How it Works
Fortinet
Loading...
FortiOS 3.0
User Manual
46 pgs1.16 Mb1
Table of contents
Loading...

Fortinet FortiOS 3.0 User Manual

UPGRADE GUIDE
Upgrade Guide for FortiOS 3.0
www.fortinet.com
Upgrade Guide for FortiOS 3.0
24 April 2006 01-30000-0317-20060424
© Copyright 2006 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.
Trademarks
Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat Management System, FortiGuard, FortiGuard-Antispam, FortiGuard­Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager, Fortinet, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Regulatory compliance
FCC Class A Part 15 CSA/CUS

Contents

Contents
Introduction ........................................................................................ 7
About this document......................................................................................... 7
Document conventions.................................................................................. 7
Typographic conventions........................................................................ 8
Fortinet documentation .................................................................................... 8
Fortinet Knowledge Center .......................................................................... 9
Comments on Fortinet technical documentation .......................................... 9
Customer service and technical support ........................................................ 9
Upgrade Notes.................................................................................. 11
Backing up configuration files ....................................................................... 11
Setup Wizard.................................................................................................... 11
FortiLog name change .................................................................................... 11
LCD display changes ...................................................................................... 11
Web-based manager changes........................................................................ 12
Changes to the web-based manager ............................................................. 13
Command Line Interface changes ................................................................. 13
USB support..................................................................................................... 14
Other ................................................................................................................. 14
New features and changes.............................................................. 17
System.............................................................................................................. 17
Status .......................................................................................................... 18
Sessions...................................................................................................... 18
Network ....................................................................................................... 18
Config.......................................................................................................... 18
Admin .......................................................................................................... 19
Maintenance................................................................................................ 19
Virtual Domain............................................................................................. 20
Router ............................................................................................................... 21
Static ........................................................................................................... 21
Dynamic ...................................................................................................... 21
Monitor ........................................................................................................ 22
Firewall ............................................................................................................. 22
Policy........................................................................................................... 22
Address ....................................................................................................... 22
Service ........................................................................................................ 22
Virtual IP...................................................................................................... 22
Protection Profiles ....................................................................................... 22
Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424 3
Contents
VPN ................................................................................................................... 23
IPSec .......................................................................................................... 23
SSL ............................................................................................................. 23
Certificates .................................................................................................. 23
User................................................................................................................... 24
Local ........................................................................................................... 24
Radius......................................................................................................... 24
LDAP........................................................................................................... 24
Windows AD ............................................................................................... 24
User Group ................................................................................................. 24
Antivirus........................................................................................................... 25
File Pattern.................................................................................................. 25
Quarantine .................................................................................................. 25
Config.......................................................................................................... 25
Intrusion Protection (formerly IPS)................................................................ 25
Signature..................................................................................................... 25
Anomaly ...................................................................................................... 26
Protocol Decoder ........................................................................................ 26
Web Filter ......................................................................................................... 26
Content Block.............................................................................................. 26
URL Filter.................................................................................................... 26
FortiGuard-Web Filter ................................................................................. 26
AntiSpam (formerly Spam Filter) ................................................................... 27
Banned word............................................................................................... 28
Black/White list............................................................................................ 28
IM/P2P (new) .................................................................................................... 28
Statistics...................................................................................................... 29
User ............................................................................................................ 29
Log & Report.................................................................................................... 29
Log Config................................................................................................... 29
Log Access ................................................................................................. 30
Report ......................................................................................................... 30
HA ..................................................................................................................... 30
Upgrading the HA cluster for FortiOS 3.0 ................................................... 31
SNMP MIBs and traps changes...................................................................... 31
In-depth SNMP trap changes...................................................................... 31
In-depth MIB file name changes ................................................................. 31
Upgrading to FortiOS 3.0 ................................................................ 33
Backing up your configuration ...................................................................... 33
Backing up your configuration using the web-based manager............. 33
Backing up your configuration using the CLI ........................................ 34
Upgrade Guide for FortiOS v3.0
4 01-30000-0317-20060424
Contents
Upgrading your FortiGate unit ....................................................................... 34
Upgrading to FortiOS 3.0 ............................................................................ 34
Upgrading using the web-based manager............................................ 34
Upgrading using the CLI ....................................................................... 35
Verifying the upgrade .................................................................................. 36
Reverting to FortiOS v2.80MR11 .................................................... 37
Backing up your FortiOS 3.0 configuration .................................................. 37
Backing up to a FortiUSB key............................................................... 37
Downgrading to FortiOS v2.80MR11 using web-based manager ............... 38
Verifying the downgrade ............................................................................. 38
Downgrading to FortiOS v2.80MR11 using the CLI .................................... 39
Restoring your configuration ......................................................................... 40
Restoring your configuration settings using the web-based manager ........ 40
Restoring your configuration settings using the CLI.................................... 40
Index.................................................................................................. 43
Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424 5
Contents
Upgrade Guide for FortiOS v3.0
6 01-30000-0317-20060424
Introduction About this document
!

