Fortinet 100A manual Radius server list 235 Radius server options 236, Pptp range 260, 261

Page 8

Contents

RADIUS	235
RADIUS server list	235
RADIUS server options	236
LDAP	236
LDAP server list	237
LDAP server options	237
User group	239
User group list	239
User group options	240
CLI configuration	241
peer	241
peergrp	242
VPN	245
Phase 1	246
Phase 1 list	246
Phase 1 basic settings	247
Phase 1 advanced settings	249
Phase 2	250
Phase 2 list	251
Phase 2 basic settings	251
Phase 2 advanced options	252
Manual key	253
Manual key list	254
Manual key options	255
Concentrator	256
Concentrator list	256
Concentrator options	257
Ping Generator	257
Ping generator options	258
Monitor	258
Dialup monitor	259
Static IP and dynamic DNS monitor	259
PPTP	260
PPTP range	260
L2TP	261
L2TP range	261
Certificates	262
Local certificate list	262
Certificate request	263
Importing signed certificates	264
CA certificate list	265
Importing CA certificates	265

01-28007-0068-20041203

Fortinet Inc.

Image 8

Contents Administration Guide December 01-28007-0068-20041203Regulatory Compliance Version 2.80 MR7 December 01-28007-0068-20041203Trademarks Table of Contents Configuring Snmp Snmp community Management101 102System administration 109 Static 141 Static route list 143 Static route options 144Policy 145 Policy route list Policy route options 146 RIPUsers and authentication 233 235 Radius server list 235 Radius server options 236260 Pptp range 260IPS Web filter 309 Log & Report 339 Contents 01-28007-0068-20041203 Introduction About FortiGate Antivirus FirewallsWeb content filtering Antivirus protectionSpam filtering FirewallVLANs and virtual domains NAT/Route modeTransparent mode Intrusion Prevention System IPS VPNSecure installation, configuration, and management Command line interfaceHigh availability Web-based managerDocument conventions Logging and reportingYou can enter any of the following set allowaccess ping You enterExplains how to configure VPNs using the web-based manager FortiGate documentationFortinet Knowledge Center Comments on Fortinet technical documentationRelated documentation FortiManager documentationFortiClient documentation FortiMail documentationCustomer service and technical support FortiLog documentationFortiLog documentation Console access System statusStatus Viewing system statusConnect DisconnectContent Summary UpgradesUnit Information Recent Virus DetectionsSystem Resources ResetInterface Status History Recent Intrusion DetectionsChanging unit information Attack Name Name of the attackTo update the firmware version To update the antivirus definitions manuallyTo update the attack definitions manually To change FortiGate host nameTo change to Transparent mode To change to NAT/Route modeSession list To view the session list Go to System Status SessionSessions ProtocolUpgrading the firmware using the web-based manager To upgrade the firmware using the web-based managerFirmware upgrade procedures Procedure Description Changing the FortiGate firmwareUpgrading the firmware using the CLI To upgrade the firmware using the CLICopy the firmware image file to the management computer Reverting to a previous firmware versionFortiGate unit responds with the message Reverting to a previous firmware version using the CLI Log into the FortiGate web-based managerTo revert to a previous firmware version using the CLI To install firmware from a system reboot Immediately press any key to interrupt the system startup FortiGate unit running v3.x BiosGo to step FortiGate unit running v3.x Bios Restoring the previous configuration Type Y FortiGate unit running v3.x BiosTesting a new firmware image before installing it To test a new firmware imageType N FortiGate unit running v3.x Bios To install a backup firmware image Installing and using a backup firmware imageInstalling a backup firmware image Switching to the backup firmware image To switch to the backup firmware imageSwitching back to the default firmware image To switch back to the default firmware imageInstalling and using a backup firmware image System network InterfaceInterface settings AccessName NetmaskSee the following procedures for configuring interfaces NameInterface Name of the InterfaceManual Addressing modeVirtual Domain Connecting PPPoEInitializing ConnectedAdministrative access Ping serverConfiguring interfaces LogTo bring down an interface that is administratively up To start up an interface that is administratively downTo add a Vlan subinterface To add interfaces to a zoneTo configure an interface for Dhcp You can configure any FortiGate interface to use DhcpTo configure an interface for PPPoE To change the static IP address of an interfaceChoose an interface and select Edit To add a secondary IP addressSave the changes end To control administrative access to an interface Traffic Zone settingsZone Management To add a zoneTo delete a zone To edit a zoneDefault Enter