Fortinet 100A manual Area command keywords and variables, 168

Page 168

config router ospfRouter

area command keywords and variables

Keywords and

Description

Default

Availability

variables

 

 

 

authentication

Set the authentication type.

none

All models.

{md5 none text}

Use the authentication keyword to

 

 

 

define the authentication used for OSPF

 

 

 

packets sent and received in this area. If

 

 

 

you select none, no authentication is

 

 

 

used. If you select text, the

 

 

 

authentication key is sent as plain text. If

 

 

 

you select md5, an authentication key is

 

 

 

used to generate an MD5 hash.

 

 

 

Both text mode and MD5 mode only

 

 

 

guarantee the authenticity of the OSPF

 

 

 

packet, not the confidentiality of the

 

 

 

information in the packet.

 

 

 

In text mode the key is sent in clear text

 

 

 

over the network. Text mode is usually

 

 

 

used only to prevent network problems

 

 

 

that can occur if an unwanted or

 

 

 

misconfigured router is mistakenly

 

 

 

added to the area.

 

 

 

If you configure authentication for

 

 

 

interfaces, the authentication configured

 

 

 

for the area is not used. Authentication

 

 

 

passwords or keys are defined per

 

 

 

interface. See “config ospf-interface” on

 

 

 

page 180.

 

 

default-cost

Enter the metric to use for the summary

10

All models.

<cost_integer>

default route in a stub area or not so

 

 

stubby area (NSSA). A lower default

 

 

 

cost indicates a more preferred route.

 

 

 

The valid range for cost_integer is 1

 

 

 

to 16777214.

 

 

nssa-default-

Enter enable to advertise a default

disable

All models.

information-

route in a not so stubby area. Affects

 

 

originate

NSSA ABRs or NSSA Autonomous

 

 

System Boundary Routers only.

 

 

{disable enable}

 

 

nssa-default-

Specify the metric for the default route

10

All models.

information-

set by the nssa-default-

 

 

originate-metric

information-originate keyword.

 

 

<metric_integer>

 

 

 

nssa-default-

Specify the OSPF external metric type

2

All models.

information-

for the default route set by the nssa-

 

 

originate-metric-

default-information-originate

 

 

keyword.

 

 

type

 

 

 

{1 2}

 

 

 

nssa-

Enable or disable redistributing routes

enable

All models.

redistribution

into a NSSA area.

 

 

{disable enable}

 

 

 

168

01-28007-0068-20041203

Fortinet Inc.

