Checking the Package Contents

LED	State	Description
Power	Green	The FortiGate unit is on.

	Off	The FortiGate unit is off.
	Off	The FortiGate unit is off.

	Green	The correct cable is in use and the connected equip-
Display Panel LEDs:		ment has power.
1, 2, 3, 4	Flashing	Network activity at this interface.
5/HA, INT, EXT	Green
	Off	No link established.

	Amber	The link is up.
	Flashing	Network activity at this interface.
Port 1	Amber
	Green	Link speed is 100Mb/s
	Off	Link speed is 10Mb/s
	Amber	The link is up.

	Flashing	Network activity at this interface.
Internal, External	Amber
	Green	Link speed is 1000Mb/s
	Off	Link speed is 100Mb/s

						POWER		1	2	3
Esc	Enter
						Hi-Temp		4	5/HA	INT	EXT
	1	2	3	4	5/HA		INTERNAL		EXTERNAL

FortiGate-3600

Products mentioned in this document are trademarks or registered trade- marks of their respective holders.

Regulatory Compliance

FCC Class A Part 15 CSA/CUS01-30006-0041-20090123

23 January 2009

Connector	Type	Speed	Protocol	Description
Internal	SC	1000Base-SX	Ethernet	Copper gigabit connection to the internal
				network.
External	SC	1000Base-SX	Ethernet	Copper gigabit connection to the internet.

Port 1	RJ-45	10/100Base-T	Ethernet	Optional connection to a 10/100Base-T network.

Port 2 to 4	SC	1000Base-SC	Ethernet	Optional multimode fiber optic connections to
				other networks.
Port 5/HA	SC	1000Base-SC	Ethernet	Optional multimode fiber optic connection to an-
				other network, or to other FortiGate-3600 units
				for high availability (HA).
CONSOLE	DB-9	9600 bps	RS-232	Optional connection to the management com-
			serial	puter. Provides access to the command line
				interface (CLI).

Connecting

Connect the FortiGate unit to a power outlet and to the internal and external networks.

Front

						POWER		1	2	3
Esc	Enter
						Hi-Temp		4	5/HA	INT	EXT
	1	2	3	4	5/HA		INTERNAL		EXTERNAL


LCD	Control	1, 2, 3,	4, 5/HA
				Internal	External
				Internal	External
Display	Buttons	Interfaces		Interface Interface

Back

Power

Supply

LEDs

Alarm

Cancel

Redundant

RS-232 Serial Button

Redundant

Hot-Swappable

Connection

Hot Swappable

Fan Assemblies

Power Supplies

Ethernet Cables:

Orange - Crossover

Grey - Straight-through

Null-Modem Cable

(RS-232)

Power Cables (2)

Rack-Mount Brackets

Q u i c k S t a r t G u i d e

FortiGate-3600

Trademarks

Products mentioned in this document are trademarks.

Documentation

•Place the unit on a stable surface.

•The FortiGate unit requires 1.5 inches (3.75 cm) clearance above and on each side to allow for cooling.

•Make sure the power switch on the back of the unit is turned off before connecting the power and network cables.

•MAIN MENU appears when the unit is up and running.

•If only one power supply is connected, an audible alarm sounds to indicate a failed power supply. To stop this alarm, press the red alarm cancel button.

										Optional null modem cable connects
										to serial port on management computer
						POWER	1	2	3
Esc	Enter
						Hi-Temp	4	5/HA	INT	EXT
	1	2	3	4	5/HA	INTERNAL		EXTERNAL

Straight-through Ethernet cable connects		Straight-through Ethernet cable connects
to another network	or	to Internet (public switch, router or modem)
SC fiber optic cables connect to other networks		Power cables connect to power outlets

Crossover Ethernet cable connects to management computer on internal network

Straight-through Ethernet cable connects to LAN or switch on internal network

Planning the Configuration

Before beginning to configure the FortiGate unit, you need to plan how to integrate the unit into your network. Your configuration plan is dependent upon the operating mode that you select: NAT/Route mode (the default) or Transparent mode. Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, FortiGuard, Web content filtering, Spam filtering, intrusion prevention (IPS), and virtual private networking (VPN).

NAT/Route mode

In NAT/Route mode, each FortiGate unit is visible to the network that it is connected to. All of its interfaces are on different subnets. Each interface connected to a network must be configured with an IP address that is valid for that network.

You would typically use NAT/Route mode when the FortiGate unit is deployed as a gateway between private and public networks. In its default NAT/Route mode configuration, the unit functions as a firewall. Firewall policies control communications through the FortiGate unit. No traffic can pass through the FortiGate unit until you add firewall policies.

In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In NAT mode, the FortiGate unit performs network address translation before IP packets are sent to the destination network. In Route mode, no translation takes place.

Internal Network

192.168.1.3

Routing policies controlling traffic between internal networks.

Internal
192.168.1.99	Port 1	Internal
	Port 1	network
External	10.10.10.1	network
External	10.10.10.1

Internet	204.23.1.5
Internet
	Router

10.10.10.2

NAT mode policies controlling traffic between internal and external networks.

Transparent mode

In Transparent mode, the FortiGate unit is invisible to the network. All of its interfaces are on the same subnet. You only have to configure a management IP address so that you can make configuration changes.

You would typically use the FortiGate unit in Transparent mode on a private network behind an existing firewall or behind a router. In its default Transparent mode configuration, the unit functions as a firewall. No traffic can pass through the FortiGate unit until you add firewall policies.

You can connect up to four network segments to the FortiGate unit to control traffic between these network segments.

DMZ network

	Web Server
Port 1	Mail Server
Port 1

External

Internet

Router Internal

Internal network

Hub or switch