Manual Do Utilizadoríndice analíticoTable of Contents3Introduction13Antivirus protection13Web content filtering14Email filtering14Firewall15NAT/Route mode15Transparent mode16Network intrusion detection16VPN16Secure installation, configuration, and management17Web-based manager17Command line interface18Logging and reporting19What’s new in Version 2.5019System administration19Network configuration19Routing19DHCP server20RIP20SNMP20Replacement messages20Firewall20Users and authentication20VPN20NIDS21Antivirus21Web Filter21Email filter21Logging and Reporting21About this document22Document conventions23Fortinet documentation24Comments on Fortinet technical documentation24Customer service and technical support25Getting started27Package contents28Mounting28Dimensions28Weight28Power requirements28Environmental specifications29Powering on29Connecting to the web-based manager30Connecting to the command line interface (CLI)31Factory default FortiGate configuration settings31Factory default NAT/Route mode network configuration32Factory default Transparent mode network configuration33Factory default firewall configuration33Factory default content profiles34Strict content profile35Scan content profile35Web content profile36Unfiltered content profile36Planning your FortiGate configuration37NAT/Route mode37NAT/Route mode with multiple external network connections38Transparent mode38Configuration options39Setup Wizard39CLI39FortiGate model maximum values matrix40Next steps41NAT/Route mode installation43Preparing to configure NAT/Route mode43Advanced NAT/Route mode settings44DMZ interface44Using the setup wizard45Starting the setup wizard45Reconnecting to the web-based manager45Using the command line interface45Configuring the FortiGate unit to operate in NAT/Route mode45Configuring NAT/Route mode IP addresses45Connecting the FortiGate unit to your networks47Configuring your networks48Completing the configuration48Configuring the DMZ interface48Setting the date and time48Enabling antivirus protection49Registering your FortiGate49Configuring virus and attack definition updates49Configuration example: Multiple connections to the Internet49Configuring Ping servers51Destination based routing examples51Primary and backup links to the Internet51Load sharing52Load sharing and primary and secondary connections52Policy routing examples54Routing traffic from internal subnets to different external networks54Routing a service to an external network54Firewall policy example55Adding a redundant default policy55Adding more firewall policies55Restricting access to a single Internet connection56Transparent mode installation57Preparing to configure Transparent mode57Using the setup wizard58Changing to Transparent mode58Starting the setup wizard58Reconnecting to the web-based manager58Using the command line interface59Changing to Transparent mode59Configuring the Transparent mode management IP address59Configure the Transparent mode default gateway59Connecting the FortiGate unit to your networks60Completing the configuration61Setting the date and time61Enabling antivirus protection61Registering your FortiGate61Configuring virus and attack definition updates61Transparent mode configuration examples62Default routes and static routes62Example default route to an external network63General configuration steps63Web-based manager example configuration steps64CLI configuration steps64Example static route to an external destination64General configuration steps65Web-based manager example configuration steps66CLI configuration steps66Example static route to an internal destination67General configuration steps67Web-based manager example configuration steps68CLI configuration steps68System status69Changing the FortiGate host name70Changing the FortiGate firmware70Upgrade to a new firmware version71Upgrading the firmware using the web-based manager71Upgrading the firmware using the CLI71Revert to a previous firmware version72Reverting to a previous firmware version using the web-based manager72Reverting to a previous firmware version using the CLI73Install a firmware image from a system reboot using the CLI75Test a new firmware image before installing it77Installing and using a backup firmware image79Installing a backup firmware image79Switching to the backup firmware image81Switching back to the default firmware image82Manual virus definition updates82Manual attack definition updates83Displaying the FortiGate serial number83Displaying the FortiGate up time83Backing up system settings83Restoring system settings84Restoring system settings to factory defaults84Changing to Transparent mode85Changing to NAT/Route mode85Restarting the FortiGate unit85Shutting down the FortiGate unit86System status86Viewing CPU and memory status86Viewing sessions and network status87Viewing virus and intrusions