Fortinet FortiGate, FortiWiFi Quick Start Manual

QuickStart Guide

.2.

FortiGate/FortiWiFi

.

QuickStart Guide FortiGate/FortiWiFi

01-520-250472-201810

Copyright© 2018 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names
herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal
lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding
commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants
that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on
Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or
development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied.
Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

.

Register for Support

QuickStart Guide

Register your Fortinet product to receive:

• Technical Support

• New product features

• Protection from new threats

Vous devez enregistrer le produit pour
recevoir:

• Support technique

• Nouvelles fonctionnalitées du produit

• Protection contre de nouvelles menaces

La reistrazione ti permette di usufruire di:

• Supporto Tecnico

• Nuove funzionalita

• Proteezione dalle ultime minaccce

Debe registrar el producto para recibir:

• Apoyo técnico

• Nuevas funcionalidades del producto

• Protección contra ataques

登録のお願い

本日、フォーティネット製品の登録をしてください。
登録すると次のメリットがあります。
テクニカル サポート • 新機能の追加 • 新しい脅威
への防御

请马上注册您的飞塔产品

您在注册以后才能得到技术支持、新产品特
点信息、最新威胁防护

http://forti.net/support

Toll free: 1 866 648 4638
Phone: 1 408 486 7899
Fax: 1 408 235 7737
Email: register@fortinet.com

About Fortinet Security Fabric Licenses & Subscriptions

1

.

.

Device Guide

http://forti.net/docs/fortigate

Included Accessories List

Port Guide

LED Guide

Mounting Guide

2

.

1

FortiGate Setup

QuickStart Guide

Web browser

A

with Ethernet cable

iOS

C

FortiExplorer app configuration

2

SFP Tranceivers

A

Installation Removal

B

B

Terminal emulation

with console cable

3

.

.

1

FortiGate Setup

A

Web Browser with Ethernet Cable

MGMT or MGMT 1

If the device has

neither use port 1

https://

To Connect to the GUI

1. Connect the Ethernet cable.

2. Configure the management computer to be on the same subnet as the internal interface as the FortiGate unit:

IP address: 192.168.1.2
Netmask: 255.255.255.0

3. Visit 192.168.1.99 in your web browser.

4. Login using username “admin” and no password.

5. Configure your device and save your settings.

6. Register your device from the dashboard page.

4

.

B

Terminal Emulation with Console Cable

>_

Console Port

To Connect to the CLI

1. Connect the FortiGate unit console port to the management computer using the provided console cable.

2. Start a terminal emulation program on the management computer, select the appropriate COM port, and use the following
settings:

QuickStart Guide

Baud rate: 9600
Data bits: 8
Parity: None
Stop bits: 1
Flow control: None

3. Press Enter on your keyboard to connect to the CLI.

4. Log in using username “admin” and no password. You can
now proceed with configuring your FortiGate unit.

Get started by typing “?” for a list of available commands.
Begin typing a command and type “?” for a list of available ways
to complete the command.
For example “config ?” will show the lowest level of
configuration options.

For a detailed guide visit http://forti.net/cli.

5

.

.

C

iOS with Apple to USB Cable

USB Port

FortiExplorer App

1. Download the FortiExplorer iOS App to your device from

http://apple.co/2jVvQkZ.

2. Launch the FortiExplorer App.

3. Use your Apple to USB cable to connect to the FortiGate’s

USB port. Tap on your FortiGate when it appears in the App.

4. Log in using username “admin” and no password.

5. Configure your device.

http://apple.co/2jVvQkZ

6

6

.

2

SFP Transceivers

Transmit Optical Bore

Receive Optical Bore

Extraction Lever

Caution:

SFP transceivers are static sensitive devices. Use an ESD wrist strap or similar grounding device when handling
transceivers.

SFP Cage Sockets

Socket Latch

QuickStart Guide

Do not install or remove SFP transceivers while fiber-optic cables are still attached. This can cause damage to the
cables, cable connectors, and the optical interfaces. It may also prevent the transceiver from latching correctly into
the socket connector.

