100D Series QuickStart
15
-
Upload
fernando-mayer -
Category
Documents
-
view
333 -
download
2
description
Guia rápido do usuário Firewall FortiGate 100D.
Transcript of 100D Series QuickStart
July 05, 2013
01-503-209622-20130705
Copyright© 2013 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that FYQSFTTMZ�XBSSBOUT�UIBU�UIF�JEFOUJmFE�QSPEVDU�XJMM�QFSGPSN�BDDPSEJOH�UP�UIF�QFSGPSNBODF�NFUSJDT�IFSFJO��'PS�BCTPMVUF�DMBSJUZ �BOZ�TVDI�XBSSBOUZ�XJMM�CF�MJNJUFE�to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
FortiGate 100DQuickStart Guide
Register your Fortinet product to receive:• Technical Support • New product features • Protection from new threats
Vous devez enregistrer le produit pour recevoir:• Support technique• Nouvelles fonctionnalitées du produit • Protection contre de nouvelles menaces
La reistrazione ti permette di usufruire di:• Supporto Tecnico • Nuove funzionalita • Proteezione dalle ultime minaccce
Register for SupportDebe registrar el producto para recibir:• Apoyo técnico • Nuevas funcionalidades del producto • Protección contra ataques
登録のお願い本日、フォーティネット製品の登録をしてください。登録すると次のメリットがあります。 テクニカルサポート • 新機能の追加 • 新しい脅威への防御
请马上注册您的飞塔产品您在注册以后才能得到技术支持、新产品特点信息、最新威胁防护
http://support.fortinet.com/Toll free: 1 866 648 4638Phone: 1 408 486 7899
Fax: 1 408 235 7737Email: [email protected]
5
Box Includes
4
Before You Begin
It is normal to not require a hostname but your ISP may require it.
Hostname
Write down details that you may need from your network administrator or ISP.
T1/E1, Static broadband, Cable, or DSL with a static IP
IP Address Subnet Mask
Cable Modem DHCP
Default Gateway Primary/Secondary DNS
DSL PPPoE
Username
Password
QuickStart Guide Videohttp://forti.net/vqsg
USB Cable Ethernet Cable
Power Cable
4 Rubber Feet
Console Cable
2 Rack-Mount Brackets
8 Bracket Screws
76
Note: If the unit has a redundant power supply, each power cable should be connected to a different power source. In this way, if one power source fails, the other may still be operational and the unit will not lose power.
InstallationThe FortiGate unit DBO�CF�QMBDFE�PO�BOZ�nBU�TVSGBDF �PS�NPVOUFE�JO�BOZ�TUBOEBSE����JODI�(48.3 cm) rack unit with the provided rack-mount brackets and screws.
To install the FortiGate unit into a rack
1. Ensure that the FortiGate unit is placed on a stable surface prior to rack-mount installation.
2. Attach the provided rack-mount brackets to the sides of the unit using the provided screws.
Caution: Electrostatic discharge (ESD) can damage your Fortinet equipment.
Do not place heavy objects on the unit. To avoid personal injury or damage to the unit, it is recommended that two or more people install the unit into the rack.
3. Position the FortiGate unit in the rack. Ensure there is enough room around the unit to BMMPX�GPS�TVGmDJFOU�BJS�nPX�
4. Line up the rack-mount bracket holes to the holes on the rack and ensure that the FortiGate unit is level.
5. Finger tighten four rack-mount screws to attach the unit to the rack.6. Verify that the spacing around the FortiGate unit conforms to requirements and that the
unit is level, then tighten the rack-mount screws with an appropriate screwdriver.7. Using the provided power cable, plug the cable into the rear of the unit, and then into a
grounded electrical outlet or separate power source.
98
7R�LQVWDOO�WKH�XQLW�RQ�D�ÁDW�VXUIDFH
1. Ensure that the surface onto which the FortiGate unit to be installed is clean, level, and stable and that there is at least 1.5 inches (3.8cm) of clearance on all TJEFT�UP�BMMPX�GPS�BEFRVBUF�BJSnPX�
2. Attach the provided rubber feet to the bottom of the FortiGate unit.
3. Place the unit in the designated location.4. Verify that the spacing around the FortiGate unit
conforms to requirements and that the unit is level.5. Using the provided power cable, plug the cable
into the rear of the unit, and then into a grounded electrical outlet or separate power source.
