Fortinet 100A manual Administrators list, Administrators options

Page 110

Administrators list

System administration

 

 

Administrators list

Figure 39: Administrators list

Create New Add an administrator account.

Name The login name for an administrator account.

Trusted hosts The trusted host IP address and netmask from which the administrator can log in.

Permission The permission profile for the administrator.

The Delete, Edit/View, or Change Password icon. The admin administrator account cannot be deleted.

Administrators options

Figure 40: Administrator account configuration

Administrator Password

Confirm

Password

Trusted Host #1

Trusted Host #2

Trusted Host #3

Access Profile

Enter the login name for the administrator account.

Type a password for the administrator account.

For improved security, the password should be at least 6 characters long.

Type the password for the administrator account a second time to confirm that you have typed it correctly.

Optionally, type the trusted host IP address and netmask from which the administrator can log in to the FortiGate unit. You can specify up to three trusted hosts.

Setting trusted hosts for all of your administrators can enhance the security of your system. For more information, see “Using trusted hosts” on page 111.

The access profile for the administrator. For more information on access profiles, see “Access profile list” on page 112.

To configure an administrator account

1Go to System > Admin > Administrators.

2Select Create New to add an administrator account or select the Edit icon to make changes to an existing administrator account.

110

01-28007-0068-20041203

Fortinet Inc.

