FortiGate 800 Administration GuideEsc EnterCONSOLEI N T E R N A L E X T E R N A L D M Z HA 1 2 3 4 USB8P W RFortiGate-800 ...
© Copyright 2005 Fortinet Inc. All rights reserved.No part of this publication including text, examples, diagrams or illus...
ContentsFortiGate-800 Administration Guide 01-28008-0008-20050204 3Table of ContentsIntroduction.............................
Contents4 01-28008-0008-20050204 Fortinet Inc.Changing the FortiGate firmware................................................
ContentsFortiGate-800 Administration Guide 01-28008-0008-20050204 5Options...................................................
Contents6 01-28008-0008-20050204 Fortinet Inc.Virtual domains ...............................................................
ContentsFortiGate-800 Administration Guide 01-28008-0008-20050204 7CLI configuration.........................................
Contents8 01-28008-0008-20050204 Fortinet Inc.IP pool........................................................................
ContentsFortiGate-800 Administration Guide 01-28008-0008-20050204 9Concentrator .............................................
Contents10 01-28008-0008-20050204 Fortinet Inc.Quarantine ...................................................................
ContentsFortiGate-800 Administration Guide 01-28008-0008-20050204 11Category block...........................................
Contents12 01-28008-0008-20050204 Fortinet Inc.Log & Report .................................................................
FortiGate-800 Administration Guide Version 2.80 MR8FortiGate-800 Administration Guide 01-28008-0008-20050204 13Introductio...
14 01-28008-0008-20050204 Fortinet Inc.About FortiGate Antivirus Firewalls IntroductionThe FortiGate-800 model provides th...
Introduction About FortiGate Antivirus FirewallsFortiGate-800 Administration Guide 01-28008-0008-20050204 15FortiGate web ...
16 01-28008-0008-20050204 Fortinet Inc.About FortiGate Antivirus Firewalls Introduction• control standard and user defined...
Introduction About FortiGate Antivirus FirewallsFortiGate-800 Administration Guide 01-28008-0008-20050204 17You can develo...
18 01-28008-0008-20050204 Fortinet Inc.About FortiGate Antivirus Firewalls IntroductionHigh availabilityFortinet achieves ...
Introduction Document conventionsFortiGate-800 Administration Guide 01-28008-0008-20050204 19The CLI supports the same con...
20 01-28008-0008-20050204 Fortinet Inc.Document conventions Introduction<xxx_integer> indicates an integer string that is ...
Introduction FortiGate documentationFortiGate-800 Administration Guide 01-28008-0008-20050204 21FortiGate documentationInf...
22 01-28008-0008-20050204 Fortinet Inc.Related documentation IntroductionRelated documentationAdditional information about...
Introduction Customer service and technical supportFortiGate-800 Administration Guide 01-28008-0008-20050204 23FortiLog do...
24 01-28008-0008-20050204 Fortinet Inc.Customer service and technical support Introduction
FortiGate-800 Administration Guide Version 2.80 MR8FortiGate-800 Administration Guide 01-28008-0008-20050204 25Web-based m...
26 01-28008-0008-20050204 Fortinet Inc.Button bar features Web-based managerThis chapter includes:• Button bar features• W...
Web-based manager Button bar featuresFortiGate-800 Administration Guide 01-28008-0008-20050204 27Online HelpThe Online Hel...
28 01-28008-0008-20050204 Fortinet Inc.Button bar features Web-based managerConsole AccessAn alternative to the web-based ...
Web-based manager Web-based manager pagesFortiGate-800 Administration Guide 01-28008-0008-20050204 29Web-based manager pag...
30 01-28008-0008-20050204 Fortinet Inc.Web-based manager pages Web-based managerListsMany of the web-based manager pages a...
Web-based manager Web-based manager pagesFortiGate-800 Administration Guide 01-28008-0008-20050204 31Status barThe status ...
32 01-28008-0008-20050204 Fortinet Inc.Organization of this manual Web-based managerOrganization of this manualThis manual...
FortiGate-800 Administration Guide Version 2.80 MR8FortiGate-800 Administration Guide 01-28008-0008-20050204 33System Stat...
34 01-28008-0008-20050204 Fortinet Inc.Status System StatusViewing system statusFigure 8: System statusSystem statusAutoma...
System Status StatusFortiGate-800 Administration Guide 01-28008-0008-20050204 35Unit InformationAdmin users and administra...
36 01-28008-0008-20050204 Fortinet Inc.Status System StatusSystem ResourcesFigure 9: Sample system resources historyHistor...
System Status StatusFortiGate-800 Administration Guide 01-28008-0008-20050204 37Recent Intrusion DetectionsChanging unit i...
38 01-28008-0008-20050204 Fortinet Inc.Status System Status2 Start the web-based manager and go to System > Status > Statu...
System Status Session listFortiGate-800 Administration Guide 01-28008-0008-20050204 39To change to NAT/Route modeAfter you...
40 01-28008-0008-20050204 Fortinet Inc.Changing the FortiGate firmware System StatusTo view the session list1 Go to System...
System Status Changing the FortiGate firmwareFortiGate-800 Administration Guide 01-28008-0008-20050204 41Upgrading to a ne...
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
01 28008-0008-20050204 forti-gate-800_administration_guide
Upcoming SlideShare
Loading in...5
×

01 28008-0008-20050204 forti-gate-800_administration_guide

1,693

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,693
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "01 28008-0008-20050204 forti-gate-800_administration_guide"

  1. 1. FortiGate 800 Administration GuideEsc EnterCONSOLEI N T E R N A L E X T E R N A L D M Z HA 1 2 3 4 USB8P W RFortiGate-800 Administration GuideVersion 2.80 MR84 February 200501-28008-0008-20050204
  2. 2. © Copyright 2005 Fortinet Inc. All rights reserved.No part of this publication including text, examples, diagrams or illustrations may be reproduced,transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical orotherwise, for any purpose, without prior written permission of Fortinet Inc.FortiGate-800 Administration GuideVersion 2.80 MR84 February 200501-28008-0008-20050204TrademarksProducts mentioned in this document are trademarks or registered trademarks of their respectiveholders.Regulatory ComplianceFCC Class A Part 15 CSA/CUSCAUTION: RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT TYPE.DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.For technical support, please visit http://www.fortinet.com.Send information about errors or omissions in this document or any Fortinet technical documentation totechdoc@fortinet.com.
