Fortinet fortigate-3000 User Manuals

Fortinet

Product codes

fortigate-3600

Installation Instruction (English)Quick Setup Guide (English)User Guide (English)User Guide (English)

Installation Instruction

Table of Contents

Installation Instruction

Size:

1.33 MB
Pages:

66
Language:

English

User Guide

Table of Contents

Table of Contents
3
Introduction
13
- About FortiGate Antivirus Firewalls
  13
  - Antivirus protection
    14
  - Web content filtering
    15
  - Spam filtering
    15
  - Firewall
    15
    - NAT/Route mode
      16
    - Transparent mode
      16
  - VLANs and virtual domains
    17
  - Intrusion Prevention System (IPS)
    17
  - VPN
    18
  - High availability
    18
  - Secure installation, configuration, and management
    19
    - Web-based manager
      19
    - Command line interface
      19
    - Logging and reporting
      20
- Document conventions
  21
- FortiGate documentation
  22
  - Comments on Fortinet technical documentation
    22
- Related documentation
  23
- Customer service and technical support
  25
System status
27
- Console access
  27
- Status
  28
  - Viewing system status
    28
    - System status
      29
    - Unit Information
      29
    - Recent Virus Detections
      29
    - Interface Status
      29
    - System Resources
      30
    - History
      30
    - Recent Intrusion Detections
      31
  - Changing unit information
    31
- Session list
  33
- Changing the FortiGate firmware
  34
System network
49
- Interface
  49
  - Interface settings
    50
    - Name
      51
    - Interface
      51
    - VLAN ID
      51
    - Virtual Domain
      52
    - Addressing mode
      52
    - Manual
      52
    - DHCP
      52
    - PPPoE
      53
    - DDNS
      54
    - Ping server
      54
    - Administrative access
      54
    - MTU
      55
    - Log
      55
  - Configuring interfaces
    55
- Zone
  59
  - Zone settings
    60
- Management
  61
- DNS
  62
- Routing table (Transparent Mode)
  63
  - Routing table list
    63
  - Transparent mode route settings
    64
- VLAN overview
  64
  - FortiGate units and VLANs
    65
- VLANs in NAT/Route mode
  65
- VLANs in Transparent mode
  68
- FortiGate IPv6 support
  73
System DHCP
75
- Service
  75
  - DHCP service settings
    76
- Server
  77
  - DHCP server settings
    78
- Exclude range
  79
  - DHCP exclude range settings
    80
- IP/MAC binding
  80
  - DHCP IP/MAC binding settings
    81
- Dynamic IP
  81
System config
83
- System time
  83
- Options
  84
- HA
  86
  - HA configuration
    87
    - Standalone Mode
      88
    - High Availability
      88
    - Cluster Members
      88
    - Mode
      88
    - Group ID
      89
    - Unit Priority
      89
    - Override Master
      90
    - Password
      90
    - Schedule
      90
    - Priorities of Heartbeat Device
      91
    - Heartbeat device IP addresses
      92
    - Monitor priorities
      92
  - Configuring an HA cluster
    93
  - Managing an HA cluster
    96
- SNMP
  100
  - Configuring SNMP
    100
  - SNMP community
    101
  - FortiGate MIBs
    103
  - FortiGate traps
    104
  - Fortinet MIB fields
    106
- Replacement messages
  108
  - Replacement messages list
    109
  - Changing replacement messages
    110
- FortiManager
  111
System administration
113
- Administrators
  113
  - Administrators list
    114
  - Administrators options
    114
    - Using trusted hosts
      115
- Access profiles
  115
  - Access profile list
    116
  - Access profile options
    116
System maintenance
119
- Backup and restore
  119
  - Backing up and Restoring
    120
- Update center
  122
  - Updating antivirus and attack definitions
    124
  - Enabling push updates
    127
    - Push updates when FortiGate IP addresses change
      127
    - Enabling push updates through a NAT device
      128
- Support
  129
  - Sending a bug report
    130
  - Registering a FortiGate unit
    131
- Shutdown
  133
System virtual domain
135
- Virtual domain properties
  136
- Virtual domains
  138
- Configuring virtual domains
  140
Router
145
- Static
