InstallationsanweisungenInhaltsverzeichnisContents3Introduction7Register your FortiGate unit7About the FortiGate-100A8About this document8Document conventions8Typographic conventions9Further Reading9Fortinet Knowledge Center10Comments on Fortinet technical documentation10Customer service and technical support10Installing11Environmental specifications11Cautions and warnings12Grounding12Rack mount instructions12Mounting12Plugging in the FortiGate13Connecting to the network13Turning off the FortiGate unit13Configuring15NAT vs. Transparent mode15NAT mode15Transparent mode16Connecting to the FortiGate unit16Connecting to the web-based manager16Connecting to the CLI17Configuring NAT mode18Using the web-based manager18Configure the interfaces18Configure a DNS server19Adding a default route and gateway19Adding firewall policies20Using the CLI21Configure the interfaces21Configure a DNS server22Adding a default route and gateway22Adding firewall policies23Configuring Transparent mode24Using the web-based manager24Switching to Transparent mode24Configure a DNS server24Adding firewall policies24Using the CLI25Switching to Transparent mode25Configure a DNS server26Adding firewall policies26Verify the configuration27Backing up the configuration27Restoring a configuration28Additional configuration28Set the time and date28Set the Administrator password28Configure FortiGuard29Updating antivirus and IPS signatures29Advanced configuration31Protection profiles31Firewall policies32Configuring firewall policies33Antivirus options33AntiSpam options34Web filtering35Logging36FortiGate Firmware37Downloading firmware37Using the web-based manager37Upgrading the firmware37Reverting to a previous version38Backup and Restore from a USB key39Using the USB Auto-Install39Using the CLI40Reverting to a previous version41Installing firmware from a system reboot using the CLI42Restoring the previous configuration44Backup and Restore from a USB key44Using the USB Auto-Install44Additional CLI Commands for a USB key45Testing new firmware before installing45Index49Größe: 1,46 MBSeiten: 54Language: EnglishHandbuch öffnen
BetriebsanweisungInhaltsverzeichnisTable of Contents3Introduction13About FortiGate Antivirus Firewalls13Antivirus protection14Web content filtering14Spam filtering15Firewall15NAT/Route mode16Transparent mode16VLANs and virtual domains16Intrusion Prevention System (IPS)17VPN17High availability18Secure installation, configuration, and management18Web-based manager18Command line interface18Logging and reporting19Document conventions19FortiGate documentation21Comments on Fortinet technical documentation21Related documentation21FortiManager documentation22FortiClient documentation22FortiMail documentation22FortiLog documentation22Customer service and technical support23System status25Console access25Status26Viewing system status26System status26Unit Information27Recent Virus Detections27Interface Status27System Resources27History28Recent Intrusion Detections28Changing unit information29Session list31Changing the FortiGate firmware32Upgrading to a new firmware version33Upgrading the firmware using the web-based manager33Upgrading the firmware using the CLI33Reverting to a previous firmware version34Reverting to a previous firmware version using the web-based manager34Reverting to a previous firmware version using the CLI35Installing firmware images from a system reboot using the CLI37Restoring the previous configuration39Testing a new firmware image before installing it40Installing and using a backup firmware image42Installing a backup firmware image42Switching to the backup firmware image44Switching back to the default firmware image44System network47Interface47Interface settings48Name49Interface49VLAN ID49Virtual Domain50Addressing mode50Manual50DHCP50PPPoE51DDNS52Ping server52Administrative access52MTU53Log53Configuring interfaces53Zone57Zone settings58Management59DNS60Routing table (Transparent Mode)61Routing table list61Transparent mode route settings62VLAN overview63FortiGate units and VLANs64VLANs in NAT/Route mode64Rules for VLAN IDs64Rules for VLAN IP addresses64Adding VLAN subinterfaces65VLANs in Transparent mode66Rules for VLAN IDs68Transparent mode virtual domains and VLANs68Transparent mode VLAN list69Transparent mode VLAN settings69FortiGate IPv6 support71System DHCP73Service73DHCP service settings74Server75DHCP server settings76Exclude range77DHCP exclude range settings78IP/MAC binding78DHCP IP/MAC binding settings79Dynamic IP79System config81System