Manuals / Fortinet / Computer Equipment / Network Card

Fortinet 110C Configure a DNS server, Adding firewall policies, To configure DNS server settings

Models: 110C

1 56

Download 56 pages 17.98 Kb

Page 28

Manual background

Configuring Transparent mode

Configuring

Configure a DNS server

A DNS server is a service that converts symbolic node names to IP addresses. A domain name server (DNS server) implements the protocol. In simple terms, it acts as a phone book for the Internet. A DNS server matches domain names with the computer IP address. This enables you to use readable locations, such as fortinet.com when browsing the Internet.

DNS server IP addresses are typically provided by your internet service provider.

To configure DNS server settings

config system dns

set autosvr {enable disable} set primary <address_ip>

set secondary <address_ip> end

Note if you set the autosvr to enable, you do not have to configure the primary or secondary DNS server IP addresses.

Adding firewall policies

Firewall policies enable traffic to flow through the FortiGate interfaces. Firewall policies define the FortiGate unit process the packets in a communication session. You can configure the firewall policies to allow only specific traffic, users and specific times when traffic is allowed.

For the initial installation, a single firewall policy that enables all traffic through will enable you to verify your configuration is working. On lower-end units such a default firewall policy is already in place. For the higher end FortiGate units, you will need to add a firewall policy.

The following steps add two policies that allows all traffic through the FortiGate unit, to enable you to continue testing the configuration on the network.

To add an outgoing traffic firewall policy

config firewall profile

edit <seq_num>

set srcintf <source_interface> set srcaddr <source_IP>

set dstintf <destination_interface> set dstaddr <destination_IP>

set schedule always set service ANY set action accept

end

To create an incoming traffic firewall policy, use the same commands with the addresses reversed.

Note that these policies allow all traffic through. No protection profiles have been applied. Ensure you create additional firewall policies to accommodate your network requirements.

	FortiGate-110C FortiOS 3.0 MR6 Install Guide
26	01-30006-0481-20080728

Image 28

Fortinet 110C manual Configure a DNS server, Adding firewall policies, To configure DNS server settings

Contents

I N S T A L L G U I D E FortiGate-110C FortiOS 3.0 MR6Trademarks FortiGate-110C Install GuideRegulatory compliance Contents ContentsInstalling ConfiguringAdvanced configuration Configuring Transparent modeVerify the configuration Backing up the configurationInstalling firmware from a system reboot using the CLI Testing new firmware before installingIndex ContentsFortiGate-110C FortiOS 3.0 MR6 Install Guide Contents01-30006-0481-20080728 Introduction Register your FortiGate unitAbout this document About the FortiGate-110CDocument conventions FortiGate Administration Guide Further ReadingTypographic conventions FortiGate QuickStart GuideCustomer service and technical support Fortinet Knowledge CenterComments on Fortinet technical documentation FortiGate IPS User GuideInstalling Environmental specificationsEnvironmental specifications Cautions and warnings Plugging in the FortiGate Plugging in the FortiGateCautions and warnings GroundingRack mount instructions MountingTo install the FortiGate unit into a rack To power on the FortiGate unit Connecting to the networkPlugging in the FortiGate To power off the FortiGate unit Turning off the FortiGate unitFortiGate-110C FortiOS 3.0 MR6 Install Guide InstallingTurning off the FortiGate unit 01-30006-0481-20080728Configuring NAT vs. Transparent modeNAT mode NAT vs. Transparent mode Connecting to the FortiGate unitConnecting to the FortiGate unit Transparent modeConnecting to the web-based manager To connect to the web-based managerConnecting to the CLI To connect to the CLIConfiguring NAT mode Using the web-based managerConfigure the interfaces To configure interfaces 1 Go to System Network InterfaceAdding a default route and gateway Configure a DNS serverTo configure DNS server settings 1 Go to System Network Options To modify the default gateway 1 Go to Router Static Adding firewall policiesTo add an outgoing traffic firewall policy 1 Go to Firewall Policy To add an incoming traffic firewall policy 1 Go to Firewall PolicyUsing the CLI For details, see the FortiGate Administration GuideTo set an interface to use a static address To set an interface to use DHCP addressingconfig system interface edit external set mode pppoe set username namestr set password psswrd set ipunnumbered ipaddressset defaultgw enable disable set dns-server-override enable disable To configure DNS server settingsConfiguring Transparent mode To modify the default gatewayTo add an outgoing traffic firewall policy Adding firewall policiesSwitching to Transparent mode To switch to Transparent mode 1 Go to System StatusUsing the web-based manager Configure a DNS serverTo switch to Transparent mode Using the CLISwitching to Transparent mode To add an outgoing traffic firewall policy 1 Go to Firewall PolicyConfigure a DNS server To configure DNS server settingsAdding firewall policies To add an outgoing traffic firewall policyVerify the configuration Backing up the configurationTo back up the FortiGate configuration 1 Go to System Maintenance Backup & RestoreRestoring a configuration Additional configurationSet the Administrator password To restore the FortiGate configurationConfigure FortiGuard To change the administrator password1 Go to System Admin Administrators To update antivirus definitions and IPS signaturesAdditional configuration FortiGate-110C FortiOS 3.0 MR6 Install GuideConfiguring 01-30006-0481-20080728Advanced configuration Protection profilesProtection profiles Firewall policies Antivirus options AntiSpam options Web filtering LoggingFirewall policies Configuring firewall policies Antivirus optionsAntiSpam options Web filtering Logging Downloading firmware Using the web-based manager Using the CLI Installing firmware from a system reboot using the CLITesting new firmware before installing FortiGate FirmwareUsing the web-based manager To upgrade the firmware4 Under System Information Firmware Version, select Update Upgrading the firmwareBackup and Restore from a USB key Using the USB Auto-InstallTo backup configuration 1 Go to System Maintenance Backup and RestoreUsing the CLI To configure the USB Auto-InstallTo upgrade the firmware using the CLI 1 Go to System Maintenance Backup and Restoreexecute restore image namestr tftpip4 execute restore image image.outexecute update-now To revert to a previous firmware version using the CLIInstalling firmware from a system reboot using the CLI Where namestr the IP address of the imagev28.out andTo install firmware from a system reboot Installing firmware from a system reboot using the CLIRestoring the previous configuration config system interface edit interface set ip addressip4maskset allowaccess pinghttpssshtelnethttp end To backup configuration using the CLIAdditional CLI Commands for a USB key To restore configuration using the CLITo configure the USB Auto-Install using the CLI Using the USB Auto-InstallTesting new firmware before installing To test the new firmware imageTesting new firmware before installing Testing new firmware before installing FortiGate-110C FortiOS 3.0 MR6 Install Guide01-30006-0481-20080728 FortiGate FirmwareIndex Index FortiGate-110C FortiOS 3.0 MR6 Install Guide01-30006-0481-20080728 Index FortiGate-110C FortiOS 3.0 MR6 Install Guide01-30006-0481-20080728 Index FortiGate-110C FortiOS 3.0 MR6 Install Guide01-30006-0481-20080728