FortiGate Version 3.0 MR5 Fortinet Inc. Copy Right 2008 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 2 FortiGate Administration Guide Version 3.0 MR5 30 August 2007 01-30005-0203-20070830 Copyright 2006 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc. Trademarks Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat Management System, FortiGuard, FortiGuard Antispam, FortiGuard Antivirus, FortiGuard Intrusion Prevention, FortiGuard Web Filtering, FortiLog, FortiAnalyzer, FortiManager, Fortinet, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 3 ................................................................................................... 19 ................................................................... 19 FortiGate .......................................................... 20 FortiGate-5000 series chassis ................................................... 20 FortiGate-5000 series modules ........................ 22 FortiGate-AMC modules ........................................................... 22 FortiGate-3810A ...................................................................... 23 FortiGate-3600A ...................................................................... 23 FortiGate-3600 ........................................................................ 23 FortiGate-3000 ........................................................................ 23 FortiGate-1000A ...................................................................... 24 FortiGate-1000AFA2 ................................................................. 24 FortiGate-1000 ........................................................................ 24 FortiGate-800 ......................................................................... 24 FortiGate-800F ....................................................................... 25 FortiGate-500A ........................................................................ 25 FortiGate-500 .......................................................................... 25 FortiGate-400A ........................................................................ 25 FortiGate-400 ......................................................................... 25 FortiGate-300A ....................................................................... 26 FortiGate-300 .......................................................................... 26 FortiGate-224B ........................................................................ 26 FortiGate-200A ........................................................................ 26 FortiGate-200 .......................................................................... 27 FortiGate-100A ........................................................................ 27 FortiGate-100 .......................................................................... 27 FortiGate-60B .......................................................................... 27 FortiWiFi-60B .......................................................................... 27 FortiGate-60/60M/ADSL ........................................................... 28 FortiWiFi-60/60A/60AM ............................................................ 28 FortiGate-50B .......................................................................... 28 FortiGate-50A ........................................................................ 28 Fortinet ............................................................ 29 FortiGuard Subscription Services ............................................... 29 FortiAnalyzer ........................................................................... 29 FortiClient ............................................................................... 29 FortiManager ........................................................................... 30 FortiBridge ............................................................................ 30 FortiMail .................................................................................. 30 ................................................................................. 30 (Convention) ......................................................... 32 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 4 FortiGate ............................................................ 33 Fortinet CD ........................................... 34 Fortinet Knowledge Center ....................................................... 34 Comments on Fortinet technical documentation ........................ 34 ................................. 35 Fortinet .................................. 35 Web-based manager .......................................................................... 37 ................................................... 38 (Contact Customer Support) ..... 38 FortiGate ...................................................... 38 (Using the Online Help) ........... 39 Logout ................................................................................... 41 web-based manager ..................................................... 42 Menu web-based manager ................................................ 42 Lists ........................................................................................ 43 web-based manager .................. 43 .................................................................................... 46 .................................................................................... 49 ............................................................................. 49 ........................................................... 49 ...................................................... 58 ............................................................ 58 Host name FortiGate ........................ 59 Firmware FortiGate ........................ 59 upgrade firmware ............................................. 60 firmware ................................ 60 ................................................................. 61 FortiGuard AV manual ............ 62 .................................................................... 63 ............................................ 63 ..................................................... 64 log .................................................... 65 ........................................... 67 ............................................ 67 subnet ................................................................... 69 .................................................... 70 virtual domain ......................................................................... 71 Virtual domains ................................................................................ 71 VDOM ......................................................... 72 ............................................................ 73 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 5 VDOMs ................................................................. 74 VDOMs .................................... 74 VDOMs ................... 75 interface VDOM .................................................... 75 VDOM .................................................... 76 VDOM ............................................ 77 ...................................................................................... 79 Interface .................................................................................... 79 Switch Mode ........................................................................... 82 interface .................................................................... 83 ADSL Interface .................................................... 85 aggregate interface 802.3ad ........................................ 86 redundant interface .................................................... 87 DHCP interface ........................................... 88 PPPoE PPPoA interface .......................... 90 Dynamic DNS service interface ..................... 91 virtual IPSec interface .......................................... 92 Interface CLI ..................................... 93 interface .............................................. 94 Zone ........................................................................................... 98 zone .......................................................................... 98 .................................................................... 99 DNS Servers .......................................................................... 100 Dead gateway ...................................................... 100 routing ( transparent) ..................................... 101 route transparent mode ....................................... 101 interface ............................................. 101 .................................... 102 redundant mode ............................................. 104 standalone mode ............................................... 105 firewall policy . ....................... 106 ............................... 106 .................................................. 106 VLAN ........................................................... 107 FortiGate VLANs ................................................. 107 VLAN NAT/Route mode ....................................................... 108 Rules VLAN IDs............................................................... 108 Rules VLAN IP addresses ................................................. 108 VLAN subinterface ...................................................... 109 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 6 VLANs Transparent mode ................................................... 110 Rules VLAN IDs ........................................................... 112 Virtual domain VLANS transparent mode ................... 112 ARP ......................................................... 