primary and Secondary DNS IP
addresses that you recorded above and select Apply.
To configure a Default Gateway
1. Go to System > Network > Management.
2. Set Default Gateway to the Default Gateway IP address that you recorded above
and select OK.
Select the
Easy Setup Wizard
NAT/Route mode
1. Configure the FortiGate-200A internal interfa ce.
config system interface
edit internal
set mode static
set ip <intf_ip> <netmask_ip>
end
2. Repeat to configure each interface, for example, to configure the WAN1 interface.
config system interface
edit wan1
...
3. Configure the primary and secondary DNS server IP addresses.
config system dns
set primary <dns-server_ip>
set secondary <dns-server_ip>
end
4. Configure the default gateway.
config router static
edit 1
set gateway <gateway_ip>
end
Transparent mode
1. Change from NAT/Route mode to Transparent mode.
config system global
set opmode transparent
end
2. Wait a moment and then log in again at the prompt.
3. Configure the Management IP address.
config system manageip
set ip <mng_ip> <netmask>
end
Configure the DNS server IP address.
config system dns
set primary <dns-server_ip>
set secondary <dns-server_ip>
end
4. Configure the default route.
config router static
edit 1
set gateway <gateway_ip>
end
Using the
Command Line Interface
1. Use the serial cable to connect the FortiGate Console port to the management computer serial port.
2. Start a terminal emulation program (HyperTerminal) on the management computer. Use these settings:
Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and Flow Control None.
3. At the Login: prompt, type admin and press Enter twice (no password required).
1. Connect the FortiGate-200A internal interface to a management computer Ethernet interface.
You can connect the management computer directly to the FortiGate-200A internal interface
4-port switch.
Note: If you change the internal interface IP address (NAT/Route mode) or management IP address (Transparent mode), you must use this address to reconnect to the web-based manager and Setup Wizard.
You might also have to change the IP address of the management computer to be on the same subnet as the new IP address.
Configuring the FortiGate-200A
6
NAT/Route mode
The internal interface IP address and netmask must be valid for the internal network.
Transparent mode
The management IP address and netmask must be valid for the network from which
you will manage the FortiGate-200A.
General settings
Internal Interface:
IP:
____.____.____.____
Netmask:
____.____.____.____
WAN1:
IP:
____.____.____.____
Netmask:
____.____.____.____
WAN2:
IP:
____.____.____.____
Netmask:
____.____.____.____
DMZ1:
IP:
____.____.____.____
Netmask:
____.____.____.____
DMZ2:
IP:
____.____.____.____
Netmask:
____.____.____.____
Management IP:
IP:
____.____.____.____
Netmask:
____.____.____.____
Administrator password:
Network Settings:
Default Gateway:
____.____.____.____
Primary DNS Server:
____.____.____.____
Secondary DNS Server:
____.____.____.____
Use these tables to record your FortiGate-200A configuration.
Collecting information
5
Using the
Control Buttons and LCD
• Use the Enter key to access the Main Menu, to select menu items, to move right when entering IP addresses, and to
confirm changes.
• Use the arrow keys to move up and down in the Main Menu, and to change IP address numbers.
• Use the Esc key to return to the Main Menu, and to move left when entering IP addresses.
NAT/Route mode
Use the control buttons and LCD to:
• configure the Internal, External, and DMZ interface IP addresses and netmasks.
• configure the External interface Default Gateway.
Transparent mode
Use the control buttons and LCD to:
• change the operating mode from NAT/Route to Transparent.
• configure the Management Interface IP address and netmask.
• configure the Default Gateway.
Note: When you enter an IP address, the LCD display always shows three digits for each part of the IP address. For example, the IP address 192.168.100.1 appears on the LCD display as 192.168.100.001.
Congratulations!
You have finished configuring the basic settings. Your network is now protected from
Internet-based threats. To explore the full range of configuration options, see the online help
or the Documentation CD-ROM.
Completing the configuration
7
• To restart the unit, go to System > Maintenance >
ShutDown and select Reboot.
• To reset the unit, go to System > Maintenance >
Shutdown and select Reset to factory default.
Restarting the FortiGate-200A
Should you mistakenly change a network setting and cannot connect to the
unit, reboot the unit and try again or to set the unit back to factory defaults and
start over again.
CLI:
execute reboot
CLI:
execute factoryreset
Loading...