Fortinet 100A manual Address group list, Address group options, 201, To delete an address

Page 201

Firewall

Address group list

 

 

Note: To change the address name you must delete the address and add it again with a new name. To avoid confusion in firewall policies, an address and a virtual IP cannot have the same name.

4Select OK.

To delete an address

Deleting an address removes it from the address list. To delete an address that has been added to a policy, you must first remove the address from the policy.

1Go to Firewall > Address > Address.

2Select the Delete icon beside the address you want to delete. You cannot delete default addresses.

3Select OK.

Address group list

You can organize related addresses into address groups to make it easier to configure policies. For example, if you add three addresses and then configure them in an address group, you can configure a single policy using all three addresses.

Note: If an address group is included in a policy, it cannot be deleted unless it is first removed from the policy.

Figure 86: Sample address group list

The address group list has the following icons and features.

Create New Select Create New to add an address group.

Group Name The name of the address group.

Members The addresses in the address group.

The Delete and Edit/View icons.

Address group options

Address group options are configurable when creating or editing an address group.

FortiGate-100A Administration Guide

01-28007-0068-20041203

201

Image 201
Contents December 01-28007-0068-20041203 Administration GuideVersion 2.80 MR7 December 01-28007-0068-20041203 TrademarksRegulatory Compliance Table of Contents Management Configuring Snmp Snmp community101 102Static 141 Static route list 143 Static route options 144 System administration 109RIP Policy 145 Policy route list Policy route options 146Users and authentication 233 Radius server list 235 Radius server options 236 235260 Pptp range 260IPS Web filter 309 Log & Report 339 Contents 01-28007-0068-20041203 About FortiGate Antivirus Firewalls IntroductionAntivirus protection Web content filteringFirewall Spam filteringNAT/Route mode Transparent modeVLANs and virtual domains VPN Intrusion Prevention System IPSCommand line interface Secure installation, configuration, and managementHigh availability Web-based managerLogging and reporting Document conventionsYou enter You can enter any of the following set allowaccess pingFortiGate documentation Explains how to configure VPNs using the web-based managerFortinet Knowledge Center Comments on Fortinet technical documentationFortiManager documentation Related documentationFortiClient documentation FortiMail documentationFortiLog documentation Customer service and technical supportFortiLog documentation System status Console accessViewing system status StatusConnect DisconnectUpgrades Content SummaryUnit Information Recent Virus DetectionsReset Interface StatusSystem Resources Recent Intrusion Detections HistoryChanging unit information Attack Name Name of the attackTo update the antivirus definitions manually To update the firmware versionTo update the attack definitions manually To change FortiGate host nameTo change to NAT/Route mode To change to Transparent modeTo view the session list Go to System Status Session Session listSessions ProtocolTo upgrade the firmware using the web-based manager Upgrading the firmware using the web-based managerFirmware upgrade procedures Procedure Description Changing the FortiGate firmwareTo upgrade the firmware using the CLI Upgrading the firmware using the CLIReverting to a previous firmware version FortiGate unit responds with the messageCopy the firmware image file to the management computer Log into the FortiGate web-based manager Reverting to a previous firmware version using the CLITo revert to a previous firmware version using the CLI To install firmware from a system reboot FortiGate unit running v3.x Bios Go to step FortiGate unit running v3.x BiosImmediately press any key to interrupt the system startup Type Y FortiGate unit running v3.x Bios Restoring the previous configurationTo test a new firmware image Testing a new firmware image before installing itType N FortiGate unit running v3.x Bios Installing and using a backup firmware image Installing a backup firmware imageTo install a backup firmware image To switch to the backup firmware image Switching to the backup firmware imageTo switch back to the default firmware image Switching back to the default firmware imageInstalling and using a backup firmware image Interface System networkAccess Interface settingsName NetmaskName See the following procedures for configuring interfacesInterface Name of the InterfaceAddressing mode Virtual DomainManual PPPoE ConnectingInitializing ConnectedPing server Administrative accessLog Configuring interfacesTo start up an interface that is administratively down To bring down an interface that is administratively upTo add a Vlan subinterface To add