time81Options82HA84HA configuration85Standalone Mode85High Availability86Cluster Members86Mode86Group ID86Unit Priority87Override Master87Password88Schedule88Priorities of Heartbeat Device88Heartbeat device IP addresses89Monitor priorities90Configuring an HA cluster91Managing an HA cluster94SNMP97Configuring SNMP98SNMP community99FortiGate MIBs101FortiGate traps102Fortinet MIB fields103Replacement messages106Replacement messages list106Changing replacement messages107FortiManager108System administration109Administrators109Administrators list110Administrators options110Using trusted hosts111Access profiles111Access profile list112Access profile options112System maintenance115Backup and restore115Backing up and Restoring116Update center118Updating antivirus and attack definitions120Enabling push updates123Push updates when FortiGate IP addresses change123Enabling push updates through a NAT device124Support125Sending a bug report126Registering a FortiGate unit127Shutdown129System virtual domain131Virtual domain properties132Exclusive virtual domain properties132Shared configuration settings133Administration and management134Virtual domains134Adding a virtual domain135Selecting a virtual domain135Selecting a management virtual domain135Configuring virtual domains136Adding interfaces, VLAN subinterfaces, and zones to a virtual domain136Configuring routing for a virtual domain138Configuring firewall policies for a virtual domain138Configuring IPSec VPN for a virtual domain140Router141Static141Static route list143Static route options144Policy145Policy route list145Policy route options146RIP146General147Networks list148Networks options149Interface list149Interface options150Distribute list151Distribute list options152Offset list153Offset list options153Router objects154Access list154New access list154New access list entry155Prefix list155New Prefix list156New prefix list entry157Route-map list157New Route-map158Route-map list entry159Key chain list160New key chain160Key chain list entry161Monitor162Routing monitor list162CLI configuration163get router info ospf163Command syntax163Examples163get router info protocols163Command syntax163get router info rip164Command syntax164Examples164config router ospf164Command syntax pattern164Example166config area167config area command syntax pattern167Example169config filter-list170config filter-list command syntax pattern170Example171config range171config range command syntax pattern171Example172config virtual-link173config virtual link command syntax pattern173Example175config distribute-list175config distribute-list command syntax pattern176Example176config neighbor177config neighbor command syntax pattern177Example178config network179config network command syntax pattern179Example179config ospf-interface180config ospf-interface command syntax pattern180Example184config redistribute184config redistribute command syntax pattern185Example185config summary-address185config summary-address command syntax pattern186Example186config router static6187Command syntax pattern187Example188Firewall189Policy190How policy matching works190Policy list190Policy options191Advanced policy options194Authentication194Traffic Shaping195Differentiated Services195Comments196Configuring firewall policies196Policy CLI configuration197Command syntax pattern197Address198Address list199Address options199Configuring addresses200Address group list201Address group options201Configuring address groups202Service202Predefined service list203Custom service list206Custom service options206TCP and UDP custom service options207ICMP custom service options207IP custom service options207Configuring custom services208Service group list209Service group options209Configuring service groups210Schedule210One-time schedule list211One-time schedule options211Configuring one-time schedules212Recurring schedule list212Recurring schedule options213Configuring recurring schedules213Virtual IP214Virtual IP list215Virtual IP options215Configuring virtual IPs216IP pool218IP pool list219IP pool options219Configuring IP pools220IP Pools for firewall policies that use fixed ports220IP pools and dynamic NAT221Protection profile221Protection profile list222Default protection profiles222Protection profile options222Configuring antivirus options223Configuring web filtering options224Configuring web category filtering options224Configuring spam filtering options225Configuring IPS options226Configuring content archive options226Configuring protection profiles227CLI