the default gateway address Gateway FromIP/Netmask Virtual Domain managementDNS To add DNS server IP addresses Go to System Network DNSRouting table Transparent Mode Transparent mode route settingsRouting table list MaskVlan overview Basic Vlan topologyVLANs in NAT/Route mode FortiGate units and VLANsRules for Vlan IDs Rules for Vlan IP addressesFortiGate unit in Nat/Route mode Adding Vlan subinterfacesVLANs in Transparent mode To add firewall policies for Vlan subinterfacesGo to Firewall Address Go to Firewall PolicyFortiGate unit with two virtual domains in Transparent mode Transparent mode virtual domains and VLANs Rules for Vlan IDsTransparent mode Vlan list Transparent mode Vlan settingsTo add a Vlan subinterface in Transparent mode IPv6 CLI commands Feature CLI Command FortiGate IPv6 supportTransparent mode Vlan settings Service System DhcpDhcp service settings To configure an interface as a regular Dhcp relay agentGo to System Dhcp Service Type RegularTo configure an interface to be a Dhcp server ServerDhcp server settings To configure a Dhcp server for an interfaceGo to System Dhcp Server Select Create NewTo configure multiple Dhcp servers for an interface Exclude rangeStarting IP Ending IPDhcp exclude range settings IP/MAC bindingRange cannot exceed 65536 IP addresses To add an exclusion range Go to System Dhcp Exclude RangeDhcp IP/MAC binding settings Dynamic IPTo view the dynamic IP list Go to System Dhcp Dynamic IP Select the interface for which you want to view the listDhcp IP/MAC binding settings System config System timeTime Time Zone Select the current FortiGate system time zoneOptions To set the system idle timeout Go to System Config Options For Idle Timeout, type a number in minutes Select ApplyTo set the Auth timeout Go to System Config Options For Auth Timeout, type a number in minutes Select ApplyTo modify the dead gateway detection settings Device failover HA heartbeat failoverHA configuration Standalone ModeCluster Members ModeGroup ID Unit PriorityPassword Override MasterSchedule Priorities of Heartbeat DeviceHeartbeat device IP addresses Monitor priorities Configuring an HA clusterTo configure a FortiGate unit for HA operation Go to System Config HA Go to System StatusTo connect a FortiGate HA cluster HA network configuration To add a new unit to a functioning clusterTo configure weighted-round-robin weights Managing an HA clusterTo view the status of each cluster member Connect to the cluster and log into the web-based managerTo monitor cluster units for failover Go to Log&Report Log AccessTo view and manage logs for individual cluster units Snmp To manage individual cluster unitsConfiguring Snmp Go to System Config Snmp v1/v2c to configure the Snmp agentSnmp community Snmp community options partTo configure Snmp access to an interface in NAT/Route mode 100101 To add an Snmp community Go to System Config Snmp v1/v2cFortiGate MIBs FortiGate traps 102Fortinet MIB fields 103104 105 System config Fortinet MIB fieldsAdministrator accounts 106 Replacement messagesReplacement messages list Changing replacement messages Replacement message tags Tag Description107 FILE%%Replacement message tags FortiManager108 Tag DescriptionSystem administration Administrators109 This chapter describesAdministrators list Administrators options111 Access profilesUsing trusted hosts Access profile list Access profile optionsUnder Access Control Allow Write All113 114 System maintenance Backup and restoreSystem settings 115Restore or back up the spam filter RBL and Ordbl list Backing up and RestoringBacking up and Restoring Version or the antivirus or attack definitions117 Update center 118Update center 119Go to System Maintenance Update center Updating antivirus and attack definitions120 To make sure the FortiGate unit can connect to the FDN121 To add an override serverTo enable scheduled updates through a proxy server 122Enabling push updates Push updates when FortiGate IP addresses changeSelect Allow Push Update Select Apply 123Enabling push updates through a NAT device General procedure124 Go to Firewall Virtual IPSchedule Always Service ANY Action Accept Support125 To add a firewall policy to the FortiGate NAT deviceSending a bug report 126To report a bug Go to System Maintenance Support Registering a FortiGate unit127 Relay128 To register a FortiGate unitTo log out of the system Go to System Maintenance Shutdown To restart the system Go to System Maintenance ShutdownShutdown 129Select Reboot Select Apply FortiGate unit restarts To reset the FortiGate unit to factory defaults130 To shut down the systemSystem virtual domain 131Virtual domain properties Exclusive virtual domain properties132 IPSecAntivirus Web filter Spam filter Log and report Shared configuration settings133 134 Administration and managementVirtual domains Adding a virtual domain Selecting a virtual domainSelecting a management virtual domain 