Fortinet Configuring Fortigate Transparent Mode: CLI and Firewall Policy Setup
Page 25

 

 

Configuring

Configuring Transparent mode

For the initial installation, a single firewall policy that enables all traffic through will enable you to verify your configuration is working. On lower-end units such a default firewall policy is already in place. For the higher end FortiGate units, you will need to add a firewall policy.

The following steps add two policies that allows all traffic through the FortiGate unit, to enable you to continue testing the configuration on the network.

To add an outgoing traffic firewall policy

1Go to Firewall > Policy.

2Select Create New.

3Set the following and select OK.

Source Interface

Select the port connected to the network.

Source Address

All

Destination Interface

Select the port connected to the Internet.

Destination Address

All

Schedule

always

Service

Any

Action

Accept

To add an incoming traffic firewall policy

1Go to Firewall > Policy.

2Select Create New.

3Set the following and select OK.

Source Interface

Select the port connected to the Internet.

Source Address

All

Destination Interface

Select the port connected to the network.

Destination Address

All

Schedule

always

Service

Any

Action

Accept

Firewall policy configuration is the same in NAT/Route mode and Transparent mode.

Note that these policies allow all traffic through. No protection profiles have been applied. Ensure you create additional firewall policies to accommodate your network requirements.

Using the CLI

After connecting to the CLI, you can use the following procedures to complete the basic configuration of the FortiGate unit. Ensure you read the section “Connecting to the CLI” on page 17 before beginning.

Switching to Transparent mode

The FortiGate unit comes preset to NAT mode. You need to switch to Transparent mode.

FortiGate-224B FortiOS 3.0 MR6 Install Guide

 

01-30006-0451-20080815

25

Page 24 Page 26
Image 25
Page 24 Page 26
Contents Install G U I D E Regulatory compliance TrademarksContents FortiGate Firmware Advanced configurationTesting new firmware before installing Installing firmware from a system reboot using the CLIIndex Page Register your FortiGate unit IntroductionAbout this document About the FortiGate-224BDocument conventions Typographic conventions Further ReadingFortinet Knowledge Center Customer service and technical supportComments on Fortinet technical documentation Environmental specifications InstallingRack mount instructions GroundingMounting Installed mounting brackets To install the FortiGate unit into a rackTo power on the FortiGate unit Connecting to the networkTo power off the FortiGate unit Plugging in the FortiGateNAT mode NAT vs. Transparent modeTransparent mode Connecting to the FortiGate unitConnecting to the web-based manager To connect to the web-based managerTo connect to the CLI Connecting to the CLIUsing the web-based manager Configuring NAT modeConfigure the interfaces To configure interfaces Go to System Network InterfaceAdding a default route and gateway Configure a DNS serverAdding firewall policies To modify the default gateway Go to Router StaticTo set an interface to use a static address Using the CLITo set an interface to use Dhcp addressing To set an interface to use PPPoE addressing To configure DNS server settingsTo add an outgoing traffic firewall policy To modify the default gatewaySwitching to Transparent mode Configuring Transparent modeTo switch to Transparent mode Go to System Status Source Address All Destination Interface To switch to Transparent mode Backing up the configuration Verify the configurationAdditional configuration Restoring a configurationSet the Administrator password Set the time and dateUpdating antivirus and IPS signatures Configure FortiGuardAdditional configuration Protection profiles Advanced configurationFirewall policies Firewall policiesAntivirus options Configuring firewall policiesAntiSpam options Web filtering Logging Downloading firmware FortiGate FirmwareUpgrading the firmware Using the web-based managerReverting to a previous version Using the USB Auto-Install Backup and Restore from a USB keyTo revert to a previous firmware version To upgrade the firmware using the CLI Using the CLITo revert to a previous firmware version using the CLI Execute restore image namestr tftpip4Execute restore image namestr tftpipv4 Installing firmware from a system reboot using the CLIPress any key to display configuration menu To install firmware from a system rebootTo backup configuration using the CLI Restoring the previous configurationTo restore configuration using the CLI Additional CLI Commands for a USB keyTo configure the USB Auto-Install using the CLI To test the new firmware image Testing new firmware before installingTesting new firmware before installing Testing new firmware before installing Index Web filtering 35 web-based manager Page Page
Top Page Image Contents