FortiGate Administration Guide 01-30003-0203-20061124, Edukacja
[ Pobierz całość w formacie PDF ]
ADMINISTRATION GUIDE
FortiGate™
Version 3.0 MR3
www.fortinet.com
FortiGate™ Administration Guide
Version 3.0 MR3
24 November 2006
01-30003-0203-20061124
© Copyright 2006 Fortinet, Inc. All rights reserved. No part of this
publication including text, examples, diagrams or illustrations may be
reproduced, transmitted, or translated in any form or by any means,
electronic, mechanical, manual, optical or otherwise, for any purpose,
without prior written permission of Fortinet, Inc.
Trademarks
Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC,
FortiBIOS, FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat
Management System, FortiGuard, FortiGuard-Antispam, FortiGuard-
Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer,
FortiManager, Fortinet, FortiOS, FortiPartner, FortiProtect, FortiReporter,
FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of
Fortinet, Inc. in the United States and/or other countries. The names of
actual companies and products mentioned herein may be the trademarks
of their respective owners.
Contents
Contents
Introduction ...................................................................................... 17
Introducing the FortiGate units ...................................................................... 17
FortiGate-5000 series chassis .................................................................... 18
About the FortiGate-5000 series modules .................................................. 19
FortiGate-3600A.......................................................................................... 19
FortiGate-3600 ............................................................................................ 20
FortiGate-3000 ............................................................................................ 20
FortiGate-1000A.......................................................................................... 20
FortiGate-1000AFA2 ................................................................................... 21
FortiGate-1000 ............................................................................................ 21
FortiGate-800 .............................................................................................. 21
FortiGate-800F ............................................................................................ 21
FortiGate-500A............................................................................................ 22
FortiGate-500 .............................................................................................. 22
FortiGate-400A............................................................................................ 22
FortiGate-400 .............................................................................................. 22
FortiGate-300A............................................................................................ 22
FortiGate-300 .............................................................................................. 23
FortiGate-224B............................................................................................ 23
FortiGate-200A............................................................................................ 23
FortiGate-200 .............................................................................................. 23
FortiGate-100A............................................................................................ 23
FortiGate-100 .............................................................................................. 24
FortiGate-60/60M/ADSL.............................................................................. 24
FortiWiFi-60/60A/60AM ............................................................................... 24
FortiGate-50A.............................................................................................. 24
Fortinet family of products ............................................................................. 25
FortiGuard Subscription Services ............................................................... 25
FortiAnalyzer ............................................................................................... 25
FortiClient .................................................................................................... 25
FortiManager ............................................................................................... 26
FortiBridge................................................................................................... 26
FortiMail ...................................................................................................... 26
FortiReporter ............................................................................................... 26
About this document....................................................................................... 26
Document conventions................................................................................ 28
FortiGate documentation ............................................................................... 29
Fortinet Tools and Documentation CD ........................................................ 30
Fortinet Knowledge Center ........................................................................ 30
Comments on Fortinet technical documentation ........................................ 31
Customer service and technical support ...................................................... 31
FortiGate Version 3.0 MR3 Administration Guide
01-30003-0203-20061124
3
Contents
Web-based manager........................................................................ 33
Button bar features ......................................................................................... 34
Contact Customer Support ......................................................................... 34
Using the Online Help ................................................................................. 35
Logout ......................................................................................................... 37
Web-based manager pages ............................................................................ 37
Web-based manager menu ........................................................................ 38
Lists............................................................................................................. 39
Icons ........................................................................................................... 39
Status bar.................................................................................................... 40
Using virtual domains ..................................................................... 43
Virtual domains................................................................................................ 43
VDOM configuration settings ...................................................................... 44
Global configuration settings....................................................................... 45
Enabling multiple VDOM operation ............................................................... 46
Configuring VDOMs and global settings....................................................... 46
Working with VDOMs and global settings ................................................... 47
Adding interfaces to a VDOM ..................................................................... 48
Assigning an administrator to a VDOM ....................................................... 49
Changing the Management VDOM ............................................................. 49
System Status .................................................................................. 51
Status page ...................................................................................................... 51
Viewing system status ................................................................................ 51
Changing system information........................................................................ 58
Configuring system time ............................................................................. 58
Changing the FortiGate unit host name ...................................................... 58
Changing the FortiGate firmware................................................................... 59
Upgrading to a new firmware version ......................................................... 59
Reverting to a previous firmware version.................................................... 60
Viewing operational history............................................................................ 61
Manually updating FortiGuard definitions .................................................... 61
Viewing Statistics ............................................................................................ 62
Viewing the session list ............................................................................... 62
Viewing the Content Archive information .................................................... 63
Viewing the Attack Log ............................................................................... 65
FortiGate Version 3.0 MR3 Administration Guide
4
01-30003-0203-20061124
Contents
System Network ............................................................................... 67
Interface............................................................................................................ 67
Interface settings ......................................................................................... 69
Configuring an ADSL interface.................................................................... 73
Creating an 802.3ad aggregate interface.................................................... 74
Creating a redundant interface.................................................................... 75
Creating a wireless interface ....................................................................... 76
Configuring DHCP on an interface .............................................................. 77
Configuring an interface for PPPoE or PPPoA ........................................... 79
Configuring Dynamic DNS service for an interface ..................................... 80
Configuring a virtual IPSec interface ........................................................... 81
Additional configuration for interfaces ......................................................... 82
Zone .................................................................................................................. 83
Zone settings............................................................................................... 84
Options ............................................................................................................. 84
DNS Servers ............................................................................................... 84
Dead gateway detection.............................................................................. 85
Configuring Network Options ...................................................................... 85
Routing table (Transparent Mode) ................................................................. 87
Transparent mode route settings ................................................................ 87
Configuring the modem interface .................................................................. 87
Configuring modem settings ....................................................................... 88
Redundant mode configuration ................................................................... 90
Standalone mode configuration .................................................................. 91
Adding firewall policies for modem connections ......................................... 91
Connecting and disconnecting the modem ................................................. 91
Checking modem status.............................................................................. 92
VLAN overview................................................................................................. 92
FortiGate units and VLANs ......................................................................... 93
VLANs in NAT/Route mode............................................................................. 93
Rules for VLAN IDs ..................................................................................... 94
Rules for VLAN IP addresses ..................................................................... 94
Adding VLAN subinterfaces ........................................................................ 95
VLANs in Transparent mode .......................................................................... 96
Rules for VLAN IDs ..................................................................................... 98
Transparent mode virtual domains and VLANs .......................................... 98
Troubleshooting ARP Issues..................................................................... 101
FortiGate IPv6 support .................................................................................. 101
System Wireless............................................................................. 103
The FortiWiFi wireless LAN interface .......................................................... 103
Channel assignments.................................................................................... 104
System wireless settings (FortiWiFi-60)...................................................... 106
FortiGate Version 3.0 MR3 Administration Guide
01-30003-0203-20061124
5
[ Pobierz całość w formacie PDF ]