115 FortiGate IPv6 .............................................. 115 ........................................................................................ 117 FortiWiFi-50B power over Ethernet (POE) ..... 117 Interface FortiWiFi wireless ............................................. 117 (channel) .......................................................... 118 IEEE 802.11a ........................................... 118 IEEE 802.11b ........................................... 119 IEEE 802.11g ........................................... 119 FortiWiFi-50B, 60A, 60AM, 60B .................................................................................... 120 interface FortiWiFi-50B, 60A, 60AM, 60B ...................................................................................... 122 FortiWiFi-60 ............................................. 124 MAC Filter ........................................................ 126 MAC filter FortiWiFi-50B, 60A, 60AM, 60B ...................................................................................... 126 MAC filter FortiWiFi-60 .................................................... 127 Wireless ................................................... 128 DHCP ........................................................................................ 130 DHCP servers relays FortiGate ....................... 130 DHCP .............................................................. 131 interface DHCP relay agent ................... 132 DHCP server .................................................. 132 address leases .......................................................... 133 IP address specific clients .......................... 134 System Config .................................................................................. 135 HA ............................................................................................ 135 HA ........................................................................ 135 cluster member .......................................................... 139 HA ......................................................... 141 host name device priority subordinate unit . 142 cluster unit cluster .............................. 143 SNMP ...................................................................................... 143 SNMP ................................................................ 144 SNMP community ....................................... 144 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 7 Fortinet MIBs ..................................................................... 147 FortiGate traps ..................................................................... 148 Field () Fortinet MIB ......................................... 150 Replacement messages .......................................................... 152 replacement messages ................................................ 153 replacement message ..................................... 154 login ............................. 156 FortiGuard web filtering block override ....... 157 SSL-VPN login ..................................... 157 authentication disclaimer ........................... 157 Host Check ( FortiGate-224B ) .................................................................................. 157 Operation mode and VDOM management access ................... 158 ........................................................ 159 Management access .............................................................. 160 System Administrators .................................................................... 161 Administrators ........................................................................ 161 RADIUS authentication administrators ............ 163 PKI certificate authentication administrators . 164 administrators ................................................ 165 administrator account ................................. 166 (Access profiles) ..................................... 169 access profile ................................................ 172 access profile ..................................................... 172 Central management () ............................. 173 ................................................................................... 175 Monitoring administrators ...................................................... 176 System Maintenance ........................................................................ 179 maintenance system .................................. 179 (Backup and Restore) ........................... 181 Firmware .............................................................................. 183 FortiClient ............................................................................ 183 Firmware Upgrade ................................................................. 184 Advanced .............................................................................. 184 Revision control () ..................................... 185 FortiGuard Center .................................................................... 186 FortiGuard Distribution Network ............................................ 186 FortiGuard Services ................................................................ 187 Configuring the FortiGate unit for FDN and FortiGuard services 188 Troubleshooting FDN connectivity .......................................... 193 update antivirus ................. 193 push update ................................................... 195 License ..................................................................................... 199 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 8System Chassis (FortiGate-5000 series) ........................................ 201 SMC (shelf manager card) ...................................................... 201 Blades (FortiGate-5000 chassis slots) ..................................... 202 event log monitoring chassis ........... 204 Switch (FortiGate-224B) .................................................................. 207 ..................................................................................... 207 switch view .............................................................. 208 WAN ports WAN VLAN interfaces ...................... 208 switch-LAN ports ..................................................... 209 switch-LAN interface .................. 210 switch VLANs ........................................................... 211 switch VLAN .............................. 212 port monitoring ......................... 213 Spanning-Tree Protocol ................................................ 214 Spanning-Tree ........................... 215 Spanning-Tree VLAN ........................ 216 Spanning-Tree VLAN ................................. 218 Spanning-Tree VLAN port ................. 218 IGMP snooping .......................... 218 QoS ..................................................................... 218 QoS ......................................................................... 219 CoS-Map .................................. 219 DSCP-Map ............................... 219 QoS rate limit ......................................................... 219 QoS rate limit ............................................................ 220 port quarantine ................. 220 client profile ........................................................... 221 client profile .............................. 221 access policies ........................................................ 222 access policy ............................... 223 dynamic policy ............................ 224 quarantine policies .................................................. 224 dynamic policies .......................... 224 802.1X authentication .............. 226 switch status ............................................................ 227 monitoring access results ................................................. 227 quarantine port ............................................... 227 MAC table ............................................................... 228 MAC table ...................................................... 228 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 9 ..................................................................... 229 Router Static ................................................................................... 231 Routing ................................................................... 231 routing table ............................................... 232 Routing ............................................ 232 Multipath routing route ..................... 232 Route sequence route priority .......................... 233 Equal Cost Multipath (ECMP) Routes ....................................... 234 Blackhole Routing .................................................................. 234 Static Route ............................................................................ 235 static routes ....................................................... 235 Default route Default gateway ......................................... 236 static route routing ............................... 238 Policy Route ............................................................................ 239 route policy ............................................................. 240 route policy ............................................................. 241 Router Dynamic ............................................................................... 243 RIP ......................................................................................... 244 RIP .................................................................. 244 basic RIP .............................. 244 advanced RIP ................................................ 