Checking the Package Contents, Connecting, State

LED

State

Description

Power

Green

The FortiGate unit is on.

Off

The FortiGate unit is off.

Flashing Green

The FortiGate unit is starting up.

Status

Green

The FortiGate unit is running normally.

Off

The FortiGate unit is powered off.

Link

Green

The correct cable is in use and the connected

equipment has power.

Internal, 1, 2, 3, 4,

WAN1 and WAN2,

Flashing Green

Network activity at this interface.

INTERNAL

DMZ1 and DMZ2

Off

No link established.

PWR STATUS WAN 1

WAN 2

DMZ 1

DMZ 2

LINK 100

100

Green

The interface is connected at 100Mbps.

Internal, 1, 2, 3, 4,

FortiGate-100A

DMZ1 and DMZ2

WAN1 and WAN2,

Products mentioned in this document are trademarks or registered trade- marks of their respective holders.

Regulatory Compliance

FCC Class A Part 15 CSA/CUS01-30004-0066-20070117

17 January 2007

Checking the Package Contents

Front

Connector

Type

Speed

Protocol

Description

Internal

RJ-45

10/100 Base-T

Ethernet

A 4-port switch connection for up to four network

INTERNAL

devices or the internal network.

PWR

STATUS

WAN 1

WAN 2

DMZ 1

DMZ 2

LINK 100

WAN1 and

RJ-45

10/100 Base-T

Ethernet

Connection to the Internet.

WAN2

DMZ1 and

RJ-45

10/100 Base-T

Ethernet

Optional connection to one or two DMZ networks, or

Power Status WAN

DMZ

Internal

Interface

DMZ2

other FortiGate-100A units for high availability (HA).

LED

1,2

(4-port switch)

Back

For details, see the Documentation CD-ROM.

Console

RJ-45

9600 Bps

RS-232

Optional connection to the management computer.

DC+12V

Provides access to the command line interface

USB

(CLI).

Console

Internal

DMZ 2

DMZ 1

WAN 2

WAN 1

Power

DMZ2

WAN2

USB

Optional connection for the FortiUSB key, modem or

Connection

Internal

Interface

WAN1

DMZ1

backup operation

RS-232 Serial (4-port switch connectors)

Connection

Ethernet Cables:

Orange - Crossover

Grey - Straight-through

RJ-45 to

DB-9 Serial Cable

Power Cable Power Supply

Q u i c k S t a r t G u i d e

FortiGate-100A

Trademarks

Products mentioned in this document are trademarks.

Documentation

Connecting

Connect the FortiGate unit to a power outlet and to the internal and external networks.

•Place the unit on a stable surface. It requires 1.5 inches (3.75 cm) clearance above and on each side to allow for cooling.

•Plug in power cable to the unit before connecting power.

•The Status light flashes while the unit is starting up and turns off when the system is up and running.

Power cable connects to power supply

Optional RS-232 serial cable connects to serial port on management computer

	4	3	2	1
DC+12V
Console	USB	Internal		DMZ 2	DMZ 1	WAN 2	WAN 1

Straight-throughEthernet cables connect to computers on internal network

Planning the Configuration

Optional connection to	Straight-through Ethernet
1 or 2 DMZ networks	cables connect to Internet
	(public switch, router or modem)

Before beginning to configure the FortiGate unit, you need to plan how to integrate the unit into your network. Your configuration plan depends on the operating mode you select: NAT/Route mode (the default) or Transparent mode.

NAT/Route mode	Transparent mode
In NAT/Route mode, each FortiGate unit is visible to the network that it is connected to. All	In Transparent mode, the FortiGate unit is invisible to the network. All of its interfaces are on
of its interfaces are on	the same subnet. You only have to configure a management IP address so that you can make

			Internal		different subnets. Each					configuration changes.
			network		different subnets. Each				Internal	configuration changes.
			Internal network		interface that is connected				Internal	You would typically use the
			Internal network						network
			192.168.1.99						network
				192.168.1.3	to a network must be					FortiGate unit in Transparent
				192.168.1.3	configured with an IP ad-	Gateway to public network				mode on a private network
						Gateway to public network
	WAN1	Internal				204.23.1.5	10.10.10.2	WAN1	Internal
	WAN1				dress that is valid for that	Internet		WAN1	Internal	behind an existing firewall or
Internet	204.23.1.5			Route mode policies		Internet
Internet				Route mode policies
	Router			controlling traffic between	network.	Router			10.10.10.3	behind a router. In its default
	Router			internal networks	network.	Router			10.10.10.3	behind a router. In its default
		DMZ			You would typically use					Transparent mode configuration,
					You would typically use					Transparent mode configuration,
			DMZ		NAT/Route mode when					the unit functions as a firewall.
			network		NAT/Route mode when			Transparent mode policies		the unit functions as a firewall.
					the FortiGate unit is			controlling traffic between		No traffic can pass through the
					the FortiGate unit is			internal and external networks		No traffic can pass through the
			DMZ network		deployed as a gateway					FortiGate unit until you add
	NAT mode policies		DMZ network	10.10.10.2	between private and public					firewall policies.
	NAT mode policies		10.10.10.1	10.10.10.2
	controlling traffic between
	internal and external networks				networks. In its default	You can connect up to four network segments to the FortiGate unit to control traffic between
					networks. In its default
					NAT/Route mode configu-	these network segments.

ration, the unit functions as a firewall. Firewall policies control communications through the FortiGate unit. No

traffic can pass through the FortiGate unit until you add firewall policies. In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In NAT mode, the FortiGate unit performs network address translation before IP packets are sent to the destination network.

In Route mode, no translation takes place.

Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, FortiGuard, Web content filtering, Spam filtering, intrusion prevention (IPS), and virtual private networking (VPN).

Choosing a Configuration Tool

Web-based manager

The FortiGate web-based manager is an easy to use management tool. Use it to configure the administrator password, the interface and default gateway addresses, and the DNS server addresses.

Requirements:

•An Ethernet connection between the FortiGate unit and management computer.

•Internet Explorer 6.0 or higher on the management computer.

Command Line Interface (CLI)

The CLI is a full-featured management tool. Use it to configure the administrator password, the interface addresses, the default gateway address, and the DNS server addresses. To configure advanced settings, see the Documentation CD-ROM.

Requirements:

•The DB-9 serial connection between the FortiGate unit and management computer.

•A terminal emulation application (HyperTerminal for Windows) on the management computer.

Fortinet 100A quick start Checking the Package Contents, Connecting, Planning the Configuration

Models: 100A

State

Description

FortiGate-100A

Checking the Package Contents

Connecting

Planning the Configuration

NAT/Route mode

Transparent mode

Choosing a Configuration Tool

Web-based manager

Command Line Interface (CLI)