Do not force the SFP transceivers into the cage slots. If the transceiver does not easily slide in and click into place, it
may not be aligned correctly or may be upside down. If this happens, remove the SFP transceiver, realign it or rotate it
and slide it in again.

7

.

.

A

Installation

1. Ensure that you are properly grounded.

2. Remove the cap from the SFP cage socket on the front panel of the unit.

3. Position the SFP transceiver in front of the cage socket opening and ensure that the transceiver is
correctly oriented. When the transceiver is correctly oriented, the extraction lever will be level with
the socket latch.

Note: SFP cage socket orientation may vary. Ensure that the SFP transceiver is correctly oriented

each time that you are inserting a transceiver.

4. Hold the sides of the SFP transceiver and slide it into the cage socket until it clicks into place.

5. Press the transceiver firmly into the cage socket with your thumb.

6. Verify that the transceiver is latched correctly by grasping the sides of the transceiver and trying
to pull it out without lowering the extraction lever.

If the transceiver cannot be removed, it is installed and latched correctly.
If the transceiver can be removed, reinsert it and press harder with your thumb.
If necessary, repeat this process until the transceiver is securely latched into the cage socket.

8

.

B

Removal

1. Ensure that you are properly grounded.

2. If applicable, disconnect the fiber-optic cable from the transceiver connector and install a
clean dust plug in the transceiver’s optical bores.

3. Pull the extraction lever out and down to eject the transceiver. If you are unable to use your
finger to open the lever, use a small flat-head screwdriver or other similar tool to open the

lever.

4. Hold the sides of the transceiver and carefully pull it away from the cage socket.

Note:

Installing and removing
SFP transceivers can
shorten their useful life.
Do not install or remove
transceivers more than is
necessary.

Follow proper fiber-optic
handling procedures
when installing
and removing SFP
transceivers to ensure
that the devices remain
clean and are not
damaged.

QuickStart Guide

5. Replace the cap on the SFP cage socket and place the removed SFP transceiver into an

antistatic bag.

9

Free Licenses & Services for
FortiCare Registered FortiGates

Manage security on your endpoints.
Keep your network clean and allow
employees to bring devices. Add more
client licenses via your reseller.

10 FortiClient Endpoint Licenses

Stay extra secure by using your phone as
second-factor authentication for remote
administration. Get extra tokens from your
reseller.

2 FortiToken Mobile Licenses

Make remote access simple.
Use yourcompany.fortiddns.com
instead of hard-to-remember or
changing IP addresses.

Fortinet DDNS Service

Free Licenses & Services for
FortiCare Registered FortiGates

Licenses & Subscriptions

Generate reports, backup configurations and
more with an easy-to-use cloud based portal.

FortiCloud 1GB

.

.

Services Included with FortiCare Subscriptions

FortiCare is global 24/7 support for your Fortinet hardware & software

Get the latest product security updates
and features. Stay with us and see the
product evolve.

Firmware Updates

Use cellphone technology as backup
Internet connection. We are always
adding support for new third party
3G/4G + devices.

USB Modem Database Updates

Setup policies and track activities
based on geography. Your FortiGate
will intelligently identify where an IP is
originated or destined.

Geo-IP Database Updates

Identify device type and OS information.
Great for organizations that allow
employees to bring in devices and want
to enforce device based policies.

Device Signatures Database Updates

.

Licenses & Subscriptions

.

First Day with FortiOS

..

Here are some things you can do to get started
with the power and simplicity of FortiOS

..

Register and Check Services

1

Customize Your Firewall

5

Make sure you are registered. This will ensure that
your device is protected against the latest threats.

Once this is done, check to ensure all your
purchased services are enabled by visiting

System>FortiGuard. Contact your Fortinet partner if

you experience any issues.