  3. 3. ContentsFortiGate-800 Administration Guide 01-28008-0008-20050204 3Table of ContentsIntroduction.......................................................................................................... 13About FortiGate Antivirus Firewalls................................................................................... 13Antivirus protection ....................................................................................................... 14Web content filtering ..................................................................................................... 14Spam filtering................................................................................................................ 15Firewall.......................................................................................................................... 15VLANs and virtual domains........................................................................................... 16Intrusion Prevention System (IPS)................................................................................ 17VPN............................................................................................................................... 17High availability............................................................................................................. 18Secure installation, configuration, and management.................................................... 18Document conventions ..................................................................................................... 19FortiGate documentation .................................................................................................. 21Fortinet Knowledge Center ........................................................................................... 21Comments on Fortinet technical documentation........................................................... 21Related documentation..................................................................................................... 22FortiManager documentation........................................................................................ 22FortiClient documentation............................................................................................. 22FortiMail documentation................................................................................................ 22FortiLog documentation ................................................................................................ 23Customer service and technical support........................................................................... 23Web-based manager............................................................................................ 25Button bar features ........................................................................................................... 26Contact Customer Support ........................................................................................... 26Online Help ................................................................................................................... 27Easy Setup Wizard ....................................................................................................... 27Console Access ............................................................................................................ 28Logout........................................................................................................................... 28Web-based manager pages.............................................................................................. 29Web-based manager menu .......................................................................................... 29Lists............................................................................................................................... 30Icons ............................................................................................................................. 30Status bar...................................................................................................................... 31Organization of this manual .............................................................................................. 32System Status ...................................................................................................... 33Status................................................................................................................................ 33Viewing system status .................................................................................................. 34Changing unit information............................................................................................. 37Session list........................................................................................................................ 39
  4. 4. Contents4 01-28008-0008-20050204 Fortinet Inc.Changing the FortiGate firmware...................................................................................... 40Upgrading to a new firmware version ........................................................................... 41Reverting to a previous firmware version...................................................................... 43Installing firmware images from a system reboot using the CLI ................................... 45Testing a new firmware image before installing it ......................................................... 48Installing and using a backup firmware image .............................................................. 50System Network................................................................................................... 55Interface............................................................................................................................ 55Interface settings........................................................................................................... 57Configuring interfaces ................................................................................................... 62Zone.................................................................................................................................. 66Zone settings ................................................................................................................ 67Management..................................................................................................................... 68DNS .................................................................................................................................. 69Routing table (Transparent Mode).................................................................................... 70Routing table list ........................................................................................................... 70Transparent mode route settings .................................................................................. 70VLAN overview ................................................................................................................. 71FortiGate units and VLANs ........................................................................................... 72VLANs in NAT/Route mode .............................................................................................. 72Rules for VLAN IDs....................................................................................................... 72Rules for VLAN IP addresses ....................................................................................... 72Adding VLAN subinterfaces.......................................................................................... 73VLANs in Transparent mode............................................................................................. 74Rules for VLAN IDs....................................................................................................... 76Transparent mode virtual domains and VLANs ............................................................ 76Transparent mode VLAN list......................................................................................... 77Transparent mode VLAN settings................................................................................. 77FortiGate IPv6 support...................................................................................................... 79System DHCP....................................................................................................... 81Service.............................................................................................................................. 81DHCP service settings .................................................................................................. 82Server ............................................................................................................................... 83DHCP server settings ................................................................................................... 84Exclude range................................................................................................................... 85DHCP exclude range settings....................................................................................... 86IP/MAC binding................................................................................................................. 86DHCP IP/MAC binding settings .................................................................................... 87Dynamic IP........................................................................................................................ 87System Config...................................................................................................... 89System time ...................................................................................................................... 89
  5. 5. ContentsFortiGate-800 Administration Guide 01-28008-0008-20050204 5Options.............................................................................................................................. 90HA..................................................................................................................................... 92HA overview.................................................................................................................. 92HA configuration ........................................................................................................... 95Configuring an HA cluster........................................................................................... 101Managing an HA cluster.............................................................................................. 105SNMP.............................................................................................................................. 108Configuring SNMP ...................................................................................................... 109SNMP community ....................................................................................................... 110FortiGate MIBs............................................................................................................ 112FortiGate traps ............................................................................................................ 113Fortinet MIB fields ....................................................................................................... 115Replacement messages ................................................................................................. 117Replacement messages list........................................................................................ 117Changing replacement messages .............................................................................. 118FortiManager................................................................................................................... 119System Admin.................................................................................................... 121Administrators................................................................................................................. 123Administrators list........................................................................................................ 123Administrators options ................................................................................................ 123Access profiles................................................................................................................ 125Access profile list ........................................................................................................ 125Access profile options ................................................................................................. 126System Maintenance ......................................................................................... 127Backup and restore......................................................................................................... 127Backing up and Restoring........................................................................................... 128Update center ................................................................................................................. 130Updating antivirus and attack definitions .................................................................... 132Enabling push updates ............................................................................................... 135Support ........................................................................................................................... 138Sending a bug report .................................................................................................. 138Registering a FortiGate unit........................................................................................ 139Shutdown........................................................................................................................ 141System Virtual Domain...................................................................................... 143Virtual domain properties................................................................................................ 144Exclusive virtual domain properties ............................................................................ 144Shared configuration settings ..................................................................................... 145Administration and management ................................................................................ 146
  6. 6. Contents6 01-28008-0008-20050204 Fortinet Inc.Virtual domains ............................................................................................................... 146Adding a virtual domain .............................................................................................. 147Selecting a virtual domain........................................................................................... 147Selecting a management virtual domain..................................................................... 147Configuring virtual domains ............................................................................................ 148Adding interfaces, VLAN subinterfaces, and zones to a virtual domain ..................... 148Configuring routing for a virtual domain ...................................................................... 150Configuring firewall policies for a virtual domain......................................................... 150Configuring IPSec VPN for a virtual domain ............................................................... 152Router ................................................................................................................. 153Static............................................................................................................................... 153Static route list ............................................................................................................ 156Static route options ..................................................................................................... 156Policy .............................................................................................................................. 157Policy route list............................................................................................................ 157Policy route options..................................................................................................... 158RIP.................................................................................................................................. 159General ....................................................................................................................... 159Networks list................................................................................................................ 161Networks options ........................................................................................................ 161Interface list................................................................................................................. 161Interface options ......................................................................................................... 162Distribute list ............................................................................................................... 163Distribute list options................................................................................................... 164Offset list..................................................................................................................... 165Offset list options ........................................................................................................ 165Router objects................................................................................................................. 166Access list................................................................................................................... 166New access list ........................................................................................................... 167New access list entry .................................................................................................. 167Prefix list ..................................................................................................................... 168New Prefix list ............................................................................................................. 168New prefix list entry..................................................................................................... 169Route-map list............................................................................................................. 170New Route-map.......................................................................................................... 170Route-map list entry.................................................................................................... 171Key chain list............................................................................................................... 172New key chain............................................................................................................. 172Key chain list entry...................................................................................................... 173Monitor............................................................................................................................ 174Routing monitor list ..................................................................................................... 174
  7. 7. ContentsFortiGate-800 Administration Guide 01-28008-0008-20050204 7CLI configuration............................................................................................................. 175get router info ospf...................................................................................................... 175get router info protocols .............................................................................................. 175get router info rip......................................................................................................... 176config router ospf ....................................................................................................... 176config router static6..................................................................................................... 199Firewall................................................................................................................ 201Policy .............................................................................................................................. 202How policy matching works......................................................................................... 202Policy list..................................................................................................................... 202Policy options.............................................................................................................. 204Advanced policy options ............................................................................................. 207Configuring firewall policies ........................................................................................ 209Policy CLI configuration .............................................................................................. 210Address........................................................................................................................... 211Address list ................................................................................................................. 212Address options .......................................................................................................... 212Configuring addresses ................................................................................................ 213Address group list ....................................................................................................... 214Address group options ................................................................................................ 215Configuring address groups........................................................................................ 215Service............................................................................................................................ 216Predefined service list................................................................................................. 216Custom service list...................................................................................................... 220Custom service options............................................................................................... 220Configuring custom services....................................................................................... 221Service group list ........................................................................................................ 223Service group options ................................................................................................. 223Configuring service groups ......................................................................................... 224Schedule......................................................................................................................... 224One-time schedule list ................................................................................................ 225One-time schedule options ......................................................................................... 225Configuring one-time schedules ................................................................................. 225Recurring schedule list................................................................................................ 226Recurring schedule options ........................................................................................ 227Configuring recurring schedules ................................................................................. 227Virtual IP ......................................................................................................................... 228Virtual IP list................................................................................................................ 229Virtual IP options......................................................................................................... 229Configuring virtual IPs................................................................................................. 230