Page 109 Page 111
Image 110
Page 109 Page 111
Contents Administration Guide December 01-28007-0068-20041203Regulatory Compliance Version 2.80 MR7 December 01-28007-0068-20041203Trademarks Table of Contents 101 Configuring Snmp Snmp communityManagement 102System administration 109 Static 141 Static route list 143 Static route options 144Policy 145 Policy route list Policy route options 146 RIPUsers and authentication 233 260 235Radius server list 235 Radius server options 236 Pptp range 260IPS Web filter 309 Log & Report 339 Contents 01-28007-0068-20041203 Introduction About FortiGate Antivirus FirewallsWeb content filtering Antivirus protectionSpam filtering FirewallVLANs and virtual domains NAT/Route modeTransparent mode Intrusion Prevention System IPS VPNHigh availability Secure installation, configuration, and managementCommand line interface Web-based managerDocument conventions Logging and reportingYou can enter any of the following set allowaccess ping You enterFortinet Knowledge Center Explains how to configure VPNs using the web-based managerFortiGate documentation Comments on Fortinet technical documentationFortiClient documentation Related documentationFortiManager documentation FortiMail documentationCustomer service and technical support FortiLog documentationFortiLog documentation Console access System statusConnect StatusViewing system status DisconnectUnit Information Content SummaryUpgrades Recent Virus DetectionsSystem Resources ResetInterface Status Changing unit information HistoryRecent Intrusion Detections Attack Name Name of the attackTo update the attack definitions manually To update the firmware versionTo update the antivirus definitions manually To change FortiGate host nameTo change to Transparent mode To change to NAT/Route modeSessions Session listTo view the session list Go to System Status Session ProtocolFirmware upgrade procedures Procedure Description Upgrading the firmware using the web-based managerTo upgrade the firmware using the web-based manager Changing the FortiGate firmwareUpgrading the firmware using the CLI To upgrade the firmware using the CLICopy the firmware image file to the management computer Reverting to a previous firmware versionFortiGate unit responds with the message Reverting to a previous firmware version using the CLI Log into the FortiGate web-based managerTo revert to a previous firmware version using the CLI To install firmware from a system reboot Immediately press any key to interrupt the system startup FortiGate unit running v3.x BiosGo to step FortiGate unit running v3.x Bios Restoring the previous configuration Type Y FortiGate unit running v3.x BiosTesting a new firmware image before installing it To test a new firmware imageType N FortiGate unit running v3.x Bios To install a backup firmware image Installing and using a backup firmware imageInstalling a backup firmware image Switching to the backup firmware image To switch to the backup firmware imageSwitching back to the default firmware image To switch back to the default firmware imageInstalling and using a backup firmware image System network InterfaceName Interface settingsAccess NetmaskInterface See the following procedures for configuring interfacesName Name of the InterfaceManual Addressing modeVirtual Domain Initializing ConnectingPPPoE ConnectedAdministrative access Ping serverConfiguring interfaces LogTo add a Vlan subinterface To bring down an interface that is administratively upTo start up an interface that is administratively down To add interfaces to a zoneTo configure an interface for PPPoE To configure an interface for DhcpYou can configure any FortiGate interface to use Dhcp To change the static IP address of an interfaceChoose an interface and select Edit To add a secondary IP addressSave the changes end To control administrative access to an interface Traffic Zone settingsZone To delete a zone ManagementTo add a zone To edit a zoneIP/Netmask Default Enter the default gateway address GatewayFrom Virtual Domain managementDNS To add DNS server IP addresses Go to System Network DNSRouting table list Routing table Transparent ModeTransparent mode route settings MaskVlan overview Basic Vlan topologyRules for Vlan IDs VLANs in NAT/Route modeFortiGate units and VLANs Rules for Vlan IP addressesFortiGate unit in Nat/Route mode Adding Vlan subinterfacesGo to Firewall Address VLANs in Transparent modeTo add firewall policies for Vlan subinterfaces Go to Firewall PolicyFortiGate unit with two virtual domains in Transparent mode Transparent mode virtual domains and VLANs Rules for Vlan IDsTransparent mode Vlan list Transparent mode Vlan settingsTo add a Vlan subinterface in Transparent mode IPv6 CLI commands Feature CLI Command FortiGate IPv6 supportTransparent mode Vlan settings Service System DhcpGo to System Dhcp Service Dhcp service settingsTo configure an interface as a regular Dhcp relay agent Type RegularTo configure an interface to be a Dhcp server ServerGo to System Dhcp Server Dhcp server settingsTo configure a Dhcp server for an interface Select Create NewStarting IP To configure multiple Dhcp servers for an interfaceExclude range Ending IPRange cannot exceed 65536 IP addresses Dhcp exclude range settingsIP/MAC binding To add an exclusion range Go to System Dhcp Exclude RangeTo view the dynamic IP list Go to System Dhcp Dynamic IP Dhcp IP/MAC binding settingsDynamic IP Select the interface for which you want to view the listDhcp IP/MAC binding settings Time System configSystem time Time Zone Select the current FortiGate system time zoneOptions To set the Auth timeout Go to System Config Options To set the system idle timeout Go to System Config OptionsFor Idle Timeout, type a number in minutes Select Apply For Auth Timeout, type a number in minutes Select ApplyTo modify the dead gateway detection settings Device failover HA heartbeat failoverHA