Fortinet 100 user manual Viewing the interface list, Bringing up an interface

Page 110

Viewing the interface list

Network configuration

 

 

Viewing the interface list

Use the following procedure to view the interface list.

1Go to System > Interface.

The interface list is displayed. The interface list shows the following status information for all of the FortiGate interfaces:

The IP address of the interface

The netmask of the interface

The administrative access configuration for the interface

The link status for the interface

If the link status is a green arrow, the interface is up and can accept network traffic. If the link status is a red arrow, the interface is down and cannot accept traffic. To bring an interface up, see the procedure “Bringing up an interface”.

Bringing up an interface

If the link status of an interface on the interface shows that it is down, you can use the following procedure to bring the interface up.

1Go to System > Interface. The interface list is displayed.

2Select Bring Up for the interface that you want to bring up.

Changing an interface static IP address

Use the following procedure to change the static IP address of any FortiGate interface. You can also use this procedure to add an IP address to an interface.

1Go to System > Network > Interface.

2Select Modify for the interface to change.

3Change the IP address and Netmask as required.

The IP address of the interface must be on the same subnet as the network the interface is connecting to.

Two interfaces cannot have the same IP address and cannot have IP addresses on the same subnet.

4Select OK to save your changes.

If you changed the IP address of the interface that you are connecting to manage the FortiGate unit, you must reconnect to the web-based manager using the new interface IP address.

Adding a secondary IP address to an interface

You can use the CLI to add a secondary IP address to any FortiGate interface. The secondary IP address cannot be the same as the primary IP address but it can be on the same subnet.

To add a secondary IP address from the CLI enter the command:

set system interface internal config secip <second_ip> <netmask_ip>

110

Fortinet Inc.

