Fortinet 100A manual Monitor, Routing monitor list, 162, Display the FortiGate routing table

Page 162

Routing monitor list

Router

 

 

5Under Accept Lifetime, select Infinite, Duration or End time.

If you selected Duration, enter the time in seconds that this key should be active.

If you selected End time, select the required hour, minute, second, year, month and day to stop using this key for received routing updates.

6Under Send Lifetime, select the required hour, minute, second, year, month and day to start using this key for sending routing updates.

7Under Send Lifetime, select Infinite, Duration or End time.

If you selected Duration, enter the time in seconds that this key should be active.

If you selected End time, select the required hour, minute, second, year, month and day to stop using this key for sending routing updates.

8Select OK.

Monitor

Display the FortiGate routing table.

Routing monitor list

Figure 78: Routing monitor

Type:

FIlter the display to show routes of the selected type.

Network:

FIlter the display to show routes for the specified network.

Gateway:

FIlter the display to show routes using the specified gateway.

Apply Filter

FIlter the routes according to the criteria you have specified.

Type

The type of route. Type refers to how the FortiGate unit learned the route.

Subtype

The subtype for the route.

Network

The network for the route.

Distance

The administrative distance of the route.

Metric

The metric for the route.

Gateway

The gateway used by the route.

Interface

The interface used by the route.

Up Time

How long the route has been available.

To filter the routing monitor display

1Go to Router > Monitor > Routing Monitor.

2Select a type of route to display or select all to display routes of all types.

For example, select Connected to display all the directly connected routes, or select RIP to display all the routes learned from RIP.

162

01-28007-0068-20041203

Fortinet Inc.