Note: If the unit has a redundant power supply, each power cable should be connected to a different power source. In this way, if one power source fails, the other may still be operational and the unit will not lose power.
1.5in 1.5in
Caution: SFP transceivers are static sensitive devices. Use an ESD wrist strap or similar grounding device when handling transceivers.
Do not install or remove SFP transceivers while mCFS�PQUJD�DBCMFT�BSF�still attached. This can cause damage to the cables, cable connectors, and the optical interfaces. It may also prevent the transceiver from latching correctly into the socket connector.
SFP Transceivers
Transmit Optical Bore
Receive Optical Bore
SFP Cage Sockets
Socket Latch
To install the SFP transceivers
1. Ensure that you are properly grounded.2. Remove the caps from the SFP cage sockets on the
front panel of the unit.
Extraction Lever
1110
Caution: Do not force the SFP transceivers into the cage slots. If the transceiver does not easily slide in and click into place, it may not be aligned correctly or may be upside down. If this happens, remove the SFP transceiver, realign it or rotate it and slide it in again.
Note: SFP cage socket orientation may vary. Ensure that the SFP transceiver module is correctly oriented each time that you are inserting a transceiver. Installing and removing SFP transceivers can shorten their useful life. Do not install or remove transceivers more than is necessary.
3. Position the SFP transceiver in front of the cage socket opening and ensure that the transceiver is correctly oriented.
When the transceiver is correctly oriented, the extraction lever will be level with the socket latch.
4. Hold the sides of the SFP transceiver and slide it into the cage socket until it clicks into place.
5. Press the transceiver mSNMZ�JOUP�UIF cage socket with your thumb.
6. Verify that the transceiver is latched correctly by grasping the sides of the transceiver and trying to pull it out without lowering the extraction lever.
If the transceiver cannot be removed, it is installed and latched correctly.
If the transceiver can be removed, reinsert it and press harder with your thumb.
If necessary, repeat this process until the transceiver is securely latched into the cage socket.
To remove the SFP transceivers
1. Ensure that you are properly grounded.2. If applicable, disconnect the mCFS�PQUJD�DBCMF from the transceiver connector and install
a clean dust plug in the transceiver’s optical bores.3. Pull the extraction lever out and down to eject the transceiver. If you are unable to use
ZPVS�mOHFS�UP�PQFO�UIF�MFWFS �VTF�B�TNBMM�nBU�IFBE�screwdriver or other similar tool to open the lever.
4. Hold the sides of the transceiver and carefully pull it away from the cage socket.
5. Replace the cap on the SFP cage socket and place the removed SFP transceiver into an antistatic bag.
Note: Follow proper mCSF�PQUJD�IBOEMJOH�procedures when installing and removing SFP transceivers to ensure the devices remain clean and are not damaged.
1312
14
13
16
15
16
15
HA 2
HA 1
2
1
4
3
6
5
8
7
10
9
12
11
STATUS
ALARM
HA
POWERUSB MGMT
USBUSB
CONSOLE
WAN 1
WAN 2
DMZ
MGMT
SHARED SFP
Basic ConnectionsConnect your device to an electrical outlet and an Internet connection. This is usually a modem, but could also be another device on your network.
1
Power Connection
WAN1
AC Line
100-240V AC
60-50Hz 3-1.5A
Internet
FortiGate Setup Options2
Web BrowserSetup Wizard (p.13) With FortiExplorer (pp.14-15)
'PSUJ&YQMPSFS�"QQ�$POmHVSBUJPO�(pp.18-19)
OS XA B
C Terminal Emulation(p.16-17)
D
14
13
16
15
16
15
HA 2
HA 1
2
1
4
3
6
5
8
7
10
9
12
11
STATUS
ALARM
HA
POWERUSB MGMT
USBUSB
CONSOLE
WAN 1
WAN 2
DMZ
MGMT
SHARED SFP
A
Web-based Manager
1. Connect the Ethernet cable to the MGMT port and your computer.2. Visit 192.168.1.99 in a web browser. If this does not show the login page, change the IP address of you computer to
192.168.1.2 and try again.3. Login using username “admin” and no password.4. Click “Wizard” in the top right corner and follow instructions.5. Register your device from the dashboard page.