Run a Security Fabric Rating Check

2

Run a Security Fabric Rating check to identify
potential vulnerabilities and highlight best practices
that could be used to improve your network’s
overall security and performance.

In the root FortiGate GUI, select Security Fabric >

Security Rating and click Run Now.

Setup a Backup Cellular

3

Connection

Use a 3G or 4G modem as a backup or alternate
Internet connection. Guides are available at http://
cookbook.fortinet.com. If you are unable to get
a cellphone connection at the location of your
FortiGate, purchase a FortiExtender.

Prevent incoming and outgoing traffic to the
requirements of your organization.
Click Policy > Policy and Create New.

Setup Remote Access

6

Securely link one office to another, or allow
employees access essential resources from
locations outside the office.

VPN > Create VPN Wizard.

Checkout All the Support

7

http://forti.net/docs has a huge range of

documents to help you through every scenario.

Feel the Power

8

Your FortiGate is using components you won’t

see anywhere else. Most devices use a standard

CPU that is good at most things but great at
none.

Licenses & Subscriptions

Within your device is a unique SoC (System on
a Chip) that combines several security-focused

Create a WiFi Network

4

Reduce cabling in your office with a FortiWifi or

FortiAP attached to a regular FortiGate.

After attaching a FortiAP, click WiFi Controller >

Managed Access Points > Managed FortiAPs and

enable the detected AP by clicking Edit then Allow.

technologies designed by Fortinet. While
our most powerful products have dedicated

CP (Content Processors) and NP (Network

Processors), our desktop models share all the
groundbreaking technological discoveries at a
great price and small form factor.

.

Day Two with FortiOS

.

1

Use Mobile Tokens to Double Your Security

Android and iOS devices can be used as second factor authentication. This means that someone attempting to adminis­ter the device will need both your mobile device and your password to be able to login.

Two mobile tokens are provided no-charge with your device. Please ensure that you have registered your FortiGate to
enable them.

To start with, you might want to add a secondary Admin account for yourself to use remotely. It will be more secure if you
use a mobile token with it.

Admin > Administrators from the left menu, select an administrator and Edit to configure the mobile token.

Click

Users can also be assigned tokens.

Users and Devices > Users select a user and Edit to configure the mobile token.

.

Licenses & Subscriptions

Get Those ‘Nice to Haves’ Working

2

The FortiGate Cookbook is an excellent resource for

a quick walkthrough on features you didn’t think you
had time to setup.

Allow Personal Devices on Your

3

Network (BYOD)

Install FortiClient on Android, Windows and iOS

devices. Each instance of FortiClient can connect

to the FortiGate and self-install the security settings
you require. Download from FortiClient.com and
take a look at profile settings under User & Device >

Endpoint Protection > FortiClient Profiles.

Expand Your Wired Network

4

Use a FortiSwitch to maintain complete visibility
and control of the network regardless of how
users connect devices.

Start Monitoring

5

Once FortiCloud is enabled you can start
monitoring your bandwidth usage and

analyzing traffic logs. Create reports and send

them in scheduled updates to those that want
to be in-the-know.

Security Fabric

THIRD-GENERATION NETWORK SECURITY

BROAD

Visibility & Protection for the Digital

Attack Surface.

INTEGRATED

Detection of Advanced Threats.

AUTOMATED

Response & Continuous Trust

Assessment.

APIs

Connectors

Security Fabric

.

Web Application

Security

FortiWeb

Other Fabric Solutions

Open

Ecosystem

Partner API

DevOps

Multi-Cloud

Security

FortiGate

Virtual Firewall

FortiGate

Cloud Firewall

Endpoint

Security

Email

Security

FortiClient FortiMail

Connectors

FortiCASB

.

Web Application

Security

Advanced

Threat Protection

FortiWeb

Secure

Unified Access

FortiAP

FortiSwitch

Management

& Analytics

FortiSandbox FortiAnalyzer

Security Fabric

FortiManager

Network Access

Control

FortiSIEM

NETWORK SECURITY

Fortinet’s high-performance FortiGate firewalls—powered by our purpose-built OS, security
processors, and threat intelligence from FortiGuard Labs—provide consolidated, advanced
security and deep visibility that protects the network from known and unknown threats.