Image 162
Contents Administration Guide December 01-28007-0068-20041203Version 2.80 MR7 December 01-28007-0068-20041203 TrademarksRegulatory Compliance Table of Contents 101 Configuring Snmp Snmp communityManagement 102System administration 109 Static 141 Static route list 143 Static route options 144Policy 145 Policy route list Policy route options 146 RIPUsers and authentication 233 260 235Radius server list 235 Radius server options 236 Pptp range 260IPS Web filter 309 Log & Report 339 Contents 01-28007-0068-20041203 Introduction About FortiGate Antivirus FirewallsWeb content filtering Antivirus protectionSpam filtering FirewallNAT/Route mode Transparent modeVLANs and virtual domains Intrusion Prevention System IPS VPNHigh availability Secure installation, configuration, and managementCommand line interface Web-based managerDocument conventions Logging and reportingYou can enter any of the following set allowaccess ping You enterFortinet Knowledge Center Explains how to configure VPNs using the web-based managerFortiGate documentation Comments on Fortinet technical documentationFortiClient documentation Related documentationFortiManager documentation FortiMail documentationCustomer service and technical support FortiLog documentationFortiLog documentation Console access System statusConnect StatusViewing system status DisconnectUnit Information Content SummaryUpgrades Recent Virus DetectionsReset Interface StatusSystem Resources Changing unit information HistoryRecent Intrusion Detections Attack Name Name of the attackTo update the attack definitions manually To update the firmware versionTo update the antivirus definitions manually To change FortiGate host nameTo change to Transparent mode To change to NAT/Route modeSessions Session listTo view the session list Go to System Status Session ProtocolFirmware upgrade procedures Procedure Description Upgrading the firmware using the web-based managerTo upgrade the firmware using the web-based manager Changing the FortiGate firmwareUpgrading the firmware using the CLI To upgrade the firmware using the CLIReverting to a previous firmware version FortiGate unit responds with the messageCopy the firmware image file to the management computer Reverting to a previous firmware version using the CLI Log into the FortiGate web-based managerTo revert to a previous firmware version using the CLI To install firmware from a system reboot FortiGate unit running v3.x Bios Go to step FortiGate unit running v3.x BiosImmediately press any key to interrupt the system startup Restoring the previous configuration Type Y FortiGate unit running v3.x BiosTesting a new firmware image before installing it To test a new firmware imageType N FortiGate unit running v3.x Bios Installing and using a backup firmware image Installing a backup firmware imageTo install a backup firmware image Switching to the backup firmware image To switch to the backup firmware imageSwitching back to the default firmware image To switch back to the default firmware imageInstalling and using a backup firmware image System network InterfaceName Interface settingsAccess NetmaskInterface See the following procedures for configuring interfacesName Name of the InterfaceAddressing mode Virtual DomainManual Initializing ConnectingPPPoE ConnectedAdministrative access Ping serverConfiguring interfaces LogTo add a Vlan subinterface To bring down an interface that is administratively upTo start up an interface that is administratively down To add interfaces to a zoneTo configure an interface for PPPoE To configure an interface for DhcpYou can configure any FortiGate interface to use Dhcp To change the static IP address of an interfaceTo add a secondary IP address Save the changes endChoose an interface and select Edit To control administrative access to an interface Zone settings ZoneTraffic To delete a zone ManagementTo add a zone To edit a zoneIP/Netmask Default Enter the default gateway address GatewayFrom Virtual Domain managementDNS To add DNS server IP addresses Go to System Network DNSRouting table list Routing table Transparent ModeTransparent mode route settings MaskVlan overview Basic Vlan topologyRules for Vlan IDs VLANs in NAT/Route modeFortiGate units and VLANs Rules for Vlan IP addressesFortiGate unit in Nat/Route mode Adding Vlan subinterfacesGo to Firewall Address VLANs in Transparent modeTo add firewall policies for Vlan subinterfaces Go to Firewall PolicyFortiGate unit with two virtual domains in Transparent mode Transparent mode virtual domains and VLANs Rules for Vlan IDsTransparent mode Vlan list Transparent mode Vlan settingsTo add a Vlan subinterface in Transparent mode IPv6 CLI commands Feature CLI Command FortiGate IPv6 supportTransparent mode Vlan settings Service System DhcpGo to System Dhcp Service Dhcp service settingsTo configure an interface as a regular Dhcp relay agent Type RegularTo configure an interface to be a Dhcp server ServerGo to System Dhcp Server Dhcp server settingsTo configure a Dhcp server for an interface Select Create NewStarting IP To configure multiple Dhcp servers for an interfaceExclude range Ending IPRange cannot exceed 65536 IP addresses Dhcp exclude range settingsIP/MAC binding To add an exclusion range Go to System Dhcp Exclude RangeTo view the dynamic IP list Go to System Dhcp Dynamic IP Dhcp IP/MAC binding settingsDynamic IP Select the interface for which you want to view the listDhcp IP/MAC binding settings Time System configSystem time Time Zone Select the current FortiGate system time zoneOptions To set the Auth timeout Go to System Config Options To set the system idle timeout Go to System Config OptionsFor Idle Timeout, type a number in minutes Select Apply For Auth Timeout, type a number in minutes Select ApplyTo modify the dead gateway detection settings Device failover HA heartbeat failoverHA configuration Standalone