246 RIP interface .............. 247 OSPF ........................................................................................ 248 OSPF autonomous systems .................................................... 249 OSPF AS ............................................................... 249 OSPF .................................... 250 advanced OSPF ............................................. 252 OSPF areas ........................................................... 253 OSPF networks ................................................... 255 OSPF interface ..................... 255 BGP ......................................................................................... 257 BGP ................................................................. 257 BGP ........................................ 258 Multicast ................................................................................. 259 multicast ........................... 260 multicast settings interface ................................. 261 Multicast destination NAT ....................................................... 262 Bi-directional Forwarding Detection (BFD) ............................. 262 ........................................................................ 262 BFD.................................. 263 Router ....................................................................... 265 routing ...................................................... 265 FortiGate ............................................................ 267 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 10Firewall Policy ................................................................................. 269 firewall policy .............................................................. 269 Multicast policies ................................................................... 270 policy ................................. 270 firewall policy list ..................................................... 271 firewall policy ............................................................. 272 policy policy list ..................... 273 firewall policy ........................................... 273 Firewall policy options ............................................................ 275 intra-VLAN firewall policies ( FortiGate-224B ) ................................................ 279 firewall policy ............................... 280 traffic shaping firewall policy .......................... 282 IPSec firewall policy options ................................................... 285 SSL-VPN firewall policy options ............................................. 286 FortiClient host ........................ 287 Firewall policy ............................................................. 287 : ................................................ 288 : ............................................... 290 Firewall Address .............................................................................. 294 firewall addresses ....................................................... 294 firewall address list ................................................. 295 address group ........................................... 296 address group list .................................................... 296 address group ........................................... 297 Firewall Service ................................................................................ 298 service list .................................... 298 service list .............................................. 302 ................................................ 302 service group list ..................................................... 304 service group ............................................ 305 Firewall Schedule ............................................................................. 306 list schedule one-time ............................... 306 schedule one-time ............................. 307 list schedule recurring ............................... 307 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 11 schedule recurring ......................... 308 Firewall Virtual IP ............................................................................ 310 Virtual IPs ................................................................................ 310 Virtual IPs map connection FortiGate unit ............................................................................................ 310 list virtual IP ..................................................... 314 virtual IP ................................................... 315 static NAT virtual IP IP address .............. 317 static NAT port forwarding IP address .... 318 static NAT port forwarding IP address .. 319 static NAT virtual IP IP address ............. 320 port ........................................................................ 321 port ..................................................................... 322 server load balance virtual IP ...................................... 324 server load balace port forwarding virtual IP ................ 326 dynamic virtual IP ...................................................... 328 virtual IP port ....................... 329 Virtual IP Groups ..................................................................... 329 list VIP group .................................................... 329 VIP group .................................................. 330 IP pools .................................................................................... 330 IP pools dynamic NAT ..................................................... 331 IP pool firewall policy fixed port ............................ 331 IP address source IP pool address .................. 331 list IP pool ......................................................... 332 IP pool ....................................................... 333 Double NAT: IP pool virtual IP ............................. 333 Firewall Protection Profile ............................................................... 335 protection profile ? ....................................................... 335 protection profile ................................................. 336 list protection profile ........................................ 336 protection profile ...................................... 337 Antivirus .............................................................. 338 web filtering .............................................................. 339 FortiGuard Web Filtering ....................................... 341 Spam filtering ...................................................... 344 IPS options ........................................................................... 347 Content archive options ......................................................... 347 IM and P2P options .............................................................. 349 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 12 VoIP options ........................................................................ 350 Logging options .................................................................... 350 protection profile policy ................................ 352 protection profile CLI ................................ 352 VPN IPSEC ........................................................................................ 353 IPSec interface ............................................. 353 Auto Key .................................................................................. 355 phase 1 ................................. 355 advance phase 1 .......................... 359 phase 2 ................................. 362 advance phase 2 .......................... 363 .................................. 366 Manual Key .............................................................................. 366 key manual ..................... 367 Concentrator ........................................................................... 370 concentrator ......................................... 370 Monitor .................................................................................... 371 VPN PPTP ......................................................................................... 374 PPTP Range .................................................................................. 374 VPN SSL ......................................................................................... 376 Configuring SSL VPN ...................................................................... 376 Monitoring SSL VPN sessions ......................................................... 378 SSL VPN bookmarks ...................................................................... 379 SSL VPN bookmark list ..................................................... 379 SSL VPN bookmark ............................................ 379 SSL VPN Bookmark Groups list ......................................... 380 SSL VPN bookmark groups ................................. 381 VPN Certificates .............................................................................. 383 Local Certificates .................................................................... 383 certificate request) .................................................... 384 certificate request ............................... 386 import server certificate sign .................................. 387 import server certificate private key export ................................................................................... 387 import server certificate private key ......... 388 Remote Certificates ................................................................. 388 import Remote (OCSP) certificate ..................................... 389 CA Certificates ......................................................................... 