User ManualTable of ContentsContents3Introduction7Revision history7About the FortiGate-5000 series chassis8FortiGate-5140 chassis8FortiGate-5050 chassis8FortiGate-5020 chassis9About the FortiGate-5000 series boards9FortiGate-5001A security system9FortiGate-RTM-XB2 module10FortiGate-5005FA2 security system10FortiGate-5001FA2 security system10FortiGate-5001SX security system10FortiSwitch-5003A system10FortiSwitch-5003 system11FortiGate-5005-DIST security system11FortiController-5208 system11Warnings and cautions11About Data Center DC power13Fortinet documentation13Fortinet Tools and Documentation CD13Fortinet Knowledge Center13Comments on Fortinet technical documentation13Customer service and technical support13Register your Fortinet product14FortiGate-5140-R chassis15FortiGate-5140 chassis front panel16FortiGate-5140 chassis back panel17Physical description of the FortiGate-5140 chassis18FortiGate-5140 chassis19FortiGate-5140 chassis front panel19FortiGate-5140 chassis back panel20Physical description of the FortiGate-5140 chassis22FortiGate-5050-R chassis23FortiGate-5050 front panel24FortiGate-5050 back panel25Physical description of the FortiGate-5050 chassis26FortiGate-5050 chassis27FortiGate-5050 front panel28FortiGate-5050 back panel28Physical description of the FortiGate-5050 chassis29FortiGate-5020 chassis31FortiGate-5020 front panel31FortiGate-5020 back panel32Physical description of the FortiGate-5020 chassis32FortiGate-5001A security system33Front panel LEDs and connectors34LEDs35Connectors36Base backplane communication36Fabric backplane communication36FortiGate-RTM-XB237AMC modules37FortiGate-RTM-XB2 system39Front panel LED40Fabric backplane 10-gigabit communication40FortiGate-5005FA2 security system41Front panel LEDs and connectors42LEDs42Connectors43Accelerated packet forwarding and policy enforcement43FA2 interfaces and active-active HA performance44Base backplane gigabit communication44FortiGate-5005-DIST security system44FortiGate-5001FA2-LENC security system45Front panel LEDs and connectors46LEDs46Connectors47Accelerated packet forwarding and policy enforcement47FA2 interfaces and active-active HA performance48Base backplane gigabit communication48FortiGate-5001SX security system49Front panel LEDs and connectors50LEDs50Connectors51Base backplane gigabit interfaces51FortiSwitch-5003A system53Front panel LEDs and connectors54LEDs55Base channel interfaces56Fabric channel interfaces57Front panel connectors58FortiSwitch-5003A configurations58Base and fabric gigabit switching within a chassis58Fabric 10-gigabit switching within a chassis59Layer-2 link aggregation and redundancy configurations60FortiSwitch-5003 system61Front panel LEDs and connectors61LEDs62About the ZRE network activity LEDs63Connectors64Base backplane communications64The FortiGate-5005-DIST security system67Basic FortiGate security system configuration67FortiController-5208 I/O boards68FortiGate-5005FA2 worker boards69FortiGate-5005-DIST security system chassis70FortiGate-5140 chassis70FortiGate-5050 chassis71FortiGate-5005-DIST interface names71FortiController-5208 system73Front panel LEDs and connectors74LEDs74Connectors75Backplane gigabit interfaces76Size: 9.78 MBPages: 77Language: EnglishOpen manual
User GuideTable of ContentsTable of Contents3Introduction13About FortiGate Antivirus Firewalls13Antivirus protection14Web content filtering15Spam filtering15Firewall16NAT/Route mode16Transparent mode16VLANs and virtual domains17Intrusion Prevention System (IPS)17VPN17High availability18Secure installation, configuration, and management19Web-based manager19Command line interface19Logging and reporting20Document conventions20FortiGate documentation21Fortinet Knowledge Center22Comments on Fortinet technical documentation22Related documentation22FortiManager documentation22FortiClient documentation23FortiMail documentation23FortiLog documentation23Customer service and technical support24Web-based manager25Button bar features26Contact Customer Support26Online Help27Easy Setup Wizard27Console Access28Logout28Web-based manager pages29Web-based manager menu29Lists30Icons30Status bar31Organization of this manual32System Status33Status33Viewing system status34System status34Unit Information34Recent Virus Detections35Content Summary35Interface