interfaces to a zoneYou can configure any FortiGate interface to use Dhcp To configure an interface for DhcpTo configure an interface for PPPoE To change the static IP address of an interfaceTo add a secondary IP address Save the changes endChoose an interface and select Edit To control administrative access to an interface Zone settings ZoneTraffic To add a zone ManagementTo delete a zone To edit a zoneFrom Default Enter the default gateway address GatewayIP/Netmask Virtual Domain managementTo add DNS server IP addresses Go to System Network DNS DNSTransparent mode route settings Routing table Transparent ModeRouting table list MaskBasic Vlan topology Vlan overviewFortiGate units and VLANs VLANs in NAT/Route modeRules for Vlan IDs Rules for Vlan IP addressesAdding Vlan subinterfaces FortiGate unit in Nat/Route modeTo add firewall policies for Vlan subinterfaces VLANs in Transparent modeGo to Firewall Address Go to Firewall PolicyFortiGate unit with two virtual domains in Transparent mode Rules for Vlan IDs Transparent mode virtual domains and VLANsTransparent mode Vlan settings Transparent mode Vlan listTo add a Vlan subinterface in Transparent mode FortiGate IPv6 support IPv6 CLI commands Feature CLI CommandTransparent mode Vlan settings System Dhcp ServiceTo configure an interface as a regular Dhcp relay agent Dhcp service settingsGo to System Dhcp Service Type RegularServer To configure an interface to be a Dhcp serverTo configure a Dhcp server for an interface Dhcp server settingsGo to System Dhcp Server Select Create NewExclude range To configure multiple Dhcp servers for an interfaceStarting IP Ending IPIP/MAC binding Dhcp exclude range settingsRange cannot exceed 65536 IP addresses To add an exclusion range Go to System Dhcp Exclude RangeDynamic IP Dhcp IP/MAC binding settingsTo view the dynamic IP list Go to System Dhcp Dynamic IP Select the interface for which you want to view the listDhcp IP/MAC binding settings System time System configTime Time Zone Select the current FortiGate system time zoneOptions For Idle Timeout, type a number in minutes Select Apply To set the system idle timeout Go to System Config OptionsTo set the Auth timeout Go to System Config Options For Auth Timeout, type a number in minutes Select ApplyDevice failover HA heartbeat failover To modify the dead gateway detection settingsStandalone Mode HA configurationMode Cluster MembersGroup ID Unit PriorityOverride Master PasswordPriorities of Heartbeat Device ScheduleHeartbeat device IP addresses Configuring an HA cluster To configure a FortiGate unit for HA operationMonitor priorities Go to System Status Go to System Config HATo connect a FortiGate HA cluster To add a new unit to a functioning cluster HA network configurationManaging an HA cluster To configure weighted-round-robin weightsConnect to the cluster and log into the web-based manager To view the status of each cluster memberGo to Log&Report Log Access To view and manage logs for individual cluster unitsTo monitor cluster units for failover To manage individual cluster units SnmpGo to System Config Snmp v1/v2c to configure the Snmp agent Configuring SnmpSnmp community options part Snmp community100 To configure Snmp access to an interface in NAT/Route modeTo add an Snmp community Go to System Config Snmp v1/v2c FortiGate MIBs101 102 FortiGate traps103 Fortinet MIB fields104 System config Fortinet MIB fields Administrator accounts105 Replacement messages Replacement messages list106 Replacement message tags Tag Description Changing replacement messages107 FILE%%FortiManager Replacement message tags108 Tag DescriptionAdministrators System administration109 This chapter describesAdministrators options Administrators listAccess profiles Using trusted hosts111 Access profile options Access profile listUnder Access Control Allow Write All113 114 Backup and restore System maintenanceSystem settings 115Backing up and Restoring Restore or back up the spam filter RBL and Ordbl listBacking up and Restoring Version or the antivirus or attack definitions117 118 Update center119 Update centerUpdating antivirus and attack definitions Go to System Maintenance Update center120 To make sure the FortiGate unit can connect to the FDNTo add an override server 121122 To enable scheduled updates through a proxy serverPush updates when FortiGate IP addresses change Enabling push updatesSelect Allow Push Update Select Apply 123General procedure Enabling push updates through a NAT device124 Go to Firewall Virtual IPSupport Schedule Always Service ANY Action Accept125 To add a firewall policy to the FortiGate NAT device126 Sending a bug reportRegistering a FortiGate unit To report a bug Go to System Maintenance Support127 RelayTo register a FortiGate unit 128To restart the system Go to System Maintenance Shutdown To log out of the system Go to System Maintenance ShutdownShutdown 129To reset the FortiGate unit to factory defaults Select Reboot Select Apply FortiGate unit restarts130 To shut down the