Fortinet FortiGate-5000 User Manuals

Fortinet

User Manual (English)User Guide (English)User Guide (English)User Guide (English)Hardware Manual (English)

User Manual

Table of Contents

Contents
3
Introduction
7
FortiGate-5140-R chassis
15
FortiGate-5140 chassis
19
FortiGate-5050-R chassis
23
FortiGate-5050 chassis
27
FortiGate-5020 chassis
31
FortiGate-5001A security system
33
- Front panel LEDs and connectors
  34
  - LEDs
    35
  - Connectors
    36
- Base backplane communication
  36
- Fabric backplane communication
  36
  - FortiGate-RTM-XB2
    37
- AMC modules
  37
FortiGate-RTM-XB2 system
39
- Front panel LED
  40
- Fabric backplane 10-gigabit communication
  40
FortiGate-5005FA2 security system
41
FortiGate-5001FA2-LENC security system
45
FortiGate-5001SX security system
49
- Front panel LEDs and connectors
  50
  - LEDs
    50
  - Connectors
    51
- Base backplane gigabit interfaces
  51
FortiSwitch-5003A system
53
- Front panel LEDs and connectors
  54
  - LEDs
    55
  - Base channel interfaces
    56
  - Fabric channel interfaces
    57
  - Front panel connectors
    58
- FortiSwitch-5003A configurations
  58
FortiSwitch-5003 system
61
- Front panel LEDs and connectors
  61
  - LEDs
    62
  - About the ZRE network activity LEDs
    63
  - Connectors
    64
- Base backplane communications
  64
The FortiGate-5005-DIST security system
67
FortiController-5208 system
73
- Front panel LEDs and connectors
  74
  - LEDs
    74
  - Connectors
    75
- Backplane gigabit interfaces
  76

Size:

