fortigate 60 manual
TRANSCRIPT
FortiGate UTM (V3.0)
TEL: (02)6600-9669
FAX: (02)6606-8689
FortiGate
port Nat Transparent admin NAT Transparent Server policy policy PPTP VPN policy SSL VPN policy
1
FortiGate
Fortigate UTM , Firewall , Anti-virus(),IDS/IPS (),Web-filter ( ),Anti-spam (),IM/P2P ,VPN IPSEC,PPTP,SSL ..,, ,,. IP . ,.
Fortigate 2 NAT ,Transparent , ,, 1. NAT : Router,NAT , Router Adsl , Port IP . 1 Nat
2. Transparent : Bridge , Router,Firewall,NAT , , port IP , IP (Manager ip), ip internet ,.
2
FortiGate
1
Tansparent
Fortigate ,, FGT-60,FGT-100A,FGT200A.FGT-400,FGT-400A. PORT, ,,, PORT . 1. Nat : , 1 Nat
Administrator Password: admin Internal ip/Netmask : ip , 192.168.1.99/255.255.255.0 External ip /Netmask : ip, ISP ,ADSL 3
FortiGate
IP , 61.218.84.132/255.255.255.0 DMZ/HA IP /Netmask : IP Default Gateway : , External port Router Adsl ip DNS Server IP : dns server , dns server 2. Transparent :, 1 Transparent
Administrator Password: admin Management ip : Web gui IP DNS Server ip: DNS
Fortigate 3 Web GUI : , Console CLI : , LCD : Note:Fortigate UTM , Web GUI
Web GUI 1. PC(NOTEBOOK) IP /Netmask 192.168.1.3 255.255.255.0 2. Crossover() Fortigate 4
FortiGate
internal port , Fortigate internal port port1 3. IE https://192.168.1.99 Web gui . 1 , accept()
1-2 admin Web GUI
5
FortiGate
1-3 Web GUI
CLI 1. PC(NOTEBOOK) serial port , Fotigate null-modem cable, Fortigate console port. 2. PC(NOTEBOOK) 3. , 1
6
FortiGate
4
admin CLI
Note : Fortigate CLI ,, Shift + ? ,.
7
FortiGate
port : 1 Fortigate port Fortigate Fortigate-60 Fortigate-100A Fortigate-200A Fortigate-400 Fortigate-400A PORT Internal(LAN) Internal Internal Internal Port1 Port1 PORT External (WAN) Wan1,Wan2 Wan1,Wan2 Wan1,Wan2 Port2 Port2 PORT dmz Dmz1,dmz2 Dmz1,dmz2 Port3,port4 Port3..port6
NAT : 1 NAT
8
FortiGate
Transparent : 2-3 Transparent
: CLI , # exec fac admin 1. CLI , maintainer bcpbFGTxxxxxxxxxxxxx bcpb +fortigate 2. ,30 admin # config system admin # edit admin # set password # end
9
FortiGate
Web GUI ,
NAT :1. https://192.168.1.99 , web gui 1 Name: admin Password:
2. 1 : System > Status > system information >system time >change
10
FortiGate
1-2
3.(port1) ip : : 192.168.1.99/255.255.255.0 1 : System >Network >Interface >port1 >edit
1-2 ip Netmask
11
FortiGate
4. (PORT2) IP : : 61.222.49.51/255.255.255.248 1 : System >Network >Interface >port2 >edit
1-2 ip netmask
5. DNS : DNS server ip DNS server ip 1 : System > Network >options dns ip
12
FortiGate
6. DHCP Server : Fotigate DHCP Server , DHCP Server 1 System >DHCP >Service>port1 >Servers >add DHCP server
7.admin 1 : System > Admin > Administrators > change password
1-2
******
13
FortiGate
8. 1 : System >maintenance >FortiGuard Center >AntiVirus and IPS Downloads Allow Push Update ,Scheduled Update
9.: Fortigate Router Adsl ip 1 : Router >Static > Static route > Create new
14
FortiGate
1-2 Gateway ip
10. Firewall policy : Firewall policy traffic , 1 policy ,Internal() Wan1() Wan1() Internal() Server policy (server vitural ip ) . NOTE:Server policy Server NAT policy Source interface Source address Destination interface Destination address Schedule Service Action NAT Protection profile Log Allowed Traffic ip ip protocol Accept() or deny () ip ip (antivirus,ips,im/p2p) Trafiic
15
FortiGate
1 : Firewall>policy >Create new
Note: policy ,. : Address 1 ip : 0.0.0.0/0.0.0.0
1-2 1 : 192.168.1.0/255.255.255.0
16
FortiGate
1-3
1 ip : 192.168.1.99 Netmask
1-4
1 ip : 192.168.1.[20-30]
11 Server policy : Server , Server IP ,Server , server ip , IP server ip , server . 1.Virtual ip : Server ip Fotigate 2 server ip 1.Static nat : ip 1 ip ip 1 : Firewall >Virtual ip >Create New
17
FortiGate
2.Port Forwarding : ip , 1 IP port number IP port 1-2 Firewall >Virtual ip >Create New >Port Forwarding