system131 System virtual domainExclusive virtual domain properties Virtual domain properties132 IPSecShared configuration settings 133Antivirus Web filter Spam filter Log and report Administration and management Virtual domains134 Selecting a virtual domain Adding a virtual domainSelecting a management virtual domain 135136 Configuring virtual domainsTo select a management virtual domain To add physical interfaces to a virtual domain137 To add Vlan subinterfaces to a virtual domainTo add zones to a virtual domain Configuring firewall policies for a virtual domain Configuring routing for a virtual domain138 To add firewall policies to a virtual domainTo add firewall addresses to a virtual domain 139To add IP pools to a virtual domain Go to Firewall IP PoolConfiguring IPSec VPN for a virtual domain To configure VPN for a virtual domain140 Router Static141 FortiGate1 142Static route list 143Device internal Distance Static route options 144To move static routes Go to Router Static Static Route Policy Policy route list145 146 Policy route optionsTo add a policy route Go to Router Policy Route Port, enter the same port number for both From and To147 GeneralTo configure RIP general settings Go to Router RIP General Networks list148 Networks options To configure a RIP network Go to Router RIP NetworksInterface list 149Interface options 150Split-Horizon Password To configure a RIP interface Go to Router RIP InterfaceDistribute list 151152 Distribute list optionsOffset list To configure an offset list Go to Router RIP Offset ListOffset list options 153New access list Access listRouter objects 154New access list entry Prefix list155 156 New Prefix listNew prefix list entry Route-map list157 New Route-map 158Select Create New Enter a name for the route map Select OK 159 Route-map list entryKey chain list New key chain160 Key chain list entry 161Enter a name for the key chain Select OK Routing monitor list Monitor162 Display the FortiGate routing table163 CLI configurationConfig router ospf Router info rip command keywords and variablesCommand syntax pattern Get router info ripOspf command keywords and variables Keywords Description Default Availability Variables165 This example shows how to display the Ospf settings This example shows how to set the Ospf router ID toExample 166Config area command syntax pattern Config areaThis example shows how to display the Ospf configuration Config area command has 3 subcommands168 Area command keywords and variables169 This example shows how to display the settings for areaConfig filter-list command syntax pattern Config filter-listFilter-list command keywords and variables 170Config range command syntax pattern Config range171 Range idinteger can be 0 to172 Range command keywords and variablesConfig virtual link command syntax pattern Config virtual-linkCommand 173174 Virtual-link command keywords and variablesConfig distribute-list This example shows how to configure a virtual link175 Config distribute-list command syntax pattern Distribute-list command keywords and variables176 Config neighbor Config neighbor command syntax pattern177 This example shows how to manually add a neighbor Neighbor command keywords and variablesThis example shows how to display the settings for neighbor 178Config network command syntax pattern Config networkNetwork command keywords and variables 179Config ospf-interface command syntax pattern Config ospf-interfaceThis example shows how to display the settings for network 180Ospf-interface command keywords and variables Keywords and variables Description Default Availability181 182 183 184 Config redistributeRedistribute command keywords and variables Config redistribute command syntax patternConfig summary-address 185Config summary-address command syntax pattern Summary-address command keywords and variables186 Config router static6 Static6 command keywords and variables187 188 189 FirewallHow policy matching works Policy list190 Policy list has the following icons and features Policy options191 Policy has the following standard options 192Interface / Zone Address Name193 Authentication Advanced policy options194 Differentiated Services Traffic Shaping195 Configuring firewall policies Comments196 To disable a policy Policy CLI configurationTo enable a policy Go to Firewall Policy 197Firewall policy command keywords and variables Address198 Address list Address list has the following icons and featuresAddress options 199200 Configuring addressesTo add an address Go to Firewall Address To edit an addressAddress group list Address group list has the following icons and featuresAddress group options 201202 Configuring address groupsAddress group has the following options To delete an address groupName Name of the predefined services Detail Predefined service list203 Make any required changes Select OKANY 204IRC 205Custom service list Custom services list has the following icons and features206 TCP and UDP custom service options Custom service optionsIcmp custom service