Status35System Resources36History36Recent Intrusion Detections37Changing unit information37Session list39Changing the FortiGate firmware40Upgrading to a new firmware version41Upgrading the firmware using the web-based manager41Upgrading the firmware using the CLI42Reverting to a previous firmware version43Reverting to a previous firmware version using the web-based manager43Reverting to a previous firmware version using the CLI44Installing firmware images from a system reboot using the CLI45Restoring the previous configuration48Testing a new firmware image before installing it48Installing and using a backup firmware image51Installing a backup firmware image51Switching to the backup firmware image52Switching back to the default firmware image53System Network55Interface55Interface settings56Name57Interface57VLAN ID57Virtual Domain58Addressing mode58Manual58DHCP58PPPoE59DDNS60Ping server60Administrative access60MTU61Log61Configuring interfaces61Zone66Zone settings66Management67DNS68Routing table (Transparent Mode)69Routing table list69Transparent mode route settings70VLAN overview70FortiGate units and VLANs71VLANs in NAT/Route mode71Rules for VLAN IDs72Rules for VLAN IP addresses72Adding VLAN subinterfaces73VLANs in Transparent mode74Rules for VLAN IDs76Transparent mode virtual domains and VLANs76Transparent mode VLAN list76Transparent mode VLAN settings76FortiGate IPv6 support78System DHCP79Service79DHCP service settings80Server81DHCP server settings82Exclude range83DHCP exclude range settings84IP/MAC binding84DHCP IP/MAC binding settings85Dynamic IP85System Config87System time87Options88HA90HA overview90The FortiGate Clustering Protocol (FGCP)91HA modes91FortiGate HA compatibility with DHCP and PPPoE92HA configuration92Standalone Mode93High Availability93Cluster Members93Mode93Group ID94Unit Priority94Override Master95Password95Schedule95Priorities of Heartbeat Device96Heartbeat device IP addresses97Monitor priorities98Configuring an HA cluster98Managing an HA cluster102SNMP105Configuring SNMP106SNMP community107FortiGate MIBs109FortiGate traps110Fortinet MIB fields112Replacement messages114Replacement messages list115Changing replacement messages116FortiManager117System Admin119Administrators121Administrators list121Administrators options121Using trusted hosts122Access profiles123Access profile list123Access profile options124System Maintenance125Backup and restore125Backing up and Restoring126Update center128Updating antivirus and attack definitions130Enabling push updates133Push updates when FortiGate IP addresses change133Enabling push updates through a NAT device134Support135Sending a bug report136Registering a FortiGate unit137Shutdown139System Virtual Domain141Virtual domain properties142Exclusive virtual domain properties142Shared configuration settings143Administration and management144Virtual domains144Adding a virtual domain145Selecting a virtual domain145Selecting a management virtual domain145Configuring virtual domains146Adding interfaces, VLAN subinterfaces, and zones to a virtual domain146Configuring routing for a virtual domain148Configuring firewall policies for a virtual domain148Configuring IPSec VPN for a virtual domain150Router151Static151Static route list153Static route options154Policy155Policy route list155Policy route options156RIP156General157Networks list158Networks options159Interface list159Interface options160Distribute list161Distribute list options162Offset list163Offset list options163Router objects164Access list164New access list165New access list entry165Prefix list166New Prefix list166New prefix list entry167Route-map list167New Route-map168Route-map list entry169Key chain list170New key chain170Key chain list entry171Monitor172Routing monitor list172CLI configuration173get router info ospf173Command syntax173Examples173get router info protocols173Command syntax173get router info rip174Command syntax174Examples174config router ospf174Command syntax pattern174Example176config area177config area command syntax pattern177Example179config filter-list180config filter-list command syntax pattern180Example181config range181config range command syntax pattern181Example182config virtual-link183config virtual link command syntax pattern183Example185config