QuickStart Guide

FortiGate/FortiWiFi

.
 QuickStart Guide FortiGate/FortiWiFi
01-520-250472-201810

Copyright© 2018 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names
herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal
lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding
commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants
that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on
Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or
development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied.
Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

2
.
 QuickStart Guide
Register for Support

Licenses & Subscriptions

Register your Fortinet product to receive: 登録のお願い
• Technical Support 本日、
フォーティネット製品の登録をしてください。
• New product features 登録すると次のメリットがあります。
• Protection from new threats テクニカルサポート • 新機能の追加 • 新しい脅威
への防御
Vous devez enregistrer le produit pour
recevoir: 请马上注册您的飞塔产品
• Support technique 您在注册以后才能得到技术支持、新产品特
• Nouvelles fonctionnalitées du produit 点信息、最新威胁防护
• Protection contre de nouvelles menaces

La reistrazione ti permette di usufruire di:

Security Fabric
• Supporto Tecnico
• Nuove funzionalita
• Proteezione dalle ultime minaccce
http://forti.net/support
Debe registrar el producto para recibir: Toll free: 1 866 648 4638
• Apoyo técnico Phone: 1 408 486 7899
• Nuevas funcionalidades del producto Fax: 1 408 235 7737
• Protección contra ataques Email: register@fortinet.com

About Fortinet

1
.
 Device Guide

http://forti.net/docs/fortigate

Included Accessories List

Port Guide

LED Guide

Mounting Guide

2
.
 QuickStart Guide
1 FortiGate Setup

A Web browser B Terminal emulation

with Ethernet cable with console cable

iOS
C FortiExplorer app configuration

2 SFP Tranceivers

A Installation B Removal

3
.
 1 FortiGate Setup
A Web Browser with Ethernet Cable

https://
MGMT or MGMT 1
If the device has
neither use port 1

To Connect to the GUI

1. Connect the Ethernet cable.

2. Configure the management computer to be on the same subnet as the internal interface as the FortiGate unit:

IP address: 192.168.1.2
Netmask: 255.255.255.0

3. Visit 192.168.1.99 in your web browser.

4. Login using username “admin” and no password.
5. Configure your device and save your settings.
6. Register your device from the dashboard page.

4
.
 B Terminal Emulation with Console Cable

QuickStart Guide
>_

Console Port

To Connect to the CLI

1. Connect the FortiGate unit console port to the management computer using the provided console cable.
2. Start a terminal emulation program on the management computer, select the appropriate COM port, and use the following
settings:

Baud rate: 9600

Data bits: 8
Parity: None
Stop bits: 1
Flow control: None

3. Press Enter on your keyboard to connect to the CLI.

4. Log in using username “admin” and no password. You can
now proceed with configuring your FortiGate unit.

Get started by typing “?” for a list of available commands.

Begin typing a command and type “?” for a list of available ways
to complete the command.
For example “config ?” will show the lowest level of
configuration options.

For a detailed guide visit http://forti.net/cli.

5
.
 C iOS with Apple to USB Cable

USB Port

FortiExplorer App

1. Download the FortiExplorer iOS App to your device from

http://apple.co/2jVvQkZ.
2. Launch the FortiExplorer App.
3. Use your Apple to USB cable to connect to the FortiGate’s
USB port. Tap on your FortiGate when it appears in the App.
4. Log in using username “admin” and no password.
5. Configure your device.

http://apple.co/2jVvQkZ

6
.
 2 SFP Transceivers

QuickStart Guide
Transmit Optical Bore SFP Cage Sockets

Receive Optical Bore

Extraction Lever Socket Latch

Caution:

SFP transceivers are static sensitive devices. Use an ESD wrist strap or similar grounding device when handling
transceivers.

Do not install or remove SFP transceivers while fiber-optic cables are still attached. This can cause damage to the
cables, cable connectors, and the optical interfaces. It may also prevent the transceiver from latching correctly into
the socket connector.

Do not force the SFP transceivers into the cage slots. If the transceiver does not easily slide in and click into place, it
may not be aligned correctly or may be upside down. If this happens, remove the SFP transceiver, realign it or rotate it
and slide it in again.

7
.
 A Installation
1. Ensure that you are properly grounded.
2. Remove the cap from the SFP cage socket on the front panel of the unit.
3. Position the SFP transceiver in front of the cage socket opening and ensure that the transceiver is
correctly oriented. When the transceiver is correctly oriented, the extraction lever will be level with
the socket latch.
Note: SFP cage socket orientation may vary. Ensure that the SFP transceiver is correctly oriented
each time that you are inserting a transceiver.
4. Hold the sides of the SFP transceiver and slide it into the cage socket until it clicks into place.

5. Press the transceiver firmly into the cage socket with your thumb.
6. Verify that the transceiver is latched correctly by grasping the sides of the transceiver and trying
to pull it out without lowering the extraction lever.
If the transceiver cannot be removed, it is installed and latched correctly.
If the transceiver can be removed, reinsert it and press harder with your thumb.
If necessary, repeat this process until the transceiver is securely latched into the cage socket.

