Fortinet 310B manual Configuring NAT mode, Using the web-based manager, Configure the interfaces

Page 20

Configuring NAT mode

Configuring

Configuring NAT mode

Configuring NAT mode involves defining interface addresses and default routes, and simple firewall policies. You can use the web-based manager or the CLI to configure the FortiGate unit in NAT/Route mode.

Using the web-based manager

After connecting to the web-based manager, you can use the following procedures to complete the basic configuration of the FortiGate unit. Ensure you read the section “Connecting to the web-based manager” on page 18 before beginning.

Configure the interfaces

When shipped, the FortiGate unit has a default address of 192.168.1.99 and a netmask of 255.255.255.0. for either the Port 1 or Internal interface. You need to configure this and other ports for use on your network.

To configure interfaces

1Go to System > Network > Interface.

2Select the edit icon for an interface.

3Set the Addressing Mode for the interface.

For Manual addressing, enter the IP address and netmask for the interface.

For DHCP addressing, select DHCP and complete the following:

Distance

Enter the administrative distance, between 1 and 255 for the

 

default gateway retrieved from the DHCP server. The

 

administrative distance specifies the relative priority of a route

 

when there are multiple routes to the same destination. A

 

lower administrative distance indicates a more preferred route.

Retrieve default gateway from server

Override internal DNS

Enable to retrieve a default gateway IP address from the DHCP server. The default gateway is added to the static routing table.

Enable to use the DNS addresses retrieved from the DHCP server instead of the DNS server IP addresses on the DNS page on System > Network > Options. On FortiGate-100 units and lower, you should also enable Obtain DNS server address automatically in System > Network > Options.

For PPPoE addressing, select PPPoE, and complete the following:

Username

Enter the username for the PPPoE server. This may have

 

been provided by your ISP.

Password

Enter the password for the PPPoE server for the above user

 

name.

Unnumbered

Specify the IP address for the interface. If your ISP has

 

assigned you a block of IP addresses, use one of these IP

 

addresses. Alternatively, you can use, or borrow, the IP

 

address of a configured interface on the router. You may need

 

to do this to minimize the number of unique IP addresses

 

within your network.

 

If you are borrowing an IP address remember the interface

 

must be enabled, or up to function correctly.

Initial Disc Timeout

Initial discovery timeout in seconds. The time to wait before

 

starting to retry a PPPoE discovery. To disable the discovery

 

timeout, set the value to 0.

 