Introduction

Over the past year, Fortinet has been developing, testing and refining a new operating system for your FortiGate unit. FortiOS 3.0 is a more dynamic and robust operating system, offering you even better protection, blocking and monitoring features for your network.
The Upgrade Guide provides you with information on FortiOS 3.0, and addresses any issues that may arise concerning your current configuration. With these new features, and improvements to existing features, you need to know how they may or may not affect your current configuration.The guide provides you with information on backing up your current configuration, and installing FortiOS 3.0, on your FortiGate unit.

About this document

This document contains the following chapters:
Upgrade Notes – Provides information on changes and new features for FortiOS 3.0.
New features and changes – Provides information on what has changed from FortiOS v2.80MR11.
Upgrading to FortiOS 3.0 – Describes how to install FortiOS 3.0, including addressing issues about FortiOS 3.0, backing up your current configuration settings, re-establishing connections after the upgrade, and verifying the upgrade installed successfully.
Reverting to FortiOS v2.80MR11 – Describes how to downgrade your FortiGate unit to FortiOS v2.80MR11 and includes how to restore your configuration settings for FortiOS v2.80MR11.

Document conventions

The following document conventions are used in this guide:
In the examples, private IP addresses are used for both private and public IP addresses.
Notes and Cautions are used to provide important information:
Note: Highlights useful additional information.
Caution: Warns you about commands or procedures that could have unexpected or
undesirable results including loss of data or damage to equipment.
Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424 7
Fortinet documentation Introduction
Typographic conventions
FortiGate documentation uses the following typographical conventions:
Convention Example Keyboard input In the Gateway Name field, type a name for the remote VPN
Code examples config sys global
CLI command syntax config firewall policy
Document names FortiGate Administration Guide Menu commands Go to VPN > IPSEC > Phase 1 and select Create New. Program output Welcome! Variables
peer or client (for example, Central_Office_1).
set ips-open enable
end
edit id_integer
set http_retry_count <retry_integer> set natip <address_ipv4mask>
end
<address_ipv4>

Fortinet documentation

The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com.
The following FortiGate product documentation is available:
FortiGate QuickStart Guide
Provides basic information about connecting and installing a FortiGate unit.
FortiGate Installation Guide
Describes how to install a FortiGate unit. Includes a hardware reference, default configuration information, installation procedures, connection procedures, and basic configuration procedures. Choose the guide for your product model number.
FortiGate Administration Guide
Provides basic information about how to configure a FortiGate unit, including how to define FortiGate protection profiles and firewall policies; how to apply intrusion prevention, antivirus protection, web content filtering, and spam filtering; and how to configure a VPN.
FortiGate online help
Provides a context-sensitive and searchable version of the Administration Guide in HTML format. You can access online help from the web-based
manager as you work.
FortiGate CLI Reference
Describes how to use the FortiGate CLI and contains a reference to all FortiGate CLI commands.
Upgrade Guide for FortiOS v3.0
8 01-30000-0317-20060424
Introduction Customer service and technical support
FortiGate Log Message Reference
Available exclusively from the Fortinet Knowledge Center, the FortiGate Log Message Reference describes the structure of FortiGate log messages and provides information about the log messages that are generated by FortiGate units.
FortiGate High Availability User Guide
Contains in-depth information about the FortiGate high availability feature and the FortiGate clustering protocol.
FortiGate IPS User Guide
Describes how to configure the FortiGate Intrusion Prevention System settings and how the FortiGate IPS deals with some common attacks.
FortiGate IPSec VPN User Guide
Provides step-by-step instructions for configuring IPSec VPNs using the web­based manager.
FortiGate SSL VPN User Guide
Compares FortiGate IPSec VPN and FortiGate SSL VPN technology, and describes how to configure web-only mode and tunnel-mode SSL VPN access for remote users through the web-based manager.
FortiGate PPTP VPN User Guide
Explains how to configure a PPTP VPN using the web-based manager.
FortiGate Certificate Management User Guide
Contains procedures for managing digital certificates including generating certificate requests, installing signed certificates, importing CA root certificates and certificate revocation lists, and backing up and restoring installed certificates and private keys.
FortiGate VLANs and VDOMs User Guide
Describes how to configure VLANs and VDOMS in both NAT/Route and Transparent mode. Includes detailed examples.

Fortinet Knowledge Center

The knowledge center contains troubleshooting and how-to articles, FAQs, technical notes, and more. Visit the Fortinet Knowledge Center at
http://kc.forticare.com.

Comments on Fortinet technical documentation

Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com.

Customer service and technical support

Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and operate reliably in your network.
Please visit the Fortinet Technical Support web site at http://support.fortinet.com to learn about the technical support services that Fortinet provides.
Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424 9
Customer service and technical support Introduction
Upgrade Guide for FortiOS v3.0
10 01-30000-0317-20060424
Upgrade Notes Backing up configuration files

Upgrade Notes

Before downloading FortiOS 3.0, it is recommended that you read this chapter to learn about on the new features and/or changes to existing features with the operating system. This chapter describes these changes and features, new to FortiOS 3.0.
We recommend also reviewing the FortiGate CLI Reference guide for the new and revised CLI commands as well as the FortiGate Administration Guide.
This section includes the following:
Backing up configuration files
Setup Wizard
FortiLog name change
LCD display changes
Web-based manager changes
Web-based manager changes
Command Line Interface changes
USB support
Other

Backing up configuration files

You now have the option to backup configuration files with or without encryption. If you back up without encrypting the file, the FortiGate unit saves the file in a clear text format. VPN certificates are saved only when selecting the encrypted setting.