135Configuring virtual domains 136To select a management virtual domain To add physical interfaces to a virtual domainTo add zones to a virtual domain 137To add Vlan subinterfaces to a virtual domain Configuring routing for a virtual domain Configuring firewall policies for a virtual domain138 To add firewall policies to a virtual domain139 To add firewall addresses to a virtual domainTo add IP pools to a virtual domain Go to Firewall IP Pool140 Configuring IPSec VPN for a virtual domainTo configure VPN for a virtual domain 141 RouterStatic 142 FortiGate1Device internal Distance Static route list143 To move static routes Go to Router Static Static Route Static route options144 145 PolicyPolicy route list Policy route options 146To add a policy route Go to Router Policy Route Port, enter the same port number for both From and ToGeneral 147148 To configure RIP general settings Go to Router RIP GeneralNetworks list To configure a RIP network Go to Router RIP Networks Networks optionsInterface list 149Split-Horizon Interface options150 To configure a RIP interface Go to Router RIP Interface PasswordDistribute list 151Distribute list options 152To configure an offset list Go to Router RIP Offset List Offset listOffset list options 153Access list New access listRouter objects 154155 New access list entryPrefix list New Prefix list 156157 New prefix list entryRoute-map list Select Create New Enter a name for the route map Select OK New Route-map158 Route-map list entry 159160 Key chain listNew key chain Enter a name for the key chain Select OK Key chain list entry161 Monitor Routing monitor list162 Display the FortiGate routing tableCLI configuration 163Router info rip command keywords and variables Config router ospfCommand syntax pattern Get router info rip165 Ospf command keywords and variablesKeywords Description Default Availability Variables This example shows how to set the Ospf router ID to This example shows how to display the Ospf settingsExample 166Config area Config area command syntax patternThis example shows how to display the Ospf configuration Config area command has 3 subcommandsArea command keywords and variables 168This example shows how to display the settings for area 169Config filter-list Config filter-list command syntax patternFilter-list command keywords and variables 170Config range Config range command syntax pattern171 Range idinteger can be 0 toRange command keywords and variables 172Config virtual-link Config virtual link command syntax patternCommand 173Virtual-link command keywords and variables 174175 Config distribute-listThis example shows how to configure a virtual link 176 Config distribute-list command syntax patternDistribute-list command keywords and variables 177 Config neighborConfig neighbor command syntax pattern Neighbor command keywords and variables This example shows how to manually add a neighborThis example shows how to display the settings for neighbor 178Config network Config network command syntax patternNetwork command keywords and variables 179Config ospf-interface Config ospf-interface command syntax patternThis example shows how to display the settings for network 180181 Ospf-interface command keywords and variablesKeywords and variables Description Default Availability 182 183 Config redistribute 184Config redistribute command syntax pattern Redistribute command keywords and variablesConfig summary-address 185186 Config summary-address command syntax patternSummary-address command keywords and variables 187 Config router static6Static6 command keywords and variables 188 Firewall 189190 How policy matching worksPolicy list 191 Policy list has the following icons and featuresPolicy options 192 Policy has the following standard optionsInterface / Zone Address Name193 194 AuthenticationAdvanced policy options 195 Differentiated ServicesTraffic Shaping 196 Configuring firewall policiesComments Policy CLI configuration To disable a policyTo enable a policy Go to Firewall Policy 197198 Firewall policy command keywords and variablesAddress Address list has the following icons and features Address listAddress options 199Configuring addresses 200To add an address Go to Firewall Address To edit an addressAddress group list has the following icons and features Address group listAddress group options 201Configuring address groups 202Address group has the following options To delete an address groupPredefined service list Name Name of the predefined services Detail203 Make any required changes Select OK204 ANY205 IRC206 Custom service listCustom services list has the following icons and features Custom service options TCP and UDP custom service optionsIcmp custom service options 207IP custom service options Configuring custom servicesTo add a custom Icmp service Go to Firewall Service Custom To add a custom IP service Go to Firewall Service CustomService group list Service