FortiGate 3000
ESC ENTER
Administration Guide
123
POWER
Hi-Temp 4/HA
INT EXT
FortiGate-3000 Administration Guide
CONSOLE 1 2 3 4/HA
Version 2.80 MR6
5 November 2004
01-28006-0010-20041105
INTERNAL
EXTERNAL
© Copyright 2004 Fortinet Inc. All rights reserved.
No part of this publication including text, examples, diagrams or illustrations may be reproduced,
transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or
otherwise, for any purpose, without prior written permission of Fortinet Inc.
FortiGate-3000 Administration Guide
Version 2.80 MR6
5 November 2004
01-28006-0010-20041105
Trademarks
Products mentioned in this document are trademarks or registered trademarks of their respective
holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
CAUTION: RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT TYPE.
DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.
For technical support, please visit http://www.fortinet.com.
Send information about errors or omissions in this document or any Fortinet technical documentation to
techdoc@fortinet.com.
Table of Contents
System status....................................................................................................... 17
Console access................................................................................................................. 17
Status................................................................................................................................ 17
Viewing system status .................................................................................................. 18
Changing unit information ............................................................................................. 20
To change FortiGate host name ................................................................................ 20
To update the firmware version.................................................................................. 20
To update the antivirus definitions manually .............................................................. 20
To update the attack definitions manually.................................................................. 21
Changing operation mode............................................................................................. 21
To change to Transparent mode................................................................................ 21
To change to NAT/Route mode ................................................................................. 22
Session list........................................................................................................................ 22
Viewing the session list................................................................................................. 22
To view the session list .............................................................................................. 23
Changing the FortiGate firmware...................................................................................... 23
Upgrading to a new firmware version ........................................................................... 24
To upgrade the firmware using the web-based manager........................................... 24
To upgrade the firmware using the CLI...................................................................... 24
Reverting to a previous firmware version...................................................................... 25
To revert to a previous firmware version using the web-based manager .................. 26
To revert to a previous firmware version using the CLI.............................................. 27
Installing firmware images from a system reboot using the CLI ................................... 28
To install firmware from a system reboot ................................................................... 29
Testing a new firmware image before installing it ......................................................... 32
To test a new firmware image .................................................................................... 32
Installing and using a backup firmware image .............................................................. 34
To install a backup firmware image............................................................................ 34
To switch to the backup firmware image.................................................................... 35
To switch back to the default firmware image ............................................................ 36
Contents
System network ................................................................................................... 39
Interface............................................................................................................................ 39
Interface settings........................................................................................................... 40
Configuring interfaces ................................................................................................... 44
To add a VLAN subinterface ...................................................................................... 44
To bring down an interface that is administratively up ............................................... 45
To start up an interface that is administratively down ................................................ 45
To add interfaces to a zone........................................................................................ 45
To add an interface to a virtual domain...................................................................... 45
To change the static IP address of an interface......................................................... 45
FortiGate-3000 Administration Guide 01-28006-0010-20041105 3
Contents
To configure an interface for DHCP ........................................................................... 46
To configure an interface for PPPoE.......................................................................... 46
To add a secondary IP address ................................................................................. 47
To add a ping server to an interface .......................................................................... 47
To control administrative access to an interface ........................................................ 47
To change the MTU size of the packets leaving an interface .................................... 48
To configure traffic logging for connections to an interface........................................ 48
Zone.................................................................................................................................. 48
Zone settings ................................................................................................................ 49
To add a zone ............................................................................................................ 49
To delete a zone ........................................................................................................ 49
To edit a zone ............................................................................................................ 50
Management..................................................................................................................... 50
Management interface .................................................................................................. 50
To configure the management interface .................................................................... 51
DNS .................................................................................................................................. 51
DNS configuration......................................................................................................... 51
To add DNS server IP addresses .............................................................................. 51
Routing table (Transparent Mode) .................................................................................... 51
Routing table list ........................................................................................................... 51
Transparent mode route settings .................................................................................. 52
To add a Transparent mode route ............................................................................. 52
VLAN overview ................................................................................................................. 52
FortiGate units and VLANs ........................................................................................... 53
VLANs in NAT/Route mode .............................................................................................. 53
Rules for VLAN IDs....................................................................................................... 54
Rules for VLAN IP addresses ....................................................................................... 54
Adding VLAN subinterfaces .......................................................................................... 54
To add a VLAN subinterface in NAT/Route mode ..................................................... 54
To add firewall policies for VLAN subinterfaces......................................................... 55
VLANs in Transparent mode............................................................................................. 55
Rules for VLAN IDs....................................................................................................... 56
Transparent mode virtual domains and VLANs ............................................................ 56
Transparent mode VLAN list......................................................................................... 56
Transparent mode VLAN settings................................................................................. 57
To add a VLAN subinterface in Transparent mode.................................................... 57
To add firewall policies for VLAN subinterfaces......................................................... 57
FortiGate IPv6 support...................................................................................................... 58
System DHCP ....................................................................................................... 59
Service.............................................................................................................................. 59
DHCP service settings .................................................................................................. 59
To configure an interface as a regular DHCP relay agent ......................................... 60
To configure an interface to be a DHCP server ......................................................... 60
4 01-28006-0010-20041105 Fortinet Inc.