Web Browser with Ethernet cable
https://
MGMT Port
1514
Windows/OS X with USB
0LFURVRIW�:LQGRZV�,QVWDOO
2. Connect the USB cable and launch FortiExplorer if it does not appear automatically.
Mac OS X Install
2. Double-Click the �ENH�mMF and drag the FortiExplorer icon to the Applications folder.
3. Connect the USB cable. 4. Click the FortiExplorer icon to launch
the application.
1. Download FortiExplorer from http://forti.net/fexp.
B
14
13
16
15
16
15
HA 2
HA 1
2
1
4
3
6
5
8
7
10
9
12
11
STATUS
ALARM
HA
POWERUSB MGMT
USBUSB
CONSOLE
WAN 1
WAN 2
DMZ
MGMT
SHARED SFP
USB MGMT Port
FortiExplorer Setup Wizard
'PSUJ&YQMPSFS�QSPWJEFT�EJSFDU�DPOmHVSBUJPO�BDDFTT�UP�ZPVS�FortiGate XJUIPVU�NPEJmDBUJPO�of the network settings.
0UIFS�GFBUVSFT�BOE�UPPMT�JODMVEF�BVUPNBUJD�mSNXBSF�EPXOMPBE �FBTZ�SFHJTUSBUJPO �BOE�access to additional device resources.
1. Follow prompts or click “Register” to register your device with FortiCare.2. Click “Setup Wizard”.3. Login using username “admin” and no password.4. Follow Setup Wizard steps.5. Click i$POmHVSFw�to complete the setup of your device.
1716
14
13
16
15
16
15
HA 2
HA 1
2
1
4
3
6
5
8
7
10
9
12
11
STATUS
ALARM
HA
POWERUSB MGMT
USBUSB
CONSOLE
WAN 1
WAN 2
DMZ
MGMT
SHARED SFP
C Terminal Emulation with Console Cable
To Connect to the CLI
1. Connect the FortiGate unit console port to the management computer using the provided console cable.
2. Start a terminal emulation program on the management computer. Use the following settings: Baud Rate: 9600 Data bits: 8 Parity: None Stop bits: 1 Flow Control: None3. Press Enter on your keyboard to connect to the CLI.4. Login using username “admin” and no password. You can now proceed with
DPOmHVSJOH�ZPVS�'PSUJ(BUF�VOJU�
A list of commands can be found at http://forti.net/cli.
Get started by typing “?” for a list of available commands.Begin typing a command and type “?” for a list of available ways to complete.For example iDPOmH� w�XJMM�TIPX�UIF�MPXFTU�MFWFM�PG�DPOmHVSBUJPO�PQUJPOT�
A comprehensive reference guide with all commands can be found at http://forti.net/cli.
