NAT/ 路由 模式安装

配置举例:到互联网的多重连接

 

 

使用 CLI

1 将 ping 服务器添加到外部接口。

set system interface external config detectserver 1.1.1.1 gwdetect enable

2 Add a ping server to the DMZ interface.

set system interface dmz config detectserver 2.2.2.1 gwdetect enable

基于目的地的路由配置举例

本节描了以下基于目的地的路由的例子: ·到互联网的主连接和备份连接 ·负载分配 ·负载分配与主连接、备份连接

到互联网的主连接和备份连接

按照以下步骤添加默认的基于目的地的路由,以将所有向外的通讯定向到网关 1。 如果网关 1 失效了,所有连接会被重定向到网关 2。网关 1 是到互联网的主连接,网关 2 是备份连接。

1 进入 系统 > 网络 > 路由表

2 选择 新建。

·目的 IP: 0.0.0.0

·掩码 : 0.0.0.0

·网关 #1: 1.1.1.1

·网关 #2: 2.2.2.1

·设备 #1: 外部

·设备 #2: dmz

·单击定。

使用 CLI

1 在路由表中添加路由

set system route number 0 dst 0.0.0.0 0.0.0.0 gw1 1.1.1.1 dev1 external gw2 2.2.2.1 dev2 dmz

表 12: 主连接和备份连接的路由

目的 IP

网关 #1

设备 #1

网关 #2

设备 #2

 

 

 

 

 

 

0.0.0.0

0.0.0.0

1.1.1.1

external

2.2.2.1

dmz

 

 

 

 

 

 

负载分配

可以将基于目的的路由配置为同时将通讯定向到个网关。如果您的内部网络 中的用户连接到 IPS1 和 IPS2 的网络中,您可以为个目的地添加路由。个路由可 以包括一个到一个 ISP 的网络的备份目的地址。

FortiGate-500 安装和配置指南

41

Page 53
Image 53
Fortinet 500 manual 基于目的地的路由配置举例, 到互联网的主连接和备份连接, 负载分配, 使用 Cli, 进入 系统 网络 路由表。

500 specifications

Fortinet 500 is a next-generation firewall (NGFW) that is part of Fortinet's acclaimed FortiGate family, designed to provide advanced security for medium to large enterprises. This appliance is known for its high performance, flexibility, and ability to protect networks from a variety of cyber threats through its robust features and technologies.

One of the main features of the Fortinet 500 is its integrated security capabilities. It combines multiple security functions into a single device, allowing organizations to manage everything from intrusion prevention and antivirus to web filtering and application control. This integration leads to simplified management and increased efficiency, as users can address multiple security needs without deploying multiple devices.

The Fortinet 500 runs on the FortiOS operating system, which is known for its simplicity and user-friendliness. FortiOS provides a centralized management interface that allows for the easy configuration and monitoring of security policies across the entire network. Additionally, the Fortinet management tools, such as FortiManager and FortiAnalyzer, enable detailed insights and reporting capabilities, helping organizations stay compliant with their security mandates.

Another characteristic that sets Fortinet 500 apart is its advanced threat intelligence, powered by the FortiGuard Labs. This global threat intelligence system continuously updates the firewall with the latest threat signatures and attack vectors, ensuring that organizations stay ahead of emerging threats. The firewall also employs machine learning and artificial intelligence to detect and mitigate sophisticated attacks in real-time.

Performance is crucial in any security appliance, and the Fortinet 500 does not disappoint. With hardware acceleration and purpose-built security processors, it delivers high throughput levels, enabling organizations to maintain productivity without sacrificing security. This level of performance is particularly beneficial in environments with heavy traffic and bandwidth demands.

In addition to these core features, the Fortinet 500 supports seamless integration with other security solutions within the Fortinet Security Fabric. This comprehensive approach allows for greater visibility and control over the entire security posture of an organization.

Overall, the Fortinet 500 is a powerful NGFW that offers a blend of advanced security features, ease of management, top-notch performance, and robust threat intelligence. Its ability to adapt to the ever-evolving landscape of cybersecurity makes it a valuable asset for businesses seeking to safeguard their digital assets and ensure seamless network operation.