Fortinet 100A manual Related documentation, FortiManager documentation, FortiClient documentation

Page 22

FortiManager documentation

Introduction

 

 

Related documentation

Additional information about Fortinet products is available from the following related documentation.

FortiManager documentation

FortiManager QuickStart Guide

Explains how to install the FortiManager Console, set up the FortiManager Server, and configure basic settings.

FortiManager System Administration Guide

Describes how to use the FortiManager System to manage FortiGate devices.

FortiManager System online help

Provides a searchable version of the Administration Guide in HTML format. You can access online help from the FortiManager Console as you work.

FortiClient documentation

FortiClient Host Security User Guide

Describes how to use FortiClient Host Security software to set up a VPN connection from your computer to remote networks, scan your computer for viruses, and restrict access to your computer and applications by setting up firewall policies.

FortiClient Host Security online help

Provides information and procedures for using and configuring the FortiClient software.

FortiMail documentation

FortiMail Administration Guide

Describes how to install, configure, and manage a FortiMail unit in gateway mode and server mode, including how to configure the unit; create profiles and policies; configure antispam and antivirus filters; create user accounts; and set up logging and reporting.

FortiMail online help

Provides a searchable version of the Administration Guide in HTML format. You can access online help from the web-based manager as you work.

FortiMail Web Mail Online Help

Describes how to use the FortiMail web-based email client, including how to send and receive email; how to add, import, and export addresses; and how to configure message display preferences.

22

01-28007-0068-20041203

Fortinet Inc.