configuration228profile228Command syntax pattern228Users and authentication233Setting authentication timeout234Local234Local user list234Local user options234RADIUS235RADIUS server list235RADIUS server options236LDAP236LDAP server list237LDAP server options237User group239User group list239User group options240CLI configuration241peer241Command syntax pattern241Example241peergrp242Command syntax pattern242Example242VPN245Phase 1246Phase 1 list246Phase 1 basic settings247Phase 1 advanced options248Configuring XAuth249Phase 2250Phase 2 list250Phase 2 basic settings251Phase 2 advanced options252Manual key253Manual key list254Manual key options254Concentrator255Concentrator list255Concentrator options256Ping Generator256Ping generator options257Monitor257Dialup monitor258Static IP and dynamic DNS monitor258PPTP259Setting up a PPTP-based VPN259Enabling PPTP and specifying a PPTP range260Configuring a Windows 2000 client for PPTP261Configuring a Windows XP client for PPTP261PPTP passthrough262L2TP263Setting up a L2TP-based VPN264Enabling L2TP and specifying an L2TP range264Configuring a Windows 2000 client for L2TP265Configuring a Windows XP client for L2TP266Certificates268Viewing the certificate list269Generating a certificate request269Installing a signed certificate271Enabling VPN access for specific certificate holders272CLI configuration273ipsec phase1273Command syntax pattern273Example275ipsec phase2275Command syntax pattern275Example276ipsec vip276Command syntax pattern276Example277Authenticating peers with preshared keys278Gateway-to-gateway VPN278Dialup VPN279Dynamic DNS VPN279Manual key IPSec VPN280Adding firewall policies for IPSec VPN tunnels280Setting the encryption policy direction280Setting the source address for encrypted traffic280Setting the destination address for encrypted traffic281Adding an IPSec firewall encryption policy281Internet browsing through a VPN tunnel281Configuring Internet browsing through a VPN tunnel282IPSec VPN in Transparent mode283Special rules283Hub and spoke VPNs284Configuring the hub284Adding a VPN concentrator285Configuring spokes286Redundant IPSec VPNs287Configuring redundant IPSec VPNs287Configuring IPSec virtual IP addresses288Troubleshooting290IPS291Protection profile configuration291IPS updates and information291Signature292Predefined292Predefined signature list293Configuring predefined signatures294Configuring parameters for dissector signatures295Custom296Custom signature list296Adding custom signatures297Backing up and restoring custom signature files297Anomaly298Anomaly list298Configuring an anomaly299Anomaly CLI configuration301(config ips anomaly) config limit301Command syntax pattern301Example301Configuring IPS logging and alert email302Default fail open setting302Antivirus303Protection profile configuration304Order of antivirus operations304Virus list updates and information304File block304File block list305Configuring the file block list306Quarantine306Quarantined files list306Quarantined files list options307AutoSubmit list308AutoSubmit list options308Configuring the AutoSubmit list308Config309Config310Virus list310Config310Grayware311Grayware options311CLI configuration312heuristic312Command syntax pattern313Example313quarantine313Command syntax pattern314antivirus quarantine command keywords and variables314service http314Command syntax pattern314Example315service ftp315Command syntax pattern315Example316service pop3316Command syntax pattern316Example317service imap317Command syntax pattern317Example318service smtp318Command syntax pattern318Example319Web filter321Protection profile configuration322Order of web filter operations322Content block322Web content block list323Web content block options323Configuring the web content block list324URL block324Web URL block list325Web URL block options325Configuring the web URL block list325Web pattern block list326Web pattern block options327Configuring web pattern block327URL exempt327URL exempt list328URL exempt list options328Configuring URL exempt328Category block329FortiGuard managed web filtering service329FortiGuard categories and ratings329FortiGuard Service Points329FortiGuard licensing330FortiGuard configuration330Category block configuration options330Configuring web category block331Category block reports331Category block reports options332Generating a category block report332Category block CLI configuration332Command syntax pattern333Example333Script filter333Web script filter options334Spam filter335Protection profile