Server ............................................................................................................................... 60
DHCP server settings ................................................................................................... 61
To configure a DHCP server for an interface ............................................................. 61
To configure multiple DHCP servers for an interface................................................. 62
Exclude range ................................................................................................................... 62
DHCP exclude range settings....................................................................................... 62
To add an exclusion range......................................................................................... 63
IP/MAC binding ................................................................................................................. 63
DHCP IP/MAC binding settings .................................................................................... 63
To add a DHCP IP/MAC binding pair......................................................................... 63
Dynamic IP........................................................................................................................ 64
Dynamic IP list .............................................................................................................. 64
To view the dynamic IP list......................................................................................... 64
System config ...................................................................................................... 65
System time ...................................................................................................................... 65
System time configuration............................................................................................. 66
To manually set the FortiGate date and time ............................................................. 66
To use NTP to set the FortiGate date and time ......................................................... 66
Options.............................................................................................................................. 67
Options configuration .................................................................................................... 67
To set the system idle timeout ................................................................................... 67
To set the Auth timeout .............................................................................................. 67
To select a language for the web-based manager..................................................... 68
To modify the dead gateway detection settings ......................................................... 68
HA..................................................................................................................................... 68
HA configuration ........................................................................................................... 69
Configuring an HA cluster ............................................................................................. 75
To configure a FortiGate unit for HA operation .......................................................... 75
To connect a FortiGate HA cluster............................................................................. 76
To add a new unit to a functioning cluster.................................................................. 76
To configure weighted-round-robin weights............................................................... 77
Managing an HA cluster................................................................................................ 77
To view the status of each cluster member................................................................ 78
To view and manage logs for individual cluster units................................................. 79
To monitor cluster units for failover ............................................................................ 79
To manage individual cluster units............................................................................. 80
SNMP................................................................................................................................ 80
Configuring SNMP ........................................................................................................ 81
SNMP community ......................................................................................................... 81
To configure SNMP access to an interface in NAT/Route mode ............................... 82
To configure SNMP access to an interface in Transparent mode.............................. 82
To enable SNMP and configure basic SNMP settings............................................... 83
Contents
FortiGate-3000 Administration Guide 01-28006-0010-20041105 5
Contents
To add an SNMP community ..................................................................................... 83
FortiGate MIBs.............................................................................................................. 83
FortiGate traps .............................................................................................................. 84
Fortinet MIB fields ......................................................................................................... 86
Replacement messages ................................................................................................... 88
Replacement messages list .......................................................................................... 88
To change a replacement message........................................................................... 89
Changing replacement messages ................................................................................ 89
FortiManager..................................................................................................................... 90
System administration .......................................................................................... 1
Administrators ..................................................................................................................... 1
Administrators list............................................................................................................ 1
Administrators options .................................................................................................... 2
To configure an administrator account......................................................................... 2
To change an administrator password ......................................................................... 2
Access profiles.................................................................................................................... 3
Access profile list ............................................................................................................ 3
Access profile options ..................................................................................................... 3
To configure an access profile ..................................................................................... 3
System maintenance ............................................................................................. 5
Backup and restore............................................................................................................. 5
Backing up and Restoring............................................................................................... 6
To back up all configuration files.................................................................................. 6
To restore all configuration files ................................................................................... 6
To back up individual categories.................................................................................. 6
To restore individual categories ................................................................................... 6
To back up VPN certificates......................................................................................... 7
To restore VPN certificates .......................................................................................... 7
Update center ..................................................................................................................... 7
Updating antivirus and attack definitions ........................................................................ 9
To make sure the FortiGate unit can connect to the FDN............................................ 9
To update antivirus and attack definitions.................................................................... 9
To enable scheduled updates .................................................................................... 10
To add an override server.......................................................................................... 10
To enable scheduled updates through a proxy server ............................................... 11
Enabling push updates ................................................................................................. 11
To enable push updates............................................................................................. 12
General procedure ..................................................................................................... 13
To add a port forwarding virtual IP to the FortiGate NAT device ............................... 13
To add a firewall policy to the FortiGate NAT device ................................................. 14
To configure the FortiGate unit on the internal network ............................................. 14
6 01-28006-0010-20041105 Fortinet Inc.
Support ............................................................................................................................. 14
Sending a bug report .................................................................................................... 14
To report a bug........................................................................................................... 15
To configure a customized mail relay......................................................................... 15
Registering a FortiGate unit .......................................................................................... 15
To register a FortiGate unit ........................................................................................ 16
Shutdown.......................................................................................................................... 17
System shutdown.......................................................................................................... 17
To log out of the system............................................................................................. 17
To restart the system ................................................................................................. 17
To shut down the system ........................................................................................... 17
To reset the FortiGate unit to factory defaults............................................................ 17
System virtual domain........................................................................................... 1
Virtual domain properties .................................................................................................... 2
Exclusive virtual domain properties ................................................................................ 2
Shared configuration settings ......................................................................................... 3
Administration and management .................................................................................... 4
Virtual domains ................................................................................................................... 4
Adding a virtual domain .................................................................................................. 5
To add a virtual domain................................................................................................ 5
Selecting a virtual domain............................................................................................... 5
To select a virtual domain to configure ........................................................................ 5
Selecting a management virtual domain......................................................................... 5
To select a management virtual domain ...................................................................... 6
To select a management virtual domain and add a management IP........................... 6
Configuring virtual domains ................................................................................................ 6
Adding interfaces, VLAN subinterfaces, and zones to a virtual domain ......................... 6
To add physical interfaces to a virtual domain ............................................................. 6
To add VLAN subinterfaces to a virtual domain........................................................... 7
To view the interfaces in a virtual domain .................................................................... 7
To add zones to a virtual domain................................................................................. 8
Configuring routing for a virtual domain .......................................................................... 8
To configure routing for a virtual domain in NAT/Route mode ..................................... 8
To configure the routing table for a virtual domain in Transparent mode..................... 8
Configuring firewall policies for a virtual domain............................................................. 8
To add firewall policies to a virtual domain .................................................................. 9
To add firewall addresses to a virtual domain.............................................................. 9
To add IP pools to a virtual domain.............................................................................. 9
To add Virtual IPs to a virtual domain .......................................................................... 9
Configuring IPSec VPN for a virtual domain ................................................................. 10
To configure VPN for a virtual domain ....................................................................... 10
Contents
FortiGate-3000 Administration Guide 01-28006-0010-20041105 7
Contents
Router ..................................................................................................................... 1
Static................................................................................................................................... 1
Static route list ................................................................................................................ 2
Static route options ......................................................................................................... 2
To add or edit a static route ......................................................................................... 2
To move static routes................................................................................................... 2
Policy .................................................................................................................................. 3
Policy route list................................................................................................................ 3
Policy route options......................................................................................................... 3
To add a policy route.................................................................................................... 3
RIP...................................................................................................................................... 4
General ........................................................................................................................... 4
To configure RIP general settings................................................................................ 5
To configure RIP route redistribution ........................................................................... 5
Networks list.................................................................................................................... 5
Networks options ............................................................................................................ 6
To configure a RIP network.......................................................................................... 6
Interface list..................................................................................................................... 6
Interface options ............................................................................................................. 6
To configure a RIP interface ........................................................................................ 7
Distribute list ................................................................................................................... 7
Distribute list options....................................................................................................... 8
To configure a distribute list ......................................................................................... 8
Offset list ......................................................................................................................... 8
Offset list options ............................................................................................................ 9
To configure an offset list............................................................................................. 9
Router objects................................................................................................................... 10
Access list ..................................................................................................................... 10
New access list ............................................................................................................. 10
To add an access list name ....................................................................................... 10
New access list entry .................................................................................................... 11
To configure an access list entry................................................................................ 11
Prefix list ....................................................................................................................... 11
New Prefix list ............................................................................................................... 11
To add a prefix list name............................................................................................ 11
New prefix list entry....................................................................................................... 12
To configure a prefix list entry .................................................................................... 12
Route-map list............................................................................................................... 12
New Route-map ............................................................................................................ 13
To add a route map name.......................................................................................... 13
Route-map list entry...................................................................................................... 13
8 01-28006-0010-20041105 Fortinet Inc.