  8. 8. Contents8 01-28008-0008-20050204 Fortinet Inc.IP pool............................................................................................................................. 233IP pool list ................................................................................................................... 233IP pool options ............................................................................................................ 234Configuring IP pools.................................................................................................... 234IP Pools for firewall policies that use fixed ports......................................................... 235IP pools and dynamic NAT ......................................................................................... 235Protection profile............................................................................................................. 235Protection profile list.................................................................................................... 236Default protection profiles ........................................................................................... 236Protection profile options ............................................................................................ 237Configuring protection profiles .................................................................................... 242Profile CLI configuration.............................................................................................. 243User..................................................................................................................... 247Setting authentication timeout......................................................................................... 248Local ............................................................................................................................... 248Local user list.............................................................................................................. 248Local user options....................................................................................................... 248RADIUS .......................................................................................................................... 249RADIUS server list...................................................................................................... 249RADIUS server options............................................................................................... 250LDAP............................................................................................................................... 251LDAP server list .......................................................................................................... 251LDAP server options ................................................................................................... 252User group ...................................................................................................................... 253User group list............................................................................................................. 253User group options...................................................................................................... 254CLI configuration............................................................................................................. 255peer............................................................................................................................. 255peergrp........................................................................................................................ 256VPN...................................................................................................................... 259Phase 1........................................................................................................................... 260Phase 1 list ................................................................................................................. 260Phase 1 basic settings ................................................................................................ 261Phase 1 advanced settings......................................................................................... 263Phase 2........................................................................................................................... 265Phase 2 list ................................................................................................................. 265Phase 2 basic settings ................................................................................................ 266Phase 2 advanced options.......................................................................................... 266Manual key...................................................................................................................... 268Manual key list ............................................................................................................ 269Manual key options..................................................................................................... 269
  9. 9. ContentsFortiGate-800 Administration Guide 01-28008-0008-20050204 9Concentrator ................................................................................................................... 271Concentrator list.......................................................................................................... 271Concentrator options................................................................................................... 272Ping Generator................................................................................................................ 272Ping generator options................................................................................................ 273Monitor............................................................................................................................ 273Dialup monitor............................................................................................................. 274Static IP and dynamic DNS monitor............................................................................ 275PPTP............................................................................................................................... 275PPTP range ................................................................................................................ 276L2TP .............................................................................................................................. 276L2TP range ................................................................................................................. 277Certificates...................................................................................................................... 277Local certificate list...................................................................................................... 278Certificate request....................................................................................................... 278Importing signed certificates ...................................................................................... 280CA certificate list ......................................................................................................... 280Importing CA certificates............................................................................................. 280VPN configuration procedures........................................................................................ 281IPSec configuration procedures.................................................................................. 281PPTP configuration procedures .................................................................................. 283L2TP configuration procedures................................................................................... 283CLI configuration............................................................................................................. 284ipsec phase1............................................................................................................... 284ipsec phase2............................................................................................................... 286ipsec vip...................................................................................................................... 287IPS ....................................................................................................................... 291Signature......................................................................................................................... 292Predefined................................................................................................................... 292Custom........................................................................................................................ 296Anomaly.......................................................................................................................... 298Anomaly CLI configuration.......................................................................................... 301Configuring IPS logging and alert email.......................................................................... 302Default fail open setting .................................................................................................. 302Antivirus ............................................................................................................. 303File block......................................................................................................................... 304File block list ............................................................................................................... 305Configuring the file block list ....................................................................................... 306
  10. 10. Contents10 01-28008-0008-20050204 Fortinet Inc.Quarantine ...................................................................................................................... 306Quarantined files list ................................................................................................... 306Quarantined files list options....................................................................................... 307AutoSubmit list............................................................................................................ 308AutoSubmit list options ............................................................................................... 308Configuring the AutoSubmit list................................................................................... 308Config.......................................................................................................................... 309Config.............................................................................................................................. 310Virus list ...................................................................................................................... 310Config.......................................................................................................................... 310Grayware .................................................................................................................... 311Grayware options........................................................................................................ 311CLI configuration............................................................................................................. 313system global av_failopen........................................................................................... 313system global optimize................................................................................................ 314config antivirus heuristic.............................................................................................. 314config antivirus quarantine.......................................................................................... 315config antivirus service http......................................................................................... 316config antivirus service ftp........................................................................................... 318config antivirus service pop3....................................................................................... 320config antivirus service imap....................................................................................... 321config antivirus service smtp....................................................................................... 323Web filter............................................................................................................. 325Content block.................................................................................................................. 327Web content block list................................................................................................. 327Web content block options.......................................................................................... 327Configuring the web content block list ........................................................................ 328URL block ....................................................................................................................... 328Web URL block list...................................................................................................... 329Web URL block options .............................................................................................. 329Configuring the web URL block list ............................................................................. 330Web pattern block list.................................................................................................. 330Web pattern block options .......................................................................................... 331Configuring web pattern block .................................................................................... 331URL exempt.................................................................................................................... 331URL exempt list........................................................................................................... 332URL exempt list options .............................................................................................. 332Configuring URL exempt............................................................................................. 332
  11. 11. ContentsFortiGate-800 Administration Guide 01-28008-0008-20050204 11Category block................................................................................................................ 333FortiGuard managed web filtering service .................................................................. 333Category block configuration options.......................................................................... 334Configuring web category block.................................................................................. 335Category block reports................................................................................................ 335Category block reports options ................................................................................... 336Generating a category block report............................................................................. 336Category block CLI configuration................................................................................ 336Script filter....................................................................................................................... 338Web script filter options............................................................................................... 338Spam filter .......................................................................................................... 339FortiShield....................................................................................................................... 341FortiShield Spam filtering............................................................................................ 341FortiShield options ...................................................................................................... 343Configuring the FortiShield cache............................................................................... 343FortiShield CLI configuration....................................................................................... 344IP address....................................................................................................................... 345IP address list ............................................................................................................. 345IP address options ...................................................................................................... 345Configuring the IP address list.................................................................................... 345DNSBL & ORDBL ........................................................................................................... 346DNSBL & ORDBL list.................................................................................................. 347DNSBL & ORDBL options........................................................................................... 347Configuring the DNSBL & ORDBL list ........................................................................ 347Email address ................................................................................................................. 348Email address list........................................................................................................ 348Email address options................................................................................................. 348Configuring the email address list............................................................................... 348MIME headers................................................................................................................. 349MIME headers list ....................................................................................................... 350MIME headers options ................................................................................................ 350Configuring the MIME headers list.............................................................................. 351Banned word................................................................................................................... 351Banned word list ......................................................................................................... 352Banned word options .................................................................................................. 352Configuring the banned word list ................................................................................ 353Using Perl regular expressions....................................................................................... 353
  12. 12. Contents12 01-28008-0008-20050204 Fortinet Inc.Log & Report ...................................................................................................... 357Log config ....................................................................................................................... 358Log Setting options ..................................................................................................... 358Alert E-mail options..................................................................................................... 362Log filter options.......................................................................................................... 363Configuring log filters .................................................................................................. 366Enabling traffic logging................................................................................................ 366Log access...................................................................................................................... 368Disk log file access ..................................................................................................... 368Viewing log messages ................................................................................................ 369Searching log messages............................................................................................. 372CLI configuration............................................................................................................. 373fortilog setting.............................................................................................................. 373syslogd setting ............................................................................................................ 374FortiGuard categories ....................................................................................... 377Glossary ............................................................................................................. 383Index .................................................................................................................... 389
  13. 13. FortiGate-800 Administration Guide Version 2.80 MR8FortiGate-800 Administration Guide 01-28008-0008-20050204 13IntroductionFortiGate Antivirus Firewalls support network-based deployment of application-levelservices, including antivirus protection and full-scan content filtering. FortiGateAntivirus Firewalls improve network security, reduce network misuse and abuse, andhelp you use communications resources more efficiently without compromising theperformance of your network. FortiGate Antivirus Firewalls are ICSA-certified forfirewall, IPSec, and antivirus services.This chapter introduces you to FortiGate Antivirus Firewalls and the following topics:• About FortiGate Antivirus Firewalls• Document conventions• FortiGate documentation• Related documentation• Customer service and technical supportAbout FortiGate Antivirus FirewallsThe FortiGate Antivirus Firewall is a dedicated easily managed security device thatdelivers a full suite of capabilities that include:• application-level services such as virus protection and content filtering,• network-level services such as firewall, intrusion detection, VPN, and trafficshaping.The FortiGate Antivirus Firewall uses Fortinet’s Accelerated Behavior and ContentAnalysis System (ABACAS™) technology, which leverages breakthroughs in chipdesign, networking, security, and content analysis. The unique ASIC-basedarchitecture analyzes content and behavior in real-time, enabling key applications tobe deployed right at the network edge, where they are most effective at protectingyour networks. The FortiGate series complements existing solutions, such as host-based antivirus protection, and enables new applications and services while greatlylowering costs for equipment, administration, and maintenance.
