Fortinet 620B manual Configure a DNS server, Adding a default route and gateway

Page 21

 

 

 

Configuring

Configuring NAT mode

Initial PADT Timeout

Initial PPPoE Active Discovery Terminate (PADT) timeout in

 

seconds. Use this timeout to shut down the PPPoE session if it

 

is idle for this number of seconds. Your ISP must support

 

PADT. To disable the PADT timeout, set the value to 0.

Distance

Enter the administrative distance, between 1 and 255 for the

 

default gateway retrieved from the DHCP server. The

 

administrative distance specifies the relative priority of a route

 

when there are multiple routes to the same destination. A

 

lower administrative distance indicates a more preferred route.

Retrieve default gateway from server

Override internal DNS

Enable to retrieve a default gateway IP address from the DHCP server. The default gateway is added to the static routing table.

Enable to use the DNS addresses retrieved from the DHCP server instead of the DNS server IP addresses on the DNS page on System > Network > Options. On FortiGate-100 units and lower, you should also enable Obtain DNS server address automatically in System > Network > Options.

4Select OK.

5Repeat this procedure for each interface as required.

Note: If you change the IP address of the interface you are connecting to, you must connect through a web browser again using the new address. Browse to https:// followed by the new IP address of the interface. If the new IP address of the interface is on a different subnet, you may have to change the IP address of your computer to the same subnet.

Configure a DNS server

A DNS server is a service that converts symbolic node names to IP addresses. A domain name server (DNS server) implements the protocol. In simple terms, it acts as a phone book for the Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet.

DNS server IP addresses are typically provided by your internet service provider.

To configure DNS server settings

1Go to System > Network > Options.

2Enter the IP address of the primary DNS server.

3Enter the IP address of the secondary DNS server.

4Select Apply.

Adding a default route and gateway

A route provides the FortiGate unit with the information it needs to forward a packet to a particular destination. A static route causes packets to be forwarded to a destination other than the default gateway. You define static routes manually. Static routes control traffic exiting the FortiGate unit-you can specify through which interface the packet will leave and to which device the packet should be routed.

In the factory default configuration, entry number 1 in the Static Route list is associated with a destination address of 0.0.0.0/0.0.0.0, which means any/all destinations. This route is called the "static default route". If no other routes are present in the routing table and a packet needs to be forwarded beyond the FortiGate unit, the factory configured static default route causes the FortiGate unit to forward the packet to the default gateway.

FortiGate-620B FortiOS 3.0 MR6 Install Guide

 