status88Session list89Virus and attack definitions updates and registration91Updating antivirus and attack definitions91Connecting to the FortiResponse Distribution Network92Configuring scheduled updates93Configuring update logging94Adding an override server95Manually updating antivirus and attack definitions95Configuring push updates95To enable push updates96About push updates96Push updates and external dynamic IP addresses96Push updates through a NAT device96Example: push updates through a NAT device97Scheduled updates through a proxy server100Registering FortiGate units101FortiCare Service Contracts101Registering the FortiGate unit102Updating registration information104Recovering a lost Fortinet support password104Viewing the list of registered FortiGate units104Registering a new FortiGate unit105Adding or changing a FortiCare Support Contract number105Changing your Fortinet support password106Changing your contact information or security question106Downloading virus and attack definitions updates106Registering a FortiGate unit after an RMA107Network configuration109Configuring interfaces109Viewing the interface list110Bringing up an interface110Changing an interface static IP address110Adding a secondary IP address to an interface110Adding a ping server to an interface111Controlling management access to an interface111Configuring traffic logging for connections to an interface112Configuring the external interface with a static IP address112Configuring the external interface for DHCP112Configuring the external interface for PPPoE113Changing the external interface MTU size to improve network performance113Configuring the management interface (Transparent mode)114Adding DNS server IP addresses115Configuring routing115Adding a default route116Adding destination-based routes to the routing table116Adding routes in Transparent mode117Configuring the routing table118Policy routing118Policy routing command syntax119Providing DHCP services to your internal network119Viewing the dynamic IP list120RIP configuration121RIP settings122Configuring RIP for FortiGate interfaces124Adding RIP neighbors125Adding RIP filters126Adding a single RIP filter126Adding a RIP filter list127Adding a neighbors filter128Adding a routes filter128System configuration129Setting system date and time129Changing web-based manager options130Adding and editing administrator accounts132Adding new administrator accounts132Editing administrator accounts133Configuring SNMP134Configuring the FortiGate unit for SNMP monitoring134Configuring FortiGate SNMP support134FortiGate MIBs135FortiGate traps136Customizing replacement messages136Customizing replacement messages137Customizing alert emails138Firewall configuration141Default firewall configuration142Addresses142Services143Schedules143Content profiles143Adding firewall policies144Firewall policy options145Source145Destination145Schedule145Service145Action145NAT145VPN Tunnel146Traffic Shaping146Authentication147Anti-Virus & Web filter147Log Traffic148Comments148Configuring policy lists149Policy matching in detail149Changing the order of policies in a policy list149Enabling and disabling policies150Disabling a policy150Enabling a policy150Addresses150Adding addresses151Editing addresses152Deleting addresses152Organizing addresses into address groups152Services153Predefined services153Providing access to custom services156Grouping services156Schedules157Creating one-time schedules158Creating recurring schedules158Adding a schedule to a policy159Virtual IPs160Adding static NAT virtual IPs160Adding port forwarding virtual IPs161Adding policies with virtual IPs163IP pools164Adding an IP pool164IP Pools for firewall policies that use fixed ports165IP pools and dynamic NAT165IP/MAC binding166Configuring IP/MAC binding for packets going through the firewall166Configuring IP/MAC binding for packets going to the firewall167Adding IP/MAC addresses167Viewing the dynamic IP/MAC list168Enabling IP/MAC binding168Content profiles169Default content profiles170Adding a content profile170Adding a content profile to a policy171Users and authentication173Setting authentication timeout174Adding user names and configuring authentication174Adding user names and configuring authentication174Deleting user names from the internal database175Configuring RADIUS support176Adding RADIUS servers176Deleting RADIUS servers176Configuring LDAP support177Adding LDAP servers177Deleting LDAP servers178Configuring user groups179Adding user groups179Deleting user groups180IPSec VPN181Key management182Manual Keys182Automatic Internet Key Exchange (AutoIKE) with pre-shared keys or certificates182AutoIKE with pre-shared keys182AutoIKE with certificates182Manual key IPSec VPNs183General configuration steps for a manual key VPN183Adding a manual key VPN tunnel183AutoIKE