  145
  - Static route list
    147
  - Static route options
    148
- Policy
  149
  - Policy route list
    149
  - Policy route options
    150
- RIP
  150
  - General
    151
  - Networks list
    152
  - Networks options
    153
  - Interface list
    153
  - Interface options
    154
  - Distribute list
    155
  - Distribute list options
    156
  - Offset list
    157
  - Offset list options
    157
- Router objects
  158
  - Access list
    158
  - New access list
    158
  - New access list entry
    159
  - Prefix list
    159
  - New Prefix list
    160
  - New prefix list entry
    161
  - Route-map list
    161
  - New Route-map
    162
  - Route-map list entry
    163
  - Key chain list
    164
  - New key chain
    164
  - Key chain list entry
    165
- Monitor
  166
  - Routing monitor list
    166
- CLI configuration
  167
  - get router info ospf
    167
    - Command syntax
      167
    - Examples
      167
  - get router info protocols
    167
    - Command syntax
      167
  - get router info rip
    168
    - Command syntax
      168
    - Examples
      168
  - config router ospf
    168
    - Command syntax pattern
      168
    - Example
      170
    - config area
      171
    - config area command syntax pattern
      171
    - Example
      173
    - config filter-list
      174
    - config filter-list command syntax pattern
      174
    - Example
      175
    - config range
      175
    - config range command syntax pattern
      175
    - Example
      176
    - config virtual-link
      177
    - config virtual link command syntax pattern
      177
    - Example
      179
    - config distribute-list
      179
    - config distribute-list command syntax pattern
      180
    - Example
      180
    - config neighbor
      181
    - config neighbor command syntax pattern
      181
    - Example
      182
    - config network
      183
    - config network command syntax pattern
      183
    - Example
      183
    - config ospf-interface
      184
    - config ospf-interface command syntax pattern
      184
    - Example
      188
    - config redistribute
      188
    - config redistribute command syntax pattern
      189
    - Example
      189
    - config summary-address
      189
    - config summary-address command syntax pattern
      190
    - Example
      190
  - config router static6
    191
    - Command syntax pattern
      191
    - Example
      192
Firewall
193
- Policy
  194
  - How policy matching works
    194
  - Policy list
    194
  - Policy options
    195
  - Advanced policy options
    198
    - Authentication
      198
    - Traffic Shaping
      199
    - Differentiated Services
      199
    - Comments
      200
  - Configuring firewall policies
    200
  - Policy CLI configuration
    201
    - Command syntax pattern
      201
- Address
  202
  - Address list
    203
  - Address options
    203
  - Configuring addresses
    204
  - Address group list
    205
  - Address group options
    205
  - Configuring address groups
    206
- Service
  206
  - Predefined service list
    207
  - Custom service list
    210
  - Custom service options
    210
  - Configuring custom services
    212
  - Service group list
    213
  - Service group options
    213
  - Configuring service groups
    214
- Schedule
  214
  - One-time schedule list
    215
  - One-time schedule options
    215
  - Configuring one-time schedules
    216
  - Recurring schedule list
    216
  - Recurring schedule options
    217
  - Configuring recurring schedules
    217
- Virtual IP
  218
  - Virtual IP list
    219
  - Virtual IP options
    219
  - Configuring virtual IPs
    220
- IP pool
  222
  - IP pool list
    223
  - IP pool options
    223
  - Configuring IP pools
    224
  - IP Pools for firewall policies that use fixed ports
    224
  - IP pools and dynamic NAT
    225
- Protection profile
  225
  - Protection profile list
    226
  - Default protection profiles
    226
  - Protection profile options
    227
  - Configuring protection profiles
    231
  - CLI configuration
