FortiGate UTM (V3.0)

TEL: (02)6600-9669

FAX: (02)6606-8689

FortiGate

port Nat Transparent admin NAT Transparent Server policy policy PPTP VPN policy SSL VPN policy

1

FortiGate

Fortigate UTM , Firewall , Anti-virus(),IDS/IPS (),Web-filter ( ),Anti-spam (),IM/P2P ,VPN IPSEC,PPTP,SSL ..,, ,,. IP . ,.

Fortigate 2 NAT ,Transparent , ,, 1. NAT : Router,NAT , Router Adsl , Port IP . 1 Nat

2. Transparent : Bridge , Router,Firewall,NAT , , port IP , IP (Manager ip), ip internet ,.

2

FortiGate

1

Tansparent

Fortigate ,, FGT-60,FGT-100A,FGT200A.FGT-400,FGT-400A. PORT, ,,, PORT . 1. Nat : , 1 Nat

Administrator Password: admin Internal ip/Netmask : ip , 192.168.1.99/255.255.255.0 External ip /Netmask : ip, ISP ,ADSL 3

FortiGate

IP , 61.218.84.132/255.255.255.0 DMZ/HA IP /Netmask : IP Default Gateway : , External port Router Adsl ip DNS Server IP : dns server , dns server 2. Transparent :, 1 Transparent

Administrator Password: admin Management ip : Web gui IP DNS Server ip: DNS

Fortigate 3 Web GUI : , Console CLI : , LCD : Note:Fortigate UTM , Web GUI

Web GUI 1. PC(NOTEBOOK) IP /Netmask 192.168.1.3 255.255.255.0 2. Crossover() Fortigate 4

FortiGate

internal port , Fortigate internal port port1 3. IE https://192.168.1.99 Web gui . 1 , accept()

1-2 admin Web GUI

5

FortiGate

1-3 Web GUI

CLI 1. PC(NOTEBOOK) serial port , Fotigate null-modem cable, Fortigate console port. 2. PC(NOTEBOOK) 3. , 1

6

FortiGate

4

admin CLI

Note : Fortigate CLI ,, Shift + ? ,.

7

FortiGate

port : 1 Fortigate port Fortigate Fortigate-60 Fortigate-100A Fortigate-200A Fortigate-400 Fortigate-400A PORT Internal(LAN) Internal Internal Internal Port1 Port1 PORT External (WAN) Wan1,Wan2 Wan1,Wan2 Wan1,Wan2 Port2 Port2 PORT dmz Dmz1,dmz2 Dmz1,dmz2 Port3,port4 Port3..port6

NAT : 1 NAT

8

FortiGate

Transparent : 2-3 Transparent

: CLI , # exec fac admin 1. CLI , maintainer bcpbFGTxxxxxxxxxxxxx bcpb +fortigate 2. ,30 admin # config system admin # edit admin # set password # end

9

FortiGate

Web GUI ,

NAT :1. https://192.168.1.99 , web gui 1 Name: admin Password:

2. 1 : System > Status > system information >system time >change

10

FortiGate

1-2

3.(port1) ip : : 192.168.1.99/255.255.255.0 1 : System >Network >Interface >port1 >edit

1-2 ip Netmask

11

FortiGate

4. (PORT2) IP : : 61.222.49.51/255.255.255.248 1 : System >Network >Interface >port2 >edit

1-2 ip netmask

5. DNS : DNS server ip DNS server ip 1 : System > Network >options dns ip

12

FortiGate

6. DHCP Server : Fotigate DHCP Server , DHCP Server 1 System >DHCP >Service>port1 >Servers >add DHCP server

7.admin 1 : System > Admin > Administrators > change password

1-2

******

13

FortiGate

8. 1 : System >maintenance >FortiGuard Center >AntiVirus and IPS Downloads Allow Push Update ,Scheduled Update

9.: Fortigate Router Adsl ip 1 : Router >Static > Static route > Create new

14

FortiGate

1-2 Gateway ip

10. Firewall policy : Firewall policy traffic , 1 policy ,Internal() Wan1() Wan1() Internal() Server policy (server vitural ip ) . NOTE:Server policy Server NAT policy Source interface Source address Destination interface Destination address Schedule Service Action NAT Protection profile Log Allowed Traffic ip ip protocol Accept() or deny () ip ip (antivirus,ips,im/p2p) Trafiic

15

FortiGate

1 : Firewall>policy >Create new

Note: policy ,. : Address 1 ip : 0.0.0.0/0.0.0.0

1-2 1 : 192.168.1.0/255.255.255.0

16

FortiGate

1-3

1 ip : 192.168.1.99 Netmask

1-4

1 ip : 192.168.1.[20-30]

11 Server policy : Server , Server IP ,Server , server ip , IP server ip , server . 1.Virtual ip : Server ip Fotigate 2 server ip 1.Static nat : ip 1 ip ip 1 : Firewall >Virtual ip >Create New