Console Port
>_
1918
iPhone/iPad/iPod Touch with Apple USB cableFortiExplorer App
1. Download the iOS FortiExplorer App to your device from http://forti.net/fexp-ios.2. Use your Apple USB cable to connect to the USB port. 3. Launch the FortiExplorer App and select the device model.4. Login using username “admin” and no password. ���$POmHVSF�ZPVS�EFWJDF��5IJT�WFSTJPO�EPFT�OPU�IBWF�B�XJ[BSE�
http://forti.net/fexp-ios
http://forticlient.comUSB Port
D
14
13
16
15
16
15
HA 2
HA 1
2
1
4
3
6
5
8
7
10
9
12
11
STATUS
ALARM
HA
POWERUSB MGMT
USBUSB
CONSOLE
WAN 1
WAN 2
DMZ
MGMT
SHARED SFP
20 21
Device GuideFortiGate 100D
Internet
USB MGMT (USB-B)USB client port for management
USB (USB-A)USB server ports for USB key, modem, or management functions
WAN 1 & 2 (RJ-45)Gigabit Ethernet Internet connections
LAN Ports 1 - 14 (RJ-45)Switched Gigabit Ethernet ports for connection to your network & the Internet
Console (RJ-45)Optional connection to the management computer. Provides access to the CLI
HA1 & 2Optional connections to other FortiGate units for High Availability (HA)
14
13
16
15
16
15
HA 2
HA 1
2
1
4
3
6
5
8
7
10
9
12
11
STATUS
ALARM
HA
POWER
USB MGMT USB USB CONSOLE
WAN 1
WAN 2
DMZ
MGMTSHARED SFP
MGMT (RJ-45)Client port for management.Default IP address: 192.168.1.99DMZ (RJ-45)Optional connection to a DMZ network/device
LAN Ports 15 -16 (RJ-45)Switched Gigabit Ethernet ports. Shared with SFP ports 15 to 16
SFP Ports 15 & 16 (SFP)1 Gbps/auto, small form-factor pluggable transceiver. Shared with LAN Ports 15 & 16
Power100-240V AC,50-60Hz, 3-1.5A
Power Switch
AC Line100-240V AC
50-60Hz 3-1.5A
14
13
16
15
16
15
HA 2
HA 1
2
1
4
3
6
5
8
7
10
9
12
11
STATUS
ALARM
HA
POWER
USB MGMT USB USB CONSOLE
WAN 1
WAN 2
DMZ
MGMTSHARED SFP
HANormal HA modeHA disabledPowerOn Off
LAN Ports Speed Connected at 1000MbpsConnected at 100MbpsConnected at 10Mbps or not in use
LAN Ports Activity ConnectedTransmitting & receiving dataNot in use
LogoOnOff
Status NormalBooting upMajor alarmAlarmMajor alarmMinor alarmNormal
22
More Information
22
FortiGate CookbookAdvanced installation and setup, networking, security policies
BOE�mSFXBMM�PCKFDUT �65.�QSPmMFT �44-�71/ �*1TFD�71/ �Authentication, Logging and reporting.
http://forti.net/cookbook
Training ServicesCourse descriptions, availability, schedules, and locations of
training programs in your area.
http://forti.net/training
&/,�5HIHUHQFH"EWBODFE�DPOmHVSBUJPO�PG�ZPVS�EFWJDF�VTJOH�UIF�DPNNBOE�MJOF��
http://forti.net/cli
FortiOS Handbook%FmOJUJWF�HVJEF�UP�DPOmHVSJOH�BOE�PQFSBUJOH�'PSUJ04�
http://forti.net/handbook
(QYLURQPHQWDO�6SHFLÀFDWLRQVOperating Temperature: 0 - 40°C (32 - 104°F) Storage Temperature: -25 - 70°C (-13 - 158°F) Humidity: 20 to 90% non-condensing Operating Altitude: <2250m (7400ft)
Elevated Operating Ambient: If installed in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room BNCJFOU��5IFSFGPSF �DPOTJEFSBUJPO�TIPVME�CF�HJWFO�UP�JOTUBMMJOH�UIF�FRVJQNFOU�JO�BO�FOWJSPONFOU�DPNQBUJCMF�XJUI�UIF�NBYJNVN�BNCJFOU�UFNQFSBUVSF�5NB�TQFDJmFE�CZ�the manufacturer.Reduced Air Flow: *OTUBMMBUJPO�PG�UIF�FRVJQNFOU�JO�B�SBDL�TIPVME�CF�TVDI�UIBU�UIF�BNPVOU�PG�BJS�nPX�SFRVJSFE�GPS�TBGF�PQFSBUJPO�PG�UIF�FRVJQNFOU�JT�OPU�DPNQSPNJTFE�Mechanical Loading: Mounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading.Circuit Overloading: Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of the circuits might have on overcurrent protection and supply wiring. Appropriate consideration of equipment nameplate ratings should be used when addressing this concern.Reliable Earthing: Reliable earthing of rack-mounted equipment should be maintained. Particular attention should be given to supply connections other than direct connections to the branch circuit (e.g. use of power strips).
