FortiGate-200 Administration Guide - andovercg.com

1 fortigate 200 Administration Guide POWER STATUS INTERNAL EXTERNAL DMZ. CONSOLE INTERNAL EXTERNAL DMZ. FortiGate-200 Administration Guide Version MR7. 3 December 2004. 01-28007-0004-20041203. Copyright 2004 Fortinet Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet Inc. FortiGate-200 Administration Guide Version MR7.

2 3 December 2004. 01-28007-0004-20041203. Trademarks Products mentioned in this document are trademarks or registered trademarks of their respective holders. Regulatory Compliance FCC Class A Part 15 CSA/CUS. CAUTION: RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. For technical support, please visit Send information about errors or omissions in this document or any Fortinet technical documentation to Contents Table of Contents Introduction .. 13. About fortigate Antivirus 13. Antivirus protection.

3 14. Web content filtering .. 14. Spam filtering .. 15. 15. VLANs and virtual 16. Intrusion Prevention System (IPS).. 17. 17. High availability .. 18. Secure installation, configuration, and management .. 18. Document conventions .. 19. fortigate documentation .. 21. Fortinet Knowledge Center .. 21. Comments on Fortinet technical 21. Related documentation .. 22. FortiManager documentation .. 22. FortiClient documentation .. 22. FortiMail 22. FortiLog documentation .. 23. Customer service and technical 23. System 25. Console 25. 26. Viewing system status.

4 26. Changing unit information .. 29. Session 32. Changing the fortigate 33. Upgrading to a new firmware version .. 33. Reverting to a previous firmware 35. Installing firmware images from a system reboot using the CLI .. 38. Testing a new firmware image before installing it .. 41. Installing and using a backup firmware image .. 43. System network .. 47. Interface .. 47. Interface 48. Configuring interfaces .. 53. 58. Zone settings .. 58. FortiGate-200 Administration Guide 01-28007-0004-20041203 3. Contents Management .. 59. DNS .. 61. Routing table (Transparent Mode).

5 61. Routing table list .. 61. Transparent mode route settings .. 62. VLAN overview .. 62. fortigate units and VLANs .. 63. VLANs in NAT/Route mode .. 63. Rules for VLAN 64. Rules for VLAN IP addresses .. 64. Adding VLAN subinterfaces .. 65. VLANs in Transparent 66. Rules for VLAN 68. Transparent mode virtual domains and VLANs .. 68. Transparent mode VLAN 69. Transparent mode VLAN 69. fortigate IPv6 71. System DHCP .. 73. Service .. 73. DHCP service settings .. 74. Server .. 75. DHCP server settings .. 76. Exclude range .. 77. DHCP exclude range 78. IP/MAC binding.

6 78. DHCP IP/MAC binding settings .. 79. Dynamic 79. System config .. 81. System time .. 81. 82. HA .. 84. HA configuration .. 85. Configuring an HA cluster .. 90. Managing an HA 94. 97. Configuring SNMP .. 97. SNMP community .. 98. fortigate 101. fortigate traps .. 101. Fortinet MIB fields .. 103. 4 01-28007-0004-20041203 Fortinet Inc. Contents Replacement messages .. 105. Replacement messages list .. 106. Changing replacement messages .. 107. 108. System Administration .. 109. Administrators .. 109. Administrators 110. Administrators options .. 110. Access 111.

7 Access profile list .. 112. Access profile options .. 112. System maintenance .. 115. Backup and 115. Backing up and 116. Update center .. 118. Updating antivirus and attack definitions .. 120. Enabling push updates .. 123. Support .. 125. Sending a bug report .. 126. Registering a fortigate unit .. 127. Shutdown .. 129. System virtual 131. Virtual domain properties .. 132. Exclusive virtual domain properties .. 132. Shared configuration settings .. 133. Administration and management .. 134. Virtual domains .. 134. Adding a virtual domain .. 135. Selecting a virtual 135.

8 Selecting a management virtual 135. Configuring virtual domains .. 136. Adding interfaces, VLAN subinterfaces, and zones to a virtual domain .. 136. Configuring routing for a virtual domain .. 138. Configuring firewall policies for a virtual domain .. 138. Configuring IPSec VPN for a virtual domain .. 140. Router .. 141. Static .. 141. Static route list .. 143. Static route options .. 144. FortiGate-200 Administration Guide 01-28007-0004-20041203 5. Contents Policy .. 145. Policy route 145. Policy route 146. RIP .. 146. General .. 147. Networks 148. Networks options.

9 149. Interface 149. Interface options .. 150. Distribute list .. 151. Distribute list 152. Offset list .. 153. Offset list options .. 153. Router 154. Access list .. 154. New access list .. 154. New access list entry .. 155. Prefix list .. 155. New Prefix list .. 156. New prefix list 157. Route-map 157. New Route-map .. 158. Route-map list 159. Key chain 160. New key 160. Key chain list 161. Monitor .. 162. Routing monitor list .. 162. CLI 163. get router info ospf .. 163. get router info protocols .. 163. get router info 164. config router ospf .. 164. config router 187.

10 189. Policy .. 190. How policy matching 190. Policy list .. 190. Policy 191. Advanced policy options .. 194. Configuring firewall policies .. 196. Policy CLI configuration .. 197. 6 01-28007-0004-20041203 Fortinet Inc. Contents 198. Address list .. 199. Address options .. 199. Configuring addresses .. 200. Address group list .. 201. Address group options .. 201. Configuring address 202. Service .. 203. Predefined service 203. Custom service 206. Custom service 207. Configuring custom 208. Service group list .. 209. Service group options .. 209. Configuring service groups.