Fortinet fortigate-3000 Guía Del Usuario

Internal

SC 1000Base-SX Ethernet

Multimode 

fiber 

optic connection to the internal network.

External

SC 

1000Base-SX Ethernet

Multimode fiber optic connection to the Internet.

1 to 3

RJ-45

10/100Base-T Ethernet

Optional connection to other networks.

4/HA

RJ-45

1000Base-T

Ethernet

Optional copper gigabit connection to another network, or to 
other FortiGate-3000 units for high availability (HA).

CONSOLE

DB-9

9600 bps

RS-232 
serial

Optional connection to the management computer. 
Provides access to the command line interface (CLI).

Green

The FortiGate-3000 unit is powered on.

Off

The FortiGate-3000 unit is powered off.

Green

The correct cable is in use and the connected 
equipment has power.
•

1, 2, or 3 connect at up to 100 Mbps.

•

4/HA connects at up to 1000 Mbps.

Flashing 
Green

Network activity at this interface.

Off

No link established.

Interface

Internal
External

192.168.1.99
192.168.100.99
0.0.0.0

IP

admin  

(none)

User Name

Password

MANAGEMENT IP   10.10.10.1

Interface

IP

1 to 4/HA

Connect the FortiGate-3000 unit to a power outlet and to the internal and external networks. 

In NAT/Route mode, each FortiGate-3000 unit is visible to the networks that it is 

connected to. All of its interfaces are on different subnets. Each interface that is 

connected to a network must be configured with an IP address that is valid for that 

network.
You would typically use NAT/Route mode when the FortiGate-3000 unit is deployed as 

a gateway between private and public networks. In its default NAT/Route mode 

configuration, the unit functions as a firewall. Firewall policies control communications 

through the FortiGate-3000 unit. No traffic can pass through the FortiGate-3000 unit 

until you add firewall policies.

In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In 

NAT mode, the FortiGate-3000 unit performs network address translation before IP 

packets are sent to the destination network. In Route mode, no translation takes place.

In Transparent mode, the FortiGate-3000 unit is invisible to the network. All of its 

interfaces are on the same subnet. You only have to configure a management IP 

address so that you can make configuration changes. 
You would typically use the FortiGate-3000 unit in Transparent mode on a private 

network behind an existing firewall or behind a router. In its default Transparent mode 

configuration, the unit functions as a firewall. No traffic can pass through the 

FortiGate-3000 unit until you add firewall policies. 

You can connect up to 6 network segments to the FortiGate-3000 unit to control traffic 

between these network segments.

Before beginning to configure the FortiGate-3000, you need to plan how to integrate the unit into 

your network. Your configuration plan is dependent upon the operating mode that you select: 

NAT/Route mode (the default) or Transparent mode.

The FortiGate web-based 

manager Setup Wizard 

guides you through the 

initial configuration steps. 

Use it to configure the administrator password, the 

interface addresses, the default gateway address, and 

the DNS server addresses. Optionally, use the Setup 

Wizard to configure the internal server settings for 

NAT/Route mode. 
Requirements: 
•

Ethernet connection between the FortiGate-3000 

and management computer. 

•

Internet Explorer version 6.0 or higher on the 

management computer. 

The CLI is a full-featured 

management tool. 
Use it to configure the 

administrator password, 

the interface addresses, 

the default gateway 

address, and the DNS 

server addresses. To 

configure advanced settings, see the Documentation 

CD-ROM. 
Requirements: 
•

Serial connection between the FortiGate-3000 and 

management computer. 

•

A terminal emulation application (HyperTerminal for 

Windows) on the management computer. 

The control buttons and LCD are located on the front 

panel of the FortiGate-3000. Use them to configure the 

internal, external and DMZ (Port 3) interface addresses, 

and the default gateway address. To configure the other 

interface addresses, the DNS server addresses and 

other settings, use the web-based manager, or the CLI.
Requirements: 
•

Physical access to the FortiGate-3000. 

Choose among three different tools to configure the FortiGate-3000. 

Check that the package contents are complete. 

1, 2, 3, 4/HA

Interface

External
Interface

Internal

Interface

Power

Supply

LEDs

Power

Connections

Power Cables (2)

Rack-Mount Brackets

Null-Modem Cable

(RS-232)

Documentation

Ethernet Cables:
Orange - Crossover
Grey - Straight-through

USER MANUAL

FortiGate-3000

Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.

LCD

Display

Control

Buttons

RS-232 Serial

Connection

Alarm

Cancel

Button

•

Mount the unit in a standard 19-inch rack. It requires 2 U of vertical space in 

the rack. 

•

Make sure the power switch on the back of the unit is turned off before 

connecting the power and network cables.

•

MAIN MENU appears when the unit is up and running.

•

If only one power supply is connected, an audible alarm sounds to indicate 

a failed power supply. To stop this alarm, press the red alarm cancel button 

on the rear panel next to the power supplies.

Straight-through Ethernet cables

connect to other networks

SC fiber optic cable connects to internal network

SC fiber optic cable connects to Internet

Optional null modem cable connects

to serial port on management computer

Power cables connect

to power outlets

© Copyright 2004 Fortinet Incorporated. All rights reserved. 
Trademarks 
Products mentioned in this document are trademarks or registered trademarks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
03 November 2004

Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, Web content filtering, Spam filtering, intrusion 

prevention (IPS), and virtual private networking (VPN).