9.78 MB
Pages:

77
Language:

English

User Guide

Table of Contents

Table of Contents
3
Introduction
13
- About FortiGate Antivirus Firewalls
  13
  - Antivirus protection
    14
  - Web content filtering
    15
  - Spam filtering
    15
  - Firewall
    16
    - NAT/Route mode
      16
    - Transparent mode
      16
  - VLANs and virtual domains
    17
  - Intrusion Prevention System (IPS)
    17
  - VPN
    17
  - High availability
    18
  - Secure installation, configuration, and management
    19
    - Web-based manager
      19
    - Command line interface
      19
    - Logging and reporting
      20
- Document conventions
  20
- FortiGate documentation
  21
  - Fortinet Knowledge Center
    22
  - Comments on Fortinet technical documentation
    22
- Related documentation
  22
- Customer service and technical support
  24
Web-based manager
25
- Button bar features
  26
  - Contact Customer Support
    26
  - Online Help
    27
  - Easy Setup Wizard
    27
  - Console Access
    28
  - Logout
    28
- Web-based manager pages
  29
  - Web-based manager menu
    29
  - Lists
    30
  - Icons
    30
  - Status bar
    31
- Organization of this manual
  32
System Status
33
- Status
  33
  - Viewing system status
    34
    - System status
      34
    - Unit Information
      34
    - Recent Virus Detections
      35
    - Content Summary
      35
    - Interface Status
      35
    - System Resources
      36
    - History
      36
    - Recent Intrusion Detections
      37
  - Changing unit information
    37
- Session list
  39
- Changing the FortiGate firmware
  40
System Network
55
- Interface
  55
  - Interface settings
    56
    - Name
      57
    - Interface
      57
    - VLAN ID
      57
    - Virtual Domain
      58
    - Addressing mode
      58
    - Manual
      58
    - DHCP
      58
    - PPPoE
      59
    - DDNS
      60
    - Ping server
      60
    - Administrative access
      60
    - MTU
      61
    - Log
      61
  - Configuring interfaces
    61
- Zone
  66
  - Zone settings
    66
- Management
  67
- DNS
  68
- Routing table (Transparent Mode)
  69
  - Routing table list
    69
  - Transparent mode route settings
    70
- VLAN overview
  70
  - FortiGate units and VLANs
    71
- VLANs in NAT/Route mode
  71
- VLANs in Transparent mode
  74
- FortiGate IPv6 support
  78
System DHCP
79
- Service
  79
  - DHCP service settings
    80
- Server
  81
  - DHCP server settings
    82
- Exclude range
  83
  - DHCP exclude range settings
    84
- IP/MAC binding
  84
  - DHCP IP/MAC binding settings
    85
- Dynamic IP
  85
System Config
87
- System time
  87
- Options
  88
- HA
  90
  - HA overview
    90
  - HA configuration
    92
    - Standalone Mode
      93
    - High Availability
      93
    - Cluster Members
      93
    - Mode
      93
    - Group ID
      94
    - Unit Priority
      94
    - Override Master
      95
    - Password
      95
    - Schedule
      95
    - Priorities of Heartbeat Device
      96
    - Heartbeat device IP addresses
      97
    - Monitor priorities
      98
  - Configuring an HA cluster
    98
  - Managing an HA cluster
    102
- SNMP
  105
  - Configuring SNMP
    106
  - SNMP community
    107
  - FortiGate MIBs
    109
  - FortiGate traps
    110
  - Fortinet MIB fields
    112
- Replacement messages
  114
  - Replacement messages list
    115
  - Changing replacement messages
    116
- FortiManager
  117
System Admin
119
- Administrators
  121
  - Administrators list
    121
  - Administrators options
    121
    - Using trusted hosts
      122
- Access profiles
  123
  - Access profile list
    123
  - Access profile options
    124
System Maintenance
125
- Backup and restore
  125
  - Backing up and Restoring
    126
- Update center
  128
  - Updating antivirus and attack definitions
    130
  - Enabling push updates
    133
    - Push updates when FortiGate IP addresses change
      133
    - Enabling push updates through a NAT device
      134
- Support
  135
  - Sending a bug report
    136
  - Registering a FortiGate unit
    137
- Shutdown
  139
System Virtual Domain
141
- Virtual domain properties
  142
- Virtual domains
  144
- Configuring virtual domains
  146
Router
151
- Static
  151
  - Static route list
    153
  - Static route options
    154
- Policy
  155
  - Policy route list
    155
  - Policy route options
    156
- RIP
  156
  - General
    157
  - Networks list
    158
  - Networks options
    159
  - Interface list
    159
  - Interface options
    160
  - Distribute list
    161
  - Distribute list options
    162
  - Offset list
    163
  - Offset list options
    163
- Router objects
  164
  - Access list
    164
  - New access list
    165
  - New access list entry
    165
  - Prefix list
    166
  - New Prefix list
    166
  - New prefix list entry
    167
  - Route-map list
    167
  - New Route-map
    168
  - Route-map list entry
    169
  - Key chain list
    170
  - New key chain
    170
  - Key chain list entry
    171
- Monitor
  172
  - Routing monitor list
    172
- CLI configuration
  173
  - get router info ospf
    173
    - Command syntax
      173
    - Examples
      173
  - get router info protocols
    173
    - Command syntax
      173
  - get router info rip
    174
    - Command syntax
      174
    - Examples