Regulatory Notices)HGHUDO�&RPPXQLFDWLRQ�&RPPLVVLRQ��)&&��²�86$
7KLV�GHYLFH�FRPSOLHV�ZLWK�3DUW����RI�)&&�5XOHV��2SHUDWLRQ�LV�VXEMHFW�WR�WKH�IROORZLQJ�WZR�FRQGLWLRQV��(1) this device may not cause harmful interference, and (2) this device must accept any interference received; including interference that may cause undesired operation.
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if it is not installed and used in accordance with the instruction manual, it may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user will be required to correct the interference at his own expense.
WARNING: "OZ�DIBOHFT�PS�NPEJmDBUJPOT�UP�UIJT�QSPEVDU�OPU�FYQSFTTMZ�BQQSPWFE�CZ�UIF�QBSUZ�SFTQPOTJCMF�GPS�DPNQMJBODF�DPVME�WPJE�UIF�VTFS�T�BVUIPSJUZ�UP�PQFSBUF�UIF�equipment
,QGXVWU\�&DQDGD�(TXLSPHQW�6WDQGDUG�IRU�'LJLWDO�(TXLSPHQW��,&(6��²�&DQDGD
CAN ICES-3 (A) / NMB-3 (A)
This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications.Le présent appareil numérique n’emet pas de bruits radioélectriques dépassant les limites applicables aux appareils numeriques de la classe A préscrites dans le Règlement sur le brouillage radioélectrique édicte par le ministère des Communications du Canada.
(XURSHDQ�&RQIRUPLW\��&(����(8
This is a Class A product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures.
9ROXQWDU\�&RQWURO�&RXQFLO�IRU�,QWHUIHUHQFH��9&&,��²�-DSDQこの装置は、クラスA情報技術装置です。 この装置を 家庭環境で使用すると電波妨害を引き起こすことがあり ます。 この場合には使用者が適切な対策を講ずるよう要求されることがあります。 VCCI-A
%XUHDX�RI�6WDQGDUGV�0HWURORJ\�DQG�,QVSHFWLRQ��%60,��²�7DLZDQ這是甲類的資訊產品,在居住的環境中使用時,可能會造成射頻干擾,在這種情況下,使用者會被要求採取某些適當的對策。
China此为 A 级产品,在生活环境中,该产品可能会造成无线电干扰。这种情况下,可能需要用户对其采取切实可行的措 施。
UL/cUL & CE/CB6DIHW\�&DXWLRQV�DQG�:DUQLQJV .RUHDQ�&HUWLÀFDWLRQ��.&��²�.RUHD
주의 A 급기기이기기는업무용으로전자파적합등록을한기기이오니판매자 또는사용자는이 점을 주의하시기 바라며 만약잘못 판매 또는구입하였을 때에는 가정용으료 교환하시기 바랍니다.
Grounding
Ensure your Fortinet product is connected and properly grounded to a lightning and surge protector.WAN or LAN connections that enter the premises from outside the building should be connected to an Ethernet CAT5 (10/100 Mb/s) surge protector. Shielded Twisted Pair (STP) Ethernet cables should be used whenever possible rather than Unshielded Twisted Pair (UTP). Do not connect or disconnect cables during lightning activity to avoid damage to your Fortinet product or personal injury.Electrostatic discharge (ESD) can damage Fortinet equipment. Only perform the procedures described in this document from an ESD workstation. If no such station is available, you can provide some ESD protection by wearing an anti-static wrist strap and attaching it to an available ESD connector or other bare metal object.
Caution: Risk of explosion if battery is replaced by an incorrect type. Dispose of used batteries according to your local regulations.
,03257$17��Switzerland: Annex 4.10 of SR814.013 applies to batteries.
警告本電池如果更換不正確會有爆炸的危險請依製造商說明書處理用過之電池