options 207Configuring custom services IP custom service optionsTo add a custom Icmp service Go to Firewall Service Custom To add a custom IP service Go to Firewall Service CustomService group options Service group listTo delete a custom service Go to Firewall Service Custom To edit a custom service Go to Firewall Service CustomService group has the following options Configuring service groupsTo delete a service group To edit a service group Go to Firewall Service GroupSchedule One-time schedule list has the following icons and featuresOne-time schedule list 211One-time schedule options Configuring one-time schedules212 One-time schedule has the following optionsRecurring schedule options Recurring schedule list213 Recurring schedule has the following optionsConfiguring recurring schedules Virtual IP214 Virtual IP list Virtual IP list has the following icons and featuresVirtual IP options 215216 Configuring virtual IPsVirtual IP has the following options To add a static NAT virtual IP Go to Firewall Virtual IPWan1 217218 219 IP poolTo delete a virtual IP Go to Firewall Virtual IP To edit a virtual IP Go to Firewall Virtual IPIP pool list Configuring IP poolsIP pool options 220IP pools and dynamic NAT IP Pools for firewall policies that use fixed ports221 To delete an IP pool Go to Firewall IP PoolProtection profile list Protection profile222 Create New Select Create New to add an IP pool NameDefault protection profiles Protection profile options223 224 Configuring antivirus optionsVirus Scan File BlockConfiguring web filtering options Configuring web category filtering options225 226 Configuring spam filtering optionsConfiguring IPS options Configuring content archive options227 228 Configuring protection profilesTo add a protection profile Go to Firewall Protection ProfileProfile CLI configuration 229To add a protection profile to a policy 230 Firewall profile command keywords and variables231 232 Users and authentication To set up user groups233 Local Setting authentication timeoutLocal user list Local user options235 Radius server listTo delete a user name from the internal database Radius236 Radius server optionsTo delete a Radius server Server Secret Enter the Radius server secretLdap server list Ldap server options237 To delete an Ldap server 238User group User group list239 User group options To configure a user group Go to User User Group240 Available UsersThis example shows how to add the branchoffice peer Radius command keywords and variablesPeer 241Peergrp Use this command to add or edit a peer group242 Member namestr243 244 245 VPNPhase 1 list PhaseTo configure phase 1 settings Go to VPN Ipsec Phase 246247 Phase 1 basic settingsEncryption AlgorithmPre-shared Key Certificate Name 248249 Phase 1 advanced settings250 To configure phase 2 settings Go to VPN Ipsec PhasePhase 2 list Phase 2 basic settings251 Phase 2 advanced options 252Tunnel Name Remote Gateway Enable perfect forward secrecy PFS DH Group Enable replay detectionManual key 253Manual key list Algorithm Edit, view, or delete manual key configurations254 To specify manual keys for creating a tunnel255 Manual key optionsLocal SPI Remote SPIConcentrator AuthenticationConcentrator list 256Concentrator options Ping Generator257 Concentrator Name258 Ping generator optionsTo view active tunnels Go to VPN Ipsec Monitor To interpret the display, see the following sectionsDialup monitor Static IP and dynamic DNS monitor259 Enable Pptp and specify the address range Pptp range260 Enable L2TP and specify the address range L2TP range261 Certificates Local certificate list262 Certificate request 263Select Generate Importing signed certificates 264Select Import Importing CA certificates CA certificate list265 View CertificateIPSec configuration procedures VPN configuration proceduresAdding firewall policies for IPSec VPN tunnels 266To define an IP destination address 267To define the firewall encryption policy Interface/ZonePptp configuration procedures L2TP configuration procedures268 Ipsec phase1 Ipsec phase1 command keywords and variables269 270 Probes. The dpd-retryinterval range EnableDpd-retrycount Dpd-retryintervalIpsec phase2 command keywords and variables Ipsec phase2271 Network behind the remote VPNIpsec vip 272Local sender or network behind 273 Ipsec vip command keywords and variablesOut-interface Null274 Configuring IPSec virtual IP addressesFortiGate1 External FortiGate2275 276 Protection profile configuration IPS updates and information277 Signature Predefined278 279 Predefined signature listConfiguring predefined signatures 280Actions to select for each predefined signature 281 Configuring parameters for dissector signaturesCustom Custom signature list282 Backing up and restoring custom signature files Adding custom signatures283 To add a custom signature Go to IPS Signature CustomAnomaly Anomaly list284 285 Configuring an anomalyModify PassReset Client To configure the settings of an anomaly Go to IPS AnomalyReset Server 286Anomaly CLI