configuration Standalone ModeGroup ID Cluster MembersMode Unit PriorityPassword Override MasterSchedule Priorities of Heartbeat DeviceHeartbeat device IP addresses Monitor priorities Configuring an HA clusterTo configure a FortiGate unit for HA operation Go to System Config HA Go to System StatusTo connect a FortiGate HA cluster HA network configuration To add a new unit to a functioning clusterTo configure weighted-round-robin weights Managing an HA clusterTo view the status of each cluster member Connect to the cluster and log into the web-based managerTo monitor cluster units for failover Go to Log&Report Log AccessTo view and manage logs for individual cluster units Snmp To manage individual cluster unitsConfiguring Snmp Go to System Config Snmp v1/v2c to configure the Snmp agentSnmp community Snmp community options partTo configure Snmp access to an interface in NAT/Route mode 100101 To add an Snmp community Go to System Config Snmp v1/v2cFortiGate MIBs FortiGate traps 102Fortinet MIB fields 103104 105 System config Fortinet MIB fieldsAdministrator accounts 106 Replacement messagesReplacement messages list 107 Changing replacement messagesReplacement message tags Tag Description FILE%%108 Replacement message tagsFortiManager Tag Description109 System administrationAdministrators This chapter describesAdministrators list Administrators options111 Access profilesUsing trusted hosts Under Access Control Access profile listAccess profile options Allow Write All113 114 System settings System maintenanceBackup and restore 115Backing up and Restoring Restore or back up the spam filter RBL and Ordbl listBacking up and Restoring Version or the antivirus or attack definitions117 Update center 118Update center 119120 Go to System Maintenance Update centerUpdating antivirus and attack definitions To make sure the FortiGate unit can connect to the FDN121 To add an override serverTo enable scheduled updates through a proxy server 122Select Allow Push Update Select Apply Enabling push updatesPush updates when FortiGate IP addresses change 123124 Enabling push updates through a NAT deviceGeneral procedure Go to Firewall Virtual IP125 Schedule Always Service ANY Action AcceptSupport To add a firewall policy to the FortiGate NAT deviceSending a bug report 126127 To report a bug Go to System Maintenance SupportRegistering a FortiGate unit Relay128 To register a FortiGate unitShutdown To log out of the system Go to System Maintenance ShutdownTo restart the system Go to System Maintenance Shutdown 129130 Select Reboot Select Apply FortiGate unit restartsTo reset the FortiGate unit to factory defaults To shut down the systemSystem virtual domain 131132 Virtual domain propertiesExclusive virtual domain properties IPSecAntivirus Web filter Spam filter Log and report Shared configuration settings133 134 Administration and managementVirtual domains Selecting a management virtual domain Adding a virtual domainSelecting a virtual domain 135To select a management virtual domain Configuring virtual domains136 To add physical interfaces to a virtual domainTo add zones to a virtual domain 137To add Vlan subinterfaces to a virtual domain 138 Configuring routing for a virtual domainConfiguring firewall policies for a virtual domain To add firewall policies to a virtual domainTo add IP pools to a virtual domain 139To add firewall addresses to a virtual domain Go to Firewall IP Pool140 Configuring IPSec VPN for a virtual domainTo configure VPN for a virtual domain 141 RouterStatic 142 FortiGate1Device internal Distance Static route list143 To move static routes Go to Router Static Static Route Static route options144 145 PolicyPolicy route list To add a policy route Go to Router Policy Route Policy route options146 Port, enter the same port number for both From and ToGeneral 147148 To configure RIP general settings Go to Router RIP GeneralNetworks list Interface list To configure a RIP network Go to Router RIP NetworksNetworks options 149Split-Horizon Interface options150 Distribute list To configure a RIP interface Go to Router RIP InterfacePassword 151Distribute list options 152Offset list options To configure an offset list Go to Router RIP Offset ListOffset list 153Router objects Access listNew access list 154155 New access list entryPrefix list New Prefix list 156157 New prefix list entryRoute-map list Select Create New Enter a name for the route map Select OK New Route-map158 Route-map list entry 159160 Key chain listNew key chain Enter a name for the key chain Select OK Key chain list entry161 162 MonitorRouting monitor list Display the FortiGate routing tableCLI configuration 163Command syntax pattern Router info rip command keywords and variablesConfig router ospf Get router info rip165 Ospf command keywords and variablesKeywords Description Default Availability Variables Example This example shows how to set the Ospf router ID toThis example shows how to display the Ospf settings 166This example shows how to display the Ospf configuration Config areaConfig area command syntax pattern Config area command has 3 subcommandsArea command keywords and variables 168This example shows how to display the settings for area 169Filter-list command keywords and variables Config filter-listConfig filter-list command syntax pattern 170171 Config rangeConfig range command syntax pattern Range idinteger can be 0 toRange command keywords and variables 172Command Config virtual-linkConfig virtual link command syntax pattern 173Virtual-link command keywords and variables 174175 Config distribute-listThis example shows how to configure a virtual link 176 Config distribute-list command syntax patternDistribute-list command keywords and variables 177 Config neighborConfig neighbor command syntax pattern This example shows how to display the settings for neighbor Neighbor command keywords and variablesThis example shows how to manually