389 import CA certificate ........................................................ 390 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 13 CRL ......................................................................................... 391 import list certificate .................................. 391 User ......................................................................................... 393 user authentication ................................... 393 Local user accounts ................................................................ 394 user account ............................................ 394 RADIUS servers ...................................................................... 395 RADIUS server ......................................... 395 LDAP servers ........................................................................... 396 LDAP server ............................................. 397 PKI authentication ................................................................. 399 PKI user ................................................... 400 Windows AD servers ............................................................... 400 Configuring a Windows AD server ........................................... 401 User groups.............................................................................. 401 user group ............................................................... 402 User group list ....................................................................... 404 user group ............................................... 404 FortiGuard override option user group .................................................................................... 405 user group SSL VPN .......... 407 peer peer group .................................. 410 authenticate ........................................................ 410 AntiVirus ......................................................................................... 413 ..................................................................... 413 antivirus .......................................................... 413 FortiGuard antivirus ............................................................... 414 Antivirus .............................................. 415 ......................................................................................... 416 catalog ......................................... 416 ............................................ 417 ................................................ 417 .............................................. 418 Quarantine ....................................................................................... 418 quarantined ..................................... 419 autosubmit .................................................... 420 autosubmit ........................................... 420 quarantine ........................................ 421 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 14Config ........................................................................................ 423 ............................................................... 423 grayware ....................................................... 424 Antivirus CLI ............................. 426 system global optimize ......................................................... 426 config antivirus heuristic ...................................................... 426 config antivirus quarantine ..................................................... 426 config antivirus service ............................... 426 (Intrusion Protection) ....................................... 427 ....................................... 427 IPS ................................................... 428 IPS ....................................................................... 428 Predefined signatures ............................................................. 429 Predefined signatures ..................................... 429 display filters ............................................................... 431 predefined signatures ................................. 431 IPS predefined signatures ................................................ 432 Signature (Custom signatures) ........... 433 custom signature...................................... 433 custom signature ..................................................... 434 Protocol Decoders.................................................................... 435 protocol decoders .......................................... 435 protocol decoders ............................. 436 IPS protocol decoder ................................... 436 Anomalies () ........................................................ 436 traffic anomaly ............................................... 437 IPS traffic anomalies ........................ 438 IPS CLI configuration ............................................................. 438 system autoupdate ips ........................................................... 438 ips global fail-open ................................................................ 439 ips global ip_protocol ............................................................. 439 ips global socket-size ............................................................. 439 (config ips anomaly) config limit ............................................ 439 (Web Filter) ........................................................... 440 web filter ................................................... 440 Web filtering ...................................................... 440 Web filter controls .................................................................. 441 Content block ( ) ............................................... 443 list catalog web content block ........................... 443 web content block list ..................................... 444 web content block list .............................................. 444 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 15 web content block list ................................. 445 web content exempt list catalog ............................... 446 web content exempt list .................................. 447 web content exempt list .......................................... 447 web content exempt list ............................ 448 URL filter ( URL) ........................................................... 449 web content exempt list catalog ............................... 449 web content exempt list ................................... 450 URL filter list ........................................................... 450 URL filter list .............................................. 451 URLs URL filter list ........................................ 452 FortiGuard - Web Filter ............................................................ 453 FortiGuard Web Filtering ............................. 454 override list ............................................................ 454 override rules .................................................... 455 local categories ......................................................... 457 local rating list ........................................................ 457 local ratings .......................................................... 458 category block CLI ....................................... 459 FortiGuard Web Filtering ....................................... 459 Antispam ......................................................................................... 461 Antispam .................................................................................. 461 spam ........................................................... 461 Anti-spam filter controls ....................................................... 462 ................................................................................. 464 antispam .......................... 464 antispam. .................................. 465 antispam ................................. 465 antispam ............................ 466 Black/White List ..................................................................... 467 antispam IP address ...................................... 467 antispam IP address ................................. 469 antispam email address .......................... 469 antispam email address ............................. 470 antispam email address ................................ 470 antispam email address ........................... 471 antispam .......................................... 472 config spamfilter mheader .................................................... 472 config spamfilter dnsbl ........................................................... 472 Using Perl regular expressions ................................................ 473 Regular expression vs. wildcard match pattern ........................ 473 Word boundary .................................................................... 473 Case sensitivity ..................................................................... 474 Perl regular expression formats .............................................. 474 Example regular expressions ................................................ 475 IM, P2P & VoIP ................................................................................ 477 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 16 ..................................................................................... 477 IM/P2P ...................................... 479 IM/P2P options ..................................... 479 IM/P2P/VoIP options protection profile 480 IM/P2P applications ...................... 480 ............................. 480 ........................................................................... 481 ................................................ 481 ............................. 482 ......................................................................................... 