Manuals
/
Brands
/
Computer Equipment
/
Network Router
/
Fortinet
/
Computer Equipment
/
Network Router
Fortinet
100A
- page 80
1
80
374
374
Download
374 pages, 4.85 Mb
80
01-28007-0068-20041203
Fortinet Inc.
DHCP IP/MAC binding settings
System DHCP
Contents
Main
FortiGate 100A Administration Guide
Page
Table of Contents
4
Page
6
Page
8
Page
10
Page
Page
Introduction
About FortiGate Antivirus Firewalls
14
Antivirus protection
Web content filtering
Spam filtering
Firewall
16
NAT/Route mode
Transparent mode
VLANs and virtual domains
Intrusion Prevention System (IPS)
VPN
18
High availability
Secure installation, configuration, and management
Web-based manager
Command line interface
Document conventions
20
FortiGate documentation
Fortinet Knowledge Center
Comments on Fortinet technical documentation
22
Related documentation
FortiManager documentation
FortiClient documentation
FortiMail documentation
FortiLog documentation
Customer service and technical support
Page
System status
Console access
26
Status
Viewing system status
System status
Unit Information
Recent Virus Detections
Content Summary
28
Interface Status
System Resources
All interfaces in the FortiGate unit are listed in the table.
History
Recent Intrusion Detections
Changing unit information
Page
Page
Session list
Changing the FortiGate firmware
Upgrading to a new firmware version
Use the following procedures to upgrade the FortiGate unit to a newer firmware version.
Upgrading the firmware using the web-based manager
34
Upgrading the firmware using the CLI
Reverting to a previous firmware version
Reverting to a previous firmware version using the web-based manager
36
Reverting to a previous firmware version using the CLI
Page
38
Installing firmware images from a system reboot using the CLI
Page
40
Restoring the previous configuration
Testing a new firmware image before installing it
Page
Installing and using a backup firmware image
Installing a backup firmware image
44
Switching to the backup firmware image
Switching back to the default firmware image
Page
System network
Interface
48
Interface settings
Name
Interface
VLAN ID
50
Virtual Domain
Addressing mode
Manual
DHCP
PPPoE
52
DDNS
Ping server
Administrative access
MTU
Log
Configuring interfaces
Page
Page
Page
Page
58
Zone
Zone settings
Management
Page
DNS
62
Routing table (Transparent Mode)
Routing table list
Transparent mode route settings
VLAN overview
64
FortiGate units and VLANs
VLANs in NAT/Route mode
Rules for VLAN IDs
Rules for VLAN IP addresses
Adding VLAN subinterfaces
VLANs in Transparent mode
Page
68
Rules for VLAN IDs
Transparent mode VLAN list
Transparent mode VLAN settings
Page
FortiGate IPv6 support
Page
System DHCP
Service
74
DHCP service settings
Server
76
DHCP server settings
Exclude range
78
DHCP exclude range settings
IP/MAC binding
DHCP IP/MAC binding settings
Dynamic IP
Page
System config
System time
Options
Page
HA
HA configuration
Standalone Mode
High Availability
86
Cluster Members
Mode
Group ID
Unit Priority
Override Master
Password
88
Schedule
Priorities of Heartbeat Device
Heartbeat device IP addresses
90
Monitor priorities
Configuring an HA cluster
Page
Page
Internal Network
94
Managing an HA cluster
Page
Page
SNMP
98
Configuring SNMP
SNMP community
Page
FortiGate MIBs
102
FortiGate traps
Fortinet MIB fields
Page
Page
106
Replacement messages
Replacement messages list
Changing replacement messages
FortiManager
System administration
Administrators
110
Administrators list
Administrators options
Using trusted hosts
Access profiles
112
Access profile list
Access profile options
Page
Page
System maintenance
Backup and restore
116
Backing up and Restoring
Page
Update center
Page
120
Updating antivirus and attack definitions
Page
Page
Enabling push updates
Push updates when FortiGate IP addresses change
124
Enabling push updates through a NAT device
Support
126
Sending a bug report
Use the Report Bug form to send bug information to Fortinet support.
