Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
24Activity

Table Of Contents

Introduction
Introducing the FortiGate units
About the FortiGate-5000 series modules
FortiGate-3600A
FortiGate-3600
FortiGate-3000
FortiGate-1000A
FortiGate-1000AFA2
FortiGate-1000
FortiGate-800
FortiGate-800F
FortiGate-500A
FortiGate-500
FortiGate-400A
FortiGate-400
FortiGate-300A
FortiGate-300
FortiGate-200A
FortiGate-200
FortiGate-100A
FortiGate-100
FortiGate-60/60M/ADSL
FortiWiFi-60/60A/60AM
FortiGate-50B
FortiGate-50A
Fortinet family of products
FortiGuard Subscription Services
FortiAnalyzer
FortiClient
FortiBridge
FortiMail
FortiReporter
About this document
Document conventions
FortiGate documentation
Introduction Customer service and technical support
Fortinet Tools and Documentation CD
Fortinet Knowledge Center
Comments on Fortinet technical documentation
Customer service and technical support
Web-based manager
Button bar features
Contact Customer Support
Using the Online Help
About searching the online help
Logout
Web-based manager pages
Web-based manager menu
Lists
Icons
System Status
Status page
Viewing system status
Changing system information
Configuring system time
The Topology Viewer window
Customizing the topology diagram
Using virtual domains
•Virtual domains
Virtual domains
VDOM configuration settings
Global configuration settings
Enabling VDOMs
Configuring VDOMs and global settings
Working with VDOMs and global settings
Adding interfaces to a VDOM
Assigning an administrator to a VDOM
Changing the Management VDOM
To change the management VDOM
System Network
Interface
Switch Mode
Interface settings
Configuring an ADSL interface
Creating an 802.3ad aggregate interface
Creating a redundant interface
Creating a wireless interface
Configuring DHCP on an interface
Configuring an interface for PPPoE or PPPoA
Configuring Dynamic DNS service for an interface
Configuring a virtual IPSec interface
Additional configuration for interfaces
•Administrative access to an interface
Administrative access to an interface
Interface MTU packet size
Traffic logging for an interface
Secondary IP Addresses
Zone
Zone settings
Network Options
DNS Servers
Dead gateway detection
Routing table (Transparent Mode)
Transparent mode route settings
Configuring the modem interface
Configuring modem settings
Redundant mode configuration
See “Adding firewall policies for modem connections” on page94
Standalone mode configuration
Adding firewall policies for modem connections
Connecting and disconnecting the modem
Checking modem status
VLAN overview
FortiGate units and VLANs
VLANs in NAT/Route mode
Rules for VLAN IDs
Rules for VLAN IP addresses
Adding VLAN subinterfaces
VLANs in Transparent mode
Transparent mode virtual domains and VLANs
Troubleshooting ARP Issues
FortiGate IPv6 support
System Wireless The FortiWiFi wireless LAN interface
System Wireless
•The FortiWiFi wireless LAN interface
The FortiWiFi wireless LAN interface
Channel assignments
System Wireless System wireless settings (FortiWiFi-60)
System wireless settings (FortiWiFi-60)
System Wireless System wireless settings (FortiWiFi-60A and 60AM)
System wireless settings (FortiWiFi-60A and 60AM)
Wireless MAC Filter
Wireless Monitor
System DHCP FortiGate DHCP servers and relays
System DHCP
•FortiGate DHCP servers and relays
FortiGate DHCP servers and relays
Configuring DHCP services
Configuring an interface as a DHCP relay agent
Configuring a DHCP server
Viewing address leases
Reserving IP addresses for specific clients
System Config
HA
HA options
Cluster members list
Viewing HA statistics
Changing subordinate unit host name and device priority
Figure 67:Changing the subordinate unit host name and device priority
Disconnecting a cluster unit from a cluster
SNMP
Configuring SNMP
Configuring an SNMP community
Fortinet MIBs
FortiGate traps
Fortinet MIB fields
Replacement messages
Replacement messages list
Changing replacement messages
Changing the authentication login page
Changing the FortiGuard web filtering block override page
Changing the SSL-VPN login message
Changing the authentication disclaimer page
System Config Operation mode and VDOM management access
Operation mode and VDOM management access
Changing operation mode
Management access
System Admin
Administrators
Configuring RADIUS authentication for administrators
Viewing the administrators list
Configuring an administrator account
Access profiles
Viewing the access profiles list
Configuring an access profile
FortiManager
Settings
Monitoring administrators
System Maintenance
•Backup and restore
Backup and restore
FortiGuard Center
FortiGuard Distribution Network
FortiGuard Services
Configuring the FortiGate unit for FDN and FortiGuard services
•Support Contract and FortiGuard Subscription Services
Support Contract and FortiGuard Subscription Services
AntiVirus and IPS Downloads
AntiVirus and IPS Downloads
Web Filtering and AntiSpam Options
Troubleshooting FDN connectivity
Updating antivirus and attack definitions
Enabling push updates
License
System Chassis (FortiGate-5000 series)
•SMC (shelf manager card)
SMC (shelf manager card)
Blades (FortiGate-5000 chassis slots)
Chassis monitoring event log messages
Router Static
•Routing concepts
Routing concepts
How the routing table is built
How routing decisions are made
Multipath routing and determining the best route
How route sequence affects route priority
Equal Cost Multipath (ECMP) Routes
Static Route
Working with static routes
Default route and default gateway
Adding a static route to the routing table
Policy Route
Adding a route policy
Moving a route policy
Router Dynamic
How RIP works
Viewing and editing basic RIP settings
Selecting advanced RIP options
Overriding the RIP operating parameters on an interface
OSPF
OSPF autonomous systems
Defining an OSPF AS
Viewing and editing basic OSPF settings
Selecting advanced OSPF options
Defining OSPF areas
Specifying OSPF networks
Selecting operating parameters for an OSPF interface
How BGP works
Viewing and editing BGP settings
Multicast
Viewing and editing multicast settings
Overriding the multicast settings on an interface
Router Monitor
•Displaying routing information
Displaying routing information
Searching the FortiGate routing table
To search the FortiGate routing table
Firewall Policy About firewall policies
Firewall Policy
•About firewall policies
About firewall policies
Viewing the firewall policy list Firewall Policy
How policy matching works
Viewing the firewall policy list
Adding a firewall policy
Moving a policy to a different position in the policy list
Configuring firewall policies
Firewall policy options
Adding authentication to firewall policies
Adding traffic shaping to firewall policies
IPSec firewall policy options
SSL-VPN firewall policy options
Options to check FortiClient on hosts
Firewall policy examples
•Scenario one: SOHO sized business
Scenario one: SOHO sized business
Scenario two: enterprise sized business
Firewall Address About firewall addresses
Firewall Address
•About firewall addresses
About firewall addresses
Viewing the firewall address list Firewall Address
Viewing the firewall address list
Configuring addresses
Viewing the address group list
Configuring address groups
Firewall Service
•Viewing the predefined service list
Viewing the predefined service list
Firewall Service Viewing the custom service list
Viewing the custom service list
Configuring custom services
Viewing the service group list
Configuring service groups
Firewall Schedule Viewing the one-time schedule list
Firewall Schedule
•Viewing the one-time schedule list
Viewing the one-time schedule list
Configuring one-time schedules
Viewing the recurring schedule list
Configuring recurring schedules
Firewall Virtual IP
Virtual IPs
How virtual IPs map connections through the FortiGate unit
Viewing the virtual IP list
Configuring virtual IPs
Adding a static NAT virtual IP for a single IP address
Adding a static NAT virtual IP for an IP address range
To add a static NAT virtual IP for an IP address range
Adding static NAT port forwarding for a single IP address and a single port
Adding static NAT port forwarding for an IP address range and a port range
Adding a load balance virtual IP for an IP address range or real servers
To add a load balance virtual IP for an IP address range
Adding a load balance port forwarding virtual IP
Adding dynamic virtual IPs
Virtual IP Groups
Viewing the VIP group list
Configuring VIP groups
IP pools
IP pools and dynamic NAT
IP Pools for firewall policies that use fixed ports
Viewing the IP pool list
Configuring IP Pools
Firewall Protection Profile
•What is a protection profile
What is a protection profile
Default protection profiles
Viewing the protection profile list
Configuring a protection profile
Antivirus options
AntiVirus See “Antivirus options” on page273
Web filtering options
FortiGuard-Web filtering options
Spam filtering options
IPS options
Content archive options
IM and P2P options
Logging options
VoIP options
Adding a protection profile to a policy
Firewall Protection Profile Protection profile CLI configuration
Protection profile CLI configuration
Creating a new phase2 configuration
Defining phase2 advanced settings
Internet browsing configuration
Manual Key
Creating a new manual key configuration
Concentrator
Defining concentrator options
Monitor
VPN PPTP
PPTP Range
VPN SSL
Config
VPN Certificates
•Local Certificates
Local Certificates
Generating a certificate request
Downloading and submitting a certificate request
Importing a signed server certificate
Importing an exported server certificate and private key
Importing separate server certificate and private key files
Remote Certificates
VPN Certificates CA Certificates
Importing Remote (OCSP) certificates
CA Certificates
Importing CA certificates
Importing a certificate revocation list
Import Import a CRL. See “Importing a certificate revocation list” on page317
User Configuring user authentication
User
•Configuring user authentication
Configuring user authentication
Setting authentication timeout
To set authentication timeout
Setting user authentication protocol support
User Local user accounts
Local user accounts
Configuring a user account
RADIUS servers
Configuring a RADIUS server
User LDAP servers
LDAP servers
Configuring an LDAP server
User PKI authentication
PKI authentication
Configuring PKI users
Windows AD servers
Configuring a Windows AD server
User group
User group types
•“Firewall”
Active Directory
User group list
Configuring a user group
Configuring FortiGuard override options for a user group
Configuring SSLVPN user group options
Configuring peers and peer groups
AntiVirus
•Order of operations
•Antivirus elements
Order of operations
Antivirus elements
FortiGuard antivirus