Image 22
Contents Administration Guide December 01-28007-0068-20041203Trademarks Version 2.80 MR7 December 01-28007-0068-20041203Regulatory Compliance Table of Contents 101 Configuring Snmp Snmp communityManagement 102System administration 109 Static 141 Static route list 143 Static route options 144Policy 145 Policy route list Policy route options 146 RIPUsers and authentication 233 260 235Radius server list 235 Radius server options 236 Pptp range 260IPS Web filter 309 Log & Report 339 Contents 01-28007-0068-20041203 Introduction About FortiGate Antivirus FirewallsWeb content filtering Antivirus protectionSpam filtering FirewallTransparent mode NAT/Route modeVLANs and virtual domains Intrusion Prevention System IPS VPNHigh availability Secure installation, configuration, and managementCommand line interface Web-based managerDocument conventions Logging and reportingYou can enter any of the following set allowaccess ping You enterFortinet Knowledge Center Explains how to configure VPNs using the web-based managerFortiGate documentation Comments on Fortinet technical documentationFortiClient documentation Related documentationFortiManager documentation FortiMail documentationCustomer service and technical support FortiLog documentationFortiLog documentation Console access System statusConnect StatusViewing system status DisconnectUnit Information Content SummaryUpgrades Recent Virus DetectionsInterface Status ResetSystem Resources Changing unit information HistoryRecent Intrusion Detections Attack Name Name of the attackTo update the attack definitions manually To update the firmware versionTo update the antivirus definitions manually To change FortiGate host nameTo change to Transparent mode To change to NAT/Route modeSessions Session listTo view the session list Go to System Status Session ProtocolFirmware upgrade procedures Procedure Description Upgrading the firmware using the web-based managerTo upgrade the firmware using the web-based manager Changing the FortiGate firmwareUpgrading the firmware using the CLI To upgrade the firmware using the CLIFortiGate unit responds with the message Reverting to a previous firmware versionCopy the firmware image file to the management computer Reverting to a previous firmware version using the CLI Log into the FortiGate web-based managerTo revert to a previous firmware version using the CLI To install firmware from a system reboot Go to step FortiGate unit running v3.x Bios FortiGate unit running v3.x BiosImmediately press any key to interrupt the system startup Restoring the previous configuration Type Y FortiGate unit running v3.x BiosTesting a new firmware image before installing it To test a new firmware imageType N FortiGate unit running v3.x Bios Installing a backup firmware image Installing and using a backup firmware imageTo install a backup firmware image Switching to the backup firmware image To switch to the backup firmware imageSwitching back to the default firmware image To switch back to the default firmware imageInstalling and using a backup firmware image System network InterfaceName Interface settingsAccess NetmaskInterface See the following procedures for configuring interfacesName Name of the InterfaceVirtual Domain Addressing modeManual Initializing ConnectingPPPoE ConnectedAdministrative access Ping serverConfiguring interfaces LogTo add a Vlan subinterface To bring down an interface that is administratively upTo start up an interface that is administratively down To add interfaces to a zoneTo configure an interface for PPPoE To configure an interface for DhcpYou can configure any FortiGate interface to use Dhcp To change the static IP address of an interfaceSave the changes end To add a secondary IP addressChoose an interface and select Edit To control administrative access to an interface Zone Zone settingsTraffic To delete a zone ManagementTo add a zone To edit a zoneIP/Netmask Default Enter the default gateway address GatewayFrom Virtual Domain managementDNS To add DNS server IP addresses Go to System Network DNSRouting table list Routing table Transparent ModeTransparent mode route settings MaskVlan overview Basic Vlan topologyRules for Vlan IDs VLANs in NAT/Route modeFortiGate units and VLANs Rules for Vlan IP addressesFortiGate unit in Nat/Route mode Adding Vlan subinterfacesGo to Firewall Address VLANs in Transparent modeTo add firewall policies for Vlan subinterfaces Go to Firewall PolicyFortiGate unit with two virtual domains in Transparent mode Transparent mode virtual domains and VLANs Rules for Vlan IDsTransparent mode Vlan list Transparent mode Vlan settingsTo add a Vlan subinterface in Transparent mode IPv6 CLI commands Feature CLI Command FortiGate IPv6 supportTransparent mode Vlan settings Service System DhcpGo to System Dhcp Service Dhcp service settingsTo configure an interface as a regular Dhcp relay agent Type RegularTo configure an interface to be a Dhcp server ServerGo to System Dhcp Server Dhcp server settingsTo configure a Dhcp server for an interface Select Create NewStarting IP To configure multiple Dhcp servers for an interfaceExclude range Ending IPRange cannot exceed 65536 IP addresses Dhcp exclude range settingsIP/MAC binding To add an exclusion range Go to System Dhcp Exclude RangeTo view the dynamic IP list Go to System Dhcp Dynamic IP Dhcp IP/MAC binding settingsDynamic IP Select the interface for which you want to view the listDhcp IP/MAC binding settings Time System configSystem time Time Zone Select the current FortiGate system time zoneOptions To set the Auth timeout Go to System Config Options To set the system idle timeout Go to System Config OptionsFor Idle Timeout, type a number in minutes Select Apply For Auth Timeout, type a number in minutes Select ApplyTo modify the dead gateway detection settings Device failover HA heartbeat failoverHA configuration Standalone