To configure a route map entry .................................................................................. 13
Key chain list................................................................................................................. 14
New key chain............................................................................................................... 14
To add a key chain name........................................................................................... 14
Key chain list entry........................................................................................................ 14
To configure a key chain entry ................................................................................... 14
Monitor.............................................................................................................................. 15
Routing monitor list ....................................................................................................... 15
To filter the routing monitor display............................................................................ 15
CLI configuration............................................................................................................... 16
get router info ospf ........................................................................................................ 16
get router info protocols ................................................................................................ 16
get router info rip........................................................................................................... 17
config router ospf ......................................................................................................... 17
config router static6....................................................................................................... 39
Firewall.................................................................................................................. 41
Policy ................................................................................................................................ 42
How policy matching works........................................................................................... 42
Policy list ....................................................................................................................... 42
Policy options................................................................................................................ 43
Advanced policy options ............................................................................................... 45
Configuring firewall policies .......................................................................................... 46
To add a firewall policy............................................................................................... 46
To delete a policy ....................................................................................................... 47
To edit a policy ........................................................................................................... 47
To change the position of a policy in the list .............................................................. 47
To disable a policy ..................................................................................................... 47
To enable a policy ...................................................................................................... 47
Policy CLI configuration ................................................................................................ 47
Address............................................................................................................................. 48
Address list ................................................................................................................... 49
Address options ............................................................................................................ 49
Configuring addresses .................................................................................................. 50
To add an address ..................................................................................................... 50
To edit an address ..................................................................................................... 50
To delete an address ................................................................................................. 50
Address group list ......................................................................................................... 51
Address group options .................................................................................................. 51
Configuring address groups.......................................................................................... 51
To organize addresses into an address group........................................................... 51
To delete an address group ....................................................................................... 51
To edit an address group ........................................................................................... 52
Contents
FortiGate-3000 Administration Guide 01-28006-0010-20041105 9
Contents
Service.............................................................................................................................. 52
Predefined service list................................................................................................... 52
Custom service list........................................................................................................ 52
Custom service options................................................................................................. 53
Configuring custom services......................................................................................... 53
To add a custom TCP or UDP service....................................................................... 53
To add a custom ICMP service .................................................................................. 53
To add a custom IP service........................................................................................ 54
To delete a custom service ........................................................................................ 54
To edit a custom service ............................................................................................ 54
Service group list .......................................................................................................... 54
Service group options ................................................................................................... 55
Configuring service groups ........................................................................................... 55
To organize services into a service group.................................................................. 55
To delete a service group........................................................................................... 55
To edit a service group............................................................................................... 55
Schedule........................................................................................................................... 55
One-time schedule list .................................................................................................. 56
One-time schedule options ........................................................................................... 56
Configuring one-time schedules ................................................................................... 56
To add a one-time schedule....................................................................................... 56
To delete a one-time schedule................................................................................... 57
To edit a one-time schedule....................................................................................... 57
Recurring schedule list.................................................................................................. 57
Recurring schedule options .......................................................................................... 57
Configuring recurring schedules ................................................................................... 58
To add a recurring schedule ...................................................................................... 58
To delete a recurring schedule................................................................................. 58
To edit a recurring schedule..................................................................................... 58
Virtual IP ........................................................................................................................... 58
Virtual IP list .................................................................................................................. 59
Virtual IP options........................................................................................................... 59
Configuring virtual IPs................................................................................................... 60
To add a static NAT virtual IP .................................................................................... 60
To add port forwarding virtual IPs .............................................................................. 61
To add a dynamic port forwarding virtual IP............................................................... 62
To delete a virtual IP .................................................................................................. 62
To edit a virtual IP ...................................................................................................... 62
IP pool............................................................................................................................... 63
IP pool list ..................................................................................................................... 63
IP pool options .............................................................................................................. 63
Configuring IP pools...................................................................................................... 63
To add an IP pool....................................................................................................... 63
To delete an IP pool................................................................................................... 64
10 01-28006-0010-20041105 Fortinet Inc.