Page 109 Page 111
Image 110
Page 109 Page 111
Contents Installation and Configuration Guide AugustTrademarks Regulatory ComplianceTable of Contents NAT/Route mode installation System status Virus and attack definitions updates and registration RIP configuration 121 Users and authentication 173 IPSec VPN 181 Network Intrusion Detection System Nids 221 Glossary 259 Index 263 Contents Introduction Antivirus protectionWeb content filtering Email filteringNAT/Route mode FirewallTransparent mode Network intrusion detectionSecure installation, configuration, and management Web-based managerCommand line interface FortiGate web-based manager and setup wizardWhat’s new in Version System administrationNetwork configuration Logging and reportingDhcp server Replacement messagesUsers and authentication FirewallEmail filter AntivirusWeb Filter About this document Document conventions Fortinet documentation Comments on Fortinet technical documentationCustomer service and technical support Comments on Fortinet technical documentation Getting started Package contents MountingPowering on Environmental specificationsConnecting to the web-based manager Connecting to the web-based managerBits per second 9600 Data bits Parity Connecting to the command line interface CLIFactory default FortiGate configuration settings Stop bits Flow controlInternal interface Factory default NAT/Route mode network configurationAccount External interfaceFactory default Transparent mode network configuration Factory default firewall configurationAuthentication Factory default content profilesFactory default firewall configuration Traffic Shaping Antivirus & Web FilterStrict content profile Options Strict content profileScan content profile Scan content profile OptionsWeb content profile Options Web content profileUnfiltered content profile Unfiltered content profile OptionsPlanning your FortiGate configuration Example NAT/Route mode network configurationNAT/Route mode with multiple external network connections Example NAT/Route multiple internet connection configurationConfiguration options Setup WizardFortiGate model maximum values matrix Next steps Configuration options Getting started Internal servers NAT/Route mode installationPreparing to configure NAT/Route mode DMZ interface Advanced NAT/Route mode settingsAdvanced FortiGate NAT/Route mode settings Dhcp serverUsing the setup wizard Using the command line interfaceSet system interface external mode static ip 204.23.1.5 Connecting the FortiGate unit to your networks FortiGate-100 NAT/Route mode connectionsConfiguring the DMZ interface Configuring your networksCompleting the configuration Setting the date and timeEnabling antivirus protection Configuration example Multiple connections to the InternetConfiguring virus and attack definition updates Registering your FortiGateExample multiple Internet connection configuration Using the CLI Configuring Ping serversPrimary and backup links to the Internet Destination based routing examplesLoad sharing Load sharing and primary and secondary connectionsAdding the routes using the CLI Routing table should have routes arranged as shown in TableRouting a service to an external network Policy routing examplesAdding more firewall policies Adding a redundant default policyFirewall policy example Action AcceptRestricting access to a single Internet connection Transparent mode settings Administrator Password Transparent mode installationPreparing to configure Transparent mode DNS SettingsChanging to Transparent mode Go to System StatusConfiguring the Transparent mode management IP address Configure the Transparent mode default gatewayFortiGate-100 Transparent mode connections Setting the date and time Transparent mode configuration examples Default routes and static routesGeneral configuration steps Default route to an external networkGo to System Network Management Web-based manager example configuration stepsCLI configuration steps Go to System Network RoutingStatic route to an external destination Set system route number 1 dst 24.102.233.5 255.255.255.0 gw1 Example static route to an internal destination Set system route number 1 dst 172.16.1.11 255.255.255.0 gw1 System status System statusChanging the FortiGate firmware Firmware upgrade procedures Procedure DescriptionChanging the FortiGate host name Upgrading the firmware using the CLI Upgrade to a new firmware versionUpgrading the firmware using the web-based manager Execute restore image namestr tftpip Revert to a previous firmware versionReverting to a previous firmware version using the CLI Execute ping Install a firmware image from a system reboot using the CLI To install firmware from a system rebootPress Any Key To Download Boot Image Test a new firmware image before installing it Restoring your previous configurationTest a new firmware image before installing it Installing and using a backup firmware image Installing a backup firmware imageInstalling and using a backup firmware image Switching to the backup firmware image Manual virus definition updates Switching back to the default firmware imageDisplaying the FortiGate serial number Manual attack definition updatesBacking up system settings Displaying the FortiGate up timeRestoring system settings Restoring system settings to factory defaultsRestarting the FortiGate unit Changing to Transparent modeChanging to NAT/Route mode Viewing CPU and memory status Shutting down the FortiGate unitSystem status Viewing sessions and network status Go to System Status MonitorViewing virus and intrusions status Sessions and network status monitorSession list Viewing the session list Go to System Status