01-30006-83054-20081015

21

Image 21
Contents Install G U I D E Regulatory compliance TrademarksContents AMC modules Advanced configurationInstalling firmware from a system reboot using the CLI Using the web-based managerTesting new firmware before installing FortiGate FirmwarePage Register your FortiGate unit IntroductionLacp configuration About the FortiGate-620BAbout this document Document conventions Further ReadingTypographic conventions Addressipv4Fortinet Knowledge Center FortiGate Administration GuideComments on Fortinet technical documentation Customer service and technical supportCustomer service and technical support Environmental specifications InstallingRack mount instructions GroundingMounting To install the FortiGate unit into a rackTo power on the FortiGate unit Connecting to the networkTo power off the FortiGate unit Plugging in the FortiGateConfiguring NAT vs. Transparent modeNAT mode Transparent mode Connecting to the FortiGate unitConnecting to the web-based manager To connect to the web-based managerTo connect to the CLI Connecting to the CLIUsing the web-based manager Configuring NAT modeConfigure the interfaces To configure interfaces Go to System Network InterfaceAdding a default route and gateway Configure a DNS serverAdding firewall policies To modify the default gateway Go to Router StaticUsing the CLI To set an interface to use a static addressTo set an interface to use Dhcp addressing To set an interface to use PPPoE addressing To configure DNS server settingsTo add an outgoing traffic firewall policy To modify the default gatewayConfiguring Transparent mode Switching to Transparent modeTo switch to Transparent mode Go to System Status Source Address All Destination Interface To switch to Transparent mode Backing up the configuration Verify the configurationAdditional configuration Restoring a configurationSet the Administrator password Set the time and dateUpdating antivirus and IPS signatures Configure FortiGuardAdditional configuration Protection profiles Advanced configurationFirewall policies Firewall policiesAntivirus options Configuring firewall policiesAntiSpam options Web filtering Logging Installing modules Installing AMC filler unitsTo install the filler module AMC modulesRemoving modules Using the AMC modulesHard disk module To insert a module into a FortiGate chassisTo format the ASM-S08 hard disk enter the following command Log configuration using the web-based managerFormatting the hard disk Execute formatlogdiskChanging interfaces to operate in Sgmii or SerDes mode Log configuration using the CLIFortiAnalyzer command config log disk setting enable Viewing logsConfig system interface edit AMC-SW1/1 Set speed auto End Configure the speedUsing the AMC modules Downloading firmware FortiGate FirmwareUsing the web-based manager Upgrading the firmwareReverting to a previous version Backup and Restore from a USB key Using the USB Auto-InstallTo revert to a previous firmware version Using the CLI To upgrade the firmware using the CLIExecute ping Execute restore image image.out Execute restore image namestr tftpip4Execute update-now To revert to a previous firmware version using the CLIExecute restore image namestr tftpipv4 Installing firmware from a system reboot using the CLIExecute restore image image28.out Execute restore config namestr tftpip4Execute reboot To install firmware from a system rebootPress any key to display configuration menu Enter Tftp server addressTo backup configuration using the CLI Restoring the previous configurationEnter Local Address Enter File Name image.outAdditional CLI Commands for a USB key To restore configuration using the CLITo configure the USB Auto-Install using the CLI To test the new firmware image Testing new firmware before installingTesting new firmware before installing Testing new firmware before installing Index Web filtering 37 web-based manager Page Page

620B specifications

The Fortinet 620B is a state-of-the-art security appliance designed to provide comprehensive cybersecurity solutions for medium to large enterprises. As part of Fortinet's FortiGate series, the 620B combines advanced security features with robust performance capabilities, ensuring that organizations can protect their networks against an evolving threat landscape.

One of the standout features of the Fortinet 620B is its exceptional threat protection capabilities. The device utilizes Fortinet's proprietary FortiOS operating system, which integrates multiple security functions, including firewall, intrusion prevention system (IPS), virtual private network (VPN), and antivirus. This unified approach enables organizations to enforce consistent security policies across their network without compromising performance.

The FortiGate 620B is powered by Fortinet's purpose-built security processing unit (SPU) architecture, which significantly accelerates threat detection and mitigation processes. With multi-core processing capabilities, the device can handle high volumes of traffic while maintaining low latency, making it suitable for environments with heavy data flows. This performance is critical for organizations requiring real-time inspection of encrypted traffic, as the 620B offers strong decryption capabilities without sacrificing throughput.

In addition to its security features, the Fortinet 620B includes advanced networking technologies. The device supports software-defined networking (SDN) and integrates with Fortinet’s Security Fabric, allowing for enhanced visibility and control across the entire network ecosystem. This fabric architecture enables seamless communication between multiple devices, streamlining the management of security policies and improving overall network efficiency.

Another key characteristic of the FortiGate 620B is its scalability. Organizations can easily scale their deployment to meet growing demands by utilizing additional Fortinet appliances and services. The device also provides extensive reporting and analytics features, offering insights into network usage and security incidents, empowering security teams to make informed decisions.

Overall, the Fortinet 620B is an exceptional solution for organizations looking to strengthen their network security posture. With its combination of powerful threat protection, high performance, and advanced networking capabilities, it stands out as a reliable choice for safeguarding critical business operations in today's digital landscape. Its comprehensive feature set, combined with Fortinet's commitment to innovation, makes the FortiGate 620B a formidable asset for any cybersecurity strategy.