ModeGroup ID Cluster MembersMode Unit PriorityPassword Override MasterSchedule Priorities of Heartbeat DeviceHeartbeat device IP addresses Configuring an HA cluster To configure a FortiGate unit for HA operationMonitor priorities Go to System Config HA Go to System StatusTo connect a FortiGate HA cluster HA network configuration To add a new unit to a functioning clusterTo configure weighted-round-robin weights Managing an HA clusterTo view the status of each cluster member Connect to the cluster and log into the web-based managerGo to Log&Report Log Access To view and manage logs for individual cluster unitsTo monitor cluster units for failover Snmp To manage individual cluster unitsConfiguring Snmp Go to System Config Snmp v1/v2c to configure the Snmp agentSnmp community Snmp community options partTo configure Snmp access to an interface in NAT/Route mode 100To add an Snmp community Go to System Config Snmp v1/v2c FortiGate MIBs101 FortiGate traps 102Fortinet MIB fields 103104 System config Fortinet MIB fields Administrator accounts105 Replacement messages Replacement messages list106 107 Changing replacement messagesReplacement message tags Tag Description FILE%%108 Replacement message tagsFortiManager Tag Description109 System administrationAdministrators This chapter describesAdministrators list Administrators optionsAccess profiles Using trusted hosts111 Under Access Control Access profile listAccess profile options Allow Write All113 114 System settings System maintenanceBackup and restore 115Backing up and Restoring Restore or back up the spam filter RBL and Ordbl listBacking up and Restoring Version or the antivirus or attack definitions117 Update center 118Update center 119120 Go to System Maintenance Update centerUpdating antivirus and attack definitions To make sure the FortiGate unit can connect to the FDN121 To add an override serverTo enable scheduled updates through a proxy server 122Select Allow Push Update Select Apply Enabling push updatesPush updates when FortiGate IP addresses change 123124 Enabling push updates through a NAT deviceGeneral procedure Go to Firewall Virtual IP125 Schedule Always Service ANY Action AcceptSupport To add a firewall policy to the FortiGate NAT deviceSending a bug report 126127 To report a bug Go to System Maintenance SupportRegistering a FortiGate unit Relay128 To register a FortiGate unitShutdown To log out of the system Go to System Maintenance ShutdownTo restart the system Go to System Maintenance Shutdown 129130 Select Reboot Select Apply FortiGate unit restartsTo reset the FortiGate unit to factory defaults To shut down the systemSystem virtual domain 131132 Virtual domain propertiesExclusive virtual domain properties IPSecShared configuration settings 133Antivirus Web filter Spam filter Log and report Administration and management Virtual domains134 Selecting a management virtual domain Adding a virtual domainSelecting a virtual domain 135To select a management virtual domain Configuring virtual domains136 To add physical interfaces to a virtual domain137 To add Vlan subinterfaces to a virtual domainTo add zones to a virtual domain 138 Configuring routing for a virtual domainConfiguring firewall policies for a virtual domain To add firewall policies to a virtual domainTo add IP pools to a virtual domain 139To add firewall addresses to a virtual domain Go to Firewall IP PoolConfiguring IPSec VPN for a virtual domain To configure VPN for a virtual domain140 Router Static141 142 FortiGate1Static route list 143Device internal Distance Static route options 144To move static routes Go to Router Static Static Route Policy Policy route list145 To add a policy route Go to Router Policy Route Policy route options146 Port, enter the same port number for both From and ToGeneral 147To configure RIP general settings Go to Router RIP General Networks list148 Interface list To configure a RIP network Go to Router RIP NetworksNetworks options 149Interface options 150Split-Horizon Distribute list To configure a RIP interface Go to Router RIP InterfacePassword 151Distribute list options 152Offset list options To configure an offset list Go to Router RIP Offset ListOffset list 153Router objects Access listNew access list 154New access list entry Prefix list155 New Prefix list 156New prefix list entry Route-map list157 New Route-map 158Select Create New Enter a name for the route map Select OK Route-map list entry 159Key chain list New key chain160 Key chain list entry 161Enter a name for the key chain Select OK 162 MonitorRouting monitor list Display the FortiGate routing tableCLI configuration 163Command syntax pattern Router info rip command keywords and variablesConfig router ospf Get router info ripOspf command keywords and variables Keywords Description Default Availability Variables165 Example This example shows how to set the Ospf router ID toThis example shows how to display the Ospf settings 166This example shows how to display the Ospf configuration Config areaConfig area command syntax pattern Config area command has 3 subcommandsArea command keywords and variables 168This example shows how to display the settings for area 169Filter-list command keywords and variables Config filter-listConfig filter-list command syntax pattern 170171 Config rangeConfig range command syntax pattern Range idinteger can be 0 toRange command keywords and variables 172Command Config virtual-linkConfig virtual link command syntax pattern 173Virtual-link command keywords and variables 174Config distribute-list This example shows how to configure a virtual link175 Config distribute-list command syntax pattern Distribute-list command keywords and variables176 Config neighbor Config neighbor command syntax pattern177 This example shows how to display the settings for neighbor Neighbor command keywords and variablesThis example shows how to manually add a