configuration336Order of spam filter operations337FortiShield IP address black list and spam filter337IP address338IP address list338IP address options338Configuring the IP address list338RBL & ORDBL339RBL & ORDBL list340RBL & ORDBL options340Configuring the RBL & ORDBL list340Email address341Email address list341Email address options341Configuring the email address list341MIME headers342MIME headers list343MIME headers options343Configuring the MIME headers list343Banned word344Banned word list344Banned word options345Configuring the banned word list346Using Perl regular expressions346Regular expression vs. wildcard match pattern346Word boundary347Case sensitivity347Examples348Log & Report349Log config350Log Setting options350FortiLog settings351Disk settings352Memory settings353Syslog settings353WebTrends settings353Alert E-mail options354Log filter options355Traffic log356Event log356Anti-virus log357Web filter log357Attack log357Spam filter log358Configuring log filters358Enabling traffic logging358Log access359Viewing log messages359Choosing columns360Searching log messages361CLI configuration362fortilog setting362Command syntax pattern362Example363syslogd setting363Command syntax pattern363Example365FortiGuard categories367FortiGate maximum values373Glossary377Index381Größe: 4,74 MBSeiten: 388Language: EnglishHandbuch öffnen
BenutzerhandbuchInhaltsverzeichnisTable of Contents3Introduction13About FortiGate Antivirus Firewalls13Antivirus protection14Web content filtering14Spam filtering15Firewall15NAT/Route mode16Transparent mode16VLANs and virtual domains16Intrusion Prevention System (IPS)17VPN17High availability18Secure installation, configuration, and management18Web-based manager18Command line interface18Logging and reporting19Document conventions19FortiGate documentation21Fortinet Knowledge Center21Comments on Fortinet technical documentation21Related documentation22FortiManager documentation22FortiClient documentation22FortiMail documentation22FortiLog documentation23Customer service and technical support23System status25Console access25Status26Viewing system status26System status27Unit Information27Recent Virus Detections27Content Summary27Interface Status28System Resources28History29Recent Intrusion Detections29Changing unit information29Session list32Changing the FortiGate firmware33Upgrading to a new firmware version33Upgrading the firmware using the web-based manager33Upgrading the firmware using the CLI34Reverting to a previous firmware version35Reverting to a previous firmware version using the web-based manager35Reverting to a previous firmware version using the CLI36Installing firmware images from a system reboot using the CLI38Restoring the previous configuration40Testing a new firmware image before installing it41Installing and using a backup firmware image43Installing a backup firmware image43Switching to the backup firmware image44Switching back to the default firmware image45System network47Interface47Interface settings48Name49Interface49VLAN ID49Virtual Domain50Addressing mode50Manual50DHCP50PPPoE51DDNS52Ping server52Administrative access52MTU53Log53Configuring interfaces53Zone58Zone settings58Management59DNS61Routing table (Transparent Mode)62Routing table list62Transparent mode route settings62VLAN overview63FortiGate units and VLANs64VLANs in NAT/Route mode64Rules for VLAN IDs64Rules for VLAN IP addresses64Adding VLAN subinterfaces65VLANs in Transparent mode66Rules for VLAN IDs68Transparent mode virtual domains and VLANs68Transparent mode VLAN list69Transparent mode VLAN settings69FortiGate IPv6 support71System DHCP73Service73DHCP service settings74Server75DHCP server settings76Exclude range77DHCP exclude range settings78IP/MAC binding78DHCP IP/MAC binding settings79Dynamic IP79System config81System time81Options82HA84HA configuration85Standalone Mode85High Availability85Cluster Members86Mode86Group ID86Unit Priority86Override Master87Password87Schedule88Priorities of Heartbeat Device88Heartbeat device IP addresses89Monitor priorities90Configuring an HA cluster90Managing an HA cluster94SNMP97Configuring SNMP98SNMP community99FortiGate MIBs101FortiGate traps102Fortinet MIB fields103Replacement messages106Replacement messages list106Changing replacement messages107FortiManager108System administration109Administrators109Administrators list110Administrators options110Using trusted hosts111Access profiles111Access profile list112Access profile options112System maintenance115Backup and restore115Backing up and