ModeGroup ID Cluster MembersMode Unit PriorityPassword Override MasterSchedule Priorities of Heartbeat DeviceHeartbeat device IP addresses To configure a FortiGate unit for HA operation Configuring an HA clusterMonitor priorities Go to System Config HA Go to System StatusTo connect a FortiGate HA cluster HA network configuration To add a new unit to a functioning clusterTo configure weighted-round-robin weights Managing an HA clusterTo view the status of each cluster member Connect to the cluster and log into the web-based managerTo view and manage logs for individual cluster units Go to Log&Report Log AccessTo monitor cluster units for failover Snmp To manage individual cluster unitsConfiguring Snmp Go to System Config Snmp v1/v2c to configure the Snmp agentSnmp community Snmp community options partTo configure Snmp access to an interface in NAT/Route mode 100FortiGate MIBs To add an Snmp community Go to System Config Snmp v1/v2c101 FortiGate traps 102Fortinet MIB fields 103104 Administrator accounts System config Fortinet MIB fields105 Replacement messages list Replacement messages106 107 Changing replacement messagesReplacement message tags Tag Description FILE%%108 Replacement message tagsFortiManager Tag Description109 System administrationAdministrators This chapter describesAdministrators list Administrators optionsUsing trusted hosts Access profiles111 Under Access Control Access profile listAccess profile options Allow Write All113 114 System settings System maintenanceBackup and restore 115Backing up and Restoring Restore or back up the spam filter RBL and Ordbl listBacking up and Restoring Version or the antivirus or attack definitions117 Update center 118Update center 119120 Go to System Maintenance Update centerUpdating antivirus and attack definitions To make sure the FortiGate unit can connect to the FDN121 To add an override serverTo enable scheduled updates through a proxy server 122Select Allow Push Update Select Apply Enabling push updatesPush updates when FortiGate IP addresses change 123124 Enabling push updates through a NAT deviceGeneral procedure Go to Firewall Virtual IP125 Schedule Always Service ANY Action AcceptSupport To add a firewall policy to the FortiGate NAT deviceSending a bug report 126127 To report a bug Go to System Maintenance SupportRegistering a FortiGate unit Relay128 To register a FortiGate unitShutdown To log out of the system Go to System Maintenance ShutdownTo restart the system Go to System Maintenance Shutdown 129130 Select Reboot Select Apply FortiGate unit restartsTo reset the FortiGate unit to factory defaults To shut down the systemSystem virtual domain 131132 Virtual domain propertiesExclusive virtual domain properties IPSec133 Shared configuration settingsAntivirus Web filter Spam filter Log and report Virtual domains Administration and management134 Selecting a management virtual domain Adding a virtual domainSelecting a virtual domain 135To select a management virtual domain Configuring virtual domains136 To add physical interfaces to a virtual domainTo add Vlan subinterfaces to a virtual domain 137To add zones to a virtual domain 138 Configuring routing for a virtual domainConfiguring firewall policies for a virtual domain To add firewall policies to a virtual domainTo add IP pools to a virtual domain 139To add firewall addresses to a virtual domain Go to Firewall IP PoolTo configure VPN for a virtual domain Configuring IPSec VPN for a virtual domain140 Static Router141 142 FortiGate1143 Static route listDevice internal Distance 144 Static route optionsTo move static routes Go to Router Static Static Route Policy route list Policy145 To add a policy route Go to Router Policy Route Policy route options146 Port, enter the same port number for both From and ToGeneral 147Networks list To configure RIP general settings Go to Router RIP General148 Interface list To configure a RIP network Go to Router RIP NetworksNetworks options 149150 Interface optionsSplit-Horizon Distribute list To configure a RIP interface Go to Router RIP InterfacePassword 151Distribute list options 152Offset list options To configure an offset list Go to Router RIP Offset ListOffset list 153Router objects Access listNew access list 154Prefix list New access list entry155 New Prefix list 156Route-map list New prefix list entry157 158 New Route-mapSelect Create New Enter a name for the route map Select OK Route-map list entry 159New key chain Key chain list160 161 Key chain list entryEnter a name for the key chain Select OK 162 MonitorRouting monitor list Display the FortiGate routing tableCLI configuration 163Command syntax pattern Router info rip command keywords and variablesConfig router ospf Get router info ripKeywords Description Default Availability Variables Ospf command keywords and variables165 Example This example shows how to set the Ospf router ID toThis example shows how to display the Ospf settings 166This example shows how to display the Ospf configuration Config areaConfig area command syntax pattern Config area command has 3 subcommandsArea command keywords and variables 168This example shows how to display the settings for area 169Filter-list command keywords and variables Config filter-listConfig filter-list command syntax pattern 170171 Config rangeConfig range command syntax pattern Range idinteger can be 0 toRange command keywords and variables 172Command Config virtual-linkConfig virtual link command syntax pattern 173Virtual-link command keywords and variables 174This example shows how to configure a virtual link Config distribute-list175 Distribute-list command keywords and variables Config distribute-list command syntax pattern176 Config neighbor command syntax pattern Config neighbor177 This example shows how to display the settings for neighbor Neighbor command keywords and variablesThis example shows how to manually add a