Collecting Information
NAT/Route Mode
Port | IP: | ____.____.____.____ |
|
|
|
| Netmask: | ____.____.____.____ |
|
|
|
Port | IP: | ____.____.____.____ |
|
|
|
| Netmask: | ____.____.____.____ |
|
|
|
Port | IP: | ____.____.____.____ |
|
|
|
| Netmask: | ____.____.____.____ |
|
|
|
Port | IP: | ____.____.____.____ |
|
|
|
| Netmask: | ____.____.____.____ |
|
|
|
Port | IP: | ____.____.____.____ |
|
|
|
| Netmask: | ____.____.____.____ |
|
|
|
The internal interface IP address and netmask must be valid for the internal network.
Transparent mode
Management IP: | IP: | ____.____.____.____ |
|
|
|
| Netmask: | ____.____.____.____ |
|
|
|
The management IP address and netmask must be valid for the network from which you will manage the FortiGate unit.
General settings
Administrator password: |
|
|
|
|
|
Network Settings: | Default Gateway: | ____.____.____.____ |
|
|
|
| Primary DNS Server: | ____.____.____.____ |
|
|
|
| Secondary DNS Server: | ____.____.____.____ |
|
|
|
A default gateway is required for the FortiGate unit to route connections to the Internet.
Factory default settings
NAT/Route mode |
| Transparent mode |
|
|
|
|
|
Port 1 interface | 192.168.1.99 | Management IP | 0.0.0.0 |
|
|
|
|
Port 2 interface | 192.168.100.99 | Administrative account settings | |
|
|
|
|
Port 3 to 10 interface | 0.0.0.0 | User name | admin |
|
|
|
|
DHCP server on Internal | 192.168.1.110 | Password | (none) |
interface | – 192.168.1.210 |
|
|
|
|
|
|
To reset the FortiGate unit to the factory defaults, in the CLI type the command execute factory reset
Configuring
NAT/Route mode
You would typically use NAT/Route mode when the FortiGate unit is deployed as a gateway between private and public networks. In its default NAT/Route mode configuration, the unit functions as a firewall. Firewall policies control communications through the FortiGate unit.
Transparent mode
You would typically use the FortiGate unit in Transparent mode on a private network behind an existing firewall or behind a router. In its default Transparent mode configuration, the unit functions as a firewall.
Upgrading to High Encryption
This FortiGate unit has a factory installed low encryption feature set. You can purchase a high encryption upgrade within 90 days of shipment from Fortinet. Fortinet Technical Support can provide a high encryption license key once you have provided suitable documentation that the necessary export licenses have been granted for your region, and our legal department has authorized the use of high encryption.
When you receive the high encryption license key, in the CLI, enter the command exec
Fortinet does not guarantee that the customer will receive a export license upon purchase of the product or license key.
Web-based Manager
1.Connect the FortiGate internal interface to a management computer Ethernet interface. Use a
2.Configure the management computer to be on the same subnet as the internal interface of the FortiGate unit. To do this, change the IP address of the management computer to 192.168.1.2 and the netmask to 255.255.255.0.
3.To access the FortiGate
4.Type admin in the Name field and select Login.
NAT/Route mode
To change the administrator password
1.Go to System > Admin > Administrators.
2.Select Change Password for the admin administrator and enter a new password.
To configure interfaces
1.Go to System > Network > Interface.
2.Select the edit icon for each interface to configure.
3.Set the addressing mode for the interface. (See the online help for information.)
•For manual addressing, enter the IP address and netmask for the interface.
•For DHCP addressing, select DHCP and any required settings.
•For PPPoE addressing, select PPPoE, and enter the username and password and any other required settings.
To configure the Primary and Secondary DNS server IP addresses
1.Go to System > Network > Options, enter the Primary and Secondary DNS IP ad- dresses that you recorded above and select Apply.
To configure a Default Gateway
1.Go to Router > Static and select Edit icon for the static route.
2.Set Gateway to the Default Gateway IP address you recorded above and select OK.
Transparent mode
To switch from NAT/route mode to transparent mode
1.Go to System > Config > Operation Mode and select Transparent.
2.Set the Management IP/Netmask to 192.168.1.99/24.
3.Set a default Gateway and select Apply.
To change the administrator password
1.Go to System > Admin > Administrators.
2.Select Change Password for the admin administrator and enter a new password.
To change the management interface
1.Go to System > Config > Operation Mode.
2.Enter the Management IP address and netmask that you recorded above and select Apply.
To configure the Primary and Secondary DNS server IP addresses
1.Go to System > Network > Options, enter the Primary and Secondary DNS IP ad- dresses that you recorded above and select Apply.
Command Line Interface
1.Use the
2.Start a terminal emulation program (HyperTerminal) on the management computer. Use these settings:
3.Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and Flow Control None.
4.At the Login: prompt, type admin and press Enter twice (no password required).
NAT/Route mode
1.Configure the FortiGate internal interface. config system interface
edit internal
set ip <intf_ip>/<netmask_ip>
end
2.Repeat to configure each interface, for example, to configure the Port 1 interface. config system interface
edit port1
...
3.Configure the primary and secondary DNS server IP addresses. config system dns
set primary <dns-server_ip> set secondary <dns-server_ip>
end
4.Configure the default gateway. config router static
edit 1
set gateway <gateway_ip>
end
Transparent Mode
1.Change from NAT/Route mode to Transparent mode and configure the Management IP address.
config system settings
set opmode transparent
set manageip <mng_ip>/<netmask> set gateway <gateway_ip>
end
2.Configure the DNS server IP address. config system dns
set primary
end
Refer to the Tools and Documentation CD for information on how to control traffic, and how to configure HA, antivirus protection, FortiGuard, Web content filtering, Spam filtering, intrusion prevention (IPS), and virtual private networking (VPN).