Image 168
Contents Administration Guide December 01-28007-0068-20041203Version 2.80 MR7 December 01-28007-0068-20041203 TrademarksRegulatory Compliance Table of Contents Configuring Snmp Snmp community Management101 102System administration 109 Static 141 Static route list 143 Static route options 144Policy 145 Policy route list Policy route options 146 RIPUsers and authentication 233 235 Radius server list 235 Radius server options 236260 Pptp range 260IPS Web filter 309 Log & Report 339 Contents 01-28007-0068-20041203 Introduction About FortiGate Antivirus FirewallsWeb content filtering Antivirus protectionSpam filtering FirewallNAT/Route mode Transparent modeVLANs and virtual domains Intrusion Prevention System IPS VPNSecure installation, configuration, and management Command line interfaceHigh availability Web-based managerDocument conventions Logging and reportingYou can enter any of the following set allowaccess ping You enterExplains how to configure VPNs using the web-based manager FortiGate documentationFortinet Knowledge Center Comments on Fortinet technical documentationRelated documentation FortiManager documentationFortiClient documentation FortiMail documentationCustomer service and technical support FortiLog documentationFortiLog documentation Console access System statusStatus Viewing system statusConnect DisconnectContent Summary UpgradesUnit Information Recent Virus DetectionsReset Interface StatusSystem Resources History Recent Intrusion DetectionsChanging unit information Attack Name Name of the attackTo update the firmware version To update the antivirus definitions manuallyTo update the attack definitions manually To change FortiGate host nameTo change to Transparent mode To change to NAT/Route modeSession list To view the session list Go to System Status SessionSessions ProtocolUpgrading the firmware using the web-based manager To upgrade the firmware using the web-based managerFirmware upgrade procedures Procedure Description Changing the FortiGate firmwareUpgrading the firmware using the CLI To upgrade the firmware using the CLIReverting to a previous firmware version FortiGate unit responds with the messageCopy the firmware image file to the management computer Reverting to a previous firmware version using the CLI Log into the FortiGate web-based managerTo revert to a previous firmware version using the CLI To install firmware from a system reboot FortiGate unit running v3.x Bios Go to step FortiGate unit running v3.x BiosImmediately press any key to interrupt the system startup Restoring the previous configuration Type Y FortiGate unit running v3.x BiosTesting a new firmware image before installing it To test a new firmware imageType N FortiGate unit running v3.x Bios Installing and using a backup firmware image Installing a backup firmware imageTo install a backup firmware image Switching to the backup firmware image To switch to the backup firmware imageSwitching back to the default firmware image To switch back to the default firmware imageInstalling and using a backup firmware image System network InterfaceInterface settings AccessName NetmaskSee the following procedures for configuring interfaces NameInterface Name of the InterfaceAddressing mode Virtual DomainManual Connecting PPPoEInitializing ConnectedAdministrative access Ping serverConfiguring interfaces LogTo bring down an interface that is administratively up To start up an interface that is administratively downTo add a Vlan subinterface To add interfaces to a zoneTo configure an interface for Dhcp You can configure any FortiGate interface to use DhcpTo configure an interface for PPPoE To change the static IP address of an interfaceTo add a secondary IP address Save the changes endChoose an interface and select Edit To control administrative access to an interface Zone settings ZoneTraffic Management To add a zoneTo delete a zone To edit a zoneDefault Enter the default gateway address Gateway FromIP/Netmask Virtual Domain managementDNS To add DNS server IP addresses Go to System Network DNSRouting table Transparent Mode Transparent mode route settingsRouting table list MaskVlan overview Basic Vlan topologyVLANs in NAT/Route mode FortiGate units and VLANsRules for Vlan IDs Rules for Vlan IP addressesFortiGate unit in Nat/Route mode Adding Vlan subinterfacesVLANs in Transparent mode To add firewall policies for Vlan subinterfacesGo to Firewall Address Go to Firewall PolicyFortiGate unit with two virtual domains in Transparent mode Transparent mode virtual domains and VLANs Rules for Vlan IDsTransparent mode Vlan list Transparent mode Vlan settingsTo add a Vlan subinterface in Transparent mode IPv6 CLI commands Feature CLI Command FortiGate IPv6 supportTransparent mode Vlan settings Service System DhcpDhcp service settings To configure an interface as a regular Dhcp relay agentGo to System Dhcp Service Type RegularTo configure an interface to be a Dhcp server ServerDhcp server settings To configure a Dhcp server for an interfaceGo to System Dhcp Server Select Create NewTo configure multiple Dhcp servers for an interface Exclude rangeStarting IP Ending IPDhcp exclude range settings IP/MAC bindingRange cannot exceed 65536 IP addresses To add an exclusion range Go to System Dhcp Exclude RangeDhcp IP/MAC binding settings Dynamic IPTo view the dynamic IP list Go to System Dhcp Dynamic IP Select the interface for which you want to view the listDhcp IP/MAC binding settings System config System timeTime Time Zone Select the current FortiGate system time zoneOptions To set the system idle timeout Go to System Config Options For Idle Timeout, type a number in minutes Select ApplyTo set the Auth timeout Go to System Config Options For Auth Timeout, type a number in minutes Select ApplyTo modify the dead gateway detection settings Device failover HA heartbeat failoverHA configuration Standalone