To edit a IP pool ......................................................................................................... 64
IP Pools for firewall policies that use fixed ports ........................................................... 64
IP pools and dynamic NAT ........................................................................................... 64
Protection profile ............................................................................................................... 65
Protection profile list...................................................................................................... 65
Default protection profiles ............................................................................................. 65
Protection profile options .............................................................................................. 66
Configuring protection profiles ...................................................................................... 68
To add a protection profile ......................................................................................... 68
To delete a protection profile................................................................................... 69
To edit a protection profile....................................................................................... 69
To add a protection profile to a policy ........................................................................ 69
CLI configuration........................................................................................................... 69
Users and authentication ...................................................................................... 1
Setting authentication timeout............................................................................................. 2
Local ................................................................................................................................... 2
Local user list .................................................................................................................. 2
Contents
Local user options........................................................................................................... 2
To add a user name and configure authentication....................................................... 2
To delete a user name from the internal database ...................................................... 3
RADIUS .............................................................................................................................. 3
RADIUS server list .......................................................................................................... 3
RADIUS server options................................................................................................... 3
To configure the FortiGate unit for RADIUS authentication ......................................... 3
To delete a RADIUS server.......................................................................................... 4
LDAP................................................................................................................................... 4
LDAP server list .............................................................................................................. 4
LDAP server options ....................................................................................................... 4
To configure the FortiGate unit for LDAP authentication: ............................................ 5
To delete an LDAP server............................................................................................ 5
User group .......................................................................................................................... 6
User group list................................................................................................................. 6
User group options.......................................................................................................... 6
To configure a user group ............................................................................................ 6
To delete a user group................................................................................................. 7
CLI configuration................................................................................................................. 7
peer................................................................................................................................. 7
peergrp............................................................................................................................ 8
FortiGate-3000 Administration Guide 01-28006-0010-20041105 11
Contents
VPN........................................................................................................................ 11
Phase 1............................................................................................................................. 12
Phase 1 list ................................................................................................................... 12
Phase 1 basic settings .................................................................................................. 12
Phase 1 advanced options............................................................................................ 14
Configuring XAuth......................................................................................................... 15
Phase 2............................................................................................................................. 16
Phase 2 list ................................................................................................................... 17
Phase 2 basic settings .................................................................................................. 17
Phase 2 advanced options............................................................................................ 17
Manual key........................................................................................................................ 19
Manual key list .............................................................................................................. 19
Manual key options ....................................................................................................... 20
Concentrator ..................................................................................................................... 20
Concentrator list............................................................................................................ 21
Concentrator options..................................................................................................... 21
Ping Generator.................................................................................................................. 21
Ping generator options.................................................................................................. 22
Monitor.............................................................................................................................. 22
Dialup monitor............................................................................................................... 22
Static IP and dynamic DNS monitor.............................................................................. 23
PPTP................................................................................................................................. 23
Setting up a PPTP-based VPN ..................................................................................... 24
Enabling PPTP and specifying a PPTP range .............................................................. 24
Configuring a Windows 2000 client for PPTP ............................................................... 25
To configure a PPTP dialup connection..................................................................... 25
To connect to the PPTP VPN..................................................................................... 25
Configuring a Windows XP client for PPTP .................................................................. 25
To configure a PPTP dialup connection..................................................................... 25
To configure the VPN connection .............................................................................. 26
To connect to the PPTP VPN..................................................................................... 26
PPTP passthrough........................................................................................................ 26
To configure a dynamic port forwarding virtual IP for port 1723 ................................ 27
To configure the firewall policy................................................................................... 27
L2TP ................................................................................................................................ 28
Setting up a L2TP-based VPN...................................................................................... 28
Enabling L2TP and specifying an L2TP range.............................................................. 29
Configuring a Windows 2000 client for L2TP................................................................ 29
To configure an L2TP dialup connection.................................................................... 29
To disable IPSec........................................................................................................ 30
To connect to the L2TP VPN ..................................................................................... 30
Configuring a Windows XP client for L2TP ................................................................... 30
To configure an L2TP VPN dialup connection ........................................................... 30
12 01-28006-0010-20041105 Fortinet Inc.
To configure the VPN connection .............................................................................. 31
To disable IPSec........................................................................................................ 31
To connect to the L2TP VPN ..................................................................................... 32
Certificates ........................................................................................................................ 32
Viewing the certificate list.............................................................................................. 33
Generating a certificate request.................................................................................... 33
Installing a signed certificate ........................................................................................ 34
Enabling VPN access for specific certificate holders ................................................... 35
CLI configuration............................................................................................................... 36
ipsec phase1................................................................................................................. 36
ipsec phase2................................................................................................................. 38
ipsec vip ........................................................................................................................ 38
Authenticating peers with preshared keys ........................................................................ 40
Gateway-to-gateway VPN................................................................................................. 40
Dialup VPN ....................................................................................................................... 41
Dynamic DNS VPN ........................................................................................................... 41
Manual key IPSec VPN..................................................................................................... 42
Adding firewall policies for IPSec VPN tunnels................................................................. 42
Setting the encryption policy direction .......................................................................... 42
Setting the source address for encrypted traffic ........................................................... 42
Setting the destination address for encrypted traffic ..................................................... 43
Adding an IPSec firewall encryption policy ................................................................... 43
Internet browsing through a VPN tunnel ........................................................................... 43
Configuring Internet browsing through a VPN tunnel.................................................... 44
IPSec VPN in Transparent mode...................................................................................... 45
Special rules ................................................................................................................. 45
Hub and spoke VPNs........................................................................................................ 46
Configuring the hub....................................................................................................... 46
Configuring spokes ....................................................................................................... 47
Redundant IPSec VPNs.................................................................................................... 48
Configuring redundant IPSec VPNs.............................................................................. 49
Configuring IPSec virtual IP addresses ............................................................................ 50
Troubleshooting ................................................................................................................ 51
Contents
IPS ......................................................................................................................... 53
Signature........................................................................................................................... 54
Predefined..................................................................................................................... 54
To enable or disable predefined signature groups..................................................... 56
To configure predefined signature settings ................................................................ 56
To restore the recommended settings of a signature................................................. 56
Custom.......................................................................................................................... 57
To add a custom signature......................................................................................... 58
Anomaly............................................................................................................................ 59
To configure the settings of an anomaly .................................................................... 60
FortiGate-3000 Administration Guide 01-28006-0010-20041105 13
Contents
To restore the default settings of an anomaly ............................................................ 61
Anomaly CLI configuration............................................................................................ 61
Configuring IPS logging and alert email............................................................................ 62
Default fail open setting .................................................................................................... 62
Antivirus ............................................................................................................... 65
File block........................................................................................................................... 66
File block list ................................................................................................................. 67
Configuring the file block list ......................................................................................... 67
To add a file name or file pattern to the file block list................................................. 67
Quarantine ........................................................................................................................ 68
Quarantined files list ..................................................................................................... 68
Quarantined files list options......................................................................................... 68
AutoSubmit list .............................................................................................................. 69
AutoSubmit list options ................................................................................................. 69
Configuring the AutoSubmit list..................................................................................... 69
To add a file pattern to the AutoSubmit list ................................................................ 69
Config............................................................................................................................ 70
Config................................................................................................................................ 70
Virus list ........................................................................................................................ 71
Config............................................................................................................................ 71
Grayware ...................................................................................................................... 71
Grayware options.......................................................................................................... 71
CLI configuration............................................................................................................... 72
system global av_failopen............................................................................................. 72
system global optimize.................................................................................................. 73
heuristic......................................................................................................................... 74
quarantine ..................................................................................................................... 75
service http.................................................................................................................... 75
service ftp...................................................................................................................... 76
service pop3.................................................................................................................. 77
service imap.................................................................................................................. 78
service smtp.................................................................................................................. 79
Web filter............................................................................................................... 81
Content block.................................................................................................................... 82
Web content block list ................................................................................................... 83
Web content block options............................................................................................ 83
Configuring the web content block list .......................................................................... 83
To add or edit a banned word .................................................................................... 83
URL block ......................................................................................................................... 84
Web URL block list........................................................................................................ 84
Web URL block options ................................................................................................ 85
Configuring the web URL block list ............................................................................... 85
14 01-28006-0010-20041105 Fortinet Inc.