8
.
 B Removal
1. Ensure that you are properly grounded. Note:

QuickStart Guide
2. If applicable, disconnect the fiber-optic cable from the transceiver connector and install a Installing and removing
clean dust plug in the transceiver’s optical bores. SFP transceivers can
3. Pull the extraction lever out and down to eject the transceiver. If you are unable to use your shorten their useful life.
finger to open the lever, use a small flat-head screwdriver or other similar tool to open the Do not install or remove
lever. transceivers more than is
necessary.

Follow proper fiber-optic

handling procedures
when installing
and removing SFP
transceivers to ensure
that the devices remain
clean and are not
damaged.

4. Hold the sides of the transceiver and carefully pull it away from the cage socket.

5. Replace the cap on the SFP cage socket and place the removed SFP transceiver into an
antistatic bag.

9
.
Free Licenses & Services for
FortiCare Registered FortiGates

Stay extra secure by using your phone as

second-factor authentication for remote
administration. Get extra tokens from your
reseller.

2 FortiToken Mobile Licenses

Manage security on your endpoints. Make remote access simple.

Keep your network clean and allow Use yourcompany.fortiddns.com
employees to bring devices. Add more instead of hard-to-remember or
client licenses via your reseller. changing IP addresses.

10 FortiClient Endpoint Licenses Fortinet DDNS Service

Free Licenses & Services for
FortiCare Registered FortiGates

Licenses & Subscriptions

Generate reports, backup configurations and
more with an easy-to-use cloud based portal.

FortiCloud 1GB
 Services Included with FortiCare Subscriptions

FortiCare is global 24/7 support for your Fortinet hardware & software

Get the latest product security updates Setup policies and track activities
and features. Stay with us and see the based on geography. Your FortiGate
product evolve. will intelligently identify where an IP is
originated or destined.

Firmware Updates Geo-IP Database Updates

Use cellphone technology as backup Identify device type and OS information.

Internet connection. We are always Great for organizations that allow
adding support for new third party employees to bring in devices and want
3G/4G + devices. to enforce device based policies.

USB Modem Database Updates Device Signatures Database Updates

. .
.
Licenses & Subscriptions
 First Day with FortiOS

Here are some things you can do to get started

with the power and simplicity of FortiOS

. .
 1 Register and Check Services 5 Customize Your Firewall
Make sure you are registered. This will ensure that Prevent incoming and outgoing traffic to the
your device is protected against the latest threats. requirements of your organization.
Click Policy > Policy and Create New.
Once this is done, check to ensure all your
purchased services are enabled by visiting
System>FortiGuard. Contact your Fortinet partner if
you experience any issues.
6 Setup Remote Access

Licenses & Subscriptions

Securely link one office to another, or allow
2 Run a Security Fabric Rating Check employees access essential resources from
locations outside the office.
Run a Security Fabric Rating check to identify
VPN > Create VPN Wizard.
potential vulnerabilities and highlight best practices
that could be used to improve your network’s
overall security and performance.

In the root FortiGate GUI, select Security Fabric > 7 Checkout All the Support
Security Rating and click Run Now.
http://forti.net/docs has a huge range of
documents to help you through every scenario.

3 Setup a Backup Cellular

Connection
Use a 3G or 4G modem as a backup or alternate 8 Feel the Power
Internet connection. Guides are available at http://
Your FortiGate is using components you won’t
cookbook.fortinet.com. If you are unable to get
see anywhere else. Most devices use a standard
a cellphone connection at the location of your
CPU that is good at most things but great at
FortiGate, purchase a FortiExtender.
none.

Within your device is a unique SoC (System on

4 Create a WiFi Network
Reduce cabling in your office with a FortiWifi or
FortiAP attached to a regular FortiGate.
After attaching a FortiAP, click WiFi Controller >
Managed Access Points > Managed FortiAPs and
enable the detected AP by clicking Edit then Allow.
a Chip) that combines several security-focused
technologies designed by Fortinet. While
our most powerful products have dedicated
CP (Content Processors) and NP (Network
Processors), our desktop models share all the
groundbreaking technological discoveries at a
great price and small form factor.

.
 Day Two with FortiOS

1 Use Mobile Tokens to Double Your Security

Android and iOS devices can be used as second factor authentication. This means that someone attempting to adminis-
ter the device will need both your mobile device and your password to be able to login.

Two mobile tokens are provided no-charge with your device. Please ensure that you have registered your FortiGate to
enable them.

To start with, you might want to add a secondary Admin account for yourself to use remotely. It will be more secure if you
use a mobile token with it.

Click Admin > Administrators from the left menu, select an administrator and Edit to configure the mobile token.

Users can also be assigned tokens. Users and Devices > Users select a user and Edit to configure the mobile token.

. .