neighbor 178Network command keywords and variables Config networkConfig network command syntax pattern 179This example shows how to display the settings for network Config ospf-interfaceConfig ospf-interface command syntax pattern 180Ospf-interface command keywords and variables Keywords and variables Description Default Availability181 182 183 Config redistribute 184Config summary-address Config redistribute command syntax patternRedistribute command keywords and variables 185Config summary-address command syntax pattern Summary-address command keywords and variables186 Config router static6 Static6 command keywords and variables187 188 Firewall 189How policy matching works Policy list190 Policy list has the following icons and features Policy options191 Interface / Zone 192Policy has the following standard options Address Name193 Authentication Advanced policy options194 Differentiated Services Traffic Shaping195 Configuring firewall policies Comments196 To enable a policy Go to Firewall Policy Policy CLI configurationTo disable a policy 197Firewall policy command keywords and variables Address198 Address options Address list has the following icons and featuresAddress list 199To add an address Go to Firewall Address Configuring addresses200 To edit an addressAddress group options Address group list has the following icons and featuresAddress group list 201Address group has the following options Configuring address groups202 To delete an address group203 Predefined service listName Name of the predefined services Detail Make any required changes Select OK204 ANY205 IRCCustom service list Custom services list has the following icons and features206 Icmp custom service options Custom service optionsTCP and UDP custom service options 207To add a custom Icmp service Go to Firewall Service Custom IP custom service optionsConfiguring custom services To add a custom IP service Go to Firewall Service CustomTo delete a custom service Go to Firewall Service Custom Service group listService group options To edit a custom service Go to Firewall Service CustomTo delete a service group Configuring service groupsService group has the following options To edit a service group Go to Firewall Service GroupOne-time schedule list One-time schedule list has the following icons and featuresSchedule 211212 Configuring one-time schedulesOne-time schedule options One-time schedule has the following options213 Recurring schedule listRecurring schedule options Recurring schedule has the following optionsConfiguring recurring schedules Virtual IP214 Virtual IP options Virtual IP list has the following icons and featuresVirtual IP list 215Virtual IP has the following options Configuring virtual IPs216 To add a static NAT virtual IP Go to Firewall Virtual IP217 Wan1218 To delete a virtual IP Go to Firewall Virtual IP IP pool219 To edit a virtual IP Go to Firewall Virtual IPIP pool options Configuring IP poolsIP pool list 220221 IP Pools for firewall policies that use fixed portsIP pools and dynamic NAT To delete an IP pool Go to Firewall IP Pool222 Protection profileProtection profile list Create New Select Create New to add an IP pool NameDefault protection profiles Protection profile options223 Virus Scan Configuring antivirus options224 File BlockConfiguring web filtering options Configuring web category filtering options225 Configuring spam filtering options 226Configuring IPS options Configuring content archive options227 To add a protection profile Configuring protection profiles228 Go to Firewall Protection ProfileProfile CLI configuration 229To add a protection profile to a policy Firewall profile command keywords and variables 230231 232 Users and authentication To set up user groups233 Local user list Setting authentication timeoutLocal Local user optionsTo delete a user name from the internal database Radius server list235 RadiusTo delete a Radius server Radius server options236 Server Secret Enter the Radius server secretLdap server list Ldap server options237 238 To delete an Ldap serverUser group User group list239 240 To configure a user group Go to User User GroupUser group options Available UsersPeer Radius command keywords and variablesThis example shows how to add the branchoffice peer 241242 Use this command to add or edit a peer groupPeergrp Member namestr243 244 VPN 245To configure phase 1 settings Go to VPN Ipsec Phase PhasePhase 1 list 246Encryption Phase 1 basic settings247 Algorithm248 Pre-shared Key Certificate NamePhase 1 advanced settings 249To configure phase 2 settings Go to VPN Ipsec Phase 250Phase 2 list Phase 2 basic settings251 Phase 2 advanced options 252Tunnel Name Remote Gateway Manual key Enable replay detectionEnable perfect forward secrecy PFS DH Group 253254 Algorithm Edit, view, or delete manual key configurationsManual key list To specify manual keys for creating a tunnelLocal SPI Manual key options255 Remote SPIConcentrator list AuthenticationConcentrator 256257 Ping GeneratorConcentrator options Concentrator NameTo view active tunnels Go to VPN Ipsec Monitor Ping generator options258 To interpret the display, see the following sectionsDialup monitor Static IP and dynamic DNS monitor259 Enable Pptp and specify the address range Pptp range260 Enable L2TP and specify the address range L2TP range261 Certificates Local certificate list262 Certificate request 263Select Generate Importing signed certificates 264Select Import 265 CA certificate listImporting CA certificates View CertificateAdding firewall policies for IPSec VPN tunnels VPN configuration proceduresIPSec configuration procedures 266To define the firewall encryption policy 267To define an IP destination address Interface/ZonePptp configuration procedures L2TP configuration procedures268 Ipsec phase1 Ipsec phase1 command keywords and variables269 Dpd-retrycount Probes. The dpd-retryinterval range