Fortinet ORTIWIFI-60A /AM manual Planning the FortiWiFi configuration, NAT/Route mode

Page 29

 

 

Configuring the FortiWiFi

Planning the FortiWiFi configuration

Configuring the FortiWiFi

This section provides an overview of the operating modes of the FortiWiFi unit. Before beginning to configure the FortiWiFi unit, you need to plan how to integrate the unit into your network. Your configuration plan is dependent on the operating mode you select: NAT/Route mode or Transparent mode.

This section includes the following topics:

Planning the FortiWiFi configuration

NAT/Route mode installation

Transparent mode installation

Next steps

Planning the FortiWiFi configuration

Before you configure the FortiWiFi unit, you need to plan how to integrate the unit into the network. Among other things, you must decide whether you want the unit to be visible to the network, which firewall functions you want it to provide, and how you want it to control the traffic flowing between its interfaces.

Your configuration plan depends on the operating mode you select. You can configure the FortiWiFi unit in one of two modes: NAT/Route mode (the default) or Transparent mode.

You can also configure the FortiWiFi unit and the network it protects using the default settings.

NAT/Route mode

In NAT/Route mode, the FortiWiFi unit is visible to the network. Like a router, all its interfaces are on different subnets. The following interfaces are available in NAT/Route mode:

Table 7: NAT/Route mode network segments

FortiWiFi Unit

Internal Interface

External

Other

 

 

Interface

 

 

 

 

 

FortiWiFi-60A

Internal

WAN1

DMZ

 

 

WAN2

WLAN

 

 

 

(Modem)

 

 

 

 

FortiWiFi-60AM

Internal

WAN1

DMZ

 

 

WAN2

WLAN

 

 

 

(Modem)

 

 

 

 

You can add firewall policies to control whether communications through the FortiWiFi unit operate in NAT or Route mode. Firewall policies control the flow of traffic based on the source address, destination address, and service of each packet. In NAT mode, the FortiWiFi unit performs network address translation before it sends the packet to the destination network. In Route mode, there is no address translation.

FortiWiFi-60A/AM FortiOS 3.0 MR4 Install Guide

29

01-30004-0283-20070215

Image 29
Contents Install G U I D E Regulatory compliance TrademarksContents Configuring the modem interface Configuring the FortiWiFiIndex Using a wireless networkFortiWiFi Firmware Page FortiWiFi-60A/AM About the FortiWiFi unitFortiGuard Subscription Services Register your FortiWiFi unitFortinet Family Products FortiClientFortiAnalyzer FortiMailFortiReporter FortiBridgeDocument conventions About this documentAddressipv4 Typographic conventionsFortinet documentation FortiGate Install GuideComments on Fortinet technical documentation Customer service and technical supportFortinet Knowledge Center Customer service and technical support Package Contents Installing the FortiWiFi unitTo power on the FortiWiFi unit Powering on the FortiWiFi unitSpecifications MountingPowering off the FortiWiFi unit Connecting to the FortiWiFi unitCommand line interface To power off the FortiWiFi unitTo connect to the web-based manager Connecting to the web-based managerSystem Dashboard Connecting to the CLITo connect to the CLI Quick installation using factory defaultsWelcome Bits per second 9600 Data bits ParityGo to System Network Options Quick installation using factory defaults Factory defaults Factory default NAT/Route mode network configuration Factory default Dhcp server configurationFactory default firewall configuration Factory default Transparent mode network configurationFactory default protection profiles Restoring the default settings using the web-based manager Restoring the default settingsRestoring the default settings using the CLI To reset the default settings Go to System StatusRestoring the default settings NAT/Route mode Planning the FortiWiFi configurationExample NAT/Route mode network configuration NAT/Route mode with multiple external network connectionsExample NAT/Route multiple internet connection Transparent modePreparing to configure the FortiWiFi unit in NAT/Route mode NAT/Route mode installationUsing the web-based manager Dhcp or PPPoE configurationNAT/Route mode settings Administrator Password Internal PPPoE setting User name PasswordTo configure interfaces Go to System Network Interface Configuring basic settingsVerifying the web-based manager configuration Adding a default routeUsing the command line interface Configuring the FortiWiFi unit to operate in NAT/Route modeTo configure interfaces To add/change the administrator passwordExample To set the WAN1 interface to use DHCP, enterTo add a default route To configure DNS server settingsTo set the WAN1 interface to use PPPoE, enter Get system interfaceTo connect the FortiWiFi unit Connecting the FortiWiFi unit to the networksNAT/Route mode connections Configuring the networksPreparing to configure Transparent mode Transparent mode installationTransparent mode settings Administrator Password DNS SettingsTo verify the DNS server settings To change to Transparent mode using the CLITo connect the FortiWiFi unit running in Transparent mode Reconnecting to the web-based managerConnecting the FortiWiFi unit to your network Set the date and time Next stepsUpdating antivirus and IPS signatures To update IPS signatures using the CLI Scheduling antivirus and IPS updatesUpdating the IPS signatures from the CLI EveryAdding an override server To enable schedule updates from the CLIDaily WeeklyConfig system autoupdate override set address Set status End To add an override server using the CLINext steps Configuring the modem interface Redundant mode configuration Selecting a modem modeStand alone mode configuration To configure the FortiWiFi-60A using the CLIEnter the following to configure the dialup account Configuring modem settings To configure modem settings Go to System Network Modem Connecting and disconnecting the modem in Stand alone modeTo connect to a dial-up account Go to System Network Modem To disconnect the modemKeywords and variables Description Default Configuring the modem using the CLIPeermodem1 Dead gateway detection Adding a Ping ServerAdding firewall policies for modem connections FortiWiFi unit as an Access Point Setting up a wireless networkRadio Frequency interface Positioning an Access PointUsing multiple access points Wireless Equivalent Privacy WEP Wireless SecurityMAC address filtering Wi-Fi Protected Access WPAAdditional security measures Service Set Identifier FortiWiFi operation modesAccess Point mode To disable Ssid Go to System Wireless SettingsChanging the operating mode Setting up the FortiWiFi unit as an Access PointClient mode Set the security options Set the Dhcp settingsTo set the data security Go to System Wireless Settings Configure the firewall policies Upgrading to a new firmware version Upgrading the firmware using the web-based managerTo upgrade the firmware using the web-based manager To upgrade the firmware using the CLI Upgrading the firmware using the CLIExecute restore image Tftp namestr tftpipv4 Execute restore image image.outReverting to a previous firmware version Execute update-nowTo revert to a previous firmware version using the CLI Reverting to a previous firmware version using the CLIExecute restore image Tftp image.out To install firmware from a system reboot Press any key to display configuration menu Press Any Key To Download Boot ImageEnter Tftp Server Address Enter Local AddressSave as Default firmware/Run image without savingD/R Restoring the previous configurationFortiUSB key Do You Want To Save The Image? y/nTo restore configuration using the CLI Backup and Restore from the FortiUSB keyTo backup configuration using the CLI To configure the USB Auto-Install using the CLI Using the USB Auto-Install featureTo test a new firmware image Testing a new firmware image before installing itAdditional CLI Commands for the FortiUSB key Testing a new firmware image before installing it Type n FortiWiFi unit running v3.x Bios Testing a new firmware image before installing it Numerics Index01-30004-0283-20070215