  14. 14. 14 01-28008-0008-20050204 Fortinet Inc.About FortiGate Antivirus Firewalls IntroductionThe FortiGate-800 model provides thelevels of performance, reliability, andflexibility demanded by large enterprises.With high throughput, a total of 8 networkconnections (4 user-defined), 802.1Q VLAN support, and stateful failover HA, theFortiGate-800 is the choice for mission critical applications. The flexibility, reliability,and easy management of the FortiGate-800 makes it a natural choice for enterpriseapplications.Antivirus protectionFortiGate ICSA-certified antivirus protection scans web (HTTP), file transfer (FTP),and email (SMTP, POP3, and IMAP) content as it passes through the FortiGate unit.FortiGate antivirus protection uses pattern matching and heuristics to find viruses. If avirus is found, antivirus protection removes the file containing the virus from thecontent stream and forwards a replacement message to the intended recipient.For extra protection, you can configure antivirus protection to block specified file typesfrom passing through the FortiGate unit. You can use the feature to stop files thatmight contain new viruses.FortiGate antivirus protection can also identify and remove known graywareprograms. Grayware programs are usually unsolicited commercial software programsthat get installed on PCs, often without the user’s consent or knowledge. Graywareprograms are generally considered an annoyance, but these programs can causesystem performance problems or be used for malicious means.If the FortiGate unit contains a hard disk, infected or blocked files and grayware filescan be quarantined. The FortiGate administrator can download quarantined files sothat they can be virus scanned, cleaned, and forwarded to the intended recipient. Youcan also configure the FortiGate unit to automatically delete quarantined files after aspecified time.The FortiGate unit can send email alerts to system administrators when it detects andremoves a virus from a content stream. The web and email content can be in normalnetwork traffic or encrypted IPSec VPN traffic.ICSA Labs has certified that FortiGate Antivirus Firewalls:• detect 100% of the viruses listed in the current In The Wild List (www.wildlist.org),• detect viruses in compressed files using the PKZip format,• detect viruses in email that has been encoded using uuencode format,• detect viruses in email that has been encoded using MIME encoding,• log all actions taken while scanning.Web content filteringFortiGate web content filtering can scan all HTTP content protocol streams for URLs,URL patterns, and web page content. If there is a match between a URL on the URLblock list, or a web page contains a word or phrase that is in the content block list, theFortiGate unit blocks the web page. The blocked web page is replaced with amessage that you can edit using the FortiGate web-based manager.Esc EnterCONSOLEI N T E R N A L E X T E R N A L D M Z HA 1 2 3 4 USB8P W R
  15. 15. Introduction About FortiGate Antivirus FirewallsFortiGate-800 Administration Guide 01-28008-0008-20050204 15FortiGate web content filtering also supports FortiGuard web category blocking. Usingweb category blocking you can restrict or allow access to web pages based oncontent ratings of web pages.You can configure URL blocking to block all or some of the pages on a web site. Usingthis feature, you can deny access to parts of a web site without denying access to itcompletely.To prevent unintentionally blocking legitimate web pages, you can add URLs to anexempt list that overrides the URL blocking and content blocking lists. The exempt listalso exempts web traffic this address from virus scanning.Web content filtering also includes a script filter feature that can block unsecure webcontent such as Java applets, cookies, and ActiveX.Spam filteringFortiGate spam filtering can scan all POP3, SMTP, and IMAP email content for spam.You can configure spam filtering to filter mail according to IP address, email address,mime headers, and content. Mail messages can be identified as spam or clear.FortiShield is an antispam system from Fortinet that includes an IP address black list,a URL black list, and spam filtering tools. The IP address black list contains IPaddresses of email servers known to be used to generate Spam. The URL black listcontains URLs of websites found in Spam email.You can also add the names of known third-party DNS-based Blackhole List (DNSBL)and Open Relay Database List (ORDBL) servers. These services contain lists ofknown spam sources.If an email message is found to be spam, the FortiGate unit adds an email tag to thesubject line of the email. The recipient can use their mail client software to filtermessages based on the email tag. Spam filtering can also be configured to deleteSMTP email messages identified as spam.FirewallThe FortiGate ICSA-certified firewall protects your computer networks from Internetthreats. ICSA has granted FortiGate firewalls version 4.0 firewall certification,providing assurance that FortiGate firewalls successfully screen and secure corporatenetworks against a range of threats from public or other untrusted networks.After basic installation of the FortiGate unit, the firewall allows users on the protectednetwork to access the Internet while blocking Internet access to internal networks.You can configure the firewall to put controls on access to the Internet from theprotected networks and to allow controlled access to internal networks.FortiGate policies include a range of options that:• control all incoming and outgoing network traffic,• control encrypted VPN traffic,• apply antivirus protection and web content filtering,• block or allow access for all policy options,• control when individual policies are in effect,• accept or deny traffic to and from individual addresses,
  16. 16. 16 01-28008-0008-20050204 Fortinet Inc.About FortiGate Antivirus Firewalls Introduction• control standard and user defined network services individually or in groups,• require users to authenticate before gaining access,• include traffic shaping to set access priorities and guarantee or limit bandwidth foreach policy,• include logging to track connections for individual policies,• include Network Address Translation (NAT) mode and Route mode policies,• include mixed NAT and Route mode policies.The FortiGate firewall can operate in NAT/Route mode or Transparent mode.NAT/Route modeIn NAT/Route mode, the FortiGate unit is a Layer 3 device. This means that each of itsinterfaces is associated with a different IP subnet and that it appears to other devicesas a router. This is how a firewall is normally deployed.In NAT/Route mode, you can create NAT mode policies and Route mode policies.• NAT mode policies use network address translation to hide the addresses in amore secure network from users in a less secure network.• Route mode policies accept or deny connections between networks withoutperforming address translation.Transparent modeIn Transparent mode, the FortiGate unit does not change the Layer 3 topology. Thismeans that all of its interfaces are on the same IP subnet and that it appears to otherdevices as a bridge. Typically, the FortiGate unit is deployed in Transparent mode toprovide antivirus and content filtering behind an existing firewall solution.Transparent mode provides the same basic firewall protection as NAT mode. TheFortiGate unit passes or blocks the packets it receives according to firewall policies.The FortiGate unit can be inserted in the network at any point without having to makechanges to your network or its components. However, some advanced firewallfeatures are available only in NAT/Route mode.VLANs and virtual domainsFortigate Antivirus Firewalls support IEEE 802.1Q-compliant virtual LAN (VLAN) tags.Using VLAN technology, a single FortiGate unit can provide security services to, andcontrol connections between, multiple security domains according to the VLAN IDsadded to VLAN packets. The FortiGate unit can recognize VLAN IDs and applysecurity policies to secure network and IPSec VPN traffic between each securitydomain. The FortiGate unit can also apply authentication, content filtering, andantivirus protection to VLAN-tagged network and VPN traffic.The FortiGate unit supports VLANs in NAT/Route and Transparent mode. InNAT/Route mode, you enter VLAN subinterfaces to receive and send VLAN packets.FortiGate virtual domains provide multiple logical firewalls and routers in a singleFortiGate unit. Using virtual domains, one FortiGate unit can provide exclusive firewalland routing services to multiple networks so that traffic from each network iseffectively separated from every other network.