SessionTo IP Virus and attack definitions updates and registration Updating antivirus and attack definitionsConnecting to the FortiResponse Distribution Network Version Expiry date Last update attempt Last update statusConfiguring scheduled updates Go to System UpdateSuccessful Update FDN error Configuring update loggingGo to Log&Report Log Setting Manually updating antivirus and attack definitions Configuring push updatesAdding an override server Push updates and external dynamic IP addresses To enable push updatesAbout push updates Push updates through a NAT deviceExample push updates through a NAT device Example network topology Push updates through a NAT deviceGeneral procedure Go to Firewall Virtual IPSchedule Always Service ANY Action Accept Adding a firewall policy for the port forwarding virtual IPScheduled updates through a proxy server 100101 FortiCare Service ContractsRegistering FortiGate units Registering the FortiGate unit 102103 Registering a FortiGate unit product informationViewing the list of registered FortiGate units Recovering a lost Fortinet support passwordUpdating registration information 104105 Registering a new FortiGate unitAdding or changing a FortiCare Support Contract number Changing your contact information or security question Changing your Fortinet support passwordDownloading virus and attack definitions updates 106Registering a FortiGate unit after an RMA 107108 109 Network configurationConfiguring interfaces Changing an interface static IP address Viewing the interface listBringing up an interface Adding a secondary IP address to an interface111 Controlling management access to an interfaceAdding a ping server to an interface Configuring the external interface for Dhcp Configuring traffic logging for connections to an interfaceConfiguring the external interface with a static IP address Configuring the external interface for PPPoE 113Configuring the management interface Transparent mode 115 Configuring routingAdding DNS server IP addresses Go to System Network DNSAdding a default route Adding destination-based routes to the routing tableAdding routes in Transparent mode 117Configuring the routing table Policy routing119 Providing Dhcp services to your internal networkPolicy routing command syntax Go to System Network DhcpViewing the dynamic IP list 120RIP configuration 121122 RIP settingsGo to System RIP Settings Invalid Update123 Holddown124 Configuring RIP for FortiGate interfacesPassword ModeAdding RIP neighbors Go to System RIP Neighbor Adding RIP neighbors125 126 Adding RIP filtersAdding a single RIP filter Go to System RIP FilterAdd the IP address of the route Adding a RIP filter list127 Mask Add the netmask of the route Action128 Adding a neighbors filterAdding a routes filter To set the date and time Go to System Config Time System configurationSetting system date and time 129130 To set the system idle timeoutChanging web-based manager options 131 To set the Auth timeoutTo modify the Dead Gateway Detection settings To select a language for the web-based managerGo to System Config Admin Adding and editing administrator accountsAdding new administrator accounts 132133 Editing administrator accountsTo edit an administrator account Go to System Config Admin Configuring FortiGate Snmp support Configuring SnmpConfiguring the FortiGate unit for Snmp monitoring Go to System Config Snmp v1/v2cTrap Community Trap Receiver IP Addresses FortiGate MIBs135 FortiGate MIBs MIB file name Description EtherLike.mib136 Customizing replacement messagesFortiGate traps FortiGate traps Trap message Description137 Customizing replacement messagesGo to System Config Replacement Messages Alert email message sections Customizing alert emails138 139 Alert email message sections140 Firewall configuration 141142 Default firewall configurationAddresses Schedules ServicesContent profiles 143Go to Firewall Policy Adding firewall policies144 145 146 VPN TunnelTraffic Shaping Dynamic IP Pool Fixed Port147 AuthenticationAnti-Virus & Web filter 148 Log TrafficComments Changing the order of policies in a policy list Configuring policy listsPolicy matching in detail 149Disabling a policy AddressesEnabling and disabling policies Enabling a policyGo to Firewall Address Adding addresses151 Organizing addresses into address groups Editing addressesDeleting addresses 152153 ServicesPredefined services 154 ANY155 IRCGo to Firewall Service Custom Providing access to custom servicesGrouping services Go to Firewall Service GroupSchedules 157158 Creating one-time schedulesCreating recurring schedules Go to Firewall Schedule One-timeAdding a schedule to a policy 159160 Virtual IPsAdding static NAT virtual IPs Adding port forwarding virtual IPs 161162 Adding policies with virtual IPs 163164 IP poolsAdding an IP pool Go to Firewall IP Pool165 IP Pools for firewall policies that use fixed portsIP pools and dynamic NAT 166 Go to Firewall IP/MAC Binding SettingIP/MAC binding Go to Firewall IP/MAC Binding Static IP/MACAdding IP/MAC addresses 167168 Viewing the dynamic IP/MAC listEnabling IP/MAC binding Go to Firewall IP/MAC Binding Dynamic IP/MACContent profiles 169Go to Firewall Content Profile Default content profilesAdding a content profile 170Oversized File/Email Block Pass Fragmented Email Adding a content profile to a policy171 172 Users and authentication 173Adding user names and configuring authentication Setting authentication timeoutAdding user names and configuring authentication 174Deleting user names from the internal database 175Deleting Radius servers Configuring Radius supportAdding Radius servers 176177 Configuring Ldap supportAdding Ldap servers Go to