distribute-list186config distribute-list command syntax pattern186Example187config neighbor187config neighbor command syntax pattern187Example188config network189config network command syntax pattern189Example190config ospf-interface190config ospf-interface command syntax pattern190Example194config redistribute195config redistribute command syntax pattern195Example195config summary-address196config summary-address command syntax pattern196Example197config router static6197Command syntax pattern197Example198Firewall199Policy200How policy matching works200Policy list200Policy options202Interface / Zone202Address Name202Schedule203Service203Action203VPN Tunnel203NAT203Protection Profile204Log Traffic204Advanced204Advanced policy options204Authentication205Traffic Shaping206Differentiated Services206Comments207Configuring firewall policies207Policy CLI configuration208Command syntax pattern208Address209Address list210Address options210Configuring addresses211Address group list212Address group options212Configuring address groups213Service213Predefined service list214Custom service list217Custom service options217TCP and UDP custom service options218ICMP custom service options218IP custom service options218Configuring custom services219Service group list220Service group options220Configuring service groups221Schedule221One-time schedule list222One-time schedule options222Configuring one-time schedules223Recurring schedule list223Recurring schedule options224Configuring recurring schedules224Virtual IP225Virtual IP list226Virtual IP options226Configuring virtual IPs227IP pool229IP pool list230IP pool options230Configuring IP pools231IP Pools for firewall policies that use fixed ports231IP pools and dynamic NAT232Protection profile232Protection profile list233Default protection profiles233Protection profile options234Configuring antivirus options234Configuring web filtering options235Configuring web category filtering options236Configuring spam filtering options237Configuring IPS options238Configuring content archive options238Configuring protection profiles239Profile CLI configuration240Command syntax pattern240User243Setting authentication timeout244Local244Local user list244Local user options244RADIUS245RADIUS server list245RADIUS server options246LDAP246LDAP server list247LDAP server options247User group249User group list249User group options250CLI configuration251peer251Command syntax pattern251Example252peergrp252Command syntax pattern252Example253VPN255Phase 1256Phase 1 list256Phase 1 basic settings257Phase 1 advanced settings259Phase 2260Phase 2 list261Phase 2 basic settings261Phase 2 advanced options262Manual key263Manual key list264Manual key options264Concentrator266Concentrator list266Concentrator options267Ping Generator267Ping generator options268Monitor268Dialup monitor269Static IP and dynamic DNS monitor269PPTP270PPTP range270L2TP271L2TP range271Certificates272Local certificate list272Certificate request273Importing signed certificates274CA certificate list275Importing CA certificates275VPN configuration procedures276IPSec configuration procedures276Adding firewall policies for IPSec VPN tunnels276PPTP configuration procedures278L2TP configuration procedures278CLI configuration279ipsec phase1279Command syntax pattern279Example280ipsec phase2281Command syntax pattern281ipsec vip281Command syntax pattern282Example282Configuring IPSec virtual IP addresses283IPS285Protection profile configuration285IPS updates and information285Signature286Predefined286Predefined signature list287Configuring predefined signatures288Configuring parameters for dissector signatures289Custom290Custom signature list290Adding custom signatures291Backing up and restoring custom signature files291Anomaly292Anomaly list292Configuring an anomaly293Anomaly CLI configuration295(config ips anomaly) config limit295Command syntax pattern295Example295Configuring IPS logging and alert email296Default fail open setting296Antivirus297Protection profile configuration297Order of antivirus operations298Virus list updates and information298File block298File block list299Configuring the file block list300Quarantine300Quarantined files list300Quarantined files list options301AutoSubmit list302AutoSubmit list options302Configuring the AutoSubmit