To add a URL to the web URL block list .................................................................... 85
Web pattern block list.................................................................................................... 85
Web pattern block options ............................................................................................ 86
Configuring web pattern block ...................................................................................... 86
To add a pattern to the web pattern block list ............................................................ 86
URL exempt...................................................................................................................... 86
URL exempt list............................................................................................................. 86
URL exempt list options ................................................................................................ 87
Configuring URL exempt............................................................................................... 87
To add a URL to the URL exempt list ........................................................................ 87
Category block .................................................................................................................. 87
FortiGuard managed web filtering service .................................................................... 87
Category block configuration options ............................................................................ 88
Configuring web category block.................................................................................... 89
To enable FortiGuard web filtering............................................................................. 89
Category block reports.................................................................................................. 89
Category block reports options ..................................................................................... 89
Generating a category block report............................................................................... 90
To generate a category block report .......................................................................... 90
Category block CLI configuration.................................................................................. 90
Script filter ......................................................................................................................... 91
Web script filter options................................................................................................. 91
Contents
Spam filter ............................................................................................................ 93
IP address......................................................................................................................... 95
IP address list ............................................................................................................... 96
IP address options ........................................................................................................ 96
Configuring the IP address list ...................................................................................... 96
To add an IP address to the IP address list ............................................................... 96
RBL & ORDBL .................................................................................................................. 97
RBL & ORDBL list......................................................................................................... 97
RBL & ORDBL options.................................................................................................. 97
Configuring the RBL & ORDBL list ............................................................................... 97
To add a server to the RBL & ORDBL list.................................................................. 97
Email address ................................................................................................................... 98
Email address list.......................................................................................................... 98
Email address options................................................................................................... 98
Configuring the email address list................................................................................. 98
To add an email address or domain to the list ........................................................... 98
MIME headers................................................................................................................... 99
MIME headers list ......................................................................................................... 99
MIME headers options .................................................................................................. 99
Configuring the MIME headers list.............................................................................. 100
To add a MIME header to the list............................................................................. 100
FortiGate-3000 Administration Guide 01-28006-0010-20041105 15
Contents
Banned word................................................................................................................... 100
Banned word list ......................................................................................................... 101
Banned word options .................................................................................................. 101
Configuring the banned word list ................................................................................ 101
To add or edit a banned word .................................................................................. 101
Using Perl regular expressions....................................................................................... 102
To block any word in a phrase ................................................................................. 104
To block purposely misspelled words ...................................................................... 104
To block common spam phrases ............................................................................. 104
Log & Report ...................................................................................................... 105
Log config ....................................................................................................................... 106
Log Setting options ..................................................................................................... 106
To configure Log Setting .......................................................................................... 107
To configure log file uploading ................................................................................. 109
Alert E-mail options..................................................................................................... 110
To configure alert email............................................................................................ 110
Log filter options.......................................................................................................... 111
Configuring log filters .................................................................................................. 113
To configure log filters.............................................................................................. 113
Enabling traffic logging................................................................................................ 113
To enable traffic logging for an interface or VLAN subinterface............................... 113
To enable traffic logging for a firewall policy ............................................................ 113
Log access...................................................................................................................... 114
Disk log file access ..................................................................................................... 114
To access log files on the FortiGate disk ................................................................. 114
To download log files from the FortiGate disk.......................................................... 114
To view and search log messages on the FortiGate disk ........................................ 115
Viewing log messages ................................................................................................ 115
To view log messages in the FortiGate memory buffer............................................ 115
To view log messages in FortiGate disk drive files .................................................. 116
The Detailed Information column provides the entire raw log entry and is not needed unless the
log contains information not available in any of the other, more specific columns... 116
To change the columns in the log message display ................................................ 116
Searching log messages............................................................................................. 117
To perform a simple keyword search ....................................................................... 117
To perform an advanced search .............................................................................. 117
CLI configuration............................................................................................................. 117
fortilog setting.............................................................................................................. 117
syslogd setting ............................................................................................................ 119
16 01-28006-0010-20041105 Fortinet Inc.
FortiGuard categories ....................................................................................... 121
FortiGate maximum values ............................................................................... 127
Glossary ............................................................................................................. 131
Index.................................................................................................................... 135
Contents
FortiGate-3000 Administration Guide 01-28006-0010-20041105 17
Contents
18 01-28006-0010-20041105 Fortinet Inc.
FortiGate-3000 Administration Guide Version 2.80 MR6
Introduction
FortiGate Antivirus Firewalls support network-based deployment of application-level
services, including antivirus protection and full-scan content filtering. FortiGate
Antivirus Firewalls improve network security, reduce network misuse and abuse, and
help you use communications resources more efficiently without compromising the
performance of your network. FortiGate Antivirus Firewalls are ICSA-certified for
firewall, IPSec, and antivirus services.
This chapter introduces you to FortiGate Antivirus Firewalls and the following topics:
• About FortiGate Antivirus Firewalls
• Document conventions
• FortiGate documentation
• Related documentation
• Customer service and technical support
About FortiGate Antivirus Firewalls
The FortiGate Antivirus Firewall is a dedicated easily managed security device that
delivers a full suite of capabilities that include:
• application-level services such as virus protection and content filtering,
• network-level services such as firewall, intrusion detection, VPN, and traffic
shaping.
The FortiGate Antivirus Firewall uses Fortinet’s Accelerated Behavior and Content
Analysis System (ABACAS™) technology, which leverages breakthroughs in chip
design, networking, security, and content analysis. The unique ASIC-based
architecture analyzes content and behavior in real-time, enabling key applications to
be deployed right at the network edge, where they are most effective at protecting
your networks. The FortiGate series complements existing solutions, such as hostbased antivirus protection, and enables new applications and services while greatly
lowering costs for equipment, administration, and maintenance.
FortiGate-3000 Administration Guide 01-28006-0010-20041105 19
About FortiGate Antivirus Firewalls Introduction
The FortiGate-3000 model provides the
POWER
12
carrier-class levels of performance and
reliability demanded by large enterprises
and service providers. The
Esc Enter
123 4/HA INTERNAL EXTERNAL
3
INT
Hi-Temp
4/HA
EXT
FortiGate-3000 uses multiple CPUs and
FortiASIC chips to deliver throughput of 3Gbps, meeting the needs of the most
demanding applications. Each FortiGate-3000 unit includes redundant power supplies
to minimize single-point failures, and also supports load-balanced operation and
redundant failover with no interruption in service. The FortiGate-3000 includes three
10/100 BaseTX ports, one Gigabit ethernet port, and two Gigabit fibre ports. The high
capacity, reliability, and easy management of the FortiGate-3000 makes it a natural
choice for managed service offerings.