Registering a FortiGate unit
Page
Shutdown
Page
System virtual domain
132
Virtual domain properties
Exclusive virtual domain properties
Shared configuration settings
134
Administration and management
Virtual domains
Adding a virtual domain
Selecting a virtual domain
Selecting a management virtual domain
136
Configuring virtual domains
Adding interfaces, VLAN subinterfaces, and zones to a virtual domain
Page
138
Configuring routing for a virtual domain
Configuring firewall policies for a virtual domain
Page
Page
Router
Static
Page
Static route list
144
Static route options
Policy
Policy route list
146
Policy route options
RIP
General
148
Networks list
Networks options
Interface list
150
Interface options
Distribute list
152
Distribute list options
Offset list
Use offset lists to add the specified offset to the metric of a route.
Offset list options
154
Router objects
Access list
New access list
New access list entry
Prefix list
156
New Prefix list
New prefix list entry
Route-map list
158
New Route-map
Route-map list entry
160
Key chain list
New key chain
Key chain list entry
162
Monitor
Routing monitor list
Page
164
get router info rip
Command syntax
Examples
config router ospf
ospf command keywords and variables
166
ospf command keywords and variables (Continued)
config area
config area command syntax pattern
168
area command keywords and variables
area command keywords and variables (Continued)
170
config filter-list
config filter-list command syntax pattern
filter-list command keywords and variables
config range
config range command syntax pattern
172
range command keywords and variables
config virtual-link
config virtual link command syntax pattern
174
virtual-link command keywords and variables
config distribute-list
virtual-link command keywords and variables (Continued)
176
config distribute-list command syntax pattern
distribute-list command keywords and variables
config neighbor
config neighbor command syntax pattern
178
neighbor command keywords and variables
config network
config network command syntax pattern
network command keywords and variables
180
config ospf-interface
config ospf-interface command syntax pattern
ospf-interface command keywords and variables
182
ospf-interface command keywords and variables (Continued)
184
config redistribute
config redistribute command syntax pattern
config summary-address
redistribute command keywords and variables
186
config summary-address command syntax pattern
summary-address command keywords and variables
config router static6
static6 command keywords and variables
Page
Firewall
190
Policy
How policy matching works
Policy list
The policy list has the following icons and features.
Policy options
Policy options are configurable when creating or editing a firewall policy.
Policy has the following standard options:
Page
194
Advanced policy options
Authentication
Traffic Shaping
Differentiated Services
196
Comments
Configuring firewall policies
Policy CLI configuration
198
Address
firewall policy command keywords and variables
Address list
Address options
200
Configuring addresses
Address group list
Address group options
202
Configuring address groups
Service
Predefined service list
Page
Page
206
Custom service list
The custom services list has the following icons and features.
Page
208
IP custom service options
Configuring custom services
Service group list
Service group options
210
Configuring service groups
Schedule
One-time schedule list
212
One-time schedule options
Configuring one-time schedules
Recurring schedule list
Recurring schedule options
214
Configuring recurring schedules
Virtual IP
Virtual IP list
Virtual IP options
216
Virtual IP has the following options.
Configuring virtual IPs
Page
Page
IP pool
220
IP pool list
IP pool options
Configuring IP pools
IP Pools for firewall policies that use fixed ports
IP pools and dynamic NAT
222
Protection profile
Protection profile list
Default protection profiles
The FortiGate unit comes preconfigured with four protection profiles.
You can configure the following options when creating or editing a protection profile.