User LdapDeleting Ldap servers 178179 Configuring user groupsAdding user groups Go to User User GroupDeleting user groups 180IPSec VPN 181AutoIKE with pre-shared keys Key managementManual Keys AutoIKE with certificatesAdding a manual key VPN tunnel General configuration steps for a manual key VPNManual key IPSec VPNs 183184 Go to VPN Ipsec Phase General configuration steps for an AutoIKE VPNAdding a phase 1 configuration for an AutoIKE VPN AutoIKE IPSec VPNsRemote Gateway Dialup User 186Remote Gateway Static IP Address Configuring advanced options 187188 Adding a phase 2 configuration for an AutoIKE VPN 189190 191 Managing digital certificatesObtaining a signed local certificate Go to VPN Local Certificates Generating the certificate request192 193 Downloading the certificate requestRequesting the signed local certificate 194 Retrieving the signed local certificateImporting the signed local certificate Importing a CA certificate Obtaining a CA certificateRetrieving a CA certificate 195Configuring encrypt policies 196Adding an encrypt policy Adding a source addressAdding a destination address 197198 Adding an encrypt policy199 VPN concentrator hub general configuration stepsIPSec VPN concentrators 200 Source InternalAll Destination VPN spoke address ActionGo to VPN IPSec Concentrator Adding a VPN concentrator201 VPN Tunnel VPN spoke general configuration steps202 Policies203 Configuring redundant IPSec VPNRedundant IPSec VPNs See Adding a phase 1 configuration for an AutoIKE VPN on 204Viewing dialup VPN connection status Monitoring and Troubleshooting VPNsViewing VPN tunnel status 205Go to VPN IPSec Dialup Testing a VPN206 207 Configuring PptpPptp and L2TP VPN Enabling Pptp and specifying an address range Configuring the FortiGate unit as a Pptp gatewayAdding users and user groups 208Adding an address group 209Go to Start Settings Control Panel Network Configuring a Windows 98 client for PptpInstalling Pptp support Adding a firewall policyConfiguring a Windows 2000 client for Pptp Configuring a Pptp dialup connectionConnecting to the Pptp VPN 211212 Configuring a Windows XP client for PptpConfiguring the VPN connection Go to Start Control PanelConfiguring L2TP 213214 Configuring the FortiGate unit as a L2TP gatewayEnabling L2TP and specifying an address range Go to VPN L2TP L2TP RangeSample L2TP address range configuration 215216 Disabling IPSec Configuring a Windows 2000 client for L2TPConfiguring an L2TP dialup connection 217Configuring an L2TP VPN dialup connection Connecting to the L2TP VPNConfiguring a Windows XP client for L2TP Go to Start Settings219 220 221 Network Intrusion Detection System NidsDetecting attacks Disabling the Nids Configuring checksum verificationSelecting the interfaces to monitor 222223 Viewing the signature listViewing attack descriptions Go to Nids Detection Signature List224 Enabling and disabling Nids attack signaturesAdding user-defined signatures Go to Nids Detection User Defined Signature ListEnabling Nids attack prevention Preventing attacksDownloading the user-defined signature list 225226 Setting signature threshold valuesEnabling Nids attack prevention signatures 227 Logging attacks Configuring synflood signature valuesValue Description Minimum Maximum Default Logging attack messages to the attack logManual message reduction Reducing the number of Nids attack log and email messagesAutomatic message reduction 229230 231 General configuration stepsAntivirus protection To scan FortiGate firewall traffic for viruses Antivirus scanning232 Adding file patterns to block File blockingBlocking files in firewall traffic 233Exempting fragmented email from blocking Configuring limits for oversized files and emailBlocking oversized files and emails Viewing the virus listWeb filtering 235Adding words and phrases to the banned word list Content blockingGo to Web Filter Content Block 236Adding URLs or URL patterns to the block list Using the FortiGate web filterURL blocking 237Clearing the URL block list 238239 Downloading the URL block listUploading a URL block list Adding a Cerberian user to the FortiGate unit Using the Cerberian web filterInstalling a Cerberian license key on the FortiGate unit 240To configure the Cerberian web filtering Configuring Cerberian web filterAbout the default group and policy Enabling Cerberian URL filteringSelecting script filter options Script filteringEnabling the script filter 242243 Exempt URL listAdding URLs to the exempt URL list Go to Web Filter Exempt URL244 Email filter 245246 Go to Email Filter Content BlockEmail banned word list Adding address patterns to the email block list Email block listEmail exempt list 247Adding address patterns to the email exempt list To add a subject tag Go to Email Filter ConfigAdding a subject tag 248249 Logging and reportingRecording logs 250 Recording logs on a remote computerRecording logs on a NetIQ WebTrends server 251 Filtering log messagesRecording logs in system memory Example log filter configuration 252Enabling traffic logging for an interface Configuring traffic loggingEnabling traffic logging Enabling traffic logging for a firewall policyAdding traffic filter entries Configuring traffic filter settingsGo to Log&Report Log Setting Traffic Filter 254Viewing logs Destination IP Address Destination Netmask ServiceViewing logs saved to memory 255Adding alert email addresses Configuring alert emailSearching logs 256257 Testing alert emailEnabling alert email Go to Log&Report Alert Mail Categories258 Glossary 259260 261 262 Index 263264 Index265 FDS266 Ldap267 MIB268 RMA269 TCP270 UDP271 272
Related manuals
Manual 84 pages 47.25 Kb
Top Page Image Contents