neighbor 178Network command keywords and variables Config networkConfig network command syntax pattern 179This example shows how to display the settings for network Config ospf-interfaceConfig ospf-interface command syntax pattern 180Keywords and variables Description Default Availability Ospf-interface command keywords and variables181 182 183 Config redistribute 184Config summary-address Config redistribute command syntax patternRedistribute command keywords and variables 185Summary-address command keywords and variables Config summary-address command syntax pattern186 Static6 command keywords and variables Config router static6187 188 Firewall 189Policy list How policy matching works190 Policy options Policy list has the following icons and features191 Interface / Zone 192Policy has the following standard options Address Name193 Advanced policy options Authentication194 Traffic Shaping Differentiated Services195 Comments Configuring firewall policies196 To enable a policy Go to Firewall Policy Policy CLI configurationTo disable a policy 197Address Firewall policy command keywords and variables198 Address options Address list has the following icons and featuresAddress list 199To add an address Go to Firewall Address Configuring addresses200 To edit an addressAddress group options Address group list has the following icons and featuresAddress group list 201Address group has the following options Configuring address groups202 To delete an address group203 Predefined service listName Name of the predefined services Detail Make any required changes Select OK204 ANY205 IRCCustom services list has the following icons and features Custom service list206 Icmp custom service options Custom service optionsTCP and UDP custom service options 207To add a custom Icmp service Go to Firewall Service Custom IP custom service optionsConfiguring custom services To add a custom IP service Go to Firewall Service CustomTo delete a custom service Go to Firewall Service Custom Service group listService group options To edit a custom service Go to Firewall Service CustomTo delete a service group Configuring service groupsService group has the following options To edit a service group Go to Firewall Service GroupOne-time schedule list One-time schedule list has the following icons and featuresSchedule 211212 Configuring one-time schedulesOne-time schedule options One-time schedule has the following options213 Recurring schedule listRecurring schedule options Recurring schedule has the following optionsVirtual IP Configuring recurring schedules214 Virtual IP options Virtual IP list has the following icons and featuresVirtual IP list 215Virtual IP has the following options Configuring virtual IPs216 To add a static NAT virtual IP Go to Firewall Virtual IP217 Wan1218 To delete a virtual IP Go to Firewall Virtual IP IP pool219 To edit a virtual IP Go to Firewall Virtual IPIP pool options Configuring IP poolsIP pool list 220221 IP Pools for firewall policies that use fixed portsIP pools and dynamic NAT To delete an IP pool Go to Firewall IP Pool222 Protection profileProtection profile list Create New Select Create New to add an IP pool NameProtection profile options Default protection profiles223 Virus Scan Configuring antivirus options224 File BlockConfiguring web category filtering options Configuring web filtering options225 Configuring spam filtering options 226Configuring content archive options Configuring IPS options227 To add a protection profile Configuring protection profiles228 Go to Firewall Protection Profile229 Profile CLI configurationTo add a protection profile to a policy Firewall profile command keywords and variables 230231 232 To set up user groups Users and authentication233 Local user list Setting authentication timeoutLocal Local user optionsTo delete a user name from the internal database Radius server list235 RadiusTo delete a Radius server Radius server options236 Server Secret Enter the Radius server secretLdap server options Ldap server list237 238 To delete an Ldap serverUser group list User group239 240 To configure a user group Go to User User GroupUser group options Available UsersPeer Radius command keywords and variablesThis example shows how to add the branchoffice peer 241242 Use this command to add or edit a peer groupPeergrp Member namestr243 244 VPN 245To configure phase 1 settings Go to VPN Ipsec Phase PhasePhase 1 list 246Encryption Phase 1 basic settings247 Algorithm248 Pre-shared Key Certificate NamePhase 1 advanced settings 249To configure phase 2 settings Go to VPN Ipsec Phase 250Phase 2 basic settings Phase 2 list251 252 Phase 2 advanced optionsTunnel Name Remote Gateway Manual key Enable replay detectionEnable perfect forward secrecy PFS DH Group 253254 Algorithm Edit, view, or delete manual key configurationsManual key list To specify manual keys for creating a tunnelLocal SPI Manual key options255 Remote SPIConcentrator list AuthenticationConcentrator 256257 Ping GeneratorConcentrator options Concentrator NameTo view active tunnels Go to VPN Ipsec Monitor Ping generator options258 To interpret the display, see the following sectionsStatic IP and dynamic DNS monitor Dialup monitor259 Pptp range Enable Pptp and specify the address range260 L2TP range Enable L2TP and specify the address range261 Local certificate list Certificates262 263 Certificate requestSelect Generate 264 Importing signed certificatesSelect Import 265 CA certificate listImporting CA certificates View CertificateAdding firewall policies for IPSec VPN tunnels VPN configuration proceduresIPSec configuration procedures 266To define the firewall encryption policy 267To define an IP destination address Interface/ZoneL2TP configuration procedures Pptp configuration procedures268 Ipsec phase1 command keywords and variables Ipsec phase1269 Dpd-retrycount Probes. The dpd-retryinterval range