2 Get Those ‘Nice to Haves’ Working
The FortiGate Cookbook is an excellent resource for
a quick walkthrough on features you didn’t think you
had time to setup.
3 Allow Personal Devices on Your
Network (BYOD)
Install FortiClient on Android, Windows and iOS
devices. Each instance of FortiClient can connect
to the FortiGate and self-install the security settings
you require. Download from FortiClient.com and
take a look at profile settings under User & Device >
Endpoint Protection > FortiClient Profiles.
.
Licenses & Subscriptions
4 Expand Your Wired Network
Use a FortiSwitch to maintain complete visibility
and control of the network regardless of how
users connect devices.
5 Start Monitoring
Once FortiCloud is enabled you can start
monitoring your bandwidth usage and
analyzing traffic logs. Create reports and send
them in scheduled updates to those that want
to be in-the-know.
Security Fabric

THIRD-GENERATION NETWORK SECURITY

BROAD
Visibility & Protection for the Digital
Attack Surface.

INTEGRATED
Detection of Advanced Threats.

AUTOMATED
Response & Continuous Trust
Assessment.
 APIs
Connectors

Security Fabric
Other Fabric Solutions

Open Endpoint
Ecosystem Security

Multi-Cloud Email
Security Security

Partner API FortiGate FortiClient FortiMail

Virtual Firewall

DevOps FortiGate
Cloud Firewall

Connectors FortiCASB

.
 Web Application Advanced
Security Threat Protection

Secure Management
Unified Access & Analytics

Security Fabric
FortiWeb FortiAP FortiSandbox FortiAnalyzer

FortiSwitch FortiManager

Network Access FortiSIEM

Control

.
 NETWORK SECURITY
Fortinet’s high-performance FortiGate firewalls—powered by our purpose-built OS, security
processors, and threat intelligence from FortiGuard Labs—provide consolidated, advanced
security and deep visibility that protects the network from known and unknown threats.

Chassis-based 5000 & 7000 Series

Form Factor Expandable, modular chassis
Interfaces 10, 40, and 100 GE
FW(TP) Throughput More than 1 Tbps (Up to 189 Gbps)
Special Features Carrier class, NEBS, fully redundant

FortiGate 5144C

FortiGate 7060E

High-end Appliance 1000 – 3000 & 6000 Series

Form Factor 2U – 5U appliance
Interfaces 10, 25, 40, and 100 GE
FortiGate 3200D
FW(TP) Throughput 52 Gbps – 1 Tbps (4 Gbps – 100 Gbps)
Special Features Ultra-low latency, ultra high-speed SSL inspection

FortiGate 6500F

Mid-range Appliance 100 – 900 Series

Form Factor 1U – 2U appliance

FortiGate 300E
Interfaces 1 and 10 GE
FW(TP) Throughput 7 Gbps – 36 Gbps (1 Gbps – 3 Gbps)
FortiGate 500E
Special Features High-speed SSL inspection
Entry-level Appliance 30–90 Series
Form Factor Desktop FortiGate 80E
Interfaces High-density 1 GE
FW(TP) Throughput 1 – 3.5 Gbps (150 Mbps – 250 Mbps)
Special Features Wi-Fi, PoE, ruggedized
FortiWiFi 60E

Virtual/Private Cloud Firewall

Private Cloud VM Public Cloud VM
Use Cases & All major hypervisors AWS, Microsoft Azure,
Integrations Cisco ACI, VMware NSX, OpenStack Google
Throughput Hardware dependent Cloud dependent
Licensing Perpetual, subscription, metered BYOL or on-demand

NEW PRODUCT SPOTLIGHT—FORTIGATE 7000 SERIES

Modular, resilient NGFW that offers high-performance

SSL inspection, Threat Protection, scalable Integrated
Routing, Multi-Tenancy and 100G port density

Security Fabric
Form Factor 6U-8U
Interfaces 10, 40, and 100 GE
NGFW Throughput 50 Gbps – 100 Gbps
TP Throughput 35 Gbps – 80 Gbps
SSL Inspection Throughput 60 Gbps – 100 Gbps

FortiGate 7060E

FortiGate 7030E FortiGate 7040E

 FortiASIC

Specialized chip design delivers more

processing power
Fortinet’s purpose-built architecture delivers
extremely high throughput and exceptionally
low latency and the world’s fastest firewall.
Computationally intensive security tasks demand
ASIC acceleration. Sub 10μs latency beats the
competition.
.
 Founded: Nov. 2000

First Product Release: May 2002

Fortinet IPO: Nov. 2009

NASDAQ: FTNT

Headquarters: Sunnyvale, California

Employees: 5,462

FY 2017 Revenue: $1.495B

Corporate Overview

Fortinet’s mission is to deliver the most innovative,

highest-performing network security fabric to secure and

About Fortinet
simplify your IT infrastructure. We are a leading global
provider of network security appliances for carriers, data
centers, enterprises, and distributed offices.

.
 The FortiGate Cookbook

Advanced installation and setup, networking, security policies

and firewall objects, security profiles, SSL VPN, IPsec VPN,
authentication, logging and reporting.
http://forti.net/cookbook

FortiGate System Administration Guide

The first steps in planning your configuration. Centralized

management, tightening security, and best practices.
http://forti.net/sysadmin

CLI Reference

Configuration of your device using the command line.

http://forti.net/cli

FortiOS Handbook

Definitive guide to configuring and operating FortiOS.

http://forti.net/handbook

Training Services

Course descriptions, availability, schedules, and locations of

training programs in your area.
http://forti.net/training

Fortinet.com
.