Antivirus protection
FortiGate ICSA-certified antivirus protection scans web (HTTP), file transfer (FTP),
and email (SMTP, POP3, and IMAP) content as it passes through the FortiGate unit.
FortiGate antivirus protection uses pattern matching and heuristics to find viruses. If a
virus is found, antivirus protection removes the file containing the virus from the
content stream and forwards a replacement message to the intended recipient.
For extra protection, you can configure antivirus protection to block specified file types
from passing through the FortiGate unit. You can use the feature to stop files that
might contain new viruses.
FortiGate antivirus protection can also identify and remove known grayware
programs. Grayware programs are usually unsolicited commercial software programs
that get installed on PCs, often without the user’s consent or knowledge. Grayware
programs are generally considered an annoyance, but these programs can cause
system performance problems or be used for malicious means.
If the FortiGate unit contains a hard disk, infected or blocked files and grayware files
can be quarantined. The FortiGate administrator can download quarantined files so
that they can be virus scanned, cleaned, and forwarded to the intended recipient. You
can also configure the FortiGate unit to automatically delete quarantined files after a
specified time.
The FortiGate unit can send email alerts to system administrators when it detects and
removes a virus from a content stream. The web and email content can be in normal
network traffic or encrypted IPSec VPN traffic.
ICSA Labs has certified that FortiGate Antivirus Firewalls:
• detect 100% of the viruses listed in the current In The Wild List (www.wildlist.org),
• detect viruses in compressed files using the PKZip format,
• detect viruses in email that has been encoded using uuencode format,
• detect viruses in email that has been encoded using MIME encoding,
• log all actions taken while scanning.
20 01-28006-0010-20041105 Fortinet Inc.
Introduction About FortiGate Antivirus Firewalls
Web content filtering
FortiGate web content filtering can scan all HTTP content protocol streams for URLs,
URL patterns, and web page content. If there is a match between a URL on the URL
block list, or a web page contains a word or phrase that is in the content block list, the
FortiGate unit blocks the web page. The blocked web page is replaced with a
message that you can edit using the FortiGate web-based manager.
FortiGate web content filtering also supports FortiGuard web category blocking. Using
web category blocking you can restrict or allow access to web pages based on
content ratings of web pages.
You can configure URL blocking to block all or some of the pages on a web site. Using
this feature, you can deny access to parts of a web site without denying access to it
completely.
To prevent unintentionally blocking legitimate web pages, you can add URLs to an
exempt list that overrides the URL blocking and content blocking lists. The exempt list
also exempts web traffic this address from virus scanning.
Web content filtering also includes a script filter feature that can block unsecure web
content such as Java applets, cookies, and ActiveX.
Spam filtering
Firewall
FortiGate spam filtering can scan all POP3, SMTP, and IMAP email content for spam.
You can configure spam filtering to filter mail according to IP address, email address,
mime headers, and content. Mail messages can be identified as spam or clear.
You can also add the names of known Real-time Blackhole List (RBL) and Open
Relay Database List (ORDBL) servers. These services contain lists of known spam
sources.
If an email message is found to be spam, the FortiGate adds an email tag to the
subject line of the email. The recipient can use the mail client software to filter
messages based on the email tag. Spam filtering can also be configured to delete
SMTP email messages identified as spam.
The FortiGate ICSA-certified firewall protects your computer networks from Internet
threats. ICSA has granted FortiGate firewalls version 4.0 firewall certification,
providing assurance that FortiGate firewalls successfully screen and secure corporate
networks against a range of threats from public or other untrusted networks.
After basic installation of the FortiGate unit, the firewall allows users on the protected
network to access the Internet while blocking Internet access to internal networks. You
can configure the firewall to put controls on access to the Internet from the protected
networks and to allow controlled access to internal networks.
FortiGate-3000 Administration Guide 01-28006-0010-20041105 21
About FortiGate Antivirus Firewalls Introduction
FortiGate policies include a range of options that:
• control all incoming and outgoing network traffic,
• control encrypted VPN traffic,
• apply antivirus protection and web content filtering,
• block or allow access for all policy options,
• control when individual policies are in effect,
• accept or deny traffic to and from individual addresses,
• control standard and user defined network services individually or in groups,
• require users to authenticate before gaining access,
• include traffic shaping to set access priorities and guarantee or limit bandwidth for
each policy,
• include logging to track connections for individual policies,
• include Network Address Translation (NAT) mode and Route mode policies,
• include mixed NAT and Route mode policies.
The FortiGate firewall can operate in NAT/Route mode or Transparent mode.
NAT/Route mode
In NAT/Route mode, the FortiGate unit is a Layer 3 device. This means that each of its
interfaces is associated with a different IP subnet and that it appears to other devices
as a router. This is how a firewall is normally deployed.
In NAT/Route mode, you can create NAT mode policies and Route mode policies.
• NAT mode policies use network address translation to hide the addresses in a
more secure network from users in a less secure network.
• Route mode policies accept or deny connections between networks without
performing address translation.
Transparent mode
In Transparent mode, the FortiGate unit does not change the Layer 3 topology. This
means that all of its interfaces are on the same IP subnet and that it appears to other
devices as a bridge. Typically, the FortiGate unit is deployed in Transparent mode to
provide antivirus and content filtering behind an existing firewall solution.
Transparent mode provides the same basic firewall protection as NAT mode. The
FortiGate unit passes or blocks the packets it receives according to firewall policies.
The FortiGate unit can be inserted in the network at any point without having to make
changes to your network or its components. However, some advanced firewall
features are available only in NAT/Route mode.
22 01-28006-0010-20041105 Fortinet Inc.
Introduction About FortiGate Antivirus Firewalls
VLANs and virtual domains
Fortigate Antivirus Firewalls support IEEE 802.1Q-compliant virtual LAN (VLAN) tags.
Using VLAN technology, a single FortiGate unit can provide security services to, and
control connections between, multiple security domains according to the VLAN IDs
added to VLAN packets. The FortiGate unit can recognize VLAN IDs and apply
security policies to secure network and IPSec VPN traffic between each security
domain. The FortiGate unit can also apply authentication, content filtering, and
antivirus protection to VLAN-tagged network and VPN traffic.