483 ..................................................... 483 .............................................................. 484 ........................................ 484 IM ...................... 485 ........................................................................... 487 FortiGate .......................................................... 487 FortiGuard ......................................................... 488 FortiGuard .................................. 489 ..................................................... 489 High Availability cluster ........................................... 490 ......................................................................... 490 FortiAnalyzer unit ........................................ 490 FortiAnalyzer ................. 491 FortiAnalyzer ............................ 492 ........................................................ 493 Syslog server ............................................... 494 WebTrends ................................................. 495 FortiGuard Analysis Service ...................... 495 account ............................................................ 496 FortiGuard Analysis server ............................ 497 FortiGuard Analysis server ...................... 497 FortiGuard Analysis .................................................... 498 ............................................................................. 499 traffic (traffic log) .................................................... 499 .................................................................. 500 Antivirus .................................................................. 501 ................................................................ 501 ................................................................... 502 spam .......................................................... 502 IM P2P ............................................................. 502 VoIP........................................................................ 503 ..................................................................... 503 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 17 ............................. 504 hard disk ................................. 504 FortiAnalyzer unit ........................ 505 FortiGuard Analysis server ........ 506 ............................................................ 506 .......................................... 507 .................................................................... 507 ........................................................ 508 .................................................................................. 509 .................................................. 509 content archive ....................................................... 510 Email .......................................................................... 511 Alert Email ............................................... 511 ...................................................................................... 513 traffic ........................................................... 513 FortiAnalyzer .............................................................. 514 FortiAnalyzer .................................. 514 FortiAnalyzer FortiGate ..................... 522 FortiAnalyzer ............................... 522 FortiAnalyzer ................................................ 522 FortiAnalyzer .................................................. 523 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 18 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 19 Fortinet FortiGateTM ASIC(accelerated multi-threat security systems) FortiGate ICSA Antivirus, Firewall, IPSec, SSL-TLS, IPS, AntiSpyware FortiGate (Intrusion protection) (Spam filtering) (Web content filtering) IM P2P VoIP Firewall IPSec SSL VPN (Traffic shaping) (User authentication) (Logging) FortiAnalyzer (Administrative profiles) (Secure web) CLI SNMP FortiGate Fortinets Dynamic Threat Prevention System (DTPS) Chip (Content analysis) ASIC : FortiGate FortiGate FortiGate FortiGate. FortiOS v3.0 MR5 FortiOS v3.0 MR5 FortiOS v3.0 Upgrade Guide FortiGate 224B - FortiGate 224B (Switch Firewall) VLAN trunking Switch Switch (FortiGate-224B only) 207 FortiGuard Upgrade Firmware FortiGuard Center 186 Interface Alias Interface Port 4 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 20 Port 4 Interface settings 83 PKI - FortiOS 3.0MR5 PKI Local certification PKI authentication 384 USB key - FortiOS 3.0MR5 USB key Backup and Restore 181 VDOM VDOM Antivirus VDOM VDOM NAT multicast PIM-SIM environment NAT Multicast streaming NAT / Multicast Firewall Policy Firewall policy IP Address Policy ID IPv6 IPSec IPv6 IPSec IPv6 IPSec VPN FortiGate IPv6 Support Bookmark SSL-VPN group Bookmark SSL-VPN SSL VPN bookmarks 365 upload hard disk FortiAnalyzer FortiGate Hard disk upload log file FortiAnalyzer FortiGate FortiGate Unified Threat Management Systems SOHO Antivirus, , Firewall, VPN, / FortiGate-5000 series chassis FortiGate-5000 Chassis based MSSPs Firewall, VPN, Antivirus, Spam Filtering, Web Filtering (IPS) FortiGate-5000 FortiGate-5000 Chassis based (hot-swappable) FortiGate 5000 (hot-swappable) (Modular) 1: FortiGate-5000 chassis FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 21 FortiGate -5140 chassis FortiGate-5000 14 14 slot FortiGate -5140 ATCA chassis FortiGate -5140 12U chassis swappable DC power entry -48 VDC Data Center DC power FortiGate -5140 FortiGate -5050 chassis FortiGate-5000 5 5 slot FortiGate -5050 ATCA chassis FortiGate -5050 5U chassis DC -48 VDC Data Center DC power FortiGate -5050 FortiGate -5020 chassis FortiGate-5000 2 slot FortiGate -5020 ATCA chassis FortiGate -5020 4U chassis AC DC AC FortiGate -5020 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 22 FortiGate-5000 FortiGate-5000 HA Cluster FortiGate-5000 Hot swappable FortiGate-5000 Interface gigabit Virtual domain FortiGate FortiOS Carrier FortiGate-500 FortiGate -5005FA2 Module FortiGate -5005FA2 Module Interface gigabit Fortinet FortiGate -5005FA2 Module 802.1Q VLANS, Virtual domain domain FortiGate -5005FA2 Module Fabric backplane switching Base switch FortiOS Carrier MMS content processing GTP protection FortiGate -5001SX Module FortiGate -5001SX Module Interface gigabit Fortinet FortiGate -5001SX Module 802.1Q VLANS, Virtual domain domain FortiGate- 5000 Fabric backplane switching Base switch FortiOS Carrier MMS content processing GTP protection FortiGate -5001FA2 Module FortiGate -5001FA2 Module Interface gigabit FortiGate -5001FA2 Module FortiGate -5001SX Interface FortiGate -5001FA2 Fortinet FortiGate -5002FB2 Module FortiGate -5002FB2 Module Interface gigabit Interface FortiGate -5002FB2 Fortinet FortiGate-AMC modules FortiGate-AMC modules ( FortiGate-ADM-XB2, FortiGate-ASM-FB4, FortiGate-ASM-SO8) Interface , hard disk FortiGate FortiGate-3600A FortiGate-3810 slot AMC FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 23 FortiGate-3810A FortiGate-3810A Carrier class CPUs chips FortiASIC 26 Gbps FortiGate-3810A Interface 10/100/1000 Interface SFP ASM two dual-width two single Width FortiGate-3600A FortiGate-3600A Carrier class CPUs chips FortiASIC 4 Gbps FortiGate-3600A Redundant Power Supply single-point failures, Load-balanced FortiGate-3600 FortiGate-3600 Carrier class CPUs chips FortiASIC 4 Gbps FortiGate-3600 Redundant Power Supply single-point failures, Load-balanced FortiGate-3600 FortiGate-3000 FortiGate-3000 Carrier class CPUs chips FortiASIC 3 Gbps FortiGate-3000 Redundant Power Supply single-point failures, Load-balanced redundant failover FortiGate-3600 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 24 FortiGate-1000 A FortiGate-1000A FortiGate-1000A FortiGuard Subscription Fortinet FortiGuard Distribution , worms, Trojans FortiGate-1000A IM, P2P VOIP Identity spyware, phishing pharming attack FortiGate-1000 AFA2 FortiGate-1000AFA2 FortiGate-1000AFA2 port Fortinets FortiAccel FortiGate-1000AFA2 FortiGate-1000 FortiGate-1000 FortiGate-1000 CPUs chips FortiASIC 2 Gbps FortiGate-1000 Redundant Power Supply single-point failures, Load-balanced redundant failover FortiGate-800 FortiGate-800 ( ) VLAN Virtual domain FortiGate-800 stateful failover HA FortiGate FortiGate-800 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 25 FortiGate-800F FortiGate-800F FortiGate-800 DMZ and HA interfaces FortiGate-800 stateful failover HA Routing protocol OSPF RIP FortiGate-800F FortiGate-500A FortiGate-500A Carrier class 10 ( 4-port LAN) failover session loss FortiGate-500A FortiGate-500A FortiGate-500 FortiGate-500 FortiGate-500 FortiGate-500 High Availability (HA) FortiGate-400A FortiGate-400A FortiGate-400A High Availability (HA) failover session loss FortiGate-400 FortiGate-400 FortiGate-400 500 Mbps High Availability (HA) failover session loss FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 26 FortiGate-300A FortiGate-300A FortiGate-300A High Availability (HA) failover session loss FortiGate-300 FortiGate-300 High Availability (HA) failover session loss FortiGate-300 FortiGate-224B FortiGate-224B layer-2 layer-3 FortiGate-224B: Firewall view FortiGate Firewall view FortiGate-224B 28 Interface Switch mode port 1 port 26 switch port swlan interface Switch menu (Web-based manager) HA switch view Switch (FortiGate-224B only) 207 Route VLAN port-based Firewall Firewall switch port Firewall switch port FortiGate-200A FortiGate-200A (small office, home office) FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 27 FortiGate-200 FortiGate-200 FortiGate-200 FortiGate-200 HA FortiGate-100A FortiGate-100A FortiGate-100A 802.1Q VLAN, virtual domain Routing protocol OSPF RIP FortiGate-100 FortiGate-100A SOHO, SMB FortiGate-100A 802.1Q VLAN, virtual domain, high availability (HA), Routing protocol OSPF RIP