Enable270 Dpd-retryinterval271 Ipsec phase2Ipsec phase2 command keywords and variables Network behind the remote VPN272 Ipsec vipLocal sender or network behind Out-interface Ipsec vip command keywords and variables273 NullFortiGate1 External Configuring IPSec virtual IP addresses274 FortiGate2275 276 IPS updates and information Protection profile configuration277 Predefined Signature278 Predefined signature list 279280 Configuring predefined signaturesActions to select for each predefined signature Configuring parameters for dissector signatures 281Custom signature list Custom282 283 Adding custom signaturesBacking up and restoring custom signature files To add a custom signature Go to IPS Signature CustomAnomaly list Anomaly284 Modify Configuring an anomaly285 PassReset Server To configure the settings of an anomaly Go to IPS AnomalyReset Client 286Limit command keywords and variables Anomaly CLI configuration Config ips anomaly config limit287 Default fail open setting Configuring IPS logging and alert email288 Antivirus 289Order of antivirus operations Virus list updates and informationFile block 290File block list File block list has the following icons and features291 Quarantined files list Configuring the file block listQuarantine 292Quarantined files list options 293AutoSubmit list Configuring the AutoSubmit listAutoSubmit list has the following icons and features AutoSubmit list options295 ConfigQuarantine configuration has the following options OptionsVirus list Config296 Grayware options Grayware297 298 This example shows how to disable heuristic scanning Config antivirus heuristic299 Config antivirus service http Config antivirus quarantineAntivirus quarantine command keywords and variables 300How file size limits work Antivirus service http command keywords and variables301 Config antivirus service ftp 302Antivirus service ftp command keywords and variables 303Antivirus service pop3 command keywords and variables Config antivirus service pop3304 Config antivirus service imap 305Memfilesizelimi Antivirus service imap command keywords and variables306 143Antivirus service smtp command keywords and variables Config antivirus service smtp307 308 Web filter 309Order of web filter operations 310Web content block options Content blockWeb content block list Web content block has the following icons and featuresURL block Configuring the web content block listTo add or edit a banned word Go to Web Filter Content Block 312Web URL block options Web URL block has the following icons and featuresWeb URL block list 313314 Configuring the web URL block listWeb pattern block list Select Web URL Block Select Create NewWeb pattern block options Configuring web pattern blockURL exempt 315URL exempt list Configuring URL exemptURL exempt list has the following icons and features URL exempt list optionsCategory block FortiGuard managed web filtering serviceFortiGuard Service Points FortiGuard categories and ratingsFortiGuard licensing FortiGuard configurationCategory block configuration options 318Category block reports Configuring web category blockTo enable FortiGuard web filtering 319Generating a category block report Category block CLI configurationCategory block reports options 320Script filter Catblock command keywords and variablesThis example shows how to display the catblock settings 321Javascript Web script filter options322 CookiesSpam filter Spam filter setting323 324 Order of spam filter operations FortiShield325 FortiShield options Configuring the FortiShield cacheEnable Cache 326IP address list IP address list has the following icons and featuresIP address IP address optionsConfiguring the IP address list 328RBL & Ordbl list Configuring the RBL & Ordbl listRBL & Ordbl list has the following icons and features RBL & Ordbl optionsEmail address list Email address list has the following icons and featuresEmail address Email address options331 Configuring the email address listMime headers Email addressMime headers options Mime headers list has the following icons and featuresMime headers list 332Banned word Configuring the Mime headers list333 Banned word options Banned word has the following icons and featuresBanned word list 334335 Using Perl regular expressionsConfiguring the banned word list To add or edit a banned word Go to Spam Filter Banned WordCase sensitivity Regular expression vs. wildcard match patternWord boundary 336To block purposely misspelled words 337To block any word in a phrase To block common spam phrases338 Log & Report 339340 Log configLog Setting options FortiLog341 FortiLog settingsDescribes the FortiGate logging severity levels 342 Disk settingsLog file upload settings Logging severity levelsWebTrends settings Memory settingsSyslog settings To configure log file uploadingAlert E-mail options 344Log filter options To configure alert email Go to Log&Report Alert E-mail345 346 Traffic logEvent log Policy allowed traffic Policy violation trafficWeb filter log Anti-virus log347 Spam filter log Configuring log filtersAttack log Enabling traffic loggingViewing log messages Log accessTo enable traffic logging for a firewall policy 349Choosing columns 350To change the columns in the log message display Searching log messages351 To perform a simple keyword searchFortilog setting 352Log fortilog setting command keywords and variables 353Log syslogd setting command keywords and variables Syslogd setting354 355 Facility types Description356 FortiGuard categories 357FortiGuard categories Category name Description 358Objectionable or Controversial Potentially Bandwidth Consuming 359Potentially Non-productive Potentially Security Violating360 Use361 362 OthersGlossary 363364 KB, kilobyte a unit of storage 1 024 bytes365 366 Index 367368 Index369 370 MIB371 372 TCP373 374
Related manuals
Manual 2 pages 50.79 Kb

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.