Protection profile options
224
Configuring antivirus options
Configuring web filtering options
Configuring web category filtering options
226
Configuring spam filtering options
Configuring IPS options
Configuring content archive options
228
Configuring protection profiles
Profile CLI configuration
230
firewall profile command keywords and variables
firewall profile command keywords and variables (Continued)
Page
Users and authentication
234
Setting authentication timeout
Local
Local user list
Local user options
RADIUS
RADIUS server list
236
RADIUS server options
LDAP
LDAP server list
LDAP server options
Page
User group
User group list
240
User group options
peer
radius command keywords and variables
242
peergrp
radius command keywords and variables
Page
Page
VPN
246
Phase 1
Phase 1 list
Phase 1 basic settings
Page
Phase 1 advanced settings
Phase 2
Phase 2 list
Phase 2 basic settings
252
Phase 2 advanced options
Manual key
254
Manual key list
Manual key options
256
Concentrator
Concentrator list
Concentrator options
Ping Generator
258
Ping generator options
Monitor
Dialup monitor
Static IP and dynamic DNS monitor
260
PPTP
PPTP range
L2TP
L2TP range
262
Certificates
Local certificate list
Page
264
Importing signed certificates
CA certificate list
Importing CA certificates
266
VPN configuration procedures
IPSec configuration procedures
Adding firewall policies for IPSec VPN tunnels
Page
268
PPTP configuration procedures
L2TP configuration procedures
ipsec phase1
ipsec phase1 command keywords and variables
270
ipsec phase1 command keywords and variables (Continued)
ipsec phase2
ipsec phase2 command keywords and variables
272
ipsec vip
ipsec phase2 command keywords and variables (Continued)
ipsec vip command keywords and variables
274
Configuring IPSec virtual IP addresses
Page
Page
IPS
IPS updates and information
278
Signature
Predefined
Predefined signature list
Tabl e 24 describes each possible action you can select for predefined signatures.
280
Configuring predefined signatures
Configuring parameters for dissector signatures
282
Custom
Custom signature list
Adding custom signatures
Backing up and restoring custom signature files
284
Anomaly
Anomaly list
Configuring an anomaly
Page
Anomaly CLI configuration (config ips anomaly) config limit
limit command keywords and variables
Configuring IPS logging and alert email
Default fail open setting
Antivirus
290
Order of antivirus operations
Virus list updates and information
File block
File block list
292
Configuring the file block list
Quarantine
Quarantined files list
Quarantined files list options
294
AutoSubmit list
AutoSubmit list options
Configuring the AutoSubmit list
Config
Quarantine configuration has the following options:
296
Config
Virus list
Config
Grayware
Grayware options
Page
config antivirus heuristic
300
config antivirus quarantine
config antivirus service http
antivirus quarantine command keywords and variables
antivirus service http command keywords and variables
302
config antivirus service ftp
antivirus service ftp command keywords and variables
304
config antivirus service pop3
antivirus service pop3 command keywords and variables
config antivirus service imap
306
antivirus service imap command keywords and variables
config antivirus service smtp
antivirus service smtp command keywords and variables
Page
Web filter
310
Order of web filter operations
Content block
Web content block list
Web content block options
312
Configuring the web content block list
URL block
Web URL block list
Web URL block options
314
Configuring the web URL block list
Web pattern block list
Web pattern block options
Configuring web pattern block
URL exempt
316
URL exempt list
URL exempt list options
Configuring URL exempt
Category block
FortiGuard managed web filtering service
FortiGuard categories and ratings
FortiGuard Service Points
318
FortiGuard licensing
FortiGuard configuration
Category block configuration options
Configuring web category block
Category block reports
320
Category block reports options
Generating a category block report
Category block CLI configuration
Script filter
catblock command keywords and variables
Page
Spam filter
Page
Order of spam filter operations
FortiShield
326
FortiShield options
Configuring the FortiShield cache
IP address
IP address list
IP address options
328
Configuring the IP address list
RBL & ORDBL
RBL & ORDBL list
RBL & ORDBL options
Configuring the RBL & ORDBL list
330
Email address
Email address list
Email address options
Configuring the email address list
MIME headers
332
MIME headers list
MIME headers options
Configuring the MIME headers list
Banned word
334
Banned word list
Banned word options
Configuring the banned word list
Using Perl regular expressions
336
Regular expression vs. wildcard match pattern
Word boundary
Case sensitivity
Examples
Page
Log & Report
340
Log config
Log Setting options
FortiLog settings
342
Disk settings
Memory settings Syslog settings
WebTrends settings
344
Alert E-mail options
Log filter options
346
Traffic log
Event log
Anti-virus log
Web filter log
348
Attack log
Spam filter log
Configuring log filters
Enabling traffic logging
Log access
Viewing log messages
350
Choosing columns
Searching log messages
352
fortilog setting
log fortilog setting command keywords and variables
354
syslogd setting
log syslogd setting command keywords and variables
Page
Page
FortiGuard categories
Page
Page
Page
Page
Page
Glossary
Page
Page
Page
Index
A
B
C
368
D
E
F
G
H
I
K
370
L
M
N
O
Q
R
S
372
T
U
V
W
X