      174
  - config router ospf
    174
    - Command syntax pattern
      174
    - Example
      176
    - config area
      177
    - config area command syntax pattern
      177
    - Example
      179
    - config filter-list
      180
    - config filter-list command syntax pattern
      180
    - Example
      181
    - config range
      181
    - config range command syntax pattern
      181
    - Example
      182
    - config virtual-link
      183
    - config virtual link command syntax pattern
      183
    - Example
      185
    - config distribute-list
      186
    - config distribute-list command syntax pattern
      186
    - Example
      187
    - config neighbor
      187
    - config neighbor command syntax pattern
      187
    - Example
      188
    - config network
      189
    - config network command syntax pattern
      189
    - Example
      190
    - config ospf-interface
      190
    - config ospf-interface command syntax pattern
      190
    - Example
      194
    - config redistribute
      195
    - config redistribute command syntax pattern
      195
    - Example
      195
    - config summary-address
      196
    - config summary-address command syntax pattern
      196
    - Example
      197
  - config router static6
    197
    - Command syntax pattern
      197
    - Example
      198
Firewall
199
- Policy
  200
  - How policy matching works
    200
  - Policy list
    200
  - Policy options
    202
    - Interface / Zone
      202
    - Address Name
      202
    - Schedule
      203
    - Service
      203
    - Action
      203
    - VPN Tunnel
      203
    - NAT
      203
    - Protection Profile
      204
    - Log Traffic
      204
    - Advanced
      204
  - Advanced policy options
    204
    - Authentication
      205
    - Traffic Shaping
      206
    - Differentiated Services
      206
    - Comments
      207
  - Configuring firewall policies
    207
  - Policy CLI configuration
    208
    - Command syntax pattern
      208
- Address
  209
  - Address list
    210
  - Address options
    210
  - Configuring addresses
    211
  - Address group list
    212
  - Address group options
    212
  - Configuring address groups
    213
- Service
  213
  - Predefined service list
    214
  - Custom service list
    217
  - Custom service options
    217
  - Configuring custom services
    219
  - Service group list
    220
  - Service group options
    220
  - Configuring service groups
    221
- Schedule
  221
  - One-time schedule list
    222
  - One-time schedule options
    222
  - Configuring one-time schedules
    223
  - Recurring schedule list
    223
  - Recurring schedule options
    224
  - Configuring recurring schedules
    224
- Virtual IP
  225
  - Virtual IP list
    226
  - Virtual IP options
    226
  - Configuring virtual IPs
    227
- IP pool
  229
  - IP pool list
    230
  - IP pool options
    230
  - Configuring IP pools
    231
  - IP Pools for firewall policies that use fixed ports
    231
  - IP pools and dynamic NAT
    232
- Protection profile
  232
User
243
- Setting authentication timeout
  244
- Local
  244
  - Local user list
    244
  - Local user options
    244
- RADIUS
  245
  - RADIUS server list
    245
  - RADIUS server options
    246
- LDAP
  246
  - LDAP server list
    247
  - LDAP server options
    247
- User group
  249
  - User group list
    249
  - User group options
    250
- CLI configuration
  251
  - peer
    251
    - Command syntax pattern
      251
    - Example
      252
  - peergrp
    252
    - Command syntax pattern
      252
    - Example
      253
VPN
255
- Phase 1
  256
  - Phase 1 list
    256
  - Phase 1 basic settings
    257
  - Phase 1 advanced settings
    259
- Phase 2
  260
  - Phase 2 list
    261
  - Phase 2 basic settings
    261
  - Phase 2 advanced options
    262
- Manual key
  263
  - Manual key list
    264
  - Manual key options
    264
- Concentrator
  266
  - Concentrator list
    266
  - Concentrator options
    267
- Ping Generator
  267
  - Ping generator options
    268
- Monitor
  268
  - Dialup monitor
    269
  - Static IP and dynamic DNS monitor
    269
- PPTP
  270
  - PPTP range
    270
- L2TP
  271
  - L2TP range
    271
- Certificates
  272
  - Local certificate list
    272
  - Certificate request
    273
  - Importing signed certificates
    274
  - CA certificate list
    275
  - Importing CA certificates
    275
- VPN configuration procedures
  276
- CLI configuration
  279
  - ipsec phase1
    279
    - Command syntax pattern
      279
    - Example
      280
  - ipsec phase2
    281
    - Command syntax pattern
      281
  - ipsec vip
    281
    - Command syntax pattern
      282
    - Example
      282
    - Configuring IPSec virtual IP addresses
      283
IPS
285
- Protection profile configuration
  285
- IPS updates and information
  285
- Signature
  286
  - Predefined
    286
  - Custom
    290
- Anomaly
  292
  - Anomaly list
    292
  - Configuring an anomaly
    293
  - Anomaly CLI configuration
    295
    - (config ips anomaly) config limit
      295
    - Command syntax pattern
      295
    - Example
      295
- Configuring IPS logging and alert email
  296
- Default fail open setting
  296
Antivirus
297
- Protection profile configuration
  297
- Order of antivirus operations