FortiGate-60B FortiGate-160B (telecommuters) FortiGate-60B antivirus network-based, , firewall, VPN, , FortiGate-60B PC card ( PCMCIA) Type II PC Card based 3G wireless broadband MiniPCI Card based IEEE802.11b/g WiFi broadband 3G FortiGate-60B 2-port FXO VOIP Card VOIP FortiWiFi-60B FortiWiFi-60B FortiWiFi-60B antivirus network-based, , firewall, VPN, , FortiWiFi-60B 802.11a/b/g slot PCMCIA card 2-port FXO VOIP Card VOIP FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 28 FortiGate-60/60M/ADSL FortiWiFi-60 FortiWiFi-60 port FortiWiFi-60M FortiGate-60ADSL ADSL FortiWiFi-60/60A/60AM FortiWiFi-60 Wirelss LAN FortiWiFi Antivirus Firewall upgrade FortiWiFi-60 FortiGate-50B FortiGate-50B 10-50 FortiGate-50B WAN interface interface Redundant connection FortiGate-50B 3 port HA FortiGate-50B FortiGate-50A FortiWiFi-50A FortiWiFi-50A port FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 29 Fortinet Fortinet Software Hardware , logging, , , FortiGate Unified Threat Manager Systems www.fortinet.com/products FortiGuard Subscription Services FortiGuard Subscription Services Fortinet security FortiGuard services FortiGuard Center www.fortiguard.com FortiAnalyzer FortiAnalyzer (Vulnerabilities) FortiAnalyzer : log FortiGate syslog FortiClient log FortiGate (Quarantine) FortiAnalyzer Firewall log hard disk FortiAnalyzer FortiClient Host Security software FortiClient Desktop Laptop Microsoft Windows FortiClient : VPN Windows FortiClient (Silent installation) FortiClient FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 30FortiManager FortiManager () FortiGate FortiManager Fortigate log FortiGate FortiManager FortiBridge FortiBridge FortiGate transparent mode FortiGate FortiBridge bypass FortiGate FortiBridge FortiBridge FortiGate FortiMail FortiMail FortiMail FortiGuard Antispam/Antivirus support, heuristic scanning, greylisting, Bayesian scanning FortiOS FortiASIC FortiMail antivirus FortiGate Version 3.0 MR5 Web-based manager FortiGate FortiGate CLI Web-based manager Web-based manager Web-based manager FortiGate FortiGate virtual domains System menu, Router menu, Firewall menu, VPN menu User, AntiVirus, (Intrusion Protection), (Web Filter), AntiSpam, IM/P2P, Log & Report FortiGate page Fortinet Technical Documentation FortiGate web-based manager online help FortiOS v3.0 FortiGate Fortinet Technical Documentation Fortinet Knowledge Center FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 31 : Web-based manager FortiGate web-based manager web-based manager online help System Status System Status FortiGate FortiGate Serial number, uptime, FortiGuard license, , firmware , hostname, FortiGate 50-60 Using virtual domains Virtual domains FortiGate multiple virtual FortiGate units firewall routing System Network physical interfaces virtual interfaces DNS FortiGate System Wireless Wireless LAN interface FortiGate-60 System DHCP interface Fortigate DHCP server DHCP relay agent System Config HA virtual clustering, SNMP replacement messages, System Administrators FortiGuard Management Service FortiManager , timeout, web administration ports System Maintenance USB disk, , FortiGuard services FortiGuard Distribution Network (FDN), license key virtual domain System Chassis (FortiGate-5000 series) system chassis web-based manager hardware FortiGate-5140 FortiGate-5050 chassis Switch (FortiGate-224B only) secure switch FortiGate-224B Router Static Static route Route policy Static route Gateway Router Dynamic dynamic protocols route traffic Router Monitor Routing Monitor list FortiGate routing Firewall Policy Firewall Policy FortiGate interfaces, zones, VLAN subinterfaces Firewall Address address address group Firewall Policy FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 32 Firewall Service Service group Firewall Policy Firewall Schedule Schedule Firewall Policy Firewall Virtual IP Virtual IP address Firewall Policy Firewall Protection Profile Protection profile Firewall Policy VPN IPSEC Tunnel-mode route-based (interface mode) Internet Protocol Security (IPSec) VPN web-based manager VPN PPTP web-based manager IP address PPTP client VPN SSL SSL VPN VPN Certificates X.509 security certificate User user (User Authentication) AntiVirus Antivirus option profile firewall protection Intrusion Protection IPS profile firewall protection Web Filter web filter profile firewall protection Antispam spam filter profile firewall protection IM, P2P & VOIP IM, P2P VOIP profile firewall protection IM, P2P VOIP protocol Log&Report logging, log file web-based manager (Convention) (Convention) private IP address private public IP address : : Fortinet : FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 33 (Convention) menu Go to VPN > IPSEC > Phase 1 and select Create New. In the Gateway Name field, type a name for the remote VPN peer or client (for example, Central_Office_1). code config sys global set ips-open enable end CLI command syntax config firewall policy edit id_integer set http_retry_count set natip end FortiGate Firewall Authentication You must authenticate to use this service. Welcome! FortiGate FortiGate Fortinet Technical Documentation http://docs.forticare.com FortiGate FortiGate QuickStart Guide FortiGate FortiGate Installation Guide FortiGate hardware reference, , , , FortiGate Administration Guide FortiGate FortiGate protection profiles firewall policy; , antivirus, spam; VPN FortiGate online help context-sensitive HTML online help web-based manager FortiGate CLI Reference FortiGate CLI FortiGate CLI FortiGate Log Message Reference Fortinet Knowledge Center FortiGate Log Message Reference log message FortiGate log message FortiGate FortiGate High Availability Overview FortiGate High Availability User Guide FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 34 HA FortiGate Clustering protocol FortiGate FortiGate IPS User Guide (IPS) FortiGate IPS FortiGate IPSec VPN User Guide IPsec VPN web-based manager FortiGate SSL VPN User Guide FortiGate IPSec VPN and FortiGate SSL VPN web-only mode tunnel-mode SSL VPN access web-based manager FortiGate PPTP VPN User Guide PPTP VPN web-based manager. FortiGate Certificate Management User Guide digital certificates Certificate request, signed certificate, import CA root certificate (Certificate Revocation List) Certificate private key FortiGate VLANs and VDOMs User Guide VLANs VDOMS NAT/Route Transparent mode Fortinet CD Fortinet Fortinet Tools and Documentation CD Fortinet CD Fortinet Technical Documentation http://docs.forticare.com Fortinet Knowledge Center Fortinet Knowledge Center , FAQs, technical notes, Fortinet Knowledge Center http://kc.forticare.com. Comments on Fortinet technical documentation Fortinet techdoc@fortinet.com FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 35 Fortinet Fortinet Fortinet FortiGuard FortiGuard Antivirus AntiSpam http://support.fortinet.com Product Registration serial number Fortinet Fortinet FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 36 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 37 Web-based manager interface web-based manager FortiGate HTTP HTTPS web browser FortiGate web-based manager FortiGate HTTP HTTPS Interface FortiGate 2: FortiGate-5001SX Web-based manager Web-based manager FortiGate FortiGate Web-based manager Firewall web-based manager Connecting to the web-based manager FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 38 web-based manager web-based manager FortiGate 3: web-based manager Contact Customer Support Online Help Log out Backup Configuration (Contact Customer Support) Fortinet Support web browser : Fortinet Knowledge Center Customer Support (Support Login) FortiGate (Product Registration) Fortinet Training and Certification FortiGuard Center FortiGate Product Registration , , FortiGate FortiGate FortiGate : PC FortiGate Management Station FortiGate FortiGuard Management Service System > Admin > Central Management Central Management 173 USB disk FortiGate USB port USB disk port FortiGate Backup and Restore 181 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 39 4: FortiGate (FortiGuard Management Service) (Using the Online Help) web-based manager web-based manager hyperlink 5: Show Navigation Bookmark Previous Print Next Email Show Navigation , , FortiGate web-based manager FortiGate Administration Guide Previous Next Email Fortinet Technical Documentation techdoc@fortinet.com email address Fortinet Print Bookmark Browser bookmark Internet Explorer management PC Windows XP service PAX 2 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 40 show navigation 6: Contents Index Search Show in Contents Contents FortiGate web-based manager FortiGate Administration Guide Index Search About searching the online help 40 Show in , , hyperlink contents FortiGate : (*) autho* auth, authenticate, authentication, authenticates, windows * ( window*) 1. web-based manager (online help) FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 412. (show navigation) 3. 4. enter go 1 1: Alt+1 Alt+2 Alt+3 Alt+4 Alt+5 Alt+7 Fortinet Technical Documentation techdoc@fortinet.com email address Fortinet Alt+8 Alt+9 Browser bookmark Logout web-based manager browser browser web-based manager (idle timeout) ( 5 ) FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 42 web-based manager Interface web-based manager menu menu system submenu submenu menu, submenu 1. System > Network > Interface. 