Setup Wizard

The setup wizard is discontinued.

FortiLog name change

The FortiLog logging appliance has been renamed to FortiAnalyzer for version
3.0. The name change better reflects the product’s more robust reporting and
logging features.

LCD display changes

After upgrading to FortiOS 3.0, FortiGate units with an LCD screen will display the following main menus:
Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424 11
Web-based manager changes Upgrade Notes
Figure 1: LCD main menu settings for NAT/Route mode
Menu [ Fortigat -> ] NAT, Standalone
Figure 2: LCD main menu setting for Transparent mode
Menu [ Fortigat -> ] Transparent, Standalone

Web-based manager changes

The system dashboard in FortiOS 3.0 has been enhanced, with various system information now categorized and additional features added to better monitor your FortiGate unit.
Figure 3: System Dashboard of a FortiGate-60
System Information
Serial Number The FortiGate device’s serial number. Up Time The amount in days, hours and minutes the
System Time The day, month, and time the FortiGate device has
Host Name The name of the FortiGate device. Select Update
FortiGate device has been running.
for its specified time zone.
to change the host name.
Upgrade Guide for FortiOS v3.0
12 01-30000-0317-20060424
Upgrade Notes Changes to the web-based manager
System Resources
License Information
Alert Message Console
Statistics
Firmware Version The current firmware version. Select Update to
Operation Mode The mode the FortiGate device is running in.
CPU usage The CPU usage amount in percent. Memory usage The amount of memory used in percent. The history of these and other resources is available by selecting the
History icon in the top right-hand corner of the System Resources category.
Support Contract The expiry date and version of your support
FortiGuard Subscription
install new firmware.
Select Update to change the operation mode.
contract. The subscriptions you have for your FortiGate
device and displays whether they are current, need updating or when they will expire.
Displays system alert messages. These messages display any firmware upgrades or downgrades and if the system restarted. The console also displays an alert message if the antivirus engine is low on memory for a specific time period.
Displays detail statistics for the content archive and attack logs.
The FortiGate image in the upper-right-hand corner of the web-based manager, displays the status of the unit’s port settings. When you hover your mouse over a port, it displays the port name, IP/Netmask address, link status, speed, including the number of packets sent and received. The port appears gray if it is not connected, and green if the port is connected. The FortiAnalyzer image is gray when the FortiGate unit is not connected to a FortiAnalyzer unit.

Changes to the web-based manager

In FortiOS 3.0, there are several features that have merged with other features. See the “New features and changes” on page 17 for more information.
If you need additional information on these new features, see FortiGate
Administration Guide.

Command Line Interface changes

The Command Line Interface (CLI) commands have changed and additional commands added. See the FortiGate CLI Reference for more information.
Also, some FortiOS 2.80MR11 web-based manager features have been moved to the CLI. See the “New features and changes” on page 17 for information on these changes.
Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424 13
USB support Upgrade Notes

USB support

The USB is supported in FortiOS 3.0. The FortiUSB key (purchased separately) enables you to backup configuration files and restore backed up configuration files. You can even configure the FortiGate unit to automatically install a firmware image and restore configuration settings on a system reboot using the FortiUSB key.
For more information, see the Install Guide for your FortiGate unit. The following FortiGate units support the FortiUSB key:
FortiGate-60/60M
•FortiWiFi-60
FortiWiFi-60A/60AM
FortiGate-100A
FortiGate-200A
FortiGate-300A
FortiGate-400A
FortiGate-500A
FortiGate-800/800F
FortiGate-5001SX
FortiGate-5001FA2
FortiGate-5002FB2

Other

Note: The FortiGate unit only supports the FortiUSB key, available from Fortinet.
The following are other issues you should be aware of not included in the above sections or in “New features and changes” on page 17.
Antivirus scanning, blocking and quarantine is available for instant messaging file transfers with AIM, MSN, Yahoo, and ICQ.
The Antivirus monitor is configured in the CLI.
Calendar date is represented in YYYY-MM-DD format.
If the daylight savings time feature is enabled, you need to manually reset the system clock when daylight savings time ends.
“Report Bug to Fortinet” link is only available in the CLI.
FDS Registration Link is accessed by selecting System > Status > License Information > Support Contract.
Internet browsing for IPSec now requires two policies.
Web Filter/AntiSpam list are now specific to each protection profile. This is only for FortiGate-800 units and above.
Administration access for a VLAN interface in a virtual domain is unavailable in the web-based manager. Use the get system interface <VLAN> command.
Upgrade Guide for FortiOS v3.0
14 01-30000-0317-20060424
Loading...
+ 32 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use