list302Config303Config304Virus list304Config304Grayware305Grayware options305CLI configuration307system global av_failopen307Command syntax pattern307Example307system global optimize308Command syntax pattern308Example308config antivirus heuristic308Command syntax pattern308Example309config antivirus quarantine309Command syntax pattern309antivirus quarantine command keywords and variables310config antivirus service http310Command syntax pattern310How file size limits work311Example311config antivirus service ftp311Command syntax pattern312How file size limits work312Example313config antivirus service pop3313Command syntax pattern313How file size limits work314Example314config antivirus service imap315Command syntax pattern315How file size limits work315Example316config antivirus service smtp316Command syntax pattern316How file size limits work317Example317Web filter319Protection profile configuration320Order of web filter operations320Content block321Web content block list321Web content block options321Configuring the web content block list322URL block322Web URL block list323Web URL block options323Configuring the web URL block list324Web pattern block list324Web pattern block options325Configuring web pattern block325URL exempt325URL exempt list326URL exempt list options326Configuring URL exempt326Category block327FortiGuard managed web filtering service327FortiGuard categories and ratings327FortiGuard Service Points327FortiGuard licensing328FortiGuard configuration328Category block configuration options328Configuring web category block329Category block reports329Category block reports options330Generating a category block report330Category block CLI configuration330Command syntax pattern331Example331Script filter331Web script filter options332Spam filter333Protection profile configuration334Order of spam filter operations335FortiShield335FortiShield Spam filtering335FortiShield Service Points336FortiShield licensing336FortiShield configuration336FortiShield options337Configuring the FortiShield cache337FortiShield CLI configuration338Command syntax pattern338Example338IP address339IP address list339IP address options339Configuring the IP address list339DNSBL & ORDBL340DNSBL & ORDBL list341DNSBL & ORDBL options341Configuring the DNSBL & ORDBL list341Email address342Email address list342Email address options342Configuring the email address list342MIME headers343MIME headers list344MIME headers options344Configuring the MIME headers list345Banned word345Banned word list346Banned word options346Configuring the banned word list347Using Perl regular expressions347Regular expression vs. wildcard match pattern348Word boundary348Case sensitivity348Examples349Log & Report351Log config352Log Setting options352FortiLog settings353Disk settings354Memory settings355Syslog settings355WebTrends settings355Alert E-mail options356Log filter options357Traffic log358Event log358Anti-virus log359Web filter log359Attack log359Spam filter log360Configuring log filters360Enabling traffic logging360Log access361Disk log file access361Viewing log messages362Choosing columns363Searching log messages365CLI configuration366fortilog setting366Command syntax pattern366Example367syslogd setting367Command syntax pattern367Example369FortiGuard categories371Glossary377Index383Size: 6.25 MBPages: 402Language: EnglishOpen manual
User GuideTable of ContentsContents3Introduction5Warnings and cautions5About this document7Fortinet documentation7Fortinet Tools and Documentation CD7Fortinet Knowledge Center7Comments on Fortinet technical documentation7Customer service and technical support7FortiGate-5140 base backplane communication9HA configurations10Two FortiSwitch modules per chassis11Separating HA clusters by channel12Heartbeat failover between channels12One FortiSwitch module per chassis15Choosing the slot position20Slot position and HA heartbeat interface precedence20Network configurations21Connecting FortiGate modules to each other22Connecting FortiGate modules to the network22FortiGate-5050 base backplane communication23HA configurations24Two FortiSwitch modules per chassis25Separating HA clusters by channel26Heartbeat failover between channels26One FortiSwitch module per chassis29Choosing the slot position34Slot position and HA heartbeat interface precedence34Network configurations35Connecting FortiGate modules to each other36Connecting FortiGate modules to the network36FortiGate-5020 base backplane communication37HA configurations37Heartbeat failover between channels38Inter-chassis HA configurations41Network configurations43Index45Size: 4.03 MBPages: 47Language: EnglishOpen manual