7: web-based manager ( FortiGate-50B) Tabs Page Bulton bar Menu web-based manager web-based manager Menu web-based manager Menu FortiGate System network interfaces, virtual domains, DHCP services, High Availability (HA), Switch FortiGate-224B switch view switch switch-VLANs, port quarantine, spanning-tree protocol, QoS, IGMP snooping 802.1X authentication Router static dynamic routing FortiGate Firewall Firewall policy virtual IP addresses IP pools MenuFortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 43VPN IPSec, SSL, PPTP virtual private networking User firewall policy (user authentication) external servers RADIUS, LDAP, Windows AD. AntiVirus antivirus Instrusion Protection FortiGate (IPS) Web Filter AntiSpam spam email IM, internet P2P & VOIP messaging, peer-to-peer messaging, voice over IP (VoIP) Log & Report log email log List web-based manager network interface, firewall policy, , , 8: web-based manager Delete Edit delete edit Create new dialog box dialog box web-based manager web-based manager session ( Viewing the session list 63) firewall policy ( Viewing the firewall policy list on 271) IPSec VPN Monitor ( Monitor 371) ( Viewing the predefined signature list 429) log report ( Accessing Logs 503) FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 44 System > Status details session FortiGate firewall policy ID ID ID policy web-based manager OK 9: string apache log action drop high web-based manager log out web-based manager reboot FortiGate NOT ( IP addresses ID firewall policy) 10: session session source IP address 1.1.1.1 1.1.1.2 ( ) text string text string ( equal) FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 45 11: Firewall policy policy source address My_Address ( log, , action ) 12: IPS reset log log log 13: log access log , (critical), (error) (warning) FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 46 Icons Web-based manager 2 web-based manager 2: web-based manager Change password password Clear log file Collapse dialog box Column setting log access firewall policy Delete Description Download Backup log file configuration file Download (Certificate Signing Request) FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 47 2: web-based manager () Edit Expand dialog box twistie Filter dialog web-based manager Go Go Insert policy before policy Move to Next page Previous page Refresh Restore View Edit FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 48 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 49 FortiGate FortiGate serial number, , license FortiGuard, , : Browser Javascript : FortiGate firmware FortiGuard manual (Topology viewer) FortiGate FortiGate FortiGate HA cluster HA cluster cluser hostname cluster cluster System > Config > HA HA 135 HA 50A, 50AM, 224B FotiGate FortiGate Access profiles 169 log in web-based Manager System > Status FortiGuard - AV and FortiGuard IPS Access profiles 169 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 50 14: add content back 15: Display title Refresh icon Twistie arrow Close icon Display title Twistie arrow Refresh icon Close icon FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 51 16: FortiGate-5001 Serial number Serial number FortiGate FortiGate upgrade firmware Uptime , , FortiGate System time FortiGate Change FortiGate NTP server Configuring system time 58 Host name server FortiGate FortiGate HA Change Host name Changing the FortiGate unit host name 59 Cluster name HA cluster FortiGate HA 135FortiGate HA Cluster members FortiGate HA Cluster Hostname, serial number, primary (master) subordinate (slave) cluster FortiGate HA virtual domain Virtual cluster1 firmware FortiGate Virtual cluster2 HA 135 FortiGate HA virtual domain Firmware version firmware FortiGate Update firmware Upgrading to a new firmware version 60 FortiClient Version FortiGate Update upload software FortiGate FortiGate FortiGate host download software Operation mode FortiGate 224B switch view FortiGate FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 52 NAT mode Transparent mode Change NAT Transparent Changing operation mode 159 virtual domain virtual domain virtual domain NAT Transparent mode Virtual Domain Virtual Domain FortiGate enable () disable ( ) Virtual Domain Multiple VDOM FortiGate-224B switch view. Current log in FortiGate details Administrators log in username, , IP address , log in License License FortiGate FortiGuard FortiGate License FortiGuard FortiGuard OK FortiGate FortiGuard License System Maintenance on 179 17: License Support Contract Not Registered Register Renew FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 53FortiGuard Subscriptions AntiVirus License FortiGuard Antivirus License Renew License AV Definitions FortiGuard Antivirus manual Update To update FortiGuard AV Definitions manually 62 Intrusion License FortiGuard Protection Instruction Protection License Renew License IPS Definitions (IPS) manual Update To update FortiGuard IPS Definitions manually 62 Web Filtering License FortiGuard Web Filtering License Renew License Antispam License FortiGuard Antispam License Renew License Management License FortiGuard Service Management Service Analysis Service License FortiGuard Log & Analysis license Services [ change ] Account ID Account ID ID Management and Analysis Virtual Domain virtual domain FortiGate 3000 Purchase More License key FortiNet Support VDOMs License 199 CLI FortiOS CLI CLI telnet SSH CLI log in account GUI CLI (CTRL-C) (CTRL-V) CLI FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 54 18: CLI CLI Detach () Detach CLI CLI detach Customize Attach Customize Attach CLI edit 19: CLI Preview CLI Text CLI Background CLI Use external command input box Console buffer buffer strength 20 9999 Font Size 10 Reset defaults OK CLI FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 55Cancel CLI History 20: History icon CPU, , , 20 Viewing operational history 61 CPU Usage CPU web-based manager CPU CPU ( HTTPS web-based manager) Memory Usage web-based manager ( HTTPS web-based manager) FortiAnalyzer Disk FortiAnalyzer Quota FortiGate (pie chart) log in FortiAnalyzer FortiGate Interface Network Interface Interface Interface , IP address, netmask Interface Reboot Shutdown Disk Event Log Disk logging CLI Event Logging Admin Events Even Logging Event log 500 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 56 21: Interface FortiGate-800 ( FortiAnalyzer) INT/EXT/DMZ/HA/ Interface 1/2/3/4 FortiGate interface Interface interface Interface interface, alias , IP address, netmask, , interface, FortiGate ASM ASM interface ( FortiGate-ASM-FB4 4 interface) Interface Interface Interface AMC/1, AMC/2, FortiAnalyzer FortiGate FortiAnalyzer X FortiAnalyzer FortiAnalyzer logging FortiGate Log&Report 487 Reboot shutdown restart FortiGate Reboot log Shutdown shutdown FortiGate , shutdown log Reset reset FortiGate FortiGate 22: FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 57 System restart restarted restart / Firmware upgraded upgrade by firmware active active Firmware downgraded downgrade by firmware active active FortiGate has reached antivirus connection limit for seconds shutdown , Found a new FortiGate FortiAnalyzer Lost the connection FortiAnalyzer Logging to a to FortiAnalyzer FortiAnalyzer unit 490 all edit : restart upgrade downgrade firmware all clear FortiGate FortiGate details log file FortiAnalyzer VDOM VDOMs content archive attack log log VDOM Viewing Statistics 63 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 58 23: Since reset reset reboot FortiGate icon reset Reset icon Reset log archive attack Sessions FortiGate details Viewing the session list 63 Content archive HTTP, email, FTP, IM/P2P FortiGate 64 FortiAnalyzer log FortiAnalyzer Log & Report > Log Config > Log Settings Attack log , , URLs 10 , , , FortiGate , hostname VDOM 1. System > Status 2. change system time 3. manual NTP server 24: FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 59System time FortiGate Refresh FortiGate Time Zone FortiGate Automatically adjust clock for FortiGate daylight saving changes Set time FortiGate , Synchronize with NTP Server NTP Server server synchronize Server IP address domain name NTP server NTP http://www.ntp.org. Sync Interval FortiGate synchronize NTP server 1440 FortiGate synchronize Host name FortiGate Host name FortiGate FortiGate CLI Host name SNMP SNMP SNMP 143 Host name serial number FortiGate FGT8002805030003 FortiGate-800 host name : FortiGate HA cluster host name cluster host name FortiGate 1. System > Status. 2. host name change 3. new name host name 4. OK Host name host name CLI SNMP Firmware FortiGate FortiGate firmware FortiGate upgrade firmware : upgrade firmware firmware FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 60 upgrade firmware upgrade firmware : firmware antivirus firmware firmware To update antivirus and attack definitions 194 antivirus upgrade firmware web-based manager 1. copy firmware 2. Log in web-based manager super admin admin account 3. System > Status 4. update Firmware version 5. firmware browse 6. OK FortiGate upload firmware, upgrade firmware , , restart , log in FortiGate 7. Log in web-based manager 8. System > Status firmware upgrade 9. update antivirus update antivirus FortiGuard Center 186 firmware firmware FortiGate IPS custom signature, , , replacement message FortiGate Maintenance System Configuration 179 FortiOS ( FortiOS v3.0 to FortiOS v2.8) : firmware antivirus firmware firmware To update antivirus and attack definitions 194 antivirus firmware web-based manager 1. copy firmware 2. Log in web-based manager super admin admin account 3. System > Status 4. update Firmware version FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 615. firmware browse 6. OK FortiGate upload firmware, firmware , reset , restart , log in FortiGate 7. Log in web-based manager 8. System > Status firmware upgrade 9. Maintenance System Configuration 179 10. update antivirus update antivirus see To update antivirus and attack definitions 194 System Resource History 1. System > Status 2. History System Resources 25: system resources history Time interval CPU usage history CPU Memory usage history Session history Network utilization history Virus history Instrusion history FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 62 FortiGate update FortiGuard - AV FortiGuard - Intrusion Protection License information : FortiGate automatic AV automatic IPS () FortiGuard Center 186 FortiGuard AV manual 1. update file AV definition Fortinet copy web-based manager 2. web-based manager System > Status 3. License information AV definition FortiGuard Subscriptions update Dialog box Anti-Virus Definition 4. Update file update file AV definition browse 5. OK copy AV definitions update file FortiGate FortiGate AV definition 1 6. System > Status FortiGuard - AV Definition FortiGuard IPS manual 1. update file definition Fortinet copy web-based manager 2. web-based manager System > Status 3. License information IPS Definition FortiGuard Subscriptions update Dialog box Definition 4. Update file update file definition browse 5. OK copy update file definition FortiGate FortiGate definition 1 6. System > Status IPS FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 63 , FortiGate 1. System > Status 2. details session 26: Virtual domain virtual domain virtual domain select all virtual domain Refresh Page up Page down Line 5 3 3,4 5 Clear all filters reset Filter icon , expiry dialog edit filter Adding filters to web-based manager lists 43 Protocol service protocol udp, tcp, or icmp Source address IP address Source port Destination address IP address Destination port Policy ID firewall policy interface FortiGate ( ) Expiry (sec) Delete icon active FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 64 HTTP, email, FTP IM FortiGate details 1. System > Status 2. details HTTP Date and time URL From IP address URL URL URL 1. System > Status 2. details email Date and time FortiGate From email address To email address Subject FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 65 FTP 1. System > Status 2. details FTP Date and time Destination IP address FTP server User User ID log FTP server Downloads Uploads IM 1. System > Status 2. details IM Date / Time Protocol Protocol IM Kind IM Local Local address Remote Remote address Direction log FortiGate details Reset log Reset 1. System > Status 2. log details AV Date and time From email address IP address FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 66 To email address IP address Service POP HTTP Virus 1. System > Status 2. log details IPS Date and time From To host Service Attack spam email 1. System > Status 2. details spam Date and Time spam From -> To IP IP address From -> To email address Email Accounts Service SMTP, POP IMAP SPAM type spam URL 1. System > Status 2. details web Date and Time URL From host URL URL blocked URL FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 67 FortiGate FortiGate 50 60 cavas FortiGate 27: View/edit controls Text object Subnet object Main viewport Viewport control Viewport viewport Viewport viewport viewport viewport Viewport + - viewport zoom in zoom out FortiGate FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 68 / / 3: / Zoom in viewpoint , Zoom out viewpoint , : web-based manager subnet subnet firewall address line interface address Adding a subnet object 69 delete Customizing the topology diagram 70 viewport viewport viewport Refresh Zoom FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 69 subnet add subnet subnet interface address 28: subnet 29: subnet Select from existing subnet firewall address address/group firewalladdress interface address firewall address Firewall Address 289 Address Name firewall address address address group virtual IPs firewall policies Connect to interface Please choose interface zone address interface zone address New addresses firewall address subnet address address interface Address Name firewall address address address group virtual IPs firewall policies Type address: Subnet / IP Range FQDN Subnet / IP Range Subnet/IP Range firewall IP address, forward slash, subnet mask, IP address , , IP end address FQDN FQDN domain Connect to interface interface zone adresss FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 70 OK 30: Preview Canvas size Resize to image Background : Solid U.S. map World map - Upload my image - Background color Image path Upload my image browse Exterior color Line color subnet interface Line width Reset to default Reset FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 71 virtual domain virtual domain FortiGate virtual firewall routing : Virtual domains VDOMs VDOMs Virtual domain Virtual domain (VDOMs) FortiGate FortiGae VDOMs domain separate zone, user authentication, firewall policies, VPN configurations VDOMs firewall policies VDOM configuration settings 72 VDOMs virtual domain Enabling VDOMs 74 VDOM interface VLAN subinterface log in VDOM VDOM , NAT/Route Transparent VDOM VDOM VDOM VDOM firewall policy VLAN subinterface zone VDOM VDOM VDOM firewall physical interface VDOM interface firewall VDOMs FortiGate inter-VDOM routing CLI FortiGate VDOMs , , , VDOMs firmware , Global configuration settings 73 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 72 FortiGate VDOMs 10 domain NAT/Route Transparent FortiGate 3000 license key VDOMs 25, 50, 100 or 250 License 199 : FortiGate-224B switch view VDOMs virtual domain log in super admin System > Status virtual domain license virtual domain FortiGate FortiGate VDOM VDOM physical interface, VLAN subinterface, firewall policy, routing setting, VPN setting SNMP, logging, , FDN-based updates NTP-based time address routing VDOM virtual domain VDOM Changing the Management VDOM 77 VDOM VDOM virtual domain virtual domain VDOM super admin VDOM Zones DHCP services (NAT/Route Transparent) Management IP ( Transparent) router firewall Policies Addresses Service groups custom services Schedules Virtual IPs IP pools Protection Profiles FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 73 VPN IPSec PPTP SSL User Users User groups RADIUS LDAP servers Microsoft Windows Active Directory servers P2P Statistics ( / reset) Logging, log log virtual domain virtual domain super admin Physical interfaces VLAN subinterfaces ( physical interface VLAN subinterface VDOM VDOM interface ) DNS settings Host name, System time, Firmware version () Idle authentication Web-based manager LCD panel PIN Dead gateway HA SNMP Replacement messages ( VDOM VDOM ) Access profiles FortiManager FDN Bug VPN Antivirus spam IM policy FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 74 VDOMs account VDOM domain FortiGate virtual domain 1. Log in web-based manager admin 2. System > Status 3. System information Virtual domain Enable log off log in admin virtual domain web-based manager CLI VDOM VDOM system admin account account admin VDOM Account admin interface VDOM interface VDOM account admin Accout admin VDOM account FortiGate interface virtual domain virtual domain Current VDOM: virtual domain VDOMs VDOM acccout super admin : VDOMs VDOMs domain interface VDOM VDOM VDOM physical interface virtual subinterface super admin interface subinterface VDOMs account admin VLAN subinterface physical interface VDOM account super admin account VDOM super admin account account VDOM account super admin account VDOM FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 75 VDOMs log in admin virtual domain VDOM System System > VDOM virtual domain 31: VDOM Create new VDOM VDOM OK VDOM VDOM VLAN zone VDOM 11 Management management VDOM VDOM management management root VDOM set management VDOM management VDOM Changing the Management VDOM 77 Delete VDOM VDOM Switch VDOM VDOM VDOM VDOM Name VDOM Operation mode VDOM NAT Transparent Interfaces interface VDOM virtual interfaces Management VDOM management virtual domain domain domain domain management no interface VDOM VDOM interface physical virtual interfaces VLAN subinterface physical interface virtual domain FortiOS v3.0 MR1 inter-VDOM routing VDOM physical interface CLI inter-VDOM interface FortiGate CLI Reference the FortiGate VLANs and VDOMs Guide. FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 76 VLAN subinterface VDOM physical interface super admin VDOM VLAN subinterface VDOM System > Network > Interfaces VDOM VLAN subinterface Adding VLAN subinterfaces 109 interface VDOM interface virtual domain VDOM VDOM domain VDOM interface VDOM interface VDOM interface : DHCP server zone routing firewall policy IP pool proxy arp ( CLI ) interface : interface subinterface delete interface interface VDOM 1. Log in admin 2. System > Network > Interface 3. edit interface 4. new virtual domain interface 5. OK interface Interface settings 83 interface VDOM pool address firewall ID virtual ID interface route manual interface route interface VDOM route VDOM VDOM account VDOM VDOM VDOM VDOMs FortiGate FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 77 VDOM log in web-based manager CLI interface VDOM super admin web-based manager CLI interface FortiGate super admin root domain log in interface VDOM 1. Log in super admin virtual domain 2. System > Admin >Administrators 3. / account account Configuring an administrator account 166 4. account VDOM virtual domain 5. apply VDOM VDOM FortiGate : SNMP logging email update FDN-based NTP-based VDOM virtual domain VDOM management VDOM VDOM management VDOM : VDOM RADIUS management VDOM 1. System > VDOM 2. VDOM management VDOM 3. management management traffic management VDOM FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 78 FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 79 FortiGate interface FortiGate DNS VLAN subinterface zone FortiGate Interface Zone Routing table ( Transparent) interface modem VLAN VLANs NAT/Route VLANs Transparent mode FortiGate IPv6 : IP address netmask netmask 192.168.1.100/255.255.255.0 192.168.1.100/24 Interface NAT/Route System > Network > Interface interface FortiGate physical interface VLAN subinterface ADSL interface physical interface IEEE 802.3ad interface ( 800 ) physical interface redundant interface wireless interface ( FortiWiFi-50B,