ModeCluster Members ModeGroup ID Unit PriorityPassword Override MasterSchedule Priorities of Heartbeat DeviceHeartbeat device IP addresses Configuring an HA cluster To configure a FortiGate unit for HA operationMonitor priorities Go to System Config HA Go to System StatusTo connect a FortiGate HA cluster HA network configuration To add a new unit to a functioning clusterTo configure weighted-round-robin weights Managing an HA clusterTo view the status of each cluster member Connect to the cluster and log into the web-based managerGo to Log&Report Log Access To view and manage logs for individual cluster unitsTo monitor cluster units for failover Snmp To manage individual cluster unitsConfiguring Snmp Go to System Config Snmp v1/v2c to configure the Snmp agentSnmp community Snmp community options partTo configure Snmp access to an interface in NAT/Route mode 100To add an Snmp community Go to System Config Snmp v1/v2c FortiGate MIBs101 FortiGate traps 102Fortinet MIB fields 103104 System config Fortinet MIB fields Administrator accounts105 Replacement messages Replacement messages list106 Changing replacement messages Replacement message tags Tag Description107 FILE%%Replacement message tags FortiManager108 Tag DescriptionSystem administration Administrators109 This chapter describesAdministrators list Administrators optionsAccess profiles Using trusted hosts111 Access profile list Access profile optionsUnder Access Control Allow Write All113 114 System maintenance Backup and restoreSystem settings 115Restore or back up the spam filter RBL and Ordbl list Backing up and RestoringBacking up and Restoring Version or the antivirus or attack definitions117 Update center 118Update center 119Go to System Maintenance Update center Updating antivirus and attack definitions120 To make sure the FortiGate unit can connect to the FDN121 To add an override serverTo enable scheduled updates through a proxy server 122Enabling push updates Push updates when FortiGate IP addresses changeSelect Allow Push Update Select Apply 123Enabling push updates through a NAT device General procedure124 Go to Firewall Virtual IPSchedule Always Service ANY Action Accept Support125 To add a firewall policy to the FortiGate NAT deviceSending a bug report 126To report a bug Go to System Maintenance Support Registering a FortiGate unit127 Relay128 To register a FortiGate unitTo log out of the system Go to System Maintenance Shutdown To restart the system Go to System Maintenance ShutdownShutdown 129Select Reboot Select Apply FortiGate unit restarts To reset the FortiGate unit to factory defaults130 To shut down the systemSystem virtual domain 131Virtual domain properties Exclusive virtual domain properties132 IPSecShared configuration settings 133Antivirus Web filter Spam filter Log and report Administration and management Virtual domains134 Adding a virtual domain Selecting a virtual domainSelecting a management virtual domain 135Configuring virtual domains 136To select a management virtual domain To add physical interfaces to a virtual domain137 To add Vlan subinterfaces to a virtual domainTo add zones to a virtual domain Configuring routing for a virtual domain Configuring firewall policies for a virtual domain138 To add firewall policies to a virtual domain139 To add firewall addresses to a virtual domainTo add IP pools to a virtual domain Go to Firewall IP PoolConfiguring IPSec VPN for a virtual domain To configure VPN for a virtual domain140 Router Static141 142 FortiGate1Static route list 143Device internal Distance Static route options 144To move static routes Go to Router Static Static Route Policy Policy route list145 Policy route options 146To add a policy route Go to Router Policy Route Port, enter the same port number for both From and ToGeneral 147To configure RIP general settings Go to Router RIP General Networks list148 To configure a RIP network Go to Router RIP Networks Networks optionsInterface list 149Interface options 150Split-Horizon To configure a RIP interface Go to Router RIP Interface PasswordDistribute list 151Distribute list options 152To configure an offset list Go to Router RIP Offset List Offset listOffset list options 153Access list New access listRouter objects 154New access list entry Prefix list155 New Prefix list 156New prefix list entry Route-map list157 New Route-map 158Select Create New Enter a name for the route map Select OK Route-map list entry 159Key chain list New key chain160 Key chain list entry 161Enter a name for the key chain Select OK Monitor Routing monitor list162 Display the FortiGate routing tableCLI configuration 163Router info rip command keywords and variables Config router ospfCommand syntax pattern Get router info ripOspf command keywords and variables Keywords Description Default Availability Variables165 This example shows how to set the Ospf router ID to This example shows how to display the Ospf settingsExample 166Config area Config area command syntax patternThis example shows how to display the Ospf configuration Config area command has 3 subcommandsArea command keywords and variables 168This example shows how to display the settings for area 169Config filter-list Config filter-list command syntax patternFilter-list command keywords and variables 170Config range Config range command syntax pattern171 Range idinteger can be 0 toRange command keywords and variables 172Config virtual-link Config virtual link command syntax patternCommand 173Virtual-link command keywords and variables 174Config distribute-list This example shows how to configure a virtual link175 Config distribute-list command syntax pattern Distribute-list command keywords and variables176 Config neighbor Config neighbor command syntax pattern177 Neighbor command keywords and variables This example shows how to manually add a neighborThis example shows how to display the settings for