Fortinet FortiGate 4000 Quick Setup Guide

Blue

The FortiBlade-4010 module is powered on.

Green

KVM access to this FortiBlade-4010 is enabled.

Off

Normal operation.

Red

System Fault.

Green

The correct cable is connected to the internal 
(or external for LAN 2) interface of this 
FortiBlade-4010 module and the connected 
equipment has power.

Flashing

Network activity at the internal (or external for 
LAN 2) interface of this FortiBlade-4010 
module.

Off

Normal operation.

Red

FortiGate-4000 power fault resulting from a 
failed power supply.

Green

KVM switch module is powered on.

Connect the FortiGate-4000 unit to a power outlet and to the internal and external networks.

In NAT/Route mode, the FortiGate-4000 is visible to the network. The Internal and 

external interfaces are on different subnets. Each interface must be configure with an 

IP address that is valid for the network that it is connected to.
You would typically use NAT/Route mode when the FortiGate-400 unit is deployed as a 

gateway between private and public networks. In its default NAT/Route mode 

configuration, the module functions as a firewall. Firewall policies control 

communications through the FortiGate-400 unit. No traffic can pass through the 

FortiGate-4000 unit until you add firewall policies.

In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In 

NAT mode, the FortiGate-400 unit performs network address translation before IP 

packets are sent to the destination network. In Route mode, no translation takes place.

In Transparent mode, the FortiGate-4000 unit is invisible to the network. All of its 

interfaces are on the same subnet. You only have to configure a management IP 

address so that you can make configuration changes. 
You would typically use the FortiGate-4000 unit in Transparent mode on a private 

network behind an existing firewall or behind a router. In its default Transparent mode 

configuration, the unit functions as a firewall. No traffic can pass through the 

FortiGate-4000 unit until you add firewall policies. 

You can connect two network segments to the FortiGate-4000 unit to control traffic 

between these network segments.

Before beginning to configure the FortiGate-4000 unit, you need to plan how to integrate the unit 

into your network. Your configuration plan is dependent upon the operating mode that you select: 

NAT/Route mode (the default) or Transparent mode.

The FortiGate web-based 

manager Setup Wizard 

guides you through the 

initial configuration steps. 

Use it to configure the administrator password, the 

interface addresses, the default gateway address, and 

the DNS server addresses. Optionally, use the Setup 

Wizard to configure the internal server settings for 

NAT/Route mode. 
Requirements: 
•

The Ethernet connection between the FortiGate-

4000 and management computer. 

•

Internet Explorer version 4.0 or higher on the 

management computer. 

The CLI is a full-featured 

management tool. 
Use it to configure the 

administrator password, 

the interface addresses, 

the default gateway 

address, and the DNS 

server addresses. To 

configure advanced settings, see the “Getting Started” 

chapter in Documentation CD-ROM. 
Requirements: 
•

The serial connection between the FortiGate-4000 

and management computer. 

•

A terminal emulation application (HyperTerminal for 

Windows) on the management computer. 

You can manage FortiGate-4000 units by connecting to 

the 10/100 out of band management module, which 

provides out of band ethernet management connections 

for all of the FortiGate-4000 units installed in the 

FortiGate-4000 chassis.

Requirements: 
•

A computer with an ethernet connection.

•

Internet Explorer version 4.0 or higher.

•

A crossover cable or an ethernet hub and two 

ethernet cables.

4000

LAN 2

LAN 1

LAN 1

LAN 2

Mounting Knot

Mounting Knot

Choose among three different tools to configure the FortiGate-4000. 

© Copyright 2004 Fortinet Incorporated. All rights reserved. 
Trademarks 
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
03 November 2004

Check that the package contents are complete. 

See the “Getting Started” chapter of the FortiGate-4000 Installation and 

Configuration Guide for details about how to perform the following steps.
1. Mount the FortiGate-4000 chassis with the mounting rail in a rack or 

cabinet with a depth of more than 700 mm, excluding the front door depth. 

