Fortinet MR8 manual Planning the FortiGate configuration, NAT/Route mode

Page 23

Getting started	Planning the FortiGate configuration

Web	To apply antivirus scanning and web content blocking to HTTP content
	traffic. You can add this protection profile to firewall policies that control
	HTTP traffic.
Unfiltered	To apply no scanning, blocking or IPS. Use if you do not want to apply
	content protection to content traffic. You can add this protection profile to
	firewall policies for connections between highly trusted or highly secure
	networks where content does not need to be protected.

Figure 5: Web protection profile settings

Planning the FortiGate configuration

Before you configure the FortiGate unit, you need to plan how to integrate the unit into the network. Among other things, you must decide whether you want the unit to be visible to the network, which firewall functions you want it to provide, and how you want it to control the traffic flowing between its interfaces.

Your configuration plan depends on the operating mode that you select. The FortiGate unit can be configured in one of two modes: NAT/Route mode (the default) or Transparent mode.

You can also configure the FortiGate unit and the network it protects using the default settings.

NAT/Route mode

In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its interfaces are on different subnets. The following interfaces are available in NAT/Route mode:

•Internal is the interface to the internal network.

•WAN1 is the default interface to the external network (usually the Internet).

•WAN2 is the redundant interface to the external network.

•DMZ is the interface to the DMZ network.

•Modem is the interface for connecting an external modem to the FortiGate-60. See “Configuring the modem interface” on page 55

FortiGate-60 Installation Guide

01-28008-0018-20050128

23

Image 23

Contents January 01-28008-0018-20050128 Installation GuideRegulatory Compliance TrademarksTable of Contents Index Introduction Secure installation, configuration, and managementWeb-based manager Command line interfaceDocument conventions Setup wizardFortiGate documentation FortiGate Installation GuideFortiManager documentation Related documentationFortinet Knowledge Center Comments on Fortinet technical documentationFortiLog documentation Customer service and technical supportFortiMail documentation Customer service and technical support Customer service and technical support Getting started Mounting Package contentsTo power on the FortiGate unit Turning the FortiGate unit power on and offPower requirements Environmental specificationsTo connect to the web-based manager Connecting to the web-based managerStop bits Flow control Connecting to the command line interface CLITo connect to the CLI Bits per second 9600 Data bits ParityGo to System Network DNS Quick installation using factory defaultsFactory default Dhcp server configuration Factory default FortiGate configuration settingsFactory default NAT/Route mode network configuration Management IP Factory default Transparent mode network configurationFactory default firewall configuration Administrative accessScan Factory default protection profilesStrict NAT/Route mode Planning the FortiGate configurationExample NAT/Route mode network configuration NAT/Route mode with multiple external network connectionsExample NAT/Route multiple internet connection configuration Transparent modeNext steps Configuration optionsWeb-based manager and setup wizard Preparing to configure the FortiGate unit in NAT/Route mode NAT/Route mode installationPPPoE settings User name Password Using the web-based managerDhcp or PPPoE configuration To add a default route Configuring basic settingsTo configure interfaces Go to System Network Interface To configure DNS server settings Go to System Network DNSTo configure interfaces Using the command line interfaceConfiguring the FortiGate unit to operate in NAT/Route mode To add/change the administrator passwordGet system interface ExampleTo configure DNS server settings Using the setup wizardInternal servers Setup wizard settings PasswordExternal Interface Dhcp serverSetup wizard settings Antivirus Connecting the FortiGate unit to the networksStarting the setup wizard FortiGate-60 FortiGate-60 NAT/Route mode connectionsConfiguring the Modem interface Configuring the networksTo register the FortiGate unit Go to System Config TimeTo configure virus, attack, and spam definition updates To set the date and timeGo to System Maintenance Update Center Preparing to configure Transparent mode Transparent mode installationManagement IP To change the Management IP Go to System Network ManagementTo change to Transparent mode using the CLI Reconnecting to the web-based managerTo configure the default gateway To configure the management IP addressTo start the setup wizard Internal Connecting the FortiGate unit to your networkTo register your FortiGate unit Go to System Maintenance Update Center Priorities of heartbeat device and monitor priorities High availability installationConfiguring FortiGate units for HA operation High availability configuration settingsGroup ID MAC Address To change the FortiGate unit host name Config system global Set hostname namestr end Configuring FortiGate units for HA using the CLITo configure the FortiGate unit for HA operation Connecting the cluster to your networksTo connect the cluster HA network configurationInstalling and configuring the cluster Installing and configuring the cluster Redundant mode configuration Configuring the modem interfaceSelecting a modem mode To operate in standalone mode Go to System Network Modem Standalone mode configurationRedundant for Configuring modem settingsMode Auto-dialTo connect to a dialup account Go to System Network Modem Connecting and disconnecting the modem in Standalone modeTo configure modem settings Go to System Network Modem ISP Defining a Ping ServerDead gateway detection To disconnect the modemAdding firewall policies for modem connections CLI IndexIndex