neighbor 178Config network Config network command syntax patternNetwork command keywords and variables 179Config ospf-interface Config ospf-interface command syntax patternThis example shows how to display the settings for network 180Ospf-interface command keywords and variables Keywords and variables Description Default Availability181 182 183 Config redistribute 184Config redistribute command syntax pattern Redistribute command keywords and variablesConfig summary-address 185Config summary-address command syntax pattern Summary-address command keywords and variables186 Config router static6 Static6 command keywords and variables187 188 Firewall 189How policy matching works Policy list190 Policy list has the following icons and features Policy options191 192 Policy has the following standard optionsInterface / Zone Address Name193 Authentication Advanced policy options194 Differentiated Services Traffic Shaping195 Configuring firewall policies Comments196 Policy CLI configuration To disable a policyTo enable a policy Go to Firewall Policy 197Firewall policy command keywords and variables Address198 Address list has the following icons and features Address listAddress options 199Configuring addresses 200To add an address Go to Firewall Address To edit an addressAddress group list has the following icons and features Address group listAddress group options 201Configuring address groups 202Address group has the following options To delete an address groupPredefined service list Name Name of the predefined services Detail203 Make any required changes Select OK204 ANY205 IRCCustom service list Custom services list has the following icons and features206 Custom service options TCP and UDP custom service optionsIcmp custom service options 207IP custom service options Configuring custom servicesTo add a custom Icmp service Go to Firewall Service Custom To add a custom IP service Go to Firewall Service CustomService group list Service group optionsTo delete a custom service Go to Firewall Service Custom To edit a custom service Go to Firewall Service CustomConfiguring service groups Service group has the following optionsTo delete a service group To edit a service group Go to Firewall Service GroupOne-time schedule list has the following icons and features ScheduleOne-time schedule list 211Configuring one-time schedules One-time schedule options212 One-time schedule has the following optionsRecurring schedule list Recurring schedule options213 Recurring schedule has the following optionsConfiguring recurring schedules Virtual IP214 Virtual IP list has the following icons and features Virtual IP listVirtual IP options 215Configuring virtual IPs 216Virtual IP has the following options To add a static NAT virtual IP Go to Firewall Virtual IP217 Wan1218 IP pool 219To delete a virtual IP Go to Firewall Virtual IP To edit a virtual IP Go to Firewall Virtual IPConfiguring IP pools IP pool listIP pool options 220IP Pools for firewall policies that use fixed ports IP pools and dynamic NAT221 To delete an IP pool Go to Firewall IP PoolProtection profile Protection profile list222 Create New Select Create New to add an IP pool NameDefault protection profiles Protection profile options223 Configuring antivirus options 224Virus Scan File BlockConfiguring web filtering options Configuring web category filtering options225 Configuring spam filtering options 226Configuring IPS options Configuring content archive options227 Configuring protection profiles 228To add a protection profile Go to Firewall Protection ProfileProfile CLI configuration 229To add a protection profile to a policy Firewall profile command keywords and variables 230231 232 Users and authentication To set up user groups233 Setting authentication timeout LocalLocal user list Local user optionsRadius server list 235To delete a user name from the internal database RadiusRadius server options 236To delete a Radius server Server Secret Enter the Radius server secretLdap server list Ldap server options237 238 To delete an Ldap serverUser group User group list239 To configure a user group Go to User User Group User group options240 Available UsersRadius command keywords and variables This example shows how to add the branchoffice peerPeer 241Use this command to add or edit a peer group Peergrp242 Member namestr243 244 VPN 245Phase Phase 1 listTo configure phase 1 settings Go to VPN Ipsec Phase 246Phase 1 basic settings 247Encryption Algorithm248 Pre-shared Key Certificate NamePhase 1 advanced settings 249To configure phase 2 settings Go to VPN Ipsec Phase 250Phase 2 list Phase 2 basic settings251 Phase 2 advanced options 252Tunnel Name Remote Gateway Enable replay detection Enable perfect forward secrecy PFS DH GroupManual key 253Algorithm Edit, view, or delete manual key configurations Manual key list254 To specify manual keys for creating a tunnelManual key options 255Local SPI Remote SPIAuthentication ConcentratorConcentrator list 256Ping Generator Concentrator options257 Concentrator NamePing generator options 258To view active tunnels Go to VPN Ipsec Monitor To interpret the display, see the following sectionsDialup monitor Static IP and dynamic DNS monitor259 Enable Pptp and specify the address range Pptp range260 Enable L2TP and specify the address range L2TP range261 Certificates Local certificate list262 Certificate request 263Select Generate Importing signed certificates 264Select Import CA certificate list Importing CA certificates265 View CertificateVPN configuration procedures IPSec configuration proceduresAdding firewall policies for IPSec VPN tunnels 266267 To define an IP destination addressTo define the firewall encryption policy Interface/ZonePptp configuration procedures L2TP configuration procedures268 Ipsec phase1 Ipsec phase1 command keywords and variables269 Probes. The dpd-retryinterval range Enable 270Dpd-retrycount