configuration Config ips anomaly config limit Limit command keywords and variables287 Configuring IPS logging and alert email Default fail open setting288 289 AntivirusFile block Virus list updates and informationOrder of antivirus operations 290File block list has the following icons and features File block list291 Quarantine Configuring the file block listQuarantined files list 292293 Quarantined files list optionsAutoSubmit list has the following icons and features Configuring the AutoSubmit listAutoSubmit list AutoSubmit list optionsQuarantine configuration has the following options Config295 OptionsConfig Virus list296 Grayware Grayware options297 298 Config antivirus heuristic This example shows how to disable heuristic scanning299 Antivirus quarantine command keywords and variables Config antivirus quarantineConfig antivirus service http 300Antivirus service http command keywords and variables How file size limits work301 302 Config antivirus service ftp303 Antivirus service ftp command keywords and variablesConfig antivirus service pop3 Antivirus service pop3 command keywords and variables304 305 Config antivirus service imap306 Antivirus service imap command keywords and variablesMemfilesizelimi 143Config antivirus service smtp Antivirus service smtp command keywords and variables307 308 309 Web filter310 Order of web filter operationsWeb content block list Content blockWeb content block options Web content block has the following icons and featuresTo add or edit a banned word Go to Web Filter Content Block Configuring the web content block listURL block 312Web URL block list Web URL block has the following icons and featuresWeb URL block options 313Web pattern block list Configuring the web URL block list314 Select Web URL Block Select Create NewURL exempt Configuring web pattern blockWeb pattern block options 315URL exempt list has the following icons and features Configuring URL exemptURL exempt list URL exempt list optionsFortiGuard Service Points FortiGuard managed web filtering serviceCategory block FortiGuard categories and ratingsCategory block configuration options FortiGuard configurationFortiGuard licensing 318To enable FortiGuard web filtering Configuring web category blockCategory block reports 319Category block reports options Category block CLI configurationGenerating a category block report 320This example shows how to display the catblock settings Catblock command keywords and variablesScript filter 321322 Web script filter optionsJavascript CookiesSpam filter setting Spam filter323 324 FortiShield Order of spam filter operations325 Enable Cache Configuring the FortiShield cacheFortiShield options 326IP address IP address list has the following icons and featuresIP address list IP address options328 Configuring the IP address listRBL & Ordbl list has the following icons and features Configuring the RBL & Ordbl listRBL & Ordbl list RBL & Ordbl optionsEmail address Email address list has the following icons and featuresEmail address list Email address optionsMime headers Configuring the email address list331 Email addressMime headers list Mime headers list has the following icons and featuresMime headers options 332Configuring the Mime headers list Banned word333 Banned word list Banned word has the following icons and featuresBanned word options 334Configuring the banned word list Using Perl regular expressions335 To add or edit a banned word Go to Spam Filter Banned WordWord boundary Regular expression vs. wildcard match patternCase sensitivity 336To block any word in a phrase 337To block purposely misspelled words To block common spam phrases338 339 Log & ReportLog Setting options Log config340 FortiLogFortiLog settings 341Describes the FortiGate logging severity levels Log file upload settings Disk settings342 Logging severity levelsSyslog settings Memory settingsWebTrends settings To configure log file uploading344 Alert E-mail optionsTo configure alert email Go to Log&Report Alert E-mail Log filter options345 Event log Traffic log346 Policy allowed traffic Policy violation trafficAnti-virus log Web filter log347 Attack log Configuring log filtersSpam filter log Enabling traffic loggingTo enable traffic logging for a firewall policy Log accessViewing log messages 349350 Choosing columns351 Searching log messagesTo change the columns in the log message display To perform a simple keyword search352 Fortilog setting353 Log fortilog setting command keywords and variablesSyslogd setting Log syslogd setting command keywords and variables354 Facility types Description 355356 357 FortiGuard categories358 FortiGuard categories Category name DescriptionObjectionable or Controversial Potentially Non-productive 359Potentially Bandwidth Consuming Potentially Security ViolatingUse 360361 Others 362363 GlossaryKB, kilobyte a unit of storage 1 024 bytes 364365 366 367 IndexIndex 368369 MIB 370371 TCP 372373 374
Related manuals
Manual 2 pages 50.79 Kb

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.