Manuals / Fortinet / Computer Equipment / Network Card

Fortinet 60B manual Adding firewall policies, To modify the default gateway 1 Go to Router Static

Models: 60B

1 66

Download 66 pages 46.82 Kb

Page 20

To modify the default gateway

Configuring NAT mode

Configuring

For an initial configuration, you must edit the factory configured static default route to specify a different default gateway for the FortiGate unit. This will enable the flow of data through the FortiGate unit.

For details on adding additional static routes, see the FortiGate Administration Guide.

To modify the default gateway

1Go to Router > Static.

2Select Edit for the default route

3In the Gateway field, type the IP address of the next-hop router where outbound traffic is directed.

4If the FortiGate unit reaches the next-hop router through a different interface (compared to the interface that is currently selected in the Device field), select the name of the interface from the Device field.

5Select OK.

Adding firewall policies

Firewall policies enable traffic to flow through the FortiGate interfaces. Firewall policies define how the FortiGate unit processes the packets in a communication session. You can configure the firewall policies to allow only specific traffic, users and specific times when traffic is allowed.

For the initial installation, a single firewall policy that enables all traffic through will enable you to verify your configuration is working. On lower-end units such a default firewall policy is already in place. For the higher end FortiGate units, you will need to add a firewall policy.

The following steps add two policies that allows all traffic through the FortiGate unit, to enable you to continue testing the configuration on the network.

To add an outgoing traffic firewall policy

1Go to Firewall > Policy.

2Select Create New.

3Set the following and select OK.

Source Interface	Select the port connected to the network.
Source Address	All

Destination Interface Select the port connected to the Internet.

Destination Address All

Schedulealways

ServiceAny

ActionAccept

To add an incoming traffic firewall policy

1Go to Firewall > Policy.

2Select Create New.

	FortiGate-60B FortiOS 3.0 MR6 Install Guide
20	01-30006-0446-20080910

Image 20

Fortinet 60B manual Adding firewall policies, To modify the default gateway 1 Go to Router Static