Dpd-retryintervalIpsec phase2 Ipsec phase2 command keywords and variables271 Network behind the remote VPNIpsec vip 272Local sender or network behind Ipsec vip command keywords and variables 273Out-interface NullConfiguring IPSec virtual IP addresses 274FortiGate1 External FortiGate2275 276 Protection profile configuration IPS updates and information277 Signature Predefined278 Predefined signature list 279Configuring predefined signatures 280Actions to select for each predefined signature Configuring parameters for dissector signatures 281Custom Custom signature list282 Adding custom signatures Backing up and restoring custom signature files283 To add a custom signature Go to IPS Signature CustomAnomaly Anomaly list284 Configuring an anomaly 285Modify PassTo configure the settings of an anomaly Go to IPS Anomaly Reset ClientReset Server 286Anomaly CLI configuration Config ips anomaly config limit Limit command keywords and variables287 Configuring IPS logging and alert email Default fail open setting288 Antivirus 289Virus list updates and information File blockOrder of antivirus operations 290File block list has the following icons and features File block list291 Configuring the file block list QuarantineQuarantined files list 292Quarantined files list options 293Configuring the AutoSubmit list AutoSubmit list has the following icons and featuresAutoSubmit list AutoSubmit list optionsConfig Quarantine configuration has the following options295 OptionsConfig Virus list296 Grayware Grayware options297 298 Config antivirus heuristic This example shows how to disable heuristic scanning299 Config antivirus quarantine Antivirus quarantine command keywords and variablesConfig antivirus service http 300Antivirus service http command keywords and variables How file size limits work301 Config antivirus service ftp 302Antivirus service ftp command keywords and variables 303Config antivirus service pop3 Antivirus service pop3 command keywords and variables304 Config antivirus service imap 305Antivirus service imap command keywords and variables 306Memfilesizelimi 143Config antivirus service smtp Antivirus service smtp command keywords and variables307 308 Web filter 309Order of web filter operations 310Content block Web content block listWeb content block options Web content block has the following icons and featuresConfiguring the web content block list To add or edit a banned word Go to Web Filter Content BlockURL block 312Web URL block has the following icons and features Web URL block listWeb URL block options 313Configuring the web URL block list Web pattern block list314 Select Web URL Block Select Create NewConfiguring web pattern block URL exemptWeb pattern block options 315Configuring URL exempt URL exempt list has the following icons and featuresURL exempt list URL exempt list optionsFortiGuard managed web filtering service FortiGuard Service PointsCategory block FortiGuard categories and ratingsFortiGuard configuration Category block configuration optionsFortiGuard licensing 318Configuring web category block To enable FortiGuard web filteringCategory block reports 319Category block CLI configuration Category block reports optionsGenerating a category block report 320Catblock command keywords and variables This example shows how to display the catblock settingsScript filter 321Web script filter options 322Javascript CookiesSpam filter setting Spam filter323 324 FortiShield Order of spam filter operations325 Configuring the FortiShield cache Enable CacheFortiShield options 326IP address list has the following icons and features IP addressIP address list IP address optionsConfiguring the IP address list 328Configuring the RBL & Ordbl list RBL & Ordbl list has the following icons and featuresRBL & Ordbl list RBL & Ordbl optionsEmail address list has the following icons and features Email addressEmail address list Email address optionsConfiguring the email address list Mime headers331 Email addressMime headers list has the following icons and features Mime headers listMime headers options 332Configuring the Mime headers list Banned word333 Banned word has the following icons and features Banned word listBanned word options 334Using Perl regular expressions Configuring the banned word list335 To add or edit a banned word Go to Spam Filter Banned WordRegular expression vs. wildcard match pattern Word boundaryCase sensitivity 336337 To block any word in a phraseTo block purposely misspelled words To block common spam phrases338 Log & Report 339Log config Log Setting options340 FortiLogFortiLog settings 341Describes the FortiGate logging severity levels Disk settings Log file upload settings342 Logging severity levelsMemory settings Syslog settingsWebTrends settings To configure log file uploadingAlert E-mail options 344To configure alert email Go to Log&Report Alert E-mail Log filter options345 Traffic log Event log346 Policy allowed traffic Policy violation trafficAnti-virus log Web filter log347 Configuring log filters Attack logSpam filter log Enabling traffic loggingLog access To enable traffic logging for a firewall policyViewing log messages 349Choosing columns 350Searching log messages 351To change the columns in the log message display To perform a simple keyword searchFortilog setting 352Log fortilog setting command keywords and variables 353Syslogd setting Log syslogd setting command keywords and variables354 355 Facility types Description356 FortiGuard categories 357358 FortiGuard categories Category name DescriptionObjectionable or Controversial 359 Potentially Non-productivePotentially Bandwidth Consuming Potentially Security Violating360 Use361 362 OthersGlossary 363364 KB, kilobyte a unit of storage 1 024 bytes365 366 Index 367368 Index369 370 MIB371 372 TCP373 374
Related manuals
Manual 2 pages 50.79 Kb

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.