  17. 17. Introduction About FortiGate Antivirus FirewallsFortiGate-800 Administration Guide 01-28008-0008-20050204 17You can develop and manage interfaces, VLAN subinterfaces, zones, firewall policies,routing, and VPN configuration for each virtual domain separately. For theseconfiguration settings, each virtual domain is functionally similar to a single FortiGateunit. This separation simplifies configuration because you do not have to manage asmany routes or firewall policies at one time.Intrusion Prevention System (IPS)The FortiGate Intrusion Prevention System (IPS) combines signature and anomalybased intrusion detection and prevention. The FortiGate unit can record suspicioustraffic in logs, can send alert email to system administrators, and can log, pass, drop,reset, or clear suspicious packets or sessions. Both the IPS predefined signatures andthe IPS engine are upgradeable through the FortiProtect Distribution Network (FDN).You can also create custom signatures.VPNUsing FortiGate virtual private networking (VPN), you can provide a secureconnection between widely separated office networks or securely link telecommutersor travellers to an office network.FortiGate VPN features include the following:• Industry standard and ICSA-certified IPSec VPN, including:• IPSec VPN in NAT/Route and Transparent mode,• IPSec, ESP security in tunnel mode,• DES, 3DES (triple-DES), and AES hardware accelerated encryption,• HMAC MD5 and HMAC SHA1 authentication and data integrity,• AutoIKE key based on pre-shared key tunnels,• IPSec VPN using local or CA certificates,• Manual Keys tunnels,• Diffie-Hellman groups 1, 2, and 5,• Aggressive and Main Mode,• Replay Detection,• Perfect Forward Secrecy,• XAuth authentication,• Dead peer detection,• DHCP over IPSec,• Secure Internet browsing.• PPTP for easy connectivity with the VPN standard supported by the most popularoperating systems.• L2TP for easy connectivity with a more secure VPN standard, also supported bymany popular operating systems.• Firewall policy based control of IPSec VPN traffic.• IPSec NAT traversal so that remote IPSec VPN gateways or clients behind a NATcan connect to an IPSec VPN tunnel.• VPN hub and spoke using a VPN concentrator to allow VPN traffic to pass fromone tunnel to another through the FortiGate unit.• IPSec Redundancy to create a redundant AutoIKE key IPSec VPN connection to aremote network.
  18. 18. 18 01-28008-0008-20050204 Fortinet Inc.About FortiGate Antivirus Firewalls IntroductionHigh availabilityFortinet achieves high availability (HA) using redundant hardware and the FortiGateClustering Protocol (FGCP). Each FortiGate unit in an HA cluster enforces the sameoverall security policy and shares the same configuration settings. You can add up to32 FortiGate units to an HA cluster. Each FortiGate unit in an HA cluster must be thesame model and must be running the same FortiOS firmware image.FortiGate HA supports link redundancy and device redundancy.FortiGate units can be configured to operate in active-passive (A-P) or active-active(A-A) HA mode. Active-active and active-passive clusters can run in either NAT/Routeor Transparent mode.An active-passive (A-P) HA cluster, also referred to as hot standby HA, consists of aprimary FortiGate unit that processes traffic, and one or more subordinate FortiGateunits. The subordinate FortiGate units are connected to the network and to theprimary FortiGate unit but do not process traffic.Active-active (A-A) HA load balances virus scanning among all the FortiGate units inthe cluster. An active-active HA cluster consists of a primary FortiGate unit thatprocesses traffic and one or more secondary units that also process traffic. Theprimary FortiGate unit uses a load balancing algorithm to distribute virus scanning toall the FortiGate units in the HA cluster.Secure installation, configuration, and managementThe first time you power on the FortiGate unit, it is already configured with default IPaddresses and security policies. Connect to the web-based manager, set theoperating mode, and use the Setup wizard to customize FortiGate IP addresses foryour network, and the FortiGate unit is ready to protect your network. You can thenuse the web-based manager to customize advanced FortiGate features.You can also create a basic configuration using the FortiGate front panel controlbuttons and LCD.Web-based managerUsing HTTP or a secure HTTPS connection from any computer running InternetExplorer, you can configure and manage the FortiGate unit. The web-based managersupports multiple languages. You can configure the FortiGate unit for HTTP andHTTPS administration from any FortiGate interface.You can use the web-based manager to configure most FortiGate settings. You canalso use the web-based manager to monitor the status of the FortiGate unit.Configuration changes made using the web-based manager are effective immediatelywithout resetting the firewall or interrupting service. Once you are satisfied with aconfiguration, you can download and save it. The saved configuration can be restoredat any time.Command line interfaceYou can access the FortiGate command line interface (CLI) by connecting amanagement computer serial port to the FortiGate RS-232 serial console connector.You can also use Telnet or a secure SSH connection to connect to the CLI from anynetwork that is connected to the FortiGate unit, including the Internet.
  19. 19. Introduction Document conventionsFortiGate-800 Administration Guide 01-28008-0008-20050204 19The CLI supports the same configuration and monitoring functionality as theweb-based manager. In addition, you can use the CLI for advanced configurationoptions that are not available from the web-based manager.This Administration Guide contains information about basic and advanced CLIcommands. For a more complete description about connecting to and using theFortiGate CLI, see the FortiGate CLI Reference Guide.Logging and reportingThe FortiGate unit supports logging for various categories of traffic and configurationchanges. You can configure logging to:• report traffic that connects to the firewall,• report network services used,• report traffic that was permitted by firewall policies,• report traffic that was denied by firewall policies,• report events such as configuration changes and other management events,IPSec tunnel negotiation, virus detection, attacks, and web page blocking,• report attacks detected by the IPS,• send alert email to system administrators to report virus incidents, intrusions, andfirewall or VPN events or violations.Logs can be sent to a remote syslog server or a WebTrends NetIQ Security ReportingCenter and Firewall Suite server using the WebTrends enhanced log format. Somemodels can also save logs to an optional internal hard drive. If a hard drive is notinstalled, you can configure most FortiGate units to log the most recent events andattacks detected by the IPS to the system memory.Document conventionsThis guide uses the following conventions to describe CLI command syntax.• Angle brackets < > to indicate variables.For example:execute restore config <filename_str>You enter:execute restore config myfile.bak<xxx_str> indicates an ASCII string that does not contain new-lines or carriagereturns.
  20. 20. 20 01-28008-0008-20050204 Fortinet Inc.Document conventions Introduction<xxx_integer> indicates an integer string that is a decimal (base 10) number.<xxx_octet> indicates a hexadecimal string that uses the digits 0-9 and lettersA-F.<xxx_ipv4> indicates a dotted decimal IPv4 address.<xxx_v4mask> indicates a dotted decimal IPv4 netmask.<xxx_ipv4mask> indicates a dotted decimal IPv4 address followed by a dotteddecimal IPv4 netmask.<xxx_ipv6> indicates a dotted decimal IPv6 address.<xxx_v6mask> indicates a dotted decimal IPv6 netmask.<xxx_ipv6mask> indicates a dotted decimal IPv6 address followed by a dotteddecimal IPv6 netmask.• Vertical bar and curly brackets {|} to separate alternative, mutually exclusiverequired keywords.For example:set opmode {nat | transparent}You can enter set opmode nat or set opmode transparent.• Square brackets [ ] to indicate that a keyword or variable is optional.For example:show system interface [<name_str>]To show the settings for all interfaces, you can enter show system interface.To show the settings for the internal interface, you can enter show systeminterface internal.• A space to separate options that can be entered in any combination and must beseparated by spaces.For example:set allowaccess {ping https ssh snmp http telnet}You can enter any of the following:set allowaccess pingset allowaccess ping https sshset allowaccess https ping sshset allowaccess snmpIn most cases to make changes to lists that contain options separated by spaces,you need to retype the whole list including all the options you want to apply andexcluding all the options you want to remove.
  21. 21. Introduction FortiGate documentationFortiGate-800 Administration Guide 01-28008-0008-20050204 21FortiGate documentationInformation about FortiGate products is available from the following guides:• FortiGate QuickStart GuideProvides basic information about connecting and installing a FortiGate unit.• FortiGate Installation GuideDescribes how to install a FortiGate unit. Includes a hardware reference, defaultconfiguration information, installation procedures, connection procedures, andbasic configuration procedures. Choose the guide for your product model number.• FortiGate Administration GuideProvides basic information about how to configure a FortiGate unit, including howto define FortiGate protection profiles and firewall policies; how to apply intrusionprevention, antivirus protection, web content filtering, and spam filtering; and howto configure a VPN.• FortiGate online helpProvides a context-sensitive and searchable version of the Administration Guide inHTML format. You can access online help from the web-based manager as youwork.• FortiGate CLI Reference GuideDescribes how to use the FortiGate CLI and contains a reference to all FortiGateCLI commands.• FortiGate Log Message Reference GuideDescribes the structure of FortiGate log messages and provides information aboutthe log messages that are generated by FortiGate units.• FortiGate High Availability GuideContains in-depth information about the FortiGate high availability feature and theFortiGate clustering protocol.• FortiGate IPS GuideDescribes how to configure the FortiGate Intrusion Prevention System settings andhow the FortiGate IPS deals with some common attacks.• FortiGate VPN GuideExplains how to configure VPNs using the web-based manager.Fortinet Knowledge CenterThe most recent Fortinet technical documentation is available from the FortinetKnowledge Center. The knowledge center contains short how-to articles, FAQs,technical notes, product and feature guides, and much more. Visit the FortinetKnowledge Center at http://kc.forticare.com.Comments on Fortinet technical documentationPlease send information about any errors or omissions in this document, or anyFortinet technical documentation, to techdoc@fortinet.com.
