FortiGate Administration Guide 01-30006-0203-20080313, Edukacja
[ Pobierz całość w formacie PDF ]
ADMINISTRATION GUIDE
FortiGate™
Version 3.0 MR6
Visit
to register your FortiGate product. By registering you can receive product updates,
technical support, and FortiGuard services.
www.fortinet.com
FortiGate™ Administration Guide
Version 3.0 MR6
13 March 2008
01-30006-0203-20080313
© Copyright 2008 Fortinet, Inc. All rights reserved. No part of this
publication including text, examples, diagrams or illustrations may be
reproduced, transmitted, or translated in any form or by any means,
electronic, mechanical, manual, optical or otherwise, for any purpose,
without prior written permission of Fortinet, Inc.
Trademarks
Fortinet, FortiGate and FortiGuard are registered trademarks and
Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC,
FortiBIOS, FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat
Management System, FortiGuard-Antispam, FortiGuard-Antivirus,
FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer,
FortiManager, FortiOS, FortiPartner, FortiProtect, FortiReporter,
FortiResponse, FortiShield, and FortiVoIP, are trademarks of Fortinet, Inc.
in the United States and/or other countries. The names of actual
companies and products mentioned herein may be the trademarks of
their respective owners.
Contents
Contents
Introduction ...................................................................................... 17
What’s new in FortiOS 3.0 MR6 ...................................................................... 17
Introducing the FortiGate units ...................................................................... 21
FortiGate-5000 series chassis .................................................................... 21
About the FortiGate-5000 series modules .................................................. 22
FortiGate-AMC modules ............................................................................. 22
FortiGate-3810A.......................................................................................... 23
FortiGate-3600A.......................................................................................... 23
FortiGate-3016B.......................................................................................... 24
FortiGate-3600 ............................................................................................ 24
FortiGate-3000 ............................................................................................ 24
FortiGate-1000A/AFA2................................................................................ 25
FortiGate-1000 ............................................................................................ 25
FortiGate-800/800F ..................................................................................... 25
FortiGate-500A............................................................................................ 26
FortiGate-500 .............................................................................................. 26
FortiGate-400A............................................................................................ 26
FortiGate-400 .............................................................................................. 26
FortiGate-300A............................................................................................ 27
FortiGate-300 .............................................................................................. 27
FortiGate-224B............................................................................................ 27
FortiGate-200A............................................................................................ 28
FortiGate-200 .............................................................................................. 28
FortiGate-100A............................................................................................ 28
FortiGate-100 .............................................................................................. 28
FortiGate-60B.............................................................................................. 29
FortiWiFi-60B .............................................................................................. 29
FortiGate-60/60M/ADSL.............................................................................. 29
FortiWiFi-60/60A/60AM ............................................................................... 30
FortiWiFi-50B .............................................................................................. 30
FortiGate-50B.............................................................................................. 30
FortiGate-50A.............................................................................................. 31
Fortinet family of products ............................................................................. 31
FortiGuard Subscription Services ............................................................... 31
FortiAnalyzer ............................................................................................... 31
FortiClient .................................................................................................... 31
FortiManager ............................................................................................... 32
FortiBridge................................................................................................... 32
FortiMail ...................................................................................................... 32
About this document....................................................................................... 33
Document conventions................................................................................ 35
FortiGate Version 3.0 MR6 Administration Guide
01-30006-0203-20080313
3
Contents
FortiGate documentation ............................................................................... 36
Fortinet Tools and Documentation CD........................................................ 37
Fortinet Knowledge Center ........................................................................ 37
Comments on Fortinet technical documentation ........................................ 37
Customer service and technical support ...................................................... 37
Register your Fortinet product....................................................................... 37
Web-based manager........................................................................ 39
Button bar features ......................................................................................... 40
Contact Customer Support ......................................................................... 40
Backup your FortiGate configuration .......................................................... 41
Using FortiGate Online Help ....................................................................... 41
Logout ......................................................................................................... 44
Web-based manager pages ............................................................................ 44
Using the web-based manager menu ......................................................... 45
Using web-based manager lists .................................................................. 45
Adding filters to web-based manager lists .................................................. 46
Using page controls on web-based manager lists ...................................... 49
Using column settings to control the columns displayed in some
web-based manager lists ............................................................................ 50
Using web-based manager icons................................................................ 52
System Status .................................................................................. 55
Status page ...................................................................................................... 55
Viewing system status ................................................................................ 55
Changing system information........................................................................ 67
Configuring system time ............................................................................. 67
Changing the FortiGate unit host name ...................................................... 68
Changing the FortiGate firmware................................................................... 68
Upgrading to a new firmware version ......................................................... 69
Reverting to a previous firmware version.................................................... 69
Viewing operational history............................................................................ 70
Manually updating FortiGuard definitions .................................................... 71
Viewing Statistics ............................................................................................ 72
Viewing the session list ............................................................................... 72
Viewing the Content Archive information .................................................... 73
Viewing the Attack Log ............................................................................... 74
Topology .......................................................................................................... 76
Adding a subnet object ............................................................................... 78
Customizing the topology diagram.............................................................. 79
FortiGate Version 3.0 MR6 Administration Guide
4
01-30006-0203-20080313
Contents
Using virtual domains...................................................................... 81
Virtual domains................................................................................................ 81
VDOM configuration settings ...................................................................... 83
Global configuration settings ....................................................................... 84
Enabling VDOMs.............................................................................................. 84
Configuring VDOMs and global settings....................................................... 85
Creating a new VDOM ................................................................................ 86
Working with VDOMs and global settings ................................................... 86
Adding interfaces to a VDOM...................................................................... 87
Assigning an administrator to a VDOM ....................................................... 90
Changing the Management VDOM ............................................................. 90
System Network ............................................................................... 93
Interfaces.......................................................................................................... 93
Switch Mode................................................................................................ 96
Interface settings ......................................................................................... 97
Configuring an ADSL interface.................................................................. 100
Creating an 802.3ad aggregate interface.................................................. 101
Creating a redundant interface.................................................................. 102
Configuring DHCP on an interface ............................................................ 104
Configuring an interface for PPPoE or PPPoA ......................................... 105
Configuring Dynamic DNS on an interface ............................................... 107
Configuring a virtual IPSec interface ......................................................... 107
Configuring interfaces with CLI commands............................................... 109
Additional configuration for interfaces ....................................................... 110
Configuring the modem interface .............................................................. 113
Zones .............................................................................................................. 119
Networking Options....................................................................................... 120
DNS Servers ............................................................................................. 121
Dead gateway detection............................................................................ 121
Routing table (Transparent Mode) ............................................................... 122
Transparent mode route settings .............................................................. 122
VLAN overview............................................................................................... 123
FortiGate units and VLANs ....................................................................... 124
VLANs in NAT/Route mode........................................................................... 124
Rules for VLAN IDs ................................................................................... 125
Rules for VLAN IP addresses ................................................................... 125
Adding VLAN subinterfaces ...................................................................... 126
VLANs in Transparent mode ........................................................................ 127
Rules for VLAN IDs ................................................................................... 129
Transparent mode virtual domains and VLANs ........................................ 129
Troubleshooting ARP Issues..................................................................... 130
FortiGate Version 3.0 MR6 Administration Guide
01-30006-0203-20080313
5
[ Pobierz całość w formacie PDF ]