Restoring116Update center118Updating antivirus and attack definitions120Enabling push updates123Push updates when FortiGate IP addresses change123Enabling push updates through a NAT device124Support125Sending a bug report126Registering a FortiGate unit127Shutdown129System virtual domain131Virtual domain properties132Exclusive virtual domain properties132Shared configuration settings133Administration and management134Virtual domains134Adding a virtual domain135Selecting a virtual domain135Selecting a management virtual domain135Configuring virtual domains136Adding interfaces, VLAN subinterfaces, and zones to a virtual domain136Configuring routing for a virtual domain138Configuring firewall policies for a virtual domain138Configuring IPSec VPN for a virtual domain140Router141Static141Static route list143Static route options144Policy145Policy route list145Policy route options146RIP146General147Networks list148Networks options149Interface list149Interface options150Distribute list151Distribute list options152Offset list153Offset list options153Router objects154Access list154New access list154New access list entry155Prefix list155New Prefix list156New prefix list entry157Route-map list157New Route-map158Route-map list entry159Key chain list160New key chain160Key chain list entry161Monitor162Routing monitor list162CLI configuration163get router info ospf163Command syntax163Examples163get router info protocols163Command syntax163get router info rip164Command syntax164Examples164config router ospf164Command syntax pattern164Example166config area167config area command syntax pattern167Example169config filter-list170config filter-list command syntax pattern170Example171config range171config range command syntax pattern171Example172config virtual-link173config virtual link command syntax pattern173Example175config distribute-list175config distribute-list command syntax pattern176Example176config neighbor177config neighbor command syntax pattern177Example178config network179config network command syntax pattern179Example179config ospf-interface180config ospf-interface command syntax pattern180Example184config redistribute184config redistribute command syntax pattern185Example185config summary-address185config summary-address command syntax pattern186Example186config router static6187Command syntax pattern187Example188Firewall189Policy190How policy matching works190Policy list190Policy options191Advanced policy options194Authentication194Traffic Shaping195Differentiated Services195Comments196Configuring firewall policies196Policy CLI configuration197Command syntax pattern197Address198Address list199Address options199Configuring addresses200Address group list201Address group options201Configuring address groups202Service203Predefined service list203Custom service list206Custom service options207TCP and UDP custom service options207ICMP custom service options207IP custom service options208Configuring custom services208Service group list209Service group options209Configuring service groups210Schedule211One-time schedule list211One-time schedule options212Configuring one-time schedules212Recurring schedule list213Recurring schedule options213Configuring recurring schedules214Virtual IP214Virtual IP list215Virtual IP options215Configuring virtual IPs216IP pool219IP pool list220IP pool options220Configuring IP pools220IP Pools for firewall policies that use fixed ports221IP pools and dynamic NAT221Protection profile222Protection profile list222Default protection profiles223Protection profile options223Configuring antivirus options224Configuring web filtering options225Configuring web category filtering options225Configuring spam filtering options226Configuring IPS options227Configuring content archive options227Configuring protection profiles228Profile CLI configuration229Command syntax pattern229Users and authentication233Setting authentication timeout234Local234Local user list234Local user options234RADIUS235RADIUS server list235RADIUS server options236LDAP236LDAP server list237LDAP server options237User group239User group list239User group options240CLI configuration241peer241Command syntax pattern241Example241peergrp242Command syntax pattern242Example242VPN245Phase 1246Phase 1 list246Phase 1 basic settings247Phase 1 advanced settings249Phase 2250Phase 2 list251Phase 2 basic settings251Phase 2 advanced options252Manual key253Manual key list254Manual key options255Concentrator256Concentrator list256Concentrator options257Ping Generator257Ping generator options258Monitor258Dialup monitor259Static IP and dynamic DNS monitor259PPTP260PPTP range260L2TP261L2TP range261Certificates262Local certificate list262Certificate request263Importing signed certificates264CA certificate list265Importing CA certificates265VPN configuration procedures266IPSec configuration procedures266Adding firewall policies for IPSec VPN tunnels266PPTP configuration procedures268L2TP configuration procedures268CLI configuration269ipsec phase1269Command syntax pattern269Example270ipsec phase2271Command syntax pattern271ipsec vip272Command syntax pattern273Example273Configuring IPSec virtual IP addresses274IPS277Protection profile configuration277IPS updates and information277Signature278Predefined278Predefined signature list279Configuring predefined signatures280Configuring parameters for dissector signatures281Custom282Custom signature list282Adding custom signatures283Backing up and restoring custom signature files283Anomaly284Anomaly list284Configuring an anomaly285Anomaly CLI configuration287(config ips anomaly) config limit287Command syntax pattern287Example287Configuring IPS logging and alert email288Default fail open setting288Antivirus289Protection profile configuration290Order of antivirus operations290Virus list updates and information290File block290File block list291Configuring the file block list292Quarantine292Quarantined files list292Quarantined files list options293AutoSubmit list294AutoSubmit list options294Configuring the AutoSubmit list294Config295Config296Virus list296Config296Grayware297Grayware options297CLI configuration299config antivirus heuristic299Command syntax pattern299Example299config antivirus quarantine300Command syntax pattern300antivirus quarantine command keywords and variables300config antivirus service http300Command syntax pattern300How file size limits work301Example302config antivirus service ftp302Command syntax pattern302How file size limits work303Example303config antivirus service pop3304Command syntax pattern304How file size limits work304Example305config antivirus service imap305Command syntax pattern305How file size limits work306Example306config antivirus service smtp307Command syntax pattern307How file size limits work307Example308Web filter309Protection profile configuration310Order of web filter operations310Content block311Web content block list311Web content block options311Configuring the web content block list312URL block312Web URL block list313Web URL block options313Configuring the web URL block list314Web pattern block list314Web pattern block options315Configuring web pattern block315URL exempt315URL exempt list316URL exempt list options316Configuring URL exempt316Category block317FortiGuard managed web filtering service317FortiGuard categories and ratings317FortiGuard Service Points317FortiGuard licensing318FortiGuard configuration318Category block configuration options318Configuring web category block319Category block reports319Category block reports options320Generating a category block report320Category block CLI configuration320Command syntax pattern321Example321Script filter321Web script filter options322Spam filter323Protection profile configuration324Order of spam filter operations325FortiShield325FortiShield options326Configuring the FortiShield cache326IP address327IP address list327IP address options327Configuring the IP address list328RBL & ORDBL328RBL & ORDBL list329RBL & ORDBL options329Configuring the RBL & ORDBL list329Email address330Email address list330Email address options330Configuring the email address list331MIME headers331MIME headers list332MIME headers options332Configuring the MIME headers list333Banned word333Banned word list334Banned word options334Configuring the banned word list335Using Perl regular expressions335Regular expression vs. wildcard match pattern336Word boundary336Case sensitivity336Examples337Log & Report339Log config340Log Setting options340FortiLog settings341Disk settings342Memory settings343Syslog settings343WebTrends settings343Alert E-mail options344Log filter options345Traffic log346Event log346Anti-virus log347Web filter log347Attack log348Spam filter log348Configuring log filters348Enabling traffic logging348Log access349Viewing log messages349Choosing columns350Searching log messages351CLI configuration352fortilog setting352Command syntax pattern352Example353syslogd setting354Command syntax pattern354Example355FortiGuard categories357Glossary363Index367Größe: 4,85 MBSeiten: 374Language: EnglishHandbuch öffnen