Fortinet 100, 50A/50B manual Transparent mode

Page 35

 

 

Configuring the FortiGate unit

Preventing the public interface from responding to ping requests

Transparent mode

In Transparent mode, the FortiGate unit is invisible to the network. Similar to a network bridge, all FortiGate interfaces must be on the same subnet. You only have to configure a management IP address so that you can make configuration changes. The management IP address is also used for antivirus and attack definition updates.

You typically use the FortiGate unit in Transparent mode on a private network behind an existing firewall or behind a router. The FortiGate unit performs firewall functions, IPSec VPN, virus scanning, IPS web content filtering, and Spam filtering.

Figure 10: Example Transparent mode network configuration for a FortiGate-100

Internal network

Internal

 

Internal

Internet

External

 

Router

FortiGate-100

 

DMZ

DMZ network

Web Server

Mail Server

Preventing the public interface from responding to ping requests

The factory default configuration of your FortiGate unit allows the default public interface to respond to ping requests. The default public interface is also called the default external interface, and is the interface of the FortiGate unit that is usually connected to the Internet.

For the most secure operation, you should change the configuration of the external interface so that it does not respond to ping requests. Not responding to ping requests makes it more difficult for a potential attacker to detect your FortiGate unit from the Internet.

A FortiGate unit responds to ping requests if ping administrative access is enabled for that interface. You can use the following procedures to disable ping access for the external interface of a FortiGate unit. You can use the same procedure for any FortiGate interface. You can also use the same procedure in NAT/Route or Transparent mode.

FortiGate-50A/50B, FortiWiFi-50B and FortiGate-100 FortiOS 3.0 MR4 Install Guide

35

01-30004-0265-20070831

Page 34 Page 36
Image 35
Page 34 Page 36
Contents Install G U I D E Regulatory compliance TrademarksContents Configuring the FortiGate unit Factory defaultsFortiGate Firmware Configuring the modem interfaceUsing a wireless network FortiUSB key IndexReverting to a previous firmware version FortiGate-50A IntroductionAbout the FortiGate unit Register your FortiGate unit FortiWiFi-50BFortiGate-50B FortiGate-100FortiMail FortiGuard Subscription ServicesFortinet Family Products FortiClientFortiBridge About this documentFortiAnalyzer FortiReporterTypographic conventions Document conventionsFortinet documentation Comments on Fortinet technical documentation Customer service and technical supportFortinet Tools and Documentation CD Fortinet Knowledge CenterCustomer service and technical support Package Contents Installing the FortiGate unitSpecifications Technical Specifications DimensionsWeight Power RequirementsFortiWiFi-50B package contents Back FortiGate-100 package contents FrontMounting Powering on the FortiGate unitTo power on the FortiGate unit Power over Ethernet Connecting to the web-based manager Powering off the FortiGate unitConnecting to the FortiGate unit Command line interfaceTo connect to the web-based manager FortiGate loginStop bits Flow control Connecting to the CLITo connect to the CLI Bits per second 9600 Data bits ParityQuick configuration using default settings Quick installation using factory defaultsGo to System Network Options Quick installation using factory defaults Factory defaults Factory default NAT/Route mode network configuration Factory default Dhcp server configurationManagement IP Factory default Transparent mode network configurationFactory default firewall configuration Administrative accessFactory default protection profiles To reset the default settings Go to System Status Restoring the default settingsRestoring the default settings using the web-based manager Restoring the default settings using the CLIRestoring the default settings NAT/Route mode Configuring the FortiGate unitPlanning the FortiGate configuration Internet Router NAT/Route mode with multiple external network connectionsTransparent mode Go to System Network Interface NAT/Route mode installationPreparing to configure the FortiGate unit in NAT/Route mode NAT/Route mode settingsConfiguring basic settings Dhcp or PPPoE configurationUsing the web-based manager To add a default route Go to Router Static Adding a default routeTo configure interfaces Go to System Network Interface Verify the connection Verifying the web-based manager configurationUsing the command line interface Configuring the FortiGate unit to operate in NAT/Route modeTo set the external interface to use PPPoE, enter To configure DNS server settingsExample To set the external interface to use DHCP, enterTo add a default route To connect the FortiGate unit Connecting the FortiGate unit to the networksConfiguring the networks DNS Settings Transparent mode installationPreparing to configure Transparent mode Transparent mode settings Administrator PasswordTo verify the DNS server settings To change to Transparent mode using the CLITo connect the FortiGate unit running in Transparent mode Reconnecting to the web-based managerConnecting the FortiGate unit to your network Set the date and time Next stepsUpdating antivirus and IPS signatures Updating the IPS signatures from the CLI Scheduling antivirus and IPS updatesTo update IPS signatures using the CLI To enable schedule updates from the CLIAdding an override server To add an override server using the CLINext steps Connecting a modem to the FortiGate-50A Configuring the modem interfaceStand alone mode configuration Selecting a modem modeRedundant mode configuration Mode must be standalone Interface name Configuring the modem for the FortiGate-50APhone-number CLI commands for the FortiGate-50ADead gateway detection Adding a Ping ServerAdding firewall policies for modem connections Setting up a wireless network Using a wireless networkRadio Frequency interface Positioning an Access PointUsing multiple APs to provide a constant strong signal Using multiple access pointsWi-Fi Protected Access WPA Wireless SecurityWireless Equivalent Privacy WEP Additional security measures FortiWiFi-50B operation modesService Set Identifier Access Point modeFortiWiFi in Access Point mode Client modeSet the Dhcp settings Setting up the FortiWiFi-50B as an Access PointChanging the operating mode Set the security options Configure the firewall policiesTo set the data security Go to System Wireless Settings Upgrading to a new firmware version Upgrading the firmware using the web-based managerTo upgrade the firmware using the web-based manager FortiGate FirmwareTo upgrade the firmware using the CLI Upgrading the firmware using the CLIReverting to a previous firmware version For information, see the FortiGate Administration GuideTo revert to a previous firmware version using the CLI Reverting to a previous firmware version using the CLIExecute ping To install firmware from a system reboot Press Any Key To Download Boot Image Restoring the previous configuration FortiUSB key Backup and Restore from the FortiUSB keyTo backup configuration using the CLI To configure the USB Auto-Install using the CLI Using the USB Auto-Install featureTo restore configuration using the CLI To test a new firmware image Testing a new firmware image before installing itAdditional CLI commands for the FortiUSB key Testing a new firmware image before installing it Installing a backup firmware image Installing and using a backup firmware imagePress any key to enter configuration menu To install a backup firmware imageEnter File Name image.out Installing and using a backup firmware image CLI IndexWall mounting Web-based manager, connecting
Related manuals
Manual 272 pages 22.37 Kb
Top Page Image Contents