add a neighbor 178Network command keywords and variables Config networkConfig network command syntax pattern 179This example shows how to display the settings for network Config ospf-interfaceConfig ospf-interface command syntax pattern 180181 Ospf-interface command keywords and variablesKeywords and variables Description Default Availability 182 183 Config redistribute 184Config summary-address Config redistribute command syntax patternRedistribute command keywords and variables 185186 Config summary-address command syntax patternSummary-address command keywords and variables 187 Config router static6Static6 command keywords and variables 188 Firewall 189190 How policy matching worksPolicy list 191 Policy list has the following icons and featuresPolicy options Interface / Zone 192Policy has the following standard options Address Name193 194 AuthenticationAdvanced policy options 195 Differentiated ServicesTraffic Shaping 196 Configuring firewall policiesComments To enable a policy Go to Firewall Policy Policy CLI configurationTo disable a policy 197198 Firewall policy command keywords and variablesAddress Address options Address list has the following icons and featuresAddress list 199To add an address Go to Firewall Address Configuring addresses200 To edit an addressAddress group options Address group list has the following icons and featuresAddress group list 201Address group has the following options Configuring address groups202 To delete an address group203 Predefined service listName Name of the predefined services Detail Make any required changes Select OK204 ANY205 IRC206 Custom service listCustom services list has the following icons and features Icmp custom service options Custom service optionsTCP and UDP custom service options 207To add a custom Icmp service Go to Firewall Service Custom IP custom service optionsConfiguring custom services To add a custom IP service Go to Firewall Service CustomTo delete a custom service Go to Firewall Service Custom Service group listService group options To edit a custom service Go to Firewall Service CustomTo delete a service group Configuring service groupsService group has the following options To edit a service group Go to Firewall Service GroupOne-time schedule list One-time schedule list has the following icons and featuresSchedule 211212 Configuring one-time schedulesOne-time schedule options One-time schedule has the following options213 Recurring schedule listRecurring schedule options Recurring schedule has the following options214 Configuring recurring schedulesVirtual IP Virtual IP options Virtual IP list has the following icons and featuresVirtual IP list 215Virtual IP has the following options Configuring virtual IPs216 To add a static NAT virtual IP Go to Firewall Virtual IP217 Wan1218 To delete a virtual IP Go to Firewall Virtual IP IP pool219 To edit a virtual IP Go to Firewall Virtual IPIP pool options Configuring IP poolsIP pool list 220221 IP Pools for firewall policies that use fixed portsIP pools and dynamic NAT To delete an IP pool Go to Firewall IP Pool222 Protection profileProtection profile list Create New Select Create New to add an IP pool Name223 Default protection profilesProtection profile options Virus Scan Configuring antivirus options224 File Block225 Configuring web filtering optionsConfiguring web category filtering options Configuring spam filtering options 226227 Configuring IPS optionsConfiguring content archive options To add a protection profile Configuring protection profiles228 Go to Firewall Protection ProfileTo add a protection profile to a policy Profile CLI configuration229 Firewall profile command keywords and variables 230231 232 233 Users and authenticationTo set up user groups Local user list Setting authentication timeoutLocal Local user optionsTo delete a user name from the internal database Radius server list235 RadiusTo delete a Radius server Radius server options236 Server Secret Enter the Radius server secret237 Ldap server listLdap server options 238 To delete an Ldap server239 User groupUser group list 240 To configure a user group Go to User User GroupUser group options Available UsersPeer Radius command keywords and variablesThis example shows how to add the branchoffice peer 241242 Use this command to add or edit a peer groupPeergrp Member namestr243 244 VPN 245To configure phase 1 settings Go to VPN Ipsec Phase PhasePhase 1 list 246Encryption Phase 1 basic settings247 Algorithm248 Pre-shared Key Certificate NamePhase 1 advanced settings 249To configure phase 2 settings Go to VPN Ipsec Phase 250251 Phase 2 listPhase 2 basic settings Tunnel Name Remote Gateway Phase 2 advanced options252 Manual key Enable replay detectionEnable perfect forward secrecy PFS DH Group 253254 Algorithm Edit, view, or delete manual key configurationsManual key list To specify manual keys for creating a tunnelLocal SPI Manual key options255 Remote SPIConcentrator list AuthenticationConcentrator 256257 Ping GeneratorConcentrator options Concentrator NameTo view active tunnels Go to VPN Ipsec Monitor Ping generator options258 To interpret the display, see the following sections259 Dialup monitorStatic IP and dynamic DNS monitor 260 Enable Pptp and specify the address rangePptp range 261 Enable L2TP and specify the address rangeL2TP range 262 CertificatesLocal certificate list Select Generate Certificate request263 Select Import Importing signed certificates264 265 CA certificate listImporting CA certificates View CertificateAdding firewall policies for IPSec VPN tunnels VPN configuration proceduresIPSec configuration procedures 266To define the firewall encryption policy 267To define an IP destination address Interface/Zone268 Pptp configuration proceduresL2TP configuration procedures 269 Ipsec phase1Ipsec phase1 command keywords and variables Dpd-retrycount Probes. The dpd-retryinterval range Enable270 