2. Connect the network cables. 
3. Connect the power cables to power outlets.
4. Turn on all FortiGate-4000 power switches.
5. Turn on each FortiBlade-4010.

The FortiGate-4000 package consists of two or more packages. One or more of the packages 

contains two FortiBlade-4010 modules. 
The other package contains:
•

FortiGate-4000 chassis which includes the following components (already installed): 

1 KVM switch module, 10 FortiGate-4000 empty slot covers, 1 management module, 7 power 
supply modules, 4 cooling fan trays, 2 pass-through interface modules with ten 1000Base-T 
connectors (FortiGate-4000P), or 2 switched interface modules with two 1000Base-T or SFP 
(FortiGate-4000S) connectors, one 10/100 out of band management module with two 
10/100Base-T connectors.

•

Three power cables,

•

One RJ-45 to DB-9 serial cable (only the black header works with the FortiGate-4000),

•

One FortiGate-4000 QuickStart Guide,

•

One Documentation CD-ROM containing Fortinet user documentation.

Default IP Addresses (Nat/Route mode)

Internal
External

   Out of band

192.168.1.99
192.168.100.99

     172.16.1.2

Management IP  

10.10.10.1

Ethernet cables connect 

FortiGate-4000 internal interfaces

to LAN or switch on internal network

Ethernet cables connect FortiGate-4000

external interfaces to the Internet

LAN 9

LAN 10

LAN 8

LAN 7

LAN 6

LAN 5

LAN 4

LAN 3

LAN 2

LAN 1

LAN 9

LAN 10

LAN 8

LAN 7

LAN 6

LAN 5

LAN 4

LAN 3

LAN 2

LAN 1

LAN 2

LAN 1

ON

ON

OFF

OFF

ERR

ERR

RJ-45 to DB-9 cable connects to 

management computer

FortiGate-4000P rear panel

Ethernet cable connect to out of 

band management network

LAN 2

LAN 1

ON

ON

OFF

OFF

ERR

ERR

LAN 1

LAN 2

COM

SFP

SFP

HiGig OUT

HiGig IN

ON   OFF

LAN 1

LAN 2

COM

SFP

SFP

HiGig OUT

HiGig IN

ON   OFF

FortiGate-4000S rear panel

RJ-45 to DB-9 cable connects to 

management computer

Ethernet or fibre optic cables connect 

FortiGate-4000 external interfaces

to the Internet

Ethernet or fibre optic cables 

connect FortiGate-4000 internal

interfaces to LAN or switch on 

internal network

Power cables 

connect to 

power outlets

Out of band

172.16.1.2

Power cables 

connect to 

power outlets

Ethernet cable connect to out of 

band management network

FortiGate-4000P Chassis (back view)

FortiBlade-4010 modules 

RJ-45 to DB-9 

serial cable

Power Cables (3)

LAN 9

LAN 10

LAN 8

LAN 7

LAN 6

LAN 5

LAN 4

LAN 3

LAN 2

LAN 1

LAN 9

LAN 10

LAN 8

LAN 7

LAN 6

LAN 5

LAN 4

LAN 3

LAN 2

LAN 1

ON

ON

OFF

OFF

ERR

ERR

LAN 2

LAN 1

FortiGate-4000S Chassis (back view)

LAN 2

LAN 1

LAN 1

LAN 2

COM

SFP

SFP

HiGig OUT

HiGig IN

ON   OFF

LAN 1

LAN 2

COM

SFP

SFP

HiGig OUT

HiGig IN

ON   OFF

ON

ON

OFF

OFF

ERR

ERR

FortiGate-4000 Chassis (front view)

Documentation

(CD and QuickStart Guide)

FortiGate-4000

Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.

Mounting rail and rail mounting locations 

Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, Web content filtering, Spam filtering, intrusion 

prevention (IPS), and virtual private networking (VPN).