Index. Fortinet FortiGate 400

FortