Installing

the
FortiGate
Unit
Installation
Fortinet Technologies

 Free-standing (All units)

 requires 1.5” (3.75 cm) clearance on all sides
 Rack-mounted (FortiGate 200 and higher)
 requires 1U of vertical space

2
Connecting to the Web-based Manager (1)
Fortinet Technologies

To connect to the web-based manager, you need:

 a computer with an Ethernet interface
 a cross-over Ethernet cable or an Ethernet
hub/switch and two Ethernet cables
 an Internet browser
 Internet Explorer version 4.0 or higher
 Mozzilla, etc.

3
Connecting to the Web-based Manager (2)
Fortinet Technologies

 Set the static IP address of the computer with an

Ethernet connection to 192.168.1.2/255.255.255.0
 Using the cross-over cable or the Ethernet hub
and cables, connect the internal interface of the
FortiGate unit to the computer Ethernet
connection
 Start a browser and connect to the address
https://192.168.1.99
 Type admin in the Name field and click Login

4
Connecting to the CLI (1)
Fortinet Technologies

To connect to the FortiGate unit, you need:

 a computer with an available communications port
 depending on the FortiGate model, a null modem
cable with a 9-pin connector or an RJ-45 serial
cable and an RJ-45 to DB-9 converter
 terminal emulation software such as
HyperTerminal for Windows, Secure CRT, etc.
Connect the null modem cable to the communications
port of your computer and to the FortiGate
Console port

5
Connecting to the CLI (2)
Fortinet Technologies

 Start HyperTerminal, enter a name for the

connections, and click OK
 Configure HyperTerminal to connect directly to the
communications port on the computer to which
you have connected the null modem cable and
click OK
 Select the following port settings and click OK
 FortiGate 300 and FortiManager use 115200 bps

Bits per second 9600

Data bits 8
Parity None
Stop bits 1
Flow control None

6
Connecting to the CLI (3)
Fortinet Technologies

 Press Enter to connect to the FortiGate CLI

The following prompt is displayed:
FortiGate-60 login:
 Type admin and press Enter twice
The following prompt is displayed:
Type ? for a list of commands.

7
Factory Default Settings
Fortinet Technologies

The FortiGate unit is shipped with a factory default

configuration that allows you to connect to and
use the FortiGate web-based manager to
configure the unit onto the network
 Internal interface 192.168.1.99/24
 https, http, ssh, ping access is enabled
 External interface 192.168.100.99/24
 ping is enabled
 Firmware upgrade using TFTP is done using the
internal interface only (interrupt boot process)

8
Factory Default Settings (Con’t)
Fortinet Technologies

 No password
 On low end models (50, 60, 100), a policy is
added automatically to allow all traffic from
internal to external
 Add an administrator password for security

9
Registration
Fortinet Technologies

 After purchasing and installing a new FortiGate

unit
 You must register the unit to be able to receive
antivirus and attack signature updates
 After registration, you have
 a three month period to receive free updates
 a one month free trial period for FortiGuard, Fortinet’s
Web content blocking system
 After you have registered your FortiGate unit,
Fortinet sends a Support Login user name and
password to your email address

System > Maintenance > Support > FDS Registration

10
Support
Fortinet Technologies
 Use the user name and password you received
after registration to log on to the Fortinet support
web site to:
 view your list of FortiGate units
 register additional FortiGate units
 add or change FortiCare Support Contract numbers for
each FortiGate unit
 view and change registration information
 download virus and attack definition updates
 download firmware upgrades
 modify registration information after an RMA
 open support tickets

11
Planning the Installation
Fortinet Technologies

NAT/Route mode
 the FortiGate unit is visible to the network
 all its interfaces are on different subnets
 can add security policies
 can configure the FortiGate unit with multiple
redundant connections to the external network
Transparent mode
 the FortiGate unit is invisible to the network

12
Setting the Time and Date
Fortinet Technologies

 Ensure effective scheduling and logging

 Set the FortiGate system time manually or set the
unit to synchronize with a Network Time Protocol
(NTP) server for automatic time correction

13
Options
Fortinet Technologies
 Enhance security
 set timeouts for access to the FortiGate unit, policy
authentication, DGD for routing fail-over
 PIN protection for LCD panel

14
SNMP
Fortinet Technologies

 Report system information and send traps to

SNMP managers
 Access SNMP traps and data from any FortiGate
interface or VLAN configured for SNMP
management access
 Fortinet proprietary MIBs
 RFC 2665 (Ethernet-like MIB) and RFC 1213 (MIB
II)

15
DHCP Server and DHCP Relay
Fortinet Technologies

 NAT/Route mode only

 Static IP address required
 Configure the server first
 Choose the interface to act as a DHCP server

 System > DHCP > Service

16
IP/MAC Binding
Fortinet Technologies

 Protects the FortiGate unit and your network from

IP spoofing attacks
 IP/MAC pairs that do not match entries in the table
are denied connection
 Packet filtering
 Dynamic binding allows for DHCP assignments

 System > DCHP > IP/MAC Binding

17