AntiVirus Antivirus settings and controls
Antivirus settings and controls
Viewing the file pattern list catalog
Creating a new file pattern list
Viewing the file pattern list
Configuring the file pattern list
Quarantine
Viewing the Quarantined Files list
Viewing the AutoSubmit list
Configuring the AutoSubmit list
Configuring quarantine options
Viewing the virus list
Viewing the grayware list
AntiVirus Antivirus CLI configuration
Antivirus CLI configuration
system global optimize
config antivirus heuristic
config antivirus quarantine
config antivirus service <service_name>
Intrusion Protection About intrusion protection
Intrusion Protection
•About intrusion protection
About intrusion protection
IPS settings and controls
When to use IPS
Predefined signatures
Viewing the predefined signature list
Configuring predefined signatures
Fine tuning IPS predefined signatures for enhanced system performance
Custom signatures
Viewing the custom signature list
Creating custom signatures
Protocol Decoders
Viewing the protocol decoder list
Upgrading IPS protocol decoder list
Anomalies
Viewing the traffic anomaly list
Configuring IPS traffic anomalies
IPS CLI configuration
system autoupdate ips
ips global fail-open
ips global ip_protocol
ips global socket-size
(config ips anomaly) config limit
To view the web content exempt list
Configuring the web content exempt list
URL filter
Viewing the URL filter list catalog
To view the URL filter list catalog
Creating a new URL filter list
Viewing the URL filter list
Configuring the URL filter list
Moving URLs in the URL filter list
FortiGuard - Web Filter
Configuring FortiGuard-Web filtering
Viewing the override list
To view the override list
Configuring override rules
Creating local categories
Viewing the local ratings list
To view the local ratings list
Configuring local ratings
Category block CLI configuration
FortiGuard-Web Filter reports
Antispam
Order of Spam Filtering
Anti-spam filter controls
Banned word
Viewing the antispam banned word list catalog
Creating a new antispam banned word list
Viewing the antispam banned word list
Configuring the antispam banned word list
Black/White List
Viewing the antispam IP address list catalogue
Creating a new antispam IP address list
Viewing the antispam IP address list
Configuring the antispam IP address list
Viewing the antispam email address list catalog
Creating a new antispam email address list
Viewing the antispam email address list
Configuring the antispam email address list
Advanced antispam configuration Antispam
Advanced antispam configuration
config spamfilter mheader
config spamfilter rbl
Using Perl regular expressions
Regular expression vs. wildcard match pattern
Word boundary
Case sensitivity
Perl regular expression formats
Table 42: Perl regular expression formats
Example regular expressions
IM, P2P & VoIP
Overview
Configuring IM/P2P protocols
How to enable and disable IM/P2P options
How to configure IM/P2P options within a protection profile
How to configure IM/P2P decoder log settings
How to configure older versions of IM/P2P applications
How to configure protocols that are not supported
Statistics
Viewing overview statistics
Viewing statistics by protocol
Viewing the Current Users list
Viewing the User List
Adding a new user to the User List
Configuring a policy for unknown IM users
Traffic log
Event log
Antivirus log
Web filter log
Attack log
Spam filter log
IM and P2P log
VoIP log
Log Access
Accessing log messages stored in memory
Accessing log message stored in the hard disk
Accessing logs stored on the FortiAnalyzer unit
Accessing logs on the FortiGuard Log & Analysis server
To access logs on the FortiGuard Log & Analysis server
Viewing log information
Column settings
Filtering log messages
Deleting logs stored on the FortiGuard Log & Analysis server
To delete logs stored on the FortiGuard Log & Analysis server
Content Archive
Alert Email
Configuring Alert Email
Reports
Basic traffic reports
FortiAnalyzer reports
Configuring a FortiAnalyzer report
Configuring the report properties
Configuring the report types
Configuring the report format
Configuring the report output
Editing FortiAnalyzer reports
Printing your FortiAnalyzer report
Viewing FortiAnalyzer reports from a FortiGate unit Log&Report
Viewing FortiAnalyzer reports from a FortiGate unit
Viewing parts of a FortiAnalyzer report
Index
0 of .
Results for:
No results containing your search query
P. 1
FortiGate Administration Guide 01 30004 0203 20070102

FortiGate Administration Guide 01 30004 0203 20070102

Ratings: (0)|Views: 5,362 |Likes:
Published by Khee Leng

More info:

Published by: Khee Leng on Apr 23, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

12/20/2012

pdf

text

original

You're Reading a Free Preview
Pages 10 to 49 are not shown in this preview.
You're Reading a Free Preview
Pages 59 to 283 are not shown in this preview.
You're Reading a Free Preview
Pages 293 to 359 are not shown in this preview.
You're Reading a Free Preview
Pages 369 to 406 are not shown in this preview.
You're Reading a Free Preview
Pages 416 to 458 are not shown in this preview.

Activity (24)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Aigars Leo liked this
Maritza Cost liked this
Robin Bowes liked this
Chinzorig Sashka liked this
Vahan Asatryan liked this
Robert Barsan liked this
Billy Sanson liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->