  22. 22. 22 01-28008-0008-20050204 Fortinet Inc.Related documentation IntroductionRelated documentationAdditional information about Fortinet products is available from the following relateddocumentation.FortiManager documentation• FortiManager QuickStart GuideExplains how to install the FortiManager Console, set up the FortiManager Server,and configure basic settings.• FortiManager System Administration GuideDescribes how to use the FortiManager System to manage FortiGate devices.• FortiManager System online helpProvides a searchable version of the Administration Guide in HTML format. Youcan access online help from the FortiManager Console as you work.FortiClient documentation• FortiClient Host Security User GuideDescribes how to use FortiClient Host Security software to set up a VPNconnection from your computer to remote networks, scan your computer forviruses, and restrict access to your computer and applications by setting up firewallpolicies.• FortiClient Host Security online helpProvides information and procedures for using and configuring the FortiClientsoftware.FortiMail documentation• FortiMail Administration GuideDescribes how to install, configure, and manage a FortiMail unit in gateway modeand server mode, including how to configure the unit; create profiles and policies;configure antispam and antivirus filters; create user accounts; and set up loggingand reporting.• FortiMail online helpProvides a searchable version of the Administration Guide in HTML format. Youcan access online help from the web-based manager as you work.• FortiMail Web Mail Online HelpDescribes how to use the FortiMail web-based email client, including how to sendand receive email; how to add, import, and export addresses; and how to configuremessage display preferences.
  23. 23. Introduction Customer service and technical supportFortiGate-800 Administration Guide 01-28008-0008-20050204 23FortiLog documentation• FortiLog Administration GuideDescribes how to install and configure a FortiLog unit to collect FortiGate andFortiMail log files. It also describes how to view FortiGate and FortiMail log files,generate and view log reports, and use the FortiLog unit as a NAS server.• FortiLog online helpProvides a searchable version of the Administration Guide in HTML format. Youcan access online help from the web-based manager as you work.Customer service and technical supportFor antivirus and attack definition updates, firmware updates, updated productdocumentation, technical support information, and other resources, please visit theFortinet Technical Support web site at http://support.fortinet.com.You can also register Fortinet products and service contracts fromhttp://support.fortinet.com and change your registration information at any time.Technical support is available through email from any of the following addresses.Choose the email address for your region:For information about our priority support hotline (live support), seehttp://support.fortinet.com.When requesting technical support, please provide the following information:• your name• your company’s name and location• your email address• your telephone number• your support contract number (if applicable)• the product name and model number• the product serial number (if applicable)• the software or firmware version number• a detailed description of the problemamer_support@fortinet.com For customers in the United States, Canada, Mexico, LatinAmerica and South America.apac_support@fortinet.com For customers in Japan, Korea, China, Hong Kong, Singapore,Malaysia, all other Asian countries, and Australia.eu_support@fortinet.com For customers in the United Kingdom, Scandinavia, MainlandEurope, Africa, and the Middle East.
  24. 24. 24 01-28008-0008-20050204 Fortinet Inc.Customer service and technical support Introduction
  25. 25. FortiGate-800 Administration Guide Version 2.80 MR8FortiGate-800 Administration Guide 01-28008-0008-20050204 25Web-based managerUsing HTTP or a secure HTTPS connection from any computer running a webbrowser, you can configure and manage the FortiGate unit. The web-based managersupports multiple languages. You can configure the FortiGate unit for HTTP andHTTPS administration from any FortiGate interface.Figure 1: Web-based manager screenYou can use the web-based manager to configure most FortiGate settings. You canalso use the web-based manager to monitor the status of the FortiGate unit.Configuration changes made using the web-based manager are effective immediatelywithout resetting the firewall or interrupting service. Once you are satisfied with aconfiguration, you can back it up. The saved configuration can be restored at anytime.For information about connecting to the web-based manager, see “Connecting to theweb-based manager” in the Installation Guide for your unit.
  26. 26. 26 01-28008-0008-20050204 Fortinet Inc.Button bar features Web-based managerThis chapter includes:• Button bar features• Web-based manager pagesButton bar featuresThe button bar in the upper right corner of the web-based manager provides access toseveral important FortiGate features.Figure 2: Web-based manager button barContact Customer SupportThe Contact Customer Support button opens the Fortinet support web page in a newbrowser window. From this page you can• Register your FortiGate unit (Product Registration). Fortinet will email you yourusername and password to log in to the customer support center.• Log in to the Customer Support Center.• Visit the FortiProtect Center.• Download virus and attack definition updates.• Find out about training and certification programs.• Read about Fortinet and its products.Contact Customer SupportOnline HelpEasy Setup WizardConsole AccessLogout
  27. 27. Web-based manager Button bar featuresFortiGate-800 Administration Guide 01-28008-0008-20050204 27Online HelpThe Online Help button opens web-based help for the current web-based managerpage. There are hyperlinks to related topics and procedures related to the controls onthe current web-based manager page.Figure 3: Online Help windowYou can view other parts of the help system as you like. The help system includes anavigation pane with table of contents, index and a text search function.Easy Setup WizardThe FortiGate setup wizard provides an easy way to configure basic initial settings forthe FortiGate unit. The wizard walks through the configuration of a new administratorpassword, FortiGate interfaces, DHCP server settings, internal servers (web, FTP,etc.), and basic antivirus settings. For detailed instructions on the initial setup of yourFortiGate unit, see the Installation Guide for your unit.
  28. 28. 28 01-28008-0008-20050204 Fortinet Inc.Button bar features Web-based managerConsole AccessAn alternative to the web-based manager user interface is the text-based commandline interface (CLI). There are some options that are configurable only from the CLI.The Console Access button opens a Java-based terminal application. Themanagement computer must have Java version 1.3 or higher installed.For information on how to use the CLI, see the FortiGate CLI Reference Guide.Figure 4: Console accessLogoutThe Logout button immediately logs you out of the web-based manager. Log outbefore you close the browser window. If you simply close the browser or leave theweb-based manager, you remain logged-in until the idle timeout (default 5 minutes)expires.Connect Connect to the FortiGate unit using the CLI.Disconnect Disconnect from the FortiGate unit.Clear screen Clear the screen.
  29. 29. Web-based manager Web-based manager pagesFortiGate-800 Administration Guide 01-28008-0008-20050204 29Web-based manager pagesThe web-based manager interface consists of a menu and pages, many of whichhave multiple tabs. When you select a menu item, such as System, it expands toreveal a submenu. When you select one of the submenu items, the associated pageopens at its first tab. To view a different tab, select the tab.The procedures in this manual direct you to a page by specifying the menu item, thesubmenu item and the tab, like this:1 Go to System > Network > Interface.Figure 5: Parts of the web-based managerWeb-based manager menuThe menu provides access to configuration options for all major features of theFortiGate unit.TabsMenuPage Button barStatusbarSystem Configure system facilities, such as network interfaces, virtual domains,DHCP services, time and set system options.Router Configure the router.Firewall Configure firewall policies and protection profiles that apply the networkprotection features. Also configure virtual IP addresses and IP pools.User Configure user accounts for use with firewall policies that require userauthentication. Also configure external authentication servers.VPN Configure virtual private networks.