The FortiGate unit supports VLANs in NAT/Route and Transparent mode. In
NAT/Route mode, you enter VLAN subinterfaces to receive and send VLAN packets.
FortiGate virtual domains provide multiple logical firewalls and routers in a single
FortiGate unit. Using virtual domains, one FortiGate unit can provide exclusive firewall
and routing services to multiple networks so that traffic from each network is
effectively separated from every other network.
You can develop and manage interfaces, VLAN subinterfaces, zones, firewall policies,
routing, and VPN configuration for each virtual domain separately. For these
configuration settings, each virtual domain is functionally similar to a single FortiGate
unit. This separation simplifies configuration because you do not have to manage as
many routes or firewall policies at one time.
Intrusion Prevention System (IPS)
The FortiGate Intrusion Prevention System (IPS) combines signature and anomaly
based intrusion detection and prevention. The FortiGate unit can record suspicious
traffic in logs, can send alert email to system administrators, and can log, pass, drop,
reset, or clear suspicious packets or sessions. Both the IPS predefined signatures and
the IPS engine are upgradeable through the FortiProtect Distribution Network (FDN).
You can also create custom signatures.
VPN
Using FortiGate virtual private networking (VPN), you can provide a secure
connection between widely separated office networks or securely link telecommuters
or travellers to an office network.
• PPTP for easy connectivity with the VPN standard supported by the most popular
operating systems.
• L2TP for easy connectivity with a more secure VPN standard, also supported by
many popular operating systems.
• Firewall policy based control of IPSec VPN traffic.
• IPSec NAT traversal so that remote IPSec VPN gateways or clients behind a NAT
can connect to an IPSec VPN tunnel.
• VPN hub and spoke using a VPN concentrator to allow VPN traffic to pass from
one tunnel to another through the FortiGate unit.
• IPSec Redundancy to create a redundant AutoIKE key IPSec VPN connection to a
remote network.
FortiGate-3000 Administration Guide 01-28006-0010-20041105 23
About FortiGate Antivirus Firewalls Introduction
FortiGate VPN features include the following:
• Industry standard and ICSA-certified IPSec VPN, including:
• IPSec VPN in NAT/Route and Transparent mode,
• IPSec, ESP security in tunnel mode,
• DES, 3DES (triple-DES), and AES hardware accelerated encryption,
• HMAC MD5 and HMAC SHA1 authentication and data integrity,
• AutoIKE key based on pre-shared key tunnels,
• IPSec VPN using local or CA certificates,
• Manual Keys tunnels,
• Diffie-Hellman groups 1, 2, and 5,
• Aggressive and Main Mode,
• Replay Detection,
• Perfect Forward Secrecy,
• XAuth authentication,
• Dead peer detection,
• DHCP over IPSec,
• Secure Internet browsing.
High availability
Fortinet achieves high availability (HA) using redundant hardware and the FortiGate
Clustering Protocol (FGCP). Each FortiGate unit in an HA cluster enforces the same
overall security policy and shares the same configuration settings. You can add up to
32 FortiGate units to an HA cluster. Each FortiGate unit in an HA cluster must be the
same model and must be running the same FortiOS firmware image.
FortiGate HA supports link redundancy and device redundancy.
FortiGate units can be configured to operate in active-passive (A-P) or active-active
(A-A) HA mode. Active-active and active-passive clusters can run in either NAT/Route
or Transparent mode.
An active-passive (A-P) HA cluster, also referred to as hot standby HA, consists of a
primary FortiGate unit that processes traffic, and one or more subordinate FortiGate
units. The subordinate FortiGate units are connected to the network and to the
primary FortiGate unit but do not process traffic.
Active-active (A-A) HA load balances virus scanning among all the FortiGate units in
the cluster. An active-active HA cluster consists of a primary FortiGate unit that
processes traffic and one or more secondary units that also process traffic. The
primary FortiGate unit uses a load balancing algorithm to distribute virus scanning to
all the FortiGate units in the HA cluster.
Secure installation, configuration, and management
The first time you power on the FortiGate unit, it is already configured with default IP
addresses and security policies. Connect to the web-based manager, set the
operating mode, and use the Setup wizard to customize FortiGate IP addresses for
your network, and the FortiGate unit is ready to protect your network. You can then
use the web-based manager to customize advanced FortiGate features.
You can also create a basic configuration using the FortiGate front panel control
buttons and LCD.
24 01-28006-0010-20041105 Fortinet Inc.
Introduction About FortiGate Antivirus Firewalls
Web-based manager
Using HTTP or a secure HTTPS connection from any computer running Internet
Explorer, you can configure and manage the FortiGate unit. The web-based manager
supports multiple languages. You can configure the FortiGate unit for HTTP and
HTTPS administration from any FortiGate interface.
You can use the web-based manager to configure most FortiGate settings. You can
also use the web-based manager to monitor the status of the FortiGate unit.
Configuration changes made using the web-based manager are effective immediately
without resetting the firewall or interrupting service. Once you are satisfied with a
configuration, you can download and save it. The saved configuration can be restored
at any time.
Command line interface
You can access the FortiGate command line interface (CLI) by connecting a
management computer serial port to the FortiGate RS-232 serial console connector.
You can also use Telnet or a secure SSH connection to connect to the CLI from any
network that is connected to the FortiGate unit, including the Internet.
The CLI supports the same configuration and monitoring functionality as the
web-based manager. In addition, you can use the CLI for advanced configuration
options that are not available from the web-based manager.
This Administration Guide contains information about basic and advanced CLI
commands. For a more complete description about connecting to and using the
FortiGate CLI, see the FortiGate CLI Reference Guide.
Logging and reporting
The FortiGate unit supports logging for various categories of traffic and configuration
changes. You can configure logging to:
• report traffic that connects to the firewall,
• report network services used,
• report traffic that was permitted by firewall policies,
• report traffic that was denied by firewall policies,
• report events such as configuration changes and other management events, IPSec
tunnel negotiation, virus detection, attacks, and web page blocking,
• report attacks detected by the IPS,
• send alert email to system administrators to report virus incidents, intrusions, and
firewall or VPN events or violations.
Logs can be sent to a remote syslog server or a WebTrends NetIQ Security Reporting
Center and Firewall Suite server using the WebTrends enhanced log format. Some
models can also save logs to an optional internal hard drive. If a hard drive is not
installed, you can configure most FortiGate units to log the most recent events and
attacks detected by the IPS to the system memory.