group optionsTo delete a custom service Go to Firewall Service Custom To edit a custom service Go to Firewall Service CustomConfiguring service groups Service group has the following optionsTo delete a service group To edit a service group Go to Firewall Service GroupOne-time schedule list has the following icons and features ScheduleOne-time schedule list 211Configuring one-time schedules One-time schedule options212 One-time schedule has the following optionsRecurring schedule list Recurring schedule options213 Recurring schedule has the following options214 Configuring recurring schedulesVirtual IP Virtual IP list has the following icons and features Virtual IP listVirtual IP options 215Configuring virtual IPs 216Virtual IP has the following options To add a static NAT virtual IP Go to Firewall Virtual IP217 Wan1218 IP pool 219To delete a virtual IP Go to Firewall Virtual IP To edit a virtual IP Go to Firewall Virtual IPConfiguring IP pools IP pool listIP pool options 220IP Pools for firewall policies that use fixed ports IP pools and dynamic NAT221 To delete an IP pool Go to Firewall IP PoolProtection profile Protection profile list222 Create New Select Create New to add an IP pool Name223 Default protection profilesProtection profile options Configuring antivirus options 224Virus Scan File Block225 Configuring web filtering optionsConfiguring web category filtering options Configuring spam filtering options 226227 Configuring IPS optionsConfiguring content archive options Configuring protection profiles 228To add a protection profile Go to Firewall Protection ProfileTo add a protection profile to a policy Profile CLI configuration229 Firewall profile command keywords and variables 230231 232 233 Users and authenticationTo set up user groups Setting authentication timeout LocalLocal user list Local user optionsRadius server list 235To delete a user name from the internal database RadiusRadius server options 236To delete a Radius server Server Secret Enter the Radius server secret237 Ldap server listLdap server options 238 To delete an Ldap server239 User groupUser group list To configure a user group Go to User User Group User group options240 Available UsersRadius command keywords and variables This example shows how to add the branchoffice peerPeer 241Use this command to add or edit a peer group Peergrp242 Member namestr243 244 VPN 245Phase Phase 1 listTo configure phase 1 settings Go to VPN Ipsec Phase 246Phase 1 basic settings 247Encryption Algorithm248 Pre-shared Key Certificate NamePhase 1 advanced settings 249To configure phase 2 settings Go to VPN Ipsec Phase 250251 Phase 2 listPhase 2 basic settings Tunnel Name Remote Gateway Phase 2 advanced options252 Enable replay detection Enable perfect forward secrecy PFS DH GroupManual key 253Algorithm Edit, view, or delete manual key configurations Manual key list254 To specify manual keys for creating a tunnelManual key options 255Local SPI Remote SPIAuthentication ConcentratorConcentrator list 256Ping Generator Concentrator options257 Concentrator NamePing generator options 258To view active tunnels Go to VPN Ipsec Monitor To interpret the display, see the following sections259 Dialup monitorStatic IP and dynamic DNS monitor 260 Enable Pptp and specify the address rangePptp range 261 Enable L2TP and specify the address rangeL2TP range 262 CertificatesLocal certificate list Select Generate Certificate request263 Select Import Importing signed certificates264 CA certificate list Importing CA certificates265 View CertificateVPN configuration procedures IPSec configuration proceduresAdding firewall policies for IPSec VPN tunnels 266267 To define an IP destination addressTo define the firewall encryption policy Interface/Zone268 Pptp configuration proceduresL2TP configuration procedures 269 Ipsec phase1Ipsec phase1 command keywords and variables Probes. The dpd-retryinterval range Enable 270Dpd-retrycount Dpd-retryintervalIpsec phase2 Ipsec phase2 command keywords and variables271 Network behind the remote VPNLocal sender or network behind Ipsec vip272 Ipsec vip command keywords and variables 273Out-interface NullConfiguring IPSec virtual IP addresses 274FortiGate1 External FortiGate2275 276 277 Protection profile configurationIPS updates and information 278 SignaturePredefined Predefined signature list 279Actions to select for each predefined signature Configuring predefined signatures280 Configuring parameters for dissector signatures 281282 CustomCustom signature list Adding custom signatures Backing up and restoring custom signature files283 To add a custom signature Go to IPS Signature Custom284 AnomalyAnomaly list Configuring an anomaly 285Modify PassTo configure the settings of an anomaly Go to IPS Anomaly Reset ClientReset Server 286287 Anomaly CLI configuration Config ips anomaly config limitLimit command keywords and variables 288 Configuring IPS