Fortinet 800/800F manual To modify the default gateway, To add an outgoing traffic firewall policy

Page 23

 

 

 

Configuring

Configuring NAT mode

In the factory default configuration, entry number 1 in the Static Route list is associated with a destination address of 0.0.0.0/0.0.0.0, which means any/all destinations. This route is called the "static default route". If no other routes are present in the routing table and a packet needs to be forwarded beyond the FortiGate unit, the factory configured static default route causes the FortiGate unit to forward the packet to the default gateway.

For an initial configuration, you must edit the factory configured static default route to specify a different default gateway for the FortiGate unit. This will enable the flow of data through the FortiGate unit.

For details on adding additional static routes, see the FortiGate Administration Guide.

To modify the default gateway

config router static edit <seq_num>

set gateway <gateway_IP> set device <interface>

end

Adding firewall policies

Firewall policies enable traffic to flow through the FortiGate interfaces. Firewall policies to define the FortiGate unit process the packets in a communication session. You can configure the firewall policies to allow only specific traffic, users and specific times when traffic is allowed.

For the initial installation, a single firewall policy that enables all traffic through will enable you to verify your configuration is working. On lower-end units such a default firewall policy is already in place. For the higher end FortiGate units, you will need to add a firewall policy.

The following steps add two policies that allows all traffic through the FortiGate unit, to enable you to continue testing the configuration on the network.

To add an outgoing traffic firewall policy

config firewall profile

edit <seq_num>

set srcintf <source_interface> set srcaddr <source_IP>

set dstintf <destination_interface> set dstaddr <destination_IP>

set schedule always set service ANY set action accept

end

To create an incoming traffic firewall policy, use the same commands with the addresses reversed.

Note that these policies allow all traffic through. No protection profiles have been applied. Ensure you create additional firewall policies to accommodate your network requirements.

FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide

 

01-30006-0455-20080910

23

Image 23
Contents Install G U I D E Regulatory compliance TrademarksContents FortiGate Firmware Advanced configurationIndex Installing firmware from a system reboot using the CLITesting new firmware before installing Page Register your FortiGate unit IntroductionDocument conventions About the FortiGate-800/800FAbout this document Typographic conventions Further ReadingComments on Fortinet technical documentation Customer service and technical supportFortinet Knowledge Center Environmental specifications InstallingRack mount instructions GroundingMounting To install the FortiGate unit into a rackPlugging in the FortiGate Connecting to the networkTo power on the FortiGate unit To power off the FortiGate unitNAT mode NAT vs. Transparent modeTo connect to the web-based manager Connecting to the FortiGate unitTransparent mode Connecting to the web-based managerTo connect to the CLI Connecting to the CLITo configure interfaces Go to System Network Interface Configuring NAT modeUsing the web-based manager Configure the interfacesAdding a default route and gateway Configure a DNS serverAdding firewall policies To modify the default gateway Go to Router StaticTo set an interface to use Dhcp addressing Using the CLITo set an interface to use a static address To set an interface to use PPPoE addressing To configure DNS server settingsTo add an outgoing traffic firewall policy To modify the default gatewayTo switch to Transparent mode Go to System Status Configuring Transparent modeSwitching to Transparent mode Source Address All Destination Interface To switch to Transparent mode Backing up the configuration Verify the configurationSet the time and date Restoring a configurationAdditional configuration Set the Administrator passwordUpdating antivirus and IPS signatures Configure FortiGuardAdditional configuration Protection profiles Advanced configurationFirewall policies Firewall policiesAntivirus options Configuring firewall policiesAntiSpam options Web filtering Logging Downloading firmware FortiGate FirmwareReverting to a previous version Using the web-based managerUpgrading the firmware To revert to a previous firmware version Backup and Restore from a USB keyUsing the USB Auto-Install To upgrade the firmware using the CLI Using the CLITo revert to a previous firmware version using the CLI Execute restore image namestr tftpip4Execute restore image namestr tftpipv4 Installing firmware from a system reboot using the CLIPress any key to display configuration menu To install firmware from a system rebootTo backup configuration using the CLI Restoring the previous configurationTo configure the USB Auto-Install using the CLI Additional CLI Commands for a USB keyTo restore configuration using the CLI To test the new firmware image Testing new firmware before installingTesting new firmware before installing Testing new firmware before installing Index Web filtering 35 web-based manager Page Page

800/800F specifications

Fortinet has established itself as a leader in cybersecurity solutions, and the FortiGate 800/800F series is a testament to this reputation. These next-generation firewalls are designed to deliver high-performance security for enterprise-level networks, providing a robust defense against a multitude of cyber threats.

One of the standout features of the FortiGate 800/800F is its advanced security processing unit (SPU) architecture, which ensures unparalleled threat detection and prevention capabilities. The inclusion of purpose-built chips allows for deep packet inspection at high speeds without hindering network performance. This architecture enables organizations to maintain high throughput while applying comprehensive security policies.

The FortiGate 800/800F series supports a wide array of security features, including intrusion prevention system (IPS), web filtering, and antivirus capabilities. These functionalities work together to monitor and protect against a range of cyber threats, from malware to sophisticated DDoS attacks. Additionally, the firewalls are equipped with FortiSandbox integration, providing automated malware analysis and ensuring that zero-day threats are effectively identified and neutralized in real-time.

In terms of networking capabilities, the FortiGate firewalls support advanced routing protocols, enabling seamless integration into existing network infrastructures. The series also includes support for VPN functionalities, which are crucial for secure remote access. With features like SSL inspection and secure SD-WAN, businesses can leverage flexible connectivity options while ensuring that sensitive data remains protected.

The FortiOS operating system enhances the FortiGate 800/800F series with centralized management capabilities, allowing administrators to configure and monitor security policies with ease. The intuitive user interface simplifies complex tasks, aiding in the rapid deployment and scalability of security measures across large networks.

High availability and redundancy features are also integral to the FortiGate 800/800F design. The series supports active-active and active-passive configurations, ensuring continuous protection and minimizing downtime during maintenance or unexpected failures.

In summary, the FortiGate 800/800F series stands out for its powerful performance, advanced security features, and robust networking capabilities. Organizations seeking to bolster their cybersecurity posture will find these firewalls to be invaluable tools in safeguarding their digital environments and ensuring business continuity in an increasingly complex threat landscape.