  30. 30. 30 01-28008-0008-20050204 Fortinet Inc.Web-based manager pages Web-based managerListsMany of the web-based manager pages are lists. There are lists of network interfaces,firewall policies, administrators, users, and so on.Figure 6: Example of a web-based manager listThe list shows some information about each item and the icons in the rightmostcolumn enable you to take action on the item. In this example, you can select Deleteto remove the item or select Edit to modify the item.To add another item to the list, you select Create New. This opens a dialog box inwhich you define the new item. The dialog box for creating a new item is similar to theone for editing an existing item.IconsThe web-based manager has icons in addition to buttons to enable you to interact withthe system. There are tooltips to assist you in understanding the function of the icon.Pause the mouse pointer over the icon to view the tooltip. The following tabledescribes the icons that you will see in the web-based manager.IPS Configure the intrusion prevention system.Antivirus Configure antivirus protection.Web Filter Configure web filtering.Spam Filter Configure email spam filtering.Log & Report Configure logging. View log messages.EditDeleteIcon Name DescriptionChangePasswordChange the administrator password. This icon appears in theAdministrators list if your access profile enables write permissionon Admin Users.Clear Clear a log file.ColumnSettingsSelect log columns to display.Delete Delete an item. This icon appears in lists where the item isdeletable and you have write permission on the page.
  31. 31. Web-based manager Web-based manager pagesFortiGate-800 Administration Guide 01-28008-0008-20050204 31Status barThe status bar is at the bottom of the web-based manager screen.Figure 7: Status barThe status bar shows• how long the FortiGate unit has been operating since the last time it was restarted• the virtual domain to which the current page appliesVirtual domain information is not shown if there is only one virtual domain. Forinformation about virtual domains, see “System Virtual Domain” on page 143.Downloador BackupDownload a log file or back up a configuration file.Edit Edit a configuration. This icon appears in lists where you havewrite permission on the page.Go Do a search.Insert PolicybeforeCreate a new policy to precede the current one.Move to Move item in list.Next page View next page of list.PreviouspageView previous page of list.Restore Restore a configuration from a file.View View a configuration. This icon appears in lists instead of theEdit icon when you do not have write permission on that page.
  32. 32. 32 01-28008-0008-20050204 Fortinet Inc.Organization of this manual Web-based managerOrganization of this manualThis manual describes the web-based manager pages in the same order as the web-based manager menu. There is a chapter for each item in the System menu, followedby a chapter for each of the remaining top-level menu items.System StatusSystem NetworkSystem DHCPSystem ConfigSystem AdminSystem MaintenanceSystem Virtual DomainRouterFirewallUserVPNIPSAntivirusWeb filterSpam filterLog & ReportFortiGuard categories
  33. 33. FortiGate-800 Administration Guide Version 2.80 MR8FortiGate-800 Administration Guide 01-28008-0008-20050204 33System StatusYou can connect to the web-based manager and view the current system status of theFortiGate unit. The status information that is displayed includes the system status, unitinformation, system resources, and session log.This chapter includes:• Status• Session list• Changing the FortiGate firmwareStatusView the system status page, also known as the system dashboard, for a snap shot ofthe current operating status of the FortiGate unit. All FortiGate administrators withread access to system configuration can view system status information.On HA clusters, the Status page shows the status of the primary unit. To view statusinformation for all members of the cluster, go to System > Config > HA and selectCluster Members. For more information, see “HA configuration” on page 95.FortiGate administrators whose access profiles contain system configuration writeprivileges can change or update FortiGate unit information. For information on accessprofiles, see “Access profiles” on page 125.• Viewing system status• Changing unit information
  34. 34. 34 01-28008-0008-20050204 Fortinet Inc.Status System StatusViewing system statusFigure 8: System statusSystem statusAutomatic RefreshIntervalSelect to control how often the web-based manager updates the systemstatus display.Go Select to set the selected automatic refresh interval.Refresh Select to manually update the system status display.UP Time The time in days, hours, and minutes since the FortiGate unit was laststarted.System Time The current time according to the FortiGate unit internal clock.Log Disk Displays hard disk capacity and free space if the FortiGate unit contains ahard disk or Not Available if no hard disk is installed. The FortiGate unit usesthe hard disk to store log messages and quarantine files infected with a virusor blocked by antivirus file blocking.Notification Contains reminders such as “Change Password” or “Product Registration”.Select the reminder to see the detailed reminder message.
  35. 35. System Status StatusFortiGate-800 Administration Guide 01-28008-0008-20050204 35Unit InformationAdmin users and administrators whose access profiles contain system configurationread and write privileges can change or update the unit information. For informationon access profiles, see “Access profiles” on page 125.Recent Virus DetectionsContent SummaryThe Content Summary shows information about Content Archiving, configured infirewall protection profiles. The Details pages provide a link to either the FortiLog unitor to the Log & Report > Log Config > Log Setting page where you can configurelogging to a FortiLog unit.Interface StatusAll interfaces in the FortiGate unit are listed in the table.Host Name The host name of the current FortiGate unit.Firmware Version The version of the firmware installed on the current FortiGate unit.Antivirus Definitions The current installed version of the FortiGate Antivirus Definitions.Attack Definitions The current installed version of the FortiGate Attack Definitions used bythe Intrusion Prevention System (IPS).Serial Number The serial number of the current FortiGate unit. The serial number isspecific to the FortiGate unit and does not change with firmwareupgrades.Operation Mode The operation mode of the current FortiGate unit.Time The time at which the recent virus was detected.Src / Dst The source and destination addresses of the virus.Service The service from which the virus was delivered; HTTP, FTP, IMAP,POP3, or SMTP.Virus Detected The name of the virus detected.Reset Select to reset the count values in the table to zero.HTTP The number of URLs visited. Select Details to see the list of URLs, thetime they were accessed and the IP address of the host that accessedthem.Email The number of email sent and received. Select Details to see the dateand time, the sender, the recipient and the subject of each email.FTP The number of URLs visited and the number of files uploaded anddownloaded. Select Details to see the FTP site URL, date, time, userand lists of files uploaded and downloaded.Interface The name of the interface.IP / Netmask The IP address and netmask of the interface (NAT/Route mode only).Status The status of the interface; either up (green up arrow) or down (reddown arrow).
  36. 36. 36 01-28008-0008-20050204 Fortinet Inc.Status System StatusSystem ResourcesFigure 9: Sample system resources historyHistoryThe history page displays 6 graphs representing the following system resources andprotection:CPU Usage The current CPU status. The web-based manager displays CPU usagefor core processes only. CPU usage for management processes (forexample, for HTTPS connections to the web-based manager) isexcluded.Memory Usage The current memory status. The web-based manager displays memoryusage for core processes only. Memory usage for managementprocesses (for example, for HTTPS connections to the web-basedmanager) is excluded.Hard Disk Usage The current hard disk (local disk) status. The web-based managerdisplays hard disk usage for core processes only. CPU usage formanagement processes (for example, for HTTPS connections to theweb-based manager) is excluded.Active Sessions The number of communications sessions being processed by theFortiGate unit.Network Utilization The total network bandwidth being used through all FortiGate interfacesand the percentage of the maximum network bandwidth that can beprocessed by the FortiGate unit.History Select History to view a graphical representation of the last minute ofCPU, memory, sessions, and network usage. This page also shows thevirus and intrusion detections over the last 20 hours.CPU Usage History CPU usage for the previous minute.Memory Usage History Memory usage for the previous minute.Session History Session history for the previous minute.Network UtilizationHistoryNetwork utilization for the previous minute.Virus History The virus detection history over the last 20 hours.Intrusion History The intrusion detection history over the last 20 hours.