logging and alert emailDefault fail open setting Antivirus 289Virus list updates and information File blockOrder of antivirus operations 290291 File block list has the following icons and featuresFile block list Configuring the file block list QuarantineQuarantined files list 292Quarantined files list options 293Configuring the AutoSubmit list AutoSubmit list has the following icons and featuresAutoSubmit list AutoSubmit list optionsConfig Quarantine configuration has the following options295 Options296 ConfigVirus list 297 GraywareGrayware options 298 299 Config antivirus heuristicThis example shows how to disable heuristic scanning Config antivirus quarantine Antivirus quarantine command keywords and variablesConfig antivirus service http 300301 Antivirus service http command keywords and variablesHow file size limits work Config antivirus service ftp 302Antivirus service ftp command keywords and variables 303304 Config antivirus service pop3Antivirus service pop3 command keywords and variables Config antivirus service imap 305Antivirus service imap command keywords and variables 306Memfilesizelimi 143307 Config antivirus service smtpAntivirus service smtp command keywords and variables 308 Web filter 309Order of web filter operations 310Content block Web content block listWeb content block options Web content block has the following icons and featuresConfiguring the web content block list To add or edit a banned word Go to Web Filter Content BlockURL block 312Web URL block has the following icons and features Web URL block listWeb URL block options 313Configuring the web URL block list Web pattern block list314 Select Web URL Block Select Create NewConfiguring web pattern block URL exemptWeb pattern block options 315Configuring URL exempt URL exempt list has the following icons and featuresURL exempt list URL exempt list optionsFortiGuard managed web filtering service FortiGuard Service PointsCategory block FortiGuard categories and ratingsFortiGuard configuration Category block configuration optionsFortiGuard licensing 318Configuring web category block To enable FortiGuard web filteringCategory block reports 319Category block CLI configuration Category block reports optionsGenerating a category block report 320Catblock command keywords and variables This example shows how to display the catblock settingsScript filter 321Web script filter options 322Javascript Cookies323 Spam filter settingSpam filter 324 325 FortiShieldOrder of spam filter operations Configuring the FortiShield cache Enable CacheFortiShield options 326IP address list has the following icons and features IP addressIP address list IP address optionsConfiguring the IP address list 328Configuring the RBL & Ordbl list RBL & Ordbl list has the following icons and featuresRBL & Ordbl list RBL & Ordbl optionsEmail address list has the following icons and features Email addressEmail address list Email address optionsConfiguring the email address list Mime headers331 Email addressMime headers list has the following icons and features Mime headers listMime headers options 332333 Configuring the Mime headers listBanned word Banned word has the following icons and features Banned word listBanned word options 334Using Perl regular expressions Configuring the banned word list335 To add or edit a banned word Go to Spam Filter Banned WordRegular expression vs. wildcard match pattern Word boundaryCase sensitivity 336337 To block any word in a phraseTo block purposely misspelled words To block common spam phrases338 Log & Report 339Log config Log Setting options340 FortiLogDescribes the FortiGate logging severity levels FortiLog settings341 Disk settings Log file upload settings342 Logging severity levelsMemory settings Syslog settingsWebTrends settings To configure log file uploadingAlert E-mail options 344345 To configure alert email Go to Log&Report Alert E-mailLog filter options Traffic log Event log346 Policy allowed traffic Policy violation traffic347 Anti-virus logWeb filter log Configuring log filters Attack logSpam filter log Enabling traffic loggingLog access To enable traffic logging for a firewall policyViewing log messages 349Choosing columns 350Searching log messages 351To change the columns in the log message display To perform a simple keyword searchFortilog setting 352Log fortilog setting command keywords and variables 353354 Syslogd settingLog syslogd setting command keywords and variables 355 Facility types Description356 FortiGuard categories 357Objectionable or Controversial 358FortiGuard categories Category name Description 359 Potentially Non-productivePotentially Bandwidth Consuming Potentially Security Violating360 Use361 362 OthersGlossary 363364 KB, kilobyte a unit of storage 1 024 bytes365 366 Index 367368 Index369 370 MIB371 372 TCP373 374

Related manuals

Manual 2 pages 50.79 Kb

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.