Contents

I N S T A L L G U I D E FortiGate-60B FortiOS 3.0 MR6Regulatory compliance FortiGate-60B Install GuideTrademarks Contents InstallingConfiguring Customer service and technical supportAdvanced configuration Configuring the modem interfaceConfiguring Transparent mode Verify the configurationConfiguring the PCMCIA modem card Using the web-based managerInstalling firmware from a system reboot using the CLI Testing new firmware before installing01-30006-0446-20080910 ContentsFortiGate-60B FortiOS 3.0 MR6 Install Guide Introduction Register your FortiGate unitDocument conventions About the FortiGate-60BAbout this document FortiGate Administration Guide Further ReadingTypographic conventions FortiGate QuickStart GuideCustomer service and technical support Fortinet Knowledge CenterComments on Fortinet technical documentation FortiGate High Availability User GuideInstalling Environmental specificationsEnvironmental specifications Cautions and warnings Plugging in the FortiGate Plugging in the FortiGateRack mount instructions Cautions and warningsGrounding Connecting to the network To power on the FortiGate unitTo power off the FortiGate unit Plugging in the FortiGateFortiGate-60B FortiOS 3.0 MR6 Install Guide InstallingTurning off the FortiGate unit 01-30006-0446-20080910Configuring NAT vs. Transparent mode Connecting to the FortiGate unitVerify the configuration Backing up the configuration Additional configurationConnecting to the FortiGate unit Connecting to the web-based managerTransparent mode To connect to the web-based managerConnecting to the CLI To connect to the CLIConfiguring NAT mode Using the web-based managerConfigure the interfaces To configure interfaces 1 Go to System Network InterfaceTo configure DNS server settings 1 Go to System Network Options Configure a DNS serverAdding a default route and gateway To modify the default gateway 1 Go to Router Static Adding firewall policiesTo add an outgoing traffic firewall policy 1 Go to Firewall Policy To add an incoming traffic firewall policy 1 Go to Firewall PolicyUsing the CLI For details, see the FortiGate Administration GuideTo set an interface to use a static address To set an interface to use DHCP addressingconfig system interface edit external set mode pppoe set username namestr set password psswrd set ipunnumbered ipaddressset defaultgw enable disable set dns-server-override enable disable To configure DNS server settingsConfiguring Transparent mode To modify the default gatewayTo add an outgoing traffic firewall policy Adding firewall policiesSwitching to Transparent mode To switch to Transparent mode 1 Go to System StatusUsing the web-based manager Configure a DNS serverTo switch to Transparent mode Using the CLISwitching to Transparent mode To add an outgoing traffic firewall policy 1 Go to Firewall PolicyConfigure a DNS server To configure DNS server settingsAdding firewall policies To add an outgoing traffic firewall policyVerify the configuration Backing up the configurationTo back up the FortiGate configuration 1 Go to System Maintenance Backup & RestoreRestoring a configuration Additional configurationSet the Administrator password To restore the FortiGate configurationConfigure FortiGuard To change the administrator password1 Go to System Admin Administrators To update antivirus definitions and IPS signaturesAdditional configuration FortiGate-60B FortiOS 3.0 MR6 Install GuideConfiguring 01-30006-0446-20080910Advanced configuration Protection profilesProtection profiles Firewall policies Antivirus options AntiSpam options Web filtering LoggingFirewall policies Configuring firewall policies Antivirus optionsAntiSpam options Web filtering Logging Configuring the modem interface Selecting a modem mode Configuring modem settingsConfiguring the modem using the CLI Adding a Ping Server Administrative access through the modem portConfiguring modem settings Stand alone modeTo configure modem settings 1 Go to System Network Modem You can configure and use the modem in NAT/Route mode only2 Select Enable Modem 3 Change any of the dial-up connection settings 4 Enter the settings for Dial-up Account 1 settingsConfiguring the modem using the CLI SyntaxConfiguring the modem interface DefaultFortiGate-60B FortiOS 3.0 MR6 Install Guide Configuring the modem using the CLIConfiguring the modem using the CLI DefaultFortiGate-60B FortiOS 3.0 MR6 Install Guide Keywords and variablesExample Configuring the modem interfaceFortiGate-60B FortiOS 3.0 MR6 Install Guide 01-30006-0446-20080910To modify the dead gateway detection settings Adding a Ping ServerDead gateway detection To add a ping server to an interfaceAdministrative access through the modem port Configuring the PCMCIA modem cardTo enable administrative access on the modem interface To configure the modem 1 Go to System Network Modemwhere 5555 is the pin provided to you by your ISP 8 Select Apply Downloading firmware Using the web-based manager Using the CLI Installing firmware from a system reboot using the CLITesting new firmware before installing FortiGate FirmwareUsing the web-based manager To upgrade the firmware4 Under System Information Firmware Version, select Update Upgrading the firmwareBackup and Restore from a USB key Using the USB Auto-InstallTo backup configuration 1 Go to System Maintenance Backup and RestoreUsing the CLI To configure the USB Auto-InstallTo upgrade the firmware using the CLI execute pingexecute restore image namestr tftpip4 execute restore image image.outexecute update-now To revert to a previous firmware version using the CLIInstalling firmware from a system reboot using the CLI Where namestr the IP address of the imagev28.out andTo install firmware from a system reboot Installing firmware from a system reboot using the CLIRestoring the previous configuration config system interface edit interface set ip addressip4maskset allowaccess pinghttpssshtelnethttp end To backup configuration using the CLIAdditional CLI Commands for a USB key To restore configuration using the CLITo configure the USB Auto-Install using the CLI Using the USB Auto-InstallTesting new firmware before installing To test the new firmware imageTesting new firmware before installing Testing new firmware before installing FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 FortiGate FirmwareIndex FortiGate-60B FortiOS 3.0 MR6 Install GuideIndex 01-30006-0446-20080910Page 01-30006-0446-20080910 FortiGate-60B FortiOS 3.0 MR6 Install GuideIndex 01-30006-0446-20080910 FortiGate-60B FortiOS 3.0 MR6 Install GuideIndex 01-30006-0446-20080910 FortiGate-60B FortiOS 3.0 MR6 Install GuideIndex 01-30006-0446-20080910 FortiGate-60B FortiOS 3.0 MR6 Install GuideIndex