Chassis-based 5000 & 7000 Series

Form Factor Expandable, modular chassis
Interfaces 10, 40, and 100 GE
FW(TP) Throughput More than 1 Tbps (Up to 189 Gbps)
Special Features Carrier class, NEBS, fully redundant

FortiGate 5144C

FortiGate 7060E

High-end Appliance 1000 – 3000 & 6000 Series

Form Factor 2U – 5U appliance
Interfaces 10, 25, 40, and 100 GE
FW(TP) Throughput 52 Gbps – 1 Tbps (4 Gbps – 100 Gbps)
Special Features Ultra-low latency, ultra high-speed SSL inspection

Mid-range Appliance 100 – 900 Series

Form Factor 1U – 2U appliance
Interfaces 1 and 10 GE
FW(TP) Throughput 7 Gbps – 36 Gbps (1 Gbps – 3 Gbps)
Special Features High-speed SSL inspection

FortiGate 3200D

FortiGate 6500F

FortiGate 300E

FortiGate 500E

Entry-level Appliance 30–90 Series

Form Factor Desktop
Interfaces High-density 1 GE
FW(TP) Throughput 1 – 3.5 Gbps (150 Mbps – 250 Mbps)
Special Features Wi-Fi, PoE, ruggedized

FortiGate 80E

Virtual/Private Cloud Firewall

Private Cloud VM Public Cloud VM

Use Cases &
Integrations

Throughput Hardware dependent Cloud dependent
Licensing Perpetual, subscription, metered BYOL or on-demand

All major hypervisors
Cisco ACI, VMware NSX, OpenStack

AWS, Microsoft Azure,
Google

NEW PRODUCT SPOTLIGHT—FORTIGATE 7000 SERIES

Modular, resilient NGFW that offers high-performance
SSL inspection, Threat Protection, scalable Integrated
Routing, Multi-Tenancy and 100G port density

Form Factor 6U-8U

Interfaces 10, 40, and 100 GE

NGFW Throughput 50 Gbps – 100 Gbps

TP Throughput 35 Gbps – 80 Gbps

SSL Inspection Throughput 60 Gbps – 100 Gbps

FortiWiFi 60E

Security Fabric

FortiGate 7060E

FortiGate 7030E FortiGate 7040E

.

.

FortiASIC

Specialized chip design delivers more
processing power

Fortinet’s purpose-built architecture delivers
extremely high throughput and exceptionally
low latency and the world’s fastest firewall.
Computationally intensive security tasks demand
ASIC acceleration. Sub 10μs latency beats the
competition.

.

Founded: Nov. 2000

First Product Release: May 2002

Fortinet IPO: Nov. 2009

NASDAQ: FTNT

Headquarters: Sunnyvale, California

Employees: 5,462

FY 2017 Revenue: $1.495B

Corporate Overview

Fortinet’s mission is to deliver the most innovative,
highest-performing network security fabric to secure and
simplify your IT infrastructure. We are a leading global
provider of network security appliances for carriers, data
centers, enterprises, and distributed offices.

About Fortinet

The FortiGate Cookbook

.

Advanced installation and setup, networking, security policies

and firewall objects, security profiles, SSL VPN, IPsec VPN,

authentication, logging and reporting.

http://forti.net/cookbook

FortiGate System Administration Guide

The first steps in planning your configuration. Centralized

management, tightening security, and best practices.

http://forti.net/sysadmin

CLI Reference

Configuration of your device using the command line.

http://forti.net/cli

FortiOS Handbook

Definitive guide to configuring and operating FortiOS.

http://forti.net/handbook

Training Services

Course descriptions, availability, schedules, and locations of

training programs in your area.

http://forti.net/training

Fortinet.com