FortiGate-310B FortiOS 3.0 MR6 Install Guide

20

01-30006-0472-20080815

Page 19 Page 21
Image 20
Page 19 Page 21
Contents Install G U I D E Trademarks Regulatory complianceContents Downloading firmware Configuring Transparent modeProtection profiles Firewall policies Using the web-based manager Using the CLIInstalling firmware from a system reboot using the CLI Testing new firmware before installingPage Introduction Register your FortiGate unitAbout this document Lacp configurationAbout the FortiGate-310B Further Reading Document conventionsTypographic conventions Addressipv4FortiGate Administration Guide Fortinet Knowledge CenterCustomer service and technical support Comments on Fortinet technical documentationCustomer service and technical support Installing Environmental specificationsMounting GroundingRack mount instructions To install the FortiGate unit into a rack Installed mounting bracketsConnecting to the network To power on the FortiGate unitTo power off the FortiGate unit Plugging in the FortiGateNAT mode ConfiguringNAT vs. Transparent mode Connecting to the FortiGate unit Transparent modeConnecting to the web-based manager To connect to the web-based managerConnecting to the CLI To connect to the CLIBits per second 9600 Data bits Parity Stop bits Flow controlConfiguring NAT mode Using the web-based managerConfigure the interfaces To configure interfaces Go to System Network InterfaceInitial Padt Timeout Configure a DNS serverAdding a default route and gateway To modify the default gateway Go to Router Static Adding firewall policiesSource Interface Source Address AllTo set an interface to use Dhcp addressing Using the CLITo set an interface to use a static address To configure DNS server settings To set an interface to use PPPoE addressingTo modify the default gateway To add an outgoing traffic firewall policyTo switch to Transparent mode Go to System Status Configuring Transparent modeSwitching to Transparent mode Source Address All Destination Interface To switch to Transparent mode Verify the configuration Backing up the configurationRestoring a configuration Additional configurationSet the Administrator password Set the time and dateConfigure FortiGuard Updating antivirus and IPS signaturesAdditional configuration Protection profiles Advanced configurationDefault protection profiles Firewall policies Firewall policiesConfiguring firewall policies Antivirus optionsAntiSpam options Web filtering Logging Installing AMC filler units Installing modulesTo install the filler module AMC modulesUsing the AMC modules Removing modulesHard disk module To insert a module into a FortiGate chassisLog configuration using the web-based manager To format the ASM-S08 hard disk enter the following commandFormatting the hard disk Execute formatlogdiskLog configuration using the CLI Changing interfaces to operate in Sgmii or SerDes modeViewing logs ASM-FB4 and ADM-XB2 modulesConfigure the speed Config system interface edit AMC-SW1/1 Set speed auto EndUsing the AMC modules FortiGate Firmware Downloading firmwareReverting to a previous version Using the web-based managerUpgrading the firmware To revert to a previous firmware version Backup and Restore from a USB keyUsing the USB Auto-Install Execute ping Using the CLITo upgrade the firmware using the CLI Execute restore image namestr tftpip4 Execute restore image image.outExecute update-now To revert to a previous firmware version using the CLIInstalling firmware from a system reboot using the CLI Execute restore image namestr tftpipv4Execute restore image image28.out Execute restore config namestr tftpip4To install firmware from a system reboot Execute rebootPress any key to display configuration menu Enter Tftp server addressRestoring the previous configuration To backup configuration using the CLIEnter Local Address Enter File Name image.outTo configure the USB Auto-Install using the CLI Additional CLI Commands for a USB keyTo restore configuration using the CLI Testing new firmware before installing To test the new firmware imageTesting new firmware before installing Testing new firmware before installing Index Web filtering 37 web-based manager Page Page

310B specifications

The Fortinet 310B is a powerful next-generation firewall (NGFW) designed to meet the evolving needs of modern enterprises. As part of Fortinet's Security Fabric, the 310B offers robust security features combined with high performance, enhancing network security while maintaining ease of use.

One of the standout features of the Fortinet 310B is its high throughput capability. With up to 10 Gbps of firewall throughput and an impressive IPS throughput of 3.5 Gbps, the device is optimized for handling heavy network traffic with minimal latency. This makes it suitable for both medium and large-scale environments, where performance and speed are critical.

The Fortinet 310B integrates a comprehensive suite of security technologies. At its core is FortiOS, the operating system that powers Fortinet’s security appliances. FortiOS includes advanced threat protection capabilities such as intrusion prevention system (IPS), deep packet inspection, and antivirus scanning. These features help protect against a wide range of threats, including malware, ransomware, and zero-day attacks, ensuring that networks are resilient against various cyber threats.

Another key characteristic of the Fortinet 310B is its multi-layered security architecture. The device supports a range of technologies such as SSL inspection, web filtering, and application control. By leveraging these functionalities, organizations can enforce granular security policies across different applications and users, improving overall visibility and control over the network environment.

The Fortinet 310B also incorporates FortiGate's unique Security Fabric technology, which enables seamless integration with other Fortinet products and third-party solutions. This interoperability allows for centralized management, simplified security operations, and enhanced threat intelligence sharing, creating a holistic security approach.

In addition to its security capabilities, the Fortinet 310B offers a variety of connectivity options, including multiple Ethernet ports and support for FortiLink, which allows for easy integration with FortiAP access points and FortiSwitches. This flexibility facilitates the deployment of secure network segments and wireless solutions.

The device also supports advanced features such as VPN capabilities for secure remote access, SD-WAN for optimizing network performance, and extensive reporting and logging for compliance and accountability. All these attributes make the Fortinet 310B a formidable choice for organizations looking to bolster their network security posture while maximizing operational efficiency. Overall, the Fortinet 310B stands out as a reliable and versatile solution in the realm of network security appliances.
Top Page Image Contents