  298
- Virus list updates and information
  298
- File block
  298
  - File block list
    299
  - Configuring the file block list
    300
- Quarantine
  300
  - Quarantined files list
    300
  - Quarantined files list options
    301
  - AutoSubmit list
    302
  - AutoSubmit list options
    302
  - Configuring the AutoSubmit list
    302
  - Config
    303
- Config
  304
  - Virus list
    304
  - Config
    304
  - Grayware
    305
  - Grayware options
    305
- CLI configuration
  307
  - system global av_failopen
    307
    - Command syntax pattern
      307
    - Example
      307
  - system global optimize
    308
    - Command syntax pattern
      308
    - Example
      308
  - config antivirus heuristic
    308
    - Command syntax pattern
      308
    - Example
      309
  - config antivirus quarantine
    309
    - Command syntax pattern
      309
    - antivirus quarantine command keywords and variables
      310
  - config antivirus service http
    310
    - Command syntax pattern
      310
    - How file size limits work
      311
    - Example
      311
  - config antivirus service ftp
    311
    - Command syntax pattern
      312
    - How file size limits work
      312
    - Example
      313
  - config antivirus service pop3
    313
    - Command syntax pattern
      313
    - How file size limits work
      314
    - Example
      314
  - config antivirus service imap
    315
    - Command syntax pattern
      315
    - How file size limits work
      315
    - Example
      316
  - config antivirus service smtp
    316
    - Command syntax pattern
      316
    - How file size limits work
      317
    - Example
      317
Web filter
319
- Protection profile configuration
  320
- Order of web filter operations
  320
- Content block
  321
- URL block
  322
  - Web URL block list
    323
  - Web URL block options
    323
  - Configuring the web URL block list
    324
  - Web pattern block list
    324
  - Web pattern block options
    325
  - Configuring web pattern block
    325
- URL exempt
  325
  - URL exempt list
    326
  - URL exempt list options
    326
  - Configuring URL exempt
    326
- Category block
  327
  - FortiGuard managed web filtering service
    327
    - FortiGuard categories and ratings
      327
    - FortiGuard Service Points
      327
    - FortiGuard licensing
      328
    - FortiGuard configuration
      328
  - Category block configuration options
    328
  - Configuring web category block
    329
  - Category block reports
    329
  - Category block reports options
    330
  - Generating a category block report
    330
  - Category block CLI configuration
    330
    - Command syntax pattern
      331
    - Example
      331
- Script filter
  331
  - Web script filter options
    332
Spam filter
333
- Protection profile configuration
  334
- Order of spam filter operations
  335
- FortiShield
  335
  - FortiShield Spam filtering
    335
    - FortiShield Service Points
      336
    - FortiShield licensing
      336
    - FortiShield configuration
      336
  - FortiShield options
    337
  - Configuring the FortiShield cache
    337
  - FortiShield CLI configuration
    338
    - Command syntax pattern
      338
    - Example
      338
- IP address
  339
  - IP address list
    339
  - IP address options
    339
  - Configuring the IP address list
    339
- DNSBL & ORDBL
  340
  - DNSBL & ORDBL list
    341
  - DNSBL & ORDBL options
    341
  - Configuring the DNSBL & ORDBL list
    341
- Email address
  342
  - Email address list
    342
  - Email address options
    342
  - Configuring the email address list
    342
- MIME headers
  343
  - MIME headers list
    344
  - MIME headers options
    344
  - Configuring the MIME headers list
    345
- Banned word
  345
  - Banned word list
    346
  - Banned word options
    346
  - Configuring the banned word list
    347
- Using Perl regular expressions
  347
  - Regular expression vs. wildcard match pattern
    348
  - Word boundary
    348
  - Case sensitivity
    348
  - Examples
    349
Log & Report
351
- Log config
  352
  - Log Setting options
    352
    - FortiLog settings
      353
    - Disk settings
      354
    - Memory settings
      355
    - Syslog settings
      355
    - WebTrends settings
      355
  - Alert E-mail options
    356
  - Log filter options
    357
    - Traffic log
      358
    - Event log
      358
    - Anti-virus log
      359
    - Web filter log
      359
    - Attack log
      359
    - Spam filter log
      360
  - Configuring log filters
    360
  - Enabling traffic logging
    360
- Log access
  361
  - Disk log file access
    361
  - Viewing log messages
    362
    - Choosing columns
      363
  - Searching log messages
    365
- CLI configuration
  366
  - fortilog setting
    366
    - Command syntax pattern
      366
    - Example
      367
  - syslogd setting
    367
    - Command syntax pattern
      367
    - Example
      369
FortiGuard categories
371
Glossary
377
Index
383

Size:

6.25 MB
Pages:

402
Language:

English

User Guide

Table of Contents

Size:

4.03 MB
Pages:

47
Language:

English

User Guide

Table of Contents

Size:

5 MB
Pages:

57
Language:

English

Hardware Manual

Table of Contents

Hardware Manual

Size:

2 MB
Pages:

37
Language:

English