User GuideTable of ContentsContents3Introduction7Revision history7About the FortiGate-5000 series chassis8FortiGate-5140 chassis8FortiGate-5050 chassis8FortiGate-5020 chassis8About the FortiGate-5000 series boards9FortiGate-5001A board9FortiGate-5005FA2 board9FortiGate-5001SX board9FortiGate-5001FA2 board10FortiGate-5005-DIST security system10FortiController-5208 board10FortiSwitch-5003 board11Warnings and cautions11About Data Center DC power12Fortinet documentation12Fortinet Tools and Documentation CD12Fortinet Knowledge Center13Comments on Fortinet technical documentation13Customer service and technical support13Register your Fortinet product13FortiGate-5140 chassis15FortiGate-5140 chassis front panel15FortiGate-5140 chassis back panel17Physical description of the FortiGate-5140 chassis18FortiGate-5050 chassis19FortiGate-5050 front panel20FortiGate-5050 back panel21Physical description of the FortiGate-5050 chassis22FortiGate-5020 chassis23FortiGate-5020 front panel23FortiGate-5020 back panel24Physical description of the FortiGate-5020 chassis24FortiGate-5001A security system25Front panel LEDs and connectors26LEDs26Connectors27Base backplane gigabit communication28Fabric backplane gigabit communication28AMC modules28FortiGate-5005FA2 security system29Front panel LEDs and connectors30LEDs30Connectors31Accelerated packet forwarding and policy enforcement31FA2 interfaces and active-active HA performance32Base backplane gigabit communication32FortiGate-5005-DIST security system32FortiGate-5001SX security system33Front panel LEDs and connectors34LEDs34Connectors35Base backplane gigabit interfaces35FortiGate-5001FA2 security system37Front panel LEDs and connectors38LEDs38Connectors39Accelerated packet forwarding and policy enforcement39FA2 interfaces and active-active HA performance40Base backplane gigabit communication40The FortiGate-5005-DIST security system41Basic FortiGate security system configuration41FortiController-5208 I/O boards42FortiGate-5005FA2 worker boards43FortiGate-5005-DIST security system chassis44FortiGate-5140 chassis44FortiGate-5050 chassis45FortiGate-5005-DIST interface names45FortiController-5208 board47Front panel LEDs and connectors48LEDs48Connectors49Backplane gigabit interfaces50FortiSwitch-5003 board51Front panel LEDs and connectors51LEDs52About the ZRE network activity LEDs53Connectors54Base backplane communications54Size: 5 MBPages: 57Language: EnglishOpen manual
Hardware ManualTable of ContentsContents3Introduction5Fortinet documentation5Fortinet Knowledge Center5Customer service and technical support5FortiGate-5140 chassis7Connecting a FortiGate-5140 chassis to Data Center DC power and Data Center ground9Connecting the FortiGate-5140 chassis to AC power using the FortiGate-5053 power converter tray10Selecting the power supplies and power convertor trays that you need for your FortiGate-5140 configuration10Basic power requirements11Connecting a FortiGate-5140 chassis to the FortiGate-5053 power converter tray12FortiGate-5050 chassis13Connecting the FortiGate-5050 chassis to Data Center DC power and Data Center ground14Connecting the FortiGate-5050 chassis to AC power using the FortiGate-5053 power converter tray15Selecting the power supplies and power convertor trays that you need for your FortiGate-5050 configuration16Basic power requirements16Connecting a FortiGate-5050 chassis to the FortiGate-5053 power converter tray17FortiGate-5020 chassis19Connecting the FortiGate-5020 chassis to AC power20FortiGate-5001SX security system21Changing jumper settings22Inserting a FortiGate-5001SX module into a chassis23FortiGate-5001FA2 security system25Changing jumper settings26Inserting a FortiGate-5001FA2 module into a chassis28FortiGate-5002FB2 security system29Inserting a FortiGate-5002FB2 module into a chassis31FortiSwitch-5003 module33Inserting a FortiSwitch-5003 module into a chassis35Size: 2 MBPages: 37Language: EnglishOpen manual