17

FortiGate

2.Port Forwarding : ip , 1 IP port number IP port 1-2 Firewall >Virtual ip >Create New >Port Forwarding

2. policy , policy ,policy address name Virtual ip , Server policy . server policy . 1-2 Server policy

18

FortiGate

Note: port1() port2() polciy port2 () port1() server policy NAT ., 1. Ping 168.95.1.1 internet 2. email

Transparent 1 https://192.168.1.99 , web gui 1 admin :

2 & IP 1 Transparent , IP

19

FortiGate

3. 1 : System > Status > system information >system time >change

1-2

4.DNS : DNS server ip DNS server ip 1-3 : System > Network >options DNS ip

20

FortiGate

5. admin 1 : System > Admin > Administrators > change password

1-2

******

6. 1 : System >maintenance >FortiGuard Center >AntiVirus and IPS Downloads Allow Push Update ,Scheduled Update

21

FortiGate

7. Firewall policy : Firewall policy traffic , Transparent 2 policy ,Internal() Wan1() Wan1() Internal() polciy . Transparent policy Source interface Source address Destination interface Destination address Schedule Service Action Protection profile Log Allowed Traffic all all protocol Accept() or deny () (antivirus,ips,im/p2p) Trafiic

1 : Firewall>policy >Create new

NOTE: 2 policy ,Internal() Wan1() Wan1() Internal() polciy , 1.Ping 168.95.1.1. internal 2. email22

FortiGate

policy Fortigate : 1 Anti-Virus 2 Web Filtering ( URL list) 3 FortiGuard Web Filtering ( Fortinet Web list Database ) 4 Spam Filtering ((BWL)) 5 FortiGuard Spam Filtering ( Fortinet Spam list Database) 6 IPS 7 IM/P2P ,, Anti-virus, IPS ,Anti-virus + IPS,IPS +IM/P2P Protection profile , polciy ,, policy ,. Protection profile Protection profile 1 :Firewall >protection profile >Create New

23

FortiGate

policy : 1. Protection profile Anti-virus 1 :Firewall >protection profile >Create New >Anti-virus

2. policy ,. 1-2 : Firewall>policy >Create new

IPS policy : 1. Protection profile IPS 1 :Firewall >protection profile >Create New>IPS

2. Policy , IPS . policy Policy .

24

FortiGate

IM Policy : 1.IM USER 1 : IM/P2P >USER >CONFIG

2. Protection profile IM 1-2 :Firewall >protection profile >Create New>IM/P2P

3. Policy , IM policy Policy P2P Policy 1. Protection profile P2P :Firewall >protection profile >Create New>IM/P2P

2. policy , p2p . policy Policy

25

FortiGate

Note:, protection profile , . policy , policy .

PPTP VPN Policy 1. User 1 : User >Local >Local>Create New

2.User group 1-2 : User Group >Create New

3. pptp vpn 1-3 : VPN > PPTP >PPTP Range >Create New

26

FortiGate

4. Address 1-4 :Firewall >Address>Create New

5 PPTP Policy 1-5 : Firewall>Policy >Create New

6. PPTP : Windows 2000/XP PPTP 1 (VPN)

27

FortiGate

2 IP : Fortigate Wan1 Port2 ip 1-2 PPTP : Fortigate wan1 ip

7. PPTP , 1 Fortigate PPTP ,

Note: .

28

FortiGate

SSL VPN Policy 1. SSL VPN / PPTP 2. (Type SSLVPN) 1 : User Group > Create New

3. SSL VPN 1-2 : VPN >SSL >Config

29

FortiGate

4. Address 1-3 : Firewall >Address>Create New

5. SSL VPN Plicy 1-4 : Firewall >Policy

6. SSL : Windows 2000/XP SSL 1. IE : Fortigate SSL Portal IP ( Wan1 port2 IP )

30

FortiGate

1-5 :IE > >>>

2. Fortigate SSL VPN Portal IE , https://61.218.84.130:10443 Note: 61.218.84.130 Fortigate Wan1 ip 1-6 Fortigate SSL VPN

31

FortiGate

3. Activate SSL-VPN Tunnel Mode ,

4. SSL , Link Status UP ,

Note: ,,.

32

FortiGate

. Fortigate ,, . 1. ******.pdf : Fortigate ,, anti-virus,ips,FortiGuard web filtering,spam filter . file. Note : contract number 2. 1 Fortinet https://support.fortinet.com/Login/UserRegistration.aspx 1 ()

3. , Fortinet support ,

33

FortiGate

1

2

Note:, 2 , Fortinet Fortinet support login , Fortinet support .

34

FortiGate

1 av/ips ******.pdf 2. https://support.fortinet.com/Login/UserLogin.aspx 1 Support Login

3., 3

35

FortiGate

WWW.FORTINET.COM WWW.PHITECH.COM.TW : 3 34 8F : : : (02)6600-9669 ext:619 Email : Jerrypan@phitech.com.tw Mobile: 0921-938-236

36