FortiGate-3000 Administration Guide 01-28006-0010-20041105 25
Document conventions Introduction
Document conventions
This guide uses the following conventions to describe CLI command syntax.
• Angle brackets < > to indicate variables.
For example:
execute restore config <filename_str>
You enter:
execute restore config myfile.bak
<xxx_str> indicates an ASCII string that does not contain new-lines or carriage
returns.
<xxx_integer> indicates an integer string that is a decimal (base 10) number.
<xxx_octet> indicates a hexadecimal string that uses the digits 0-9 and letters
A-F.
<xxx_ipv4> indicates a dotted decimal IPv4 address.
<xxx_v4mask> indicates a dotted decimal IPv4 netmask.
<xxx_ipv4mask> indicates a dotted decimal IPv4 address followed by a dotted
decimal IPv4 netmask.
<xxx_ipv6> indicates a dotted decimal IPv6 address.
<xxx_v6mask> indicates a dotted decimal IPv6 netmask.
<xxx_ipv6mask> indicates a dotted decimal IPv6 address followed by a dotted
decimal IPv6 netmask.
• Vertical bar and curly brackets {|} to separate alternative, mutually exclusive
required keywords.
For example:
set opmode {nat | transparent}
You can enter set opmode nat or set opmode transparent.
• Square brackets [ ] to indicate that a keyword or variable is optional.
For example:
show system interface [<name_str>]
To show the settings for all interfaces, you can enter show system interface.
To show the settings for the internal interface, you can enter show system
interface internal.
26 01-28006-0010-20041105 Fortinet Inc.
Introduction FortiGate documentation
• A space to separate options that can be entered in any combination and must be
separated by spaces.
For example:
set allowaccess {ping https ssh snmp http telnet}
You can enter any of the following:
set allowaccess ping
set allowaccess ping https ssh
set allowaccess https ping ssh
set allowaccess snmp
In most cases to make changes to lists that contain options separated by spaces,
you need to retype the whole list including all the options you want to apply and
excluding all the options you want to remove.
FortiGate documentation
Information about FortiGate products is available from the following guides:
• FortiGate QuickStart Guide
Provides basic information about connecting and installing a FortiGate unit.
• FortiGate Installation Guide
Describes how to install a FortiGate unit. Includes a hardware reference, default
configuration information, installation procedures, connection procedures, and
basic configuration procedures. Choose the guide for your product model number.
• FortiGate Administration Guide
Provides basic information about how to configure a FortiGate unit, including how
to define FortiGate protection profiles and firewall policies; how to apply intrusion
prevention, antivirus protection, web content filtering, and spam filtering; and how
to configure a VPN.
• FortiGate online help
Provides a context-sensitive and searchable version of the Administration Guide in
HTML format. You can access online help from the web-based manager as you
work.
• FortiGate CLI Reference Guide
Describes how to use the FortiGate CLI and contains a reference to all FortiGate
CLI commands.
• FortiGate Log Message Reference Guide
Describes the structure of FortiGate log messages and provides information about
the log messages that are generated by FortiGate units.
• FortiGate High Availability Guide
Contains in-depth information about the FortiGate high availability feature and the
FortiGate clustering protocol.
FortiGate-3000 Administration Guide 01-28006-0010-20041105 27
Related documentation Introduction
Comments on Fortinet technical documentation
Please send information about any errors or omissions in this document, or any
Fortinet technical documentation, to techdoc@fortinet.com.
Related documentation
Additional information about Fortinet products is available from the following related
documentation.
FortiManager documentation
• FortiManager QuickStart Guide
Explains how to install the FortiManager Console, set up the FortiManager Server,
and configure basic settings.
• FortiManager System Administration Guide
Describes how to use the FortiManager System to manage FortiGate devices.
• FortiManager System online help
Provides a searchable version of the Administration Guide in HTML format. You
can access online help from the FortiManager Console as you work.
FortiClient documentation
• FortiClient Host Security User Guide
Describes how to use FortiClient Host Security software to set up a VPN
connection from your computer to remote networks, scan your computer for
viruses, and restrict access to your computer and applications by setting up firewall
policies.
• FortiClient Host Security online help
Provides information and procedures for using and configuring the FortiClient
software.
FortiMail documentation
• FortiMail Administration Guide
Describes how to install, configure, and manage a FortiMail unit in gateway mode
and server mode, including how to configure the unit; create profiles and policies;
configure antispam and antivirus filters; create user accounts; and set up logging
and reporting.
• FortiMail online help
Provides a searchable version of the Administration Guide in HTML format. You
can access online help from the web-based manager as you work.
• FortiMail Web Mail Online Help
Describes how to use the FortiMail web-based email client, including how to send
and receive email; how to add, import, and export addresses; and how to configure
message display preferences.
28 01-28006-0010-20041105 Fortinet Inc.
Introduction Related documentation
FortiLog documentation
• FortiLog Administration Guide
Describes how to install and configure a FortiLog unit to collect FortiGate and
FortiMail log files. It also describes how to view FortiGate and FortiMail log files,
generate and view log reports, and use the FortiLog unit as a NAS server.
• FortiLog online help
Provides a searchable version of the Administration Guide in HTML format. You
can access online help from the web-based manager as you work.
FortiGate-3000 Administration Guide 01-28006-0010-20041105 29
Customer service and technical support Introduction
Customer service and technical support
For antivirus and attack definition updates, firmware updates, updated product
documentation, technical support information, and other resources, please visit the
Fortinet Technical Support web site at http://support.fortinet.com.
You can also register Fortinet products and service contracts from
http://support.fortinet.com and change your registration information at any time.
Technical support is available through email from any of the following addresses.
Choose the email address for your region:
amer_support@fortinet.com For customers in the United States, Canada, Mexico, Latin
apac_support@fortinet.com For customers in Japan, Korea, China, Hong Kong, Singapore,
eu_support@fortinet.com For customers in the United Kingdom, Scandinavia, Mainland
America and South America.
Malaysia, all other Asian countries, and Australia.
Europe, Africa, and the Middle East.
For information about our priority support hotline (live support), see
http://support.fortinet.com.
When requesting technical support, please provide the following information:
• your name
• your company’s name and location
• your email address
• your telephone number
• your support contract number (if applicable)
• the product name and model number
• the product serial number (if applicable)
• the software or firmware version number
• a detailed description of the problem
30 01-28006-0010-20041105 Fortinet Inc.
Loading...