    232
    - profile
      233
    - Command syntax pattern
      233
Users and authentication
237
- Setting authentication timeout
  238
- Local
  238
  - Local user list
    238
  - Local user options
    238
- RADIUS
  239
  - RADIUS server list
    239
  - RADIUS server options
    240
- LDAP
  240
  - LDAP server list
    241
  - LDAP server options
    241
- User group
  243
  - User group list
    243
  - User group options
    244
- CLI configuration
  245
  - peer
    245
    - Command syntax pattern
      245
    - Example
      245
  - peergrp
    246
    - Command syntax pattern
      246
    - Example
      246
VPN
249
- Phase 1
  250
  - Phase 1 list
    250
  - Phase 1 basic settings
    251
  - Phase 1 advanced options
    252
  - Configuring XAuth
    253
- Phase 2
  254
  - Phase 2 list
    254
  - Phase 2 basic settings
    255
  - Phase 2 advanced options
    256
- Manual key
  257
  - Manual key list
    258
  - Manual key options
    258
- Concentrator
  259
  - Concentrator list
    259
  - Concentrator options
    260
- Ping Generator
  260
  - Ping generator options
    261
- Monitor
  261
  - Dialup monitor
    262
  - Static IP and dynamic DNS monitor
    262
- PPTP
  263
  - Setting up a PPTP-based VPN
    263
  - Enabling PPTP and specifying a PPTP range
    264
  - Configuring a Windows 2000 client for PPTP
    265
  - Configuring a Windows XP client for PPTP
    265
  - PPTP passthrough
    266
- L2TP
  267
  - Setting up a L2TP-based VPN
    268
  - Enabling L2TP and specifying an L2TP range
    268
  - Configuring a Windows 2000 client for L2TP
    269
  - Configuring a Windows XP client for L2TP
    270
- Certificates
  272
  - Viewing the certificate list
    273
  - Generating a certificate request
    273
  - Installing a signed certificate
    275
  - Enabling VPN access for specific certificate holders
    276
- CLI configuration
  277
  - ipsec phase1
    277
    - Command syntax pattern
      277
    - Example
      279
  - ipsec phase2
    279
    - Command syntax pattern
      279
    - Example
      280
  - ipsec vip
    280
    - Command syntax pattern
      280
    - Example
      281
- Authenticating peers with preshared keys
  282
- Gateway-to-gateway VPN
  282
- Dialup VPN
  283
- Dynamic DNS VPN
  283
- Manual key IPSec VPN
  284
- Adding firewall policies for IPSec VPN tunnels
  284
  - Setting the encryption policy direction
    284
  - Setting the source address for encrypted traffic
    284
  - Setting the destination address for encrypted traffic
    285
  - Adding an IPSec firewall encryption policy
    285
- Internet browsing through a VPN tunnel
  285
  - Configuring Internet browsing through a VPN tunnel
    286
- IPSec VPN in Transparent mode
  287
  - Special rules
    287
- Hub and spoke VPNs
  288
  - Configuring the hub
    288
    - Adding a VPN concentrator
      289
  - Configuring spokes
    290
- Redundant IPSec VPNs
  291
  - Configuring redundant IPSec VPNs
    291
- Configuring IPSec virtual IP addresses
  292
- Troubleshooting
  294
IPS
295
- Protection profile configuration
  295
- IPS updates and information
  295
- Signature
  296
  - Predefined
    296
  - Custom
    300
- Anomaly
  302
  - Anomaly list
    302
  - Configuring an anomaly
    303
  - Anomaly CLI configuration
    305
    - (config ips anomaly) config limit
      305
    - Command syntax pattern
      305
    - Example
      305
- Configuring IPS logging and alert email
  306
- Default fail open setting
  306
Antivirus
307
- Protection profile configuration
  308
- Order of antivirus operations
  308
- Virus list updates and information
  308
- File block
  308
  - File block list
    309
  - Configuring the file block list
    310
- Quarantine
  310
  - Quarantined files list
    310
  - Quarantined files list options
    311
  - AutoSubmit list
    312
  - AutoSubmit list options
    312
  - Configuring the AutoSubmit list
    312
  - Config
    313
- Config
  314
  - Virus list
    314
  - Config
    314
  - Grayware
    315
  - Grayware options
    315
- CLI configuration
  316