Enable270 Dpd-retryinterval271 Ipsec phase2Ipsec phase2 command keywords and variables Network behind the remote VPNIpsec vip 272Local sender or network behind Out-interface Ipsec vip command keywords and variables273 NullFortiGate1 External Configuring IPSec virtual IP addresses274 FortiGate2275 276 Protection profile configuration IPS updates and information277 Signature Predefined278 Predefined signature list 279Configuring predefined signatures 280Actions to select for each predefined signature Configuring parameters for dissector signatures 281Custom Custom signature list282 283 Adding custom signaturesBacking up and restoring custom signature files To add a custom signature Go to IPS Signature CustomAnomaly Anomaly list284 Modify Configuring an anomaly285 PassReset Server To configure the settings of an anomaly Go to IPS AnomalyReset Client 286Anomaly CLI configuration Config ips anomaly config limit Limit command keywords and variables287 Configuring IPS logging and alert email Default fail open setting288 Antivirus 289Order of antivirus operations Virus list updates and informationFile block 290File block list has the following icons and features File block list291 Quarantined files list Configuring the file block listQuarantine 292Quarantined files list options 293AutoSubmit list Configuring the AutoSubmit listAutoSubmit list has the following icons and features AutoSubmit list options295 ConfigQuarantine configuration has the following options OptionsConfig Virus list296 Grayware Grayware options297 298 Config antivirus heuristic This example shows how to disable heuristic scanning299 Config antivirus service http Config antivirus quarantineAntivirus quarantine command keywords and variables 300Antivirus service http command keywords and variables How file size limits work301 Config antivirus service ftp 302Antivirus service ftp command keywords and variables 303Config antivirus service pop3 Antivirus service pop3 command keywords and variables304 Config antivirus service imap 305Memfilesizelimi Antivirus service imap command keywords and variables306 143Config antivirus service smtp Antivirus service smtp command keywords and variables307 308 Web filter 309Order of web filter operations 310Web content block options Content blockWeb content block list Web content block has the following icons and featuresURL block Configuring the web content block listTo add or edit a banned word Go to Web Filter Content Block 312Web URL block options Web URL block has the following icons and featuresWeb URL block list 313314 Configuring the web URL block listWeb pattern block list Select Web URL Block Select Create NewWeb pattern block options Configuring web pattern blockURL exempt 315URL exempt list Configuring URL exemptURL exempt list has the following icons and features URL exempt list optionsCategory block FortiGuard managed web filtering serviceFortiGuard Service Points FortiGuard categories and ratingsFortiGuard licensing FortiGuard configurationCategory block configuration options 318Category block reports Configuring web category blockTo enable FortiGuard web filtering 319Generating a category block report Category block CLI configurationCategory block reports options 320Script filter Catblock command keywords and variablesThis example shows how to display the catblock settings 321Javascript Web script filter options322 CookiesSpam filter setting Spam filter323 324 FortiShield Order of spam filter operations325 FortiShield options Configuring the FortiShield cacheEnable Cache 326IP address list IP address list has the following icons and featuresIP address IP address optionsConfiguring the IP address list 328RBL & Ordbl list Configuring the RBL & Ordbl listRBL & Ordbl list has the following icons and features RBL & Ordbl optionsEmail address list Email address list has the following icons and featuresEmail address Email address options331 Configuring the email address listMime headers Email addressMime headers options Mime headers list has the following icons and featuresMime headers list 332Configuring the Mime headers list Banned word333 Banned word options Banned word has the following icons and featuresBanned word list 334335 Using Perl regular expressionsConfiguring the banned word list To add or edit a banned word Go to Spam Filter Banned WordCase sensitivity Regular expression vs. wildcard match patternWord boundary 336To block purposely misspelled words 337To block any word in a phrase To block common spam phrases338 Log & Report 339340 Log configLog Setting options FortiLogFortiLog settings 341Describes the FortiGate logging severity levels 342 Disk settingsLog file upload settings Logging severity levelsWebTrends settings Memory settingsSyslog settings To configure log file uploadingAlert E-mail options 344To configure alert email Go to Log&Report Alert E-mail Log filter options345 346 Traffic logEvent log Policy allowed traffic Policy violation trafficAnti-virus log Web filter log347 Spam filter log Configuring log filtersAttack log Enabling traffic loggingViewing log messages Log accessTo enable traffic logging for a firewall policy 349Choosing columns 350To change the columns in the log message display Searching log messages351 To perform a simple keyword searchFortilog setting 352Log fortilog setting command keywords and variables 353Syslogd setting Log syslogd setting command keywords and variables354 355 Facility types Description356 FortiGuard categories 357358 FortiGuard categories Category name DescriptionObjectionable or Controversial Potentially Bandwidth Consuming 359Potentially Non-productive Potentially Security Violating360 Use361 362 OthersGlossary 363364 KB, kilobyte a unit of storage 1 024 bytes365 366 Index 367368 Index369 370 MIB371 372 TCP373 374
Related manuals
Manual 2 pages 50.79 Kb

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.