  37. 37. System Status StatusFortiGate-800 Administration Guide 01-28008-0008-20050204 37Recent Intrusion DetectionsChanging unit informationAdministrators with system configuration write access can use the unit informationarea of the System Status page:• To change FortiGate host name• To update the firmware version• To update the antivirus definitions manually• To update the attack definitions manually• To change to Transparent mode• To change to NAT/Route modeTo change FortiGate host nameThe FortiGate host name appears on the Status page and in the FortiGate CLIprompt. The host name is also used as the SNMP system name. For informationabout the SNMP system name, see “SNMP” on page 108.The default host name is FortiGate-800.1 Go to System > Status > Status.2 In the Host Name field of the Unit Information section, select Change.3 In the New Name field, type a new host name.4 Select OK.The new host name is displayed in the Host Name field, and in the CLI prompt, and isadded to the SNMP System Name.To update the firmware versionFor information on updating the firmware, see “Changing the FortiGate firmware” onpage 40.To update the antivirus definitions manually1 Download the latest antivirus definitions update file from Fortinet and copy it to thecomputer that you use to connect to the web-based manager.Time The time at which the recent intrusion was detected.Src / Dst The source and destination addresses of the attack.Service The service from which the attack was delivered; HTTP, FTP, IMAP,POP3, or SMTP.Attack Name The name of the attack.Note: If the FortiGate unit is part of an HA cluster, you should set a unique name to distinguishthe unit from others in the cluster.Note: For information about configuring the FortiGate unit for automatic antivirus definitionsupdates, see “Update center” on page 130.
  38. 38. 38 01-28008-0008-20050204 Fortinet Inc.Status System Status2 Start the web-based manager and go to System > Status > Status.3 In the Antivirus Definitions field of the Unit Information section, select Update.4 In the Update File field, type the path and filename for the antivirus definitions updatefile, or select Browse and locate the antivirus definitions update file.5 Select OK to copy the antivirus definitions update file to the FortiGate unit.The FortiGate unit updates the antivirus definitions. This takes about 1 minute.6 Go to System > Status to confirm that the Antivirus Definitions Version informationhas updated.To update the attack definitions manually1 Download the latest attack definitions update file from Fortinet and copy it to thecomputer that you use to connect to the web-based manager.2 Start the web-based manager and go to System > Status > Status.3 In the Attack Definitions field of the Unit Information section, select Update.The Intrusion Detection System Definitions Update dialog box appears.4 In the Update File field, type the path and filename for the attack definitions updatefile, or select Browse and locate the attack definitions update file.5 Select OK to copy the attack definitions update file to the FortiGate unit.The FortiGate unit updates the attack definitions. This takes about 1 minute.6 Go to System > Status > Status to confirm that the Attack Definitions Versioninformation has updated.To change to Transparent modeAfter you change the FortiGate unit from the NAT/Route mode to Transparent mode,most of the configuration resets to Transparent mode factory defaults, except for HAsettings (see “HA” on page 92).To change to Transparent mode:1 Go to System > Status > Status.2 In the Operation Mode field of the Unit Information section, select Change.3 In the Operation Mode field, select Transparent.4 Select OK.The FortiGate unit changes operation mode.5 To reconnect to the web-based manager, connect to the interface configured forTransparent mode management access and browse to https:// followed by theTransparent mode management IP address.By default in Transparent mode, you can connect to the internal interface. The defaultTransparent mode management IP address is 10.10.10.1.Note: For information about configuring the FortiGate unit for automatic attack definitionsupdates, see “Update center” on page 130.
  39. 39. System Status Session listFortiGate-800 Administration Guide 01-28008-0008-20050204 39To change to NAT/Route modeAfter you change the FortiGate unit from the NAT/Route mode to Transparent mode,most of the configuration resets to Transparent mode factory defaults, except for HAsettings (see “HA” on page 92).To change to NAT/Route mode:1 Go to System > Status > Status.2 In the Operation Mode field of the Unit Information section, select Change.3 In the Operation Mode field, select NAT/Route.4 Select OK.The FortiGate unit changes operation mode.5 To reconnect to the web-based manager, you must connect to the interfaceconfigured by default for management access.By default in NAT/Route mode, you can connect to the internal interface. The defaultinternal interface IP address is 192.168.1.99.Session listThe session list displays information about the communications sessions currentlybeing processed by the FortiGate unit. You can use the session list to view currentsessions.Figure 10: Sample session listNote: If the web-based manager IP address was on a different subnet in NAT/Route mode, youmay have to change the IP address of your computer to the same subnet as the managementIP address.Note: If the management IP address was on a different subnet in Transparent mode, you mayhave to change the IP address of your computer to the same subnet as the interface configuredfor management access.From IP Set source IP address for list filteringFrom Port Set source port for list filteringTo IP Set destination IP address for list filteringTo Port Set destination port for list filteringApply Filter Select to filter session listVirtual Domain Select a virtual domain to list the sessions being processed by that virtualdomain. Select All to view sessions being processed by all virtual domains.
  40. 40. 40 01-28008-0008-20050204 Fortinet Inc.Changing the FortiGate firmware System StatusTo view the session list1 Go to System > Status > Session.The web-based manager displays the total number of active sessions in the FortiGateunit session table and lists the top 16.2 To navigate the list of sessions, select Page Up or Page Down.3 Select Refresh to update the session list.4 If you are logged in as an administrative user with read and write privileges or as theadmin user, you can select Delete to stop an active session.Changing the FortiGate firmwareFortiGate administrators whose access profiles contain system configuration read andwrite privileges and the FortiGate admin user can change the FortiGate firmware.After you download a FortiGate firmware image from Fortinet, you can use theprocedures listed in Table 1 to install the firmware image on your FortiGate unit.Total Number ofSessionsTotal number of sessions currently being conducted through the FortiGateunit.Refresh icon. Select to update the session listPage up icon. Select to view previous page in the session listPage down icon. Select to view the next page in the session list.Protocol The service protocol of the connection, for example, udp, tcp, or icmp.From IP The source IP address of the connection.From Port The source port of the connection.To IP The destination IP address of the connection.To Port The destination port of the connection.Expire The time, in seconds, before the connection expires.Policy ID The number of the firewall policy allowing this session or blank if the sessioninvolves only one FortiGate interface (admin session, for example).Delete icon. Select to stop an active communication session.
  41. 41. System Status Changing the FortiGate firmwareFortiGate-800 Administration Guide 01-28008-0008-20050204 41Upgrading to a new firmware versionUse the following procedures to upgrade the FortiGate unit to a newer firmwareversion.Upgrading the firmware using the web-based managerTo upgrade the firmware using the web-based manager1 Copy the firmware image file to your management computer.2 Log into the web-based manager as the admin administrative user.3 Go to System > Status.4 Under Unit Information > Firmware Version, select Update.5 Type the path and filename of the firmware image file, or select Browse and locate thefile.Table 1: Firmware upgrade proceduresProcedure DescriptionUpgrading to a newfirmware versionUse the web-based manager or CLI procedure to upgrade to a newFortiOS firmware version or to a more recent build of the samefirmware version.Reverting to aprevious firmwareversionUse the web-based manager or CLI procedure to revert to aprevious firmware version. This procedure reverts the FortiGateunit to its factory default configuration.Installing firmwareimages from a systemreboot using the CLIUse this procedure to install a new firmware version or revert to aprevious firmware version. To use this procedure you must connectto the CLI using the FortiGate console port and a null-modemcable. This procedure reverts the FortiGate unit to its factorydefault configuration.Testing a newfirmware image beforeinstalling itUse this procedure to test a new firmware image before installing it.To use this procedure you must connect to the CLI using theFortiGate console port and a null-modem cable. This proceduretemporarily installs a new firmware image using your currentconfiguration. You can test the firmware image before installing itpermanently. If the firmware image works correctly you can useone of the other procedures listed in this table to install itpermanently.Installing and using abackup firmwareimageIf the FortiGate unit is running BIOS version v3.x, you can install abackup firmware image. Once the backup firmware image isinstalled you can switch to this backup image when required.Note: Installing firmware replaces the current antivirus and attack definitions with the definitionsincluded with the firmware release that you are installing. After you install new firmware, use theprocedure “To update antivirus and attack definitions” on page 133 to make sure that antivirusand attack definitions are up to date.Note: To use this procedure you must login using the admin administrator account, or anadministrator account that has system configuration read and write privileges.

×