  - system global av_failopen
    316
    - Command syntax pattern
      317
    - Example
      317
  - system global optimize
    317
    - Command syntax pattern
      317
    - Example
      318
  - heuristic
    318
    - Command syntax pattern
      318
    - Example
      319
  - quarantine
    319
    - Command syntax pattern
      319
    - antivirus quarantine command keywords and variables
      320
  - service http
    320
    - Command syntax pattern
      320
    - Example
      320
  - service ftp
    321
    - Command syntax pattern
      321
    - Example
      321
  - service pop3
    322
    - Command syntax pattern
      322
    - Example
      322
  - service imap
    322
    - Command syntax pattern
      323
    - Example
      323
  - service smtp
    323
    - Command syntax pattern
      324
    - Example
      324
Web filter
325
- Protection profile configuration
  326
- Order of web filter operations
  326
- Content block
  326
- URL block
  328
  - Web URL block list
    329
  - Web URL block options
    329
  - Configuring the web URL block list
    329
  - Web pattern block list
    330
  - Web pattern block options
    331
  - Configuring web pattern block
    331
- URL exempt
  331
  - URL exempt list
    332
  - URL exempt list options
    332
  - Configuring URL exempt
    332
- Category block
  333
  - FortiGuard managed web filtering service
    333
    - FortiGuard categories and ratings
      333
    - FortiGuard Service Points
      333
    - FortiGuard licensing
      334
    - FortiGuard configuration
      334
  - Category block configuration options
    334
  - Configuring web category block
    335
  - Category block reports
    335
  - Category block reports options
    336
  - Generating a category block report
    336
  - Category block CLI configuration
    336
    - Command syntax pattern
      337
    - Example
      337
- Script filter
  337
  - Web script filter options
    338
Spam filter
339
- Protection profile configuration
  340
- Order of spam filter operations
  341
- FortiShield IP address black list and spam filter
  341
- IP address
  342
  - IP address list
    342
  - IP address options
    342
  - Configuring the IP address list
    342
- RBL & ORDBL
  343
  - RBL & ORDBL list
    344
  - RBL & ORDBL options
    344
  - Configuring the RBL & ORDBL list
    344
- Email address
  345
  - Email address list
    345
  - Email address options
    345
  - Configuring the email address list
    345
- MIME headers
  346
  - MIME headers list
    347
  - MIME headers options
    347
  - Configuring the MIME headers list
    347
- Banned word
  348
  - Banned word list
    348
  - Banned word options
    349
  - Configuring the banned word list
    350
- Using Perl regular expressions
  350
  - Regular expression vs. wildcard match pattern
    350
  - Word boundary
    351
  - Case sensitivity
    351
  - Examples
    352
Log & Report
353
- Log config
  354
  - Log Setting options
    354
    - FortiLog settings
      355
    - Disk settings
      356
    - Memory settings
      357
    - Syslog settings
      357
    - WebTrends settings
      357
  - Alert E-mail options
    358
  - Log filter options
    359
    - Traffic log
      360
    - Event log
      360
    - Anti-virus log
      361
    - Web filter log
      361
    - Attack log
      362
    - Spam filter log
      362
  - Configuring log filters
    362
  - Enabling traffic logging
    362
- Log access
  364
  - Disk log file access
    364
  - Viewing log messages
    365
    - Choosing columns
      366
  - Searching log messages
    368
- CLI configuration
  369
  - fortilog setting
    369
    - Command syntax pattern
      369
    - Example
      370
  - syslogd setting
    370
    - Command syntax pattern
      370
    - Example
      372
FortiGuard categories
373
FortiGate maximum values
379
Glossary
383
Index
387

Size:

4.87 MB
Pages:

394
Language:

English

Quick Setup Guide

Quick Setup Guide

Size:

800 KB
Pages:

2
Language:

English

User Guide

Size:

502 KB
Pages:

2
Language:

English