Fortinet 50A/50B, 100 manual Configuring the FortiGate unit, Planning the FortiGate configuration

Page 33


Configuring the FortiGate unit	Planning the FortiGate configuration

Configuring the FortiGate unit

This section provides an overview of the operating modes of the FortiGate unit. Before beginning to configure the FortiGate unit, you need to plan how to integrate the unit into your network. Your configuration plan depends on the operating mode you select: NAT/Route mode or Transparent mode.

This section includes the following topics:

•Planning the FortiGate configuration

•Preventing the public interface from responding to ping requests

•NAT/Route mode installation

•Transparent mode installation

•Next steps

Planning the FortiGate configuration

Before you configure the FortiGate unit, you need to plan how to integrate the unit into the network. Among other things, you must decide whether you want the unit to be visible to the network, which firewall functions you want it to provide, and how you want it to control the traffic flowing between its interfaces.

Your configuration plan depends on the operating mode you select. You can also configure the FortiGate unit and the network it protects using the default settings.

NAT/Route mode

In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its interfaces are on different subnets. The following interfaces are available in NAT/Route mode:

Table 11: NAT/Route mode network segments

FortiGate Unit	Internal Interface	External	Other
		Interface

FortiGate-50A	Internal	External	Modem

FortiGate-50B	Internal	WAN1	WAN2

FortiWiFi-50B	Internal	WAN1	WAN2

FortiGate-100A	Internal	External	DMZ

Modem is the interface for connecting an external modem to the FortiGate-50A. See “Configuring the modem for the FortiGate-50A” on page 53.

You can add firewall policies to control whether communications through the FortiGate unit operating in NAT or Route mode. Firewall policies control the flow of traffic based on the source address, destination address, and service of each packet. In NAT mode, the FortiGate unit performs network address translation before it sends the packet to the destination network. In Route mode, there is no address translation.

FortiGate-50A/50B, FortiWiFi-50B and FortiGate-100 FortiOS 3.0 MR4 Install Guide	33
01-30004-0265-20070831

Image 33

Contents Install G U I D E Regulatory compliance TrademarksContents Configuring the FortiGate unit Factory defaultsConfiguring the modem interface Using a wireless networkFortiGate Firmware Index Reverting to a previous firmware versionFortiUSB key Introduction About the FortiGate unitFortiGate-50A FortiGate-50B FortiWiFi-50BFortiGate-100 Register your FortiGate unitFortinet Family Products FortiGuard Subscription ServicesFortiClient FortiMailFortiAnalyzer About this documentFortiReporter FortiBridgeTypographic conventions Document conventionsFortinet documentation Fortinet Tools and Documentation CD Customer service and technical supportFortinet Knowledge Center Comments on Fortinet technical documentationCustomer service and technical support Package Contents Installing the FortiGate unitWeight Technical Specifications DimensionsPower Requirements SpecificationsFortiWiFi-50B package contents Back FortiGate-100 package contents FrontPowering on the FortiGate unit To power on the FortiGate unitMounting Power over Ethernet Connecting to the FortiGate unit Powering off the FortiGate unitCommand line interface Connecting to the web-based managerTo connect to the web-based manager FortiGate loginTo connect to the CLI Connecting to the CLIBits per second 9600 Data bits Parity Stop bits Flow controlQuick configuration using default settings Quick installation using factory defaultsGo to System Network Options Quick installation using factory defaults Factory defaults Factory default NAT/Route mode network configuration Factory default Dhcp server configurationFactory default firewall configuration Factory default Transparent mode network configurationAdministrative access Management IPFactory default protection profiles Restoring the default settings using the web-based manager Restoring the default settingsRestoring the default settings using the CLI To reset the default settings Go to System StatusRestoring the default settings Configuring the FortiGate unit Planning the FortiGate configurationNAT/Route mode Internet Router NAT/Route mode with multiple external network connectionsTransparent mode Preparing to configure the FortiGate unit in NAT/Route mode NAT/Route mode installationNAT/Route mode settings Go to System Network InterfaceDhcp or PPPoE configuration Using the web-based managerConfiguring basic settings Adding a default route To configure interfaces Go to System Network InterfaceTo add a default route Go to Router Static Using the command line interface Verifying the web-based manager configurationConfiguring the FortiGate unit to operate in NAT/Route mode Verify the connectionExample To configure DNS server settingsTo set the external interface to use DHCP, enter To set the external interface to use PPPoE, enterTo add a default route Connecting the FortiGate unit to the networks Configuring the networksTo connect the FortiGate unit Preparing to configure Transparent mode Transparent mode installationTransparent mode settings Administrator Password DNS SettingsTo verify the DNS server settings To change to Transparent mode using the CLIReconnecting to the web-based manager Connecting the FortiGate unit to your networkTo connect the FortiGate unit running in Transparent mode Set the date and time Next stepsUpdating antivirus and IPS signatures To update IPS signatures using the CLI Scheduling antivirus and IPS updatesTo enable schedule updates from the CLI Updating the IPS signatures from the CLIAdding an override server To add an override server using the CLINext steps Connecting a modem to the FortiGate-50A Configuring the modem interfaceSelecting a modem mode Redundant mode configurationStand alone mode configuration Mode must be standalone Interface name Configuring the modem for the FortiGate-50APhone-number CLI commands for the FortiGate-50ADead gateway detection Adding a Ping ServerAdding firewall policies for modem connections Setting up a wireless network Using a wireless networkRadio Frequency interface Positioning an Access PointUsing multiple APs to provide a constant strong signal Using multiple access pointsWireless Security Wireless Equivalent Privacy WEPWi-Fi Protected Access WPA Service Set Identifier FortiWiFi-50B operation modesAccess Point mode Additional security measuresFortiWiFi in Access Point mode Client modeSetting up the FortiWiFi-50B as an Access Point Changing the operating modeSet the Dhcp settings Configure the firewall policies To set the data security Go to System Wireless SettingsSet the security options To upgrade the firmware using the web-based manager Upgrading the firmware using the web-based managerFortiGate Firmware Upgrading to a new firmware versionTo upgrade the firmware using the CLI Upgrading the firmware using the CLIReverting to a previous firmware version For information, see the FortiGate Administration GuideTo revert to a previous firmware version using the CLI Reverting to a previous firmware version using the CLIExecute ping To install firmware from a system reboot Press Any Key To Download Boot Image Restoring the previous configuration Backup and Restore from the FortiUSB key To backup configuration using the CLIFortiUSB key Using the USB Auto-Install feature To restore configuration using the CLITo configure the USB Auto-Install using the CLI Testing a new firmware image before installing it Additional CLI commands for the FortiUSB keyTo test a new firmware image Testing a new firmware image before installing it Installing a backup firmware image Installing and using a backup firmware imagePress any key to enter configuration menu To install a backup firmware imageEnter File Name image.out Installing and using a backup firmware image CLI IndexWall mounting Web-based manager, connecting

Related manuals

Manual 272 pages 22.37 Kb