2. policy , policy ,policy address name Virtual ip , Server policy . server policy . 1-2 Server policy
18
FortiGate
Note: port1() port2() polciy port2 () port1() server policy NAT ., 1. Ping 168.95.1.1 internet 2. email
Transparent 1 https://192.168.1.99 , web gui 1 admin :
2 & IP 1 Transparent , IP
19
FortiGate
3. 1 : System > Status > system information >system time >change
1-2
4.DNS : DNS server ip DNS server ip 1-3 : System > Network >options DNS ip
20
FortiGate
5. admin 1 : System > Admin > Administrators > change password
1-2
******
6. 1 : System >maintenance >FortiGuard Center >AntiVirus and IPS Downloads Allow Push Update ,Scheduled Update
21
FortiGate
7. Firewall policy : Firewall policy traffic , Transparent 2 policy ,Internal() Wan1() Wan1() Internal() polciy . Transparent policy Source interface Source address Destination interface Destination address Schedule Service Action Protection profile Log Allowed Traffic all all protocol Accept() or deny () (antivirus,ips,im/p2p) Trafiic
1 : Firewall>policy >Create new
NOTE: 2 policy ,Internal() Wan1() Wan1() Internal() polciy , 1.Ping 168.95.1.1. internal 2. email22
FortiGate
policy Fortigate : 1 Anti-Virus 2 Web Filtering ( URL list) 3 FortiGuard Web Filtering ( Fortinet Web list Database ) 4 Spam Filtering ((BWL)) 5 FortiGuard Spam Filtering ( Fortinet Spam list Database) 6 IPS 7 IM/P2P ,, Anti-virus, IPS ,Anti-virus + IPS,IPS +IM/P2P Protection profile , polciy ,, policy ,. Protection profile Protection profile 1 :Firewall >protection profile >Create New
23
FortiGate
policy : 1. Protection profile Anti-virus 1 :Firewall >protection profile >Create New >Anti-virus
2. policy ,. 1-2 : Firewall>policy >Create new
IPS policy : 1. Protection profile IPS 1 :Firewall >protection profile >Create New>IPS
2. Policy , IPS . policy Policy .
24
FortiGate
IM Policy : 1.IM USER 1 : IM/P2P >USER >CONFIG
2. Protection profile IM 1-2 :Firewall >protection profile >Create New>IM/P2P
3. Policy , IM policy Policy P2P Policy 1. Protection profile P2P :Firewall >protection profile >Create New>IM/P2P
2. policy , p2p . policy Policy
25
FortiGate
Note:, protection profile , . policy , policy .
PPTP VPN Policy 1. User 1 : User >Local >Local>Create New
2.User group 1-2 : User Group >Create New
3. pptp vpn 1-3 : VPN > PPTP >PPTP Range >Create New
26
FortiGate
4. Address 1-4 :Firewall >Address>Create New
5 PPTP Policy 1-5 : Firewall>Policy >Create New
6. PPTP : Windows 2000/XP PPTP 1 (VPN)
27
FortiGate
2 IP : Fortigate Wan1 Port2 ip 1-2 PPTP : Fortigate wan1 ip
7. PPTP , 1 Fortigate PPTP ,
Note: .
28
FortiGate
SSL VPN Policy 1. SSL VPN / PPTP 2. (Type SSLVPN) 1 : User Group > Create New
3. SSL VPN 1-2 : VPN >SSL >Config
29
FortiGate
4. Address 1-3 : Firewall >Address>Create New
5. SSL VPN Plicy 1-4 : Firewall >Policy
6. SSL : Windows 2000/XP SSL 1. IE : Fortigate SSL Portal IP ( Wan1 port2 IP )
30
FortiGate
1-5 :IE > >>>
2. Fortigate SSL VPN Portal IE , https://61.218.84.130:10443 Note: 61.218.84.130 Fortigate Wan1 ip 1-6 Fortigate SSL VPN
31
FortiGate
3. Activate SSL-VPN Tunnel Mode ,
4. SSL , Link Status UP ,
Note: ,,.
32
FortiGate
. Fortigate ,, . 1. ******.pdf : Fortigate ,, anti-virus,ips,FortiGuard web filtering,spam filter . file. Note : contract number 2. 1 Fortinet https://support.fortinet.com/Login/UserRegistration.aspx 1 ()
3. , Fortinet support ,
33
FortiGate
1
2
Note:, 2 , Fortinet Fortinet support login , Fortinet support .
34
FortiGate
1 av/ips ******.pdf 2. https://support.fortinet.com/Login/UserLogin.aspx 1 Support Login
3., 3
35
FortiGate
WWW.FORTINET.COM WWW.PHITECH.COM.TW : 3 34 8F : : : (02)6600-9669 ext:619 Email : [email protected] Mobile: 0921-938-236
36