IPSec VPNs185General configuration steps for an AutoIKE VPN185Adding a phase 1 configuration for an AutoIKE VPN185Adding a phase 2 configuration for an AutoIKE VPN189Managing digital certificates191Obtaining a signed local certificate191Generating the certificate request192Downloading the certificate request193Requesting the signed local certificate193Retrieving the signed local certificate194Importing the signed local certificate194Obtaining a CA certificate195Retrieving a CA certificate195Importing a CA certificate195Configuring encrypt policies196Adding a source address197Adding a destination address197Adding an encrypt policy197IPSec VPN concentrators199VPN concentrator (hub) general configuration steps199Adding a VPN concentrator201VPN spoke general configuration steps202Redundant IPSec VPNs203Configuring redundant IPSec VPN203Monitoring and Troubleshooting VPNs205Viewing VPN tunnel status205Viewing dialup VPN connection status205Testing a VPN206PPTP and L2TP VPN207Configuring PPTP207Configuring the FortiGate unit as a PPTP gateway208Adding users and user groups208Enabling PPTP and specifying an address range208Adding a source address209Adding an address group209Adding a destination address210Adding a firewall policy210Configuring a Windows 98 client for PPTP210Installing PPTP support210Configuring a PPTP dialup connection211Connecting to the PPTP VPN211Configuring a Windows 2000 client for PPTP211Configuring a PPTP dialup connection211Connecting to the PPTP VPN212Configuring a Windows XP client for PPTP212Configuring a PPTP dialup connection212Configuring the VPN connection212Connecting to the PPTP VPN213Configuring L2TP213Configuring the FortiGate unit as a L2TP gateway214Adding users and user groups214Enabling L2TP and specifying an address range214Adding a source address215Adding an address group215Adding a destination address216Adding a firewall policy216Configuring a Windows 2000 client for L2TP217Configuring an L2TP dialup connection217Disabling IPSec217Connecting to the L2TP VPN218Configuring a Windows XP client for L2TP218Configuring an L2TP VPN dialup connection218Configuring the VPN connection218Disabling IPSec219Connecting to the L2TP VPN220Network Intrusion Detection System (NIDS)221Detecting attacks221Selecting the interfaces to monitor222Disabling the NIDS222Configuring checksum verification222Viewing the signature list223Viewing attack descriptions223Enabling and disabling NIDS attack signatures224Adding user-defined signatures224Downloading the user-defined signature list225Preventing attacks225Enabling NIDS attack prevention225Enabling NIDS attack prevention signatures226Setting signature threshold values226Configuring synflood signature values228Logging attacks228Logging attack messages to the attack log228Reducing the number of NIDS attack log and email messages229Automatic message reduction229Manual message reduction229Antivirus protection231General configuration steps231Antivirus scanning232File blocking233Blocking files in firewall traffic233Adding file patterns to block233Blocking oversized files and emails234Configuring limits for oversized files and email234Exempting fragmented email from blocking234Viewing the virus list234Web filtering235General configuration steps235Content blocking236Adding words and phrases to the banned word list236URL blocking237Using the FortiGate web filter237Adding URLs or URL patterns to the block list237Clearing the URL block list238Downloading the URL block list239Uploading a URL block list239Using the Cerberian web filter240General configuration steps240Installing a Cerberian license key on the FortiGate unit240Adding a Cerberian user to the FortiGate unit240Configuring Cerberian web filter241Enabling Cerberian URL filtering241Script filtering242Enabling the script filter242Selecting script filter options242Exempt URL list243Adding URLs to the exempt URL list243Email filter245General configuration steps245Email banned word list246Adding words and phrases to the banned word list246Email block list247Adding address patterns to the email block list247Email exempt list247Adding address patterns to the email exempt list248Adding a subject tag248Logging and reporting249Recording logs249Recording logs on a remote computer250Recording logs on a NetIQ WebTrends server250Recording logs in system memory251Filtering log messages251Configuring traffic logging253Enabling traffic logging253Enabling traffic logging for an interface253Enabling traffic logging for a firewall policy253Configuring traffic filter settings254Adding traffic filter entries254Viewing logs saved to memory255Viewing logs255Searching logs256Configuring alert email256Adding alert email addresses256Testing alert email257Enabling alert email257Glossary259Index263Tamanho: 4 MBPáginas: 272Language: EnglishAbrir o manual