Dpd-retryinterval271 Ipsec phase2Ipsec phase2 command keywords and variables Network behind the remote VPNLocal sender or network behind Ipsec vip272 Out-interface Ipsec vip command keywords and variables273 NullFortiGate1 External Configuring IPSec virtual IP addresses274 FortiGate2275 276 277 Protection profile configurationIPS updates and information 278 SignaturePredefined Predefined signature list 279Actions to select for each predefined signature Configuring predefined signatures280 Configuring parameters for dissector signatures 281282 CustomCustom signature list 283 Adding custom signaturesBacking up and restoring custom signature files To add a custom signature Go to IPS Signature Custom284 AnomalyAnomaly list Modify Configuring an anomaly285 PassReset Server To configure the settings of an anomaly Go to IPS AnomalyReset Client 286287 Anomaly CLI configuration Config ips anomaly config limitLimit command keywords and variables 288 Configuring IPS logging and alert emailDefault fail open setting Antivirus 289Order of antivirus operations Virus list updates and informationFile block 290291 File block list has the following icons and featuresFile block list Quarantined files list Configuring the file block listQuarantine 292Quarantined files list options 293AutoSubmit list Configuring the AutoSubmit listAutoSubmit list has the following icons and features AutoSubmit list options295 ConfigQuarantine configuration has the following options Options296 ConfigVirus list 297 GraywareGrayware options 298 299 Config antivirus heuristicThis example shows how to disable heuristic scanning Config antivirus service http Config antivirus quarantineAntivirus quarantine command keywords and variables 300301 Antivirus service http command keywords and variablesHow file size limits work Config antivirus service ftp 302Antivirus service ftp command keywords and variables 303304 Config antivirus service pop3Antivirus service pop3 command keywords and variables Config antivirus service imap 305Memfilesizelimi Antivirus service imap command keywords and variables306 143307 Config antivirus service smtpAntivirus service smtp command keywords and variables 308 Web filter 309Order of web filter operations 310Web content block options Content blockWeb content block list Web content block has the following icons and featuresURL block Configuring the web content block listTo add or edit a banned word Go to Web Filter Content Block 312Web URL block options Web URL block has the following icons and featuresWeb URL block list 313314 Configuring the web URL block listWeb pattern block list Select Web URL Block Select Create NewWeb pattern block options Configuring web pattern blockURL exempt 315URL exempt list Configuring URL exemptURL exempt list has the following icons and features URL exempt list optionsCategory block FortiGuard managed web filtering serviceFortiGuard Service Points FortiGuard categories and ratingsFortiGuard licensing FortiGuard configurationCategory block configuration options 318Category block reports Configuring web category blockTo enable FortiGuard web filtering 319Generating a category block report Category block CLI configurationCategory block reports options 320Script filter Catblock command keywords and variablesThis example shows how to display the catblock settings 321Javascript Web script filter options322 Cookies323 Spam filter settingSpam filter 324 325 FortiShieldOrder of spam filter operations FortiShield options Configuring the FortiShield cacheEnable Cache 326IP address list IP address list has the following icons and featuresIP address IP address optionsConfiguring the IP address list 328RBL & Ordbl list Configuring the RBL & Ordbl listRBL & Ordbl list has the following icons and features RBL & Ordbl optionsEmail address list Email address list has the following icons and featuresEmail address Email address options331 Configuring the email address listMime headers Email addressMime headers options Mime headers list has the following icons and featuresMime headers list 332333 Configuring the Mime headers listBanned word Banned word options Banned word has the following icons and featuresBanned word list 334335 Using Perl regular expressionsConfiguring the banned word list To add or edit a banned word Go to Spam Filter Banned WordCase sensitivity Regular expression vs. wildcard match patternWord boundary 336To block purposely misspelled words 337To block any word in a phrase To block common spam phrases338 Log & Report 339340 Log configLog Setting options FortiLogDescribes the FortiGate logging severity levels FortiLog settings341 342 Disk settingsLog file upload settings Logging severity levelsWebTrends settings Memory settingsSyslog settings To configure log file uploadingAlert E-mail options 344345 To configure alert email Go to Log&Report Alert E-mailLog filter options 346 Traffic logEvent log Policy allowed traffic Policy violation traffic347 Anti-virus logWeb filter log Spam filter log Configuring log filtersAttack log Enabling traffic loggingViewing log messages Log accessTo enable traffic logging for a firewall policy 349Choosing columns 350To change the columns in the log message display Searching log messages351 To perform a simple keyword searchFortilog setting 352Log fortilog setting command keywords and variables 353354 Syslogd settingLog syslogd setting command keywords and variables 355 Facility types Description356 FortiGuard categories 357Objectionable or Controversial 358FortiGuard categories Category name Description Potentially Bandwidth Consuming 359Potentially Non-productive Potentially Security Violating360 Use361 362 OthersGlossary 363364 KB, kilobyte a unit of storage 1 024 bytes365 366 Index 367368 Index369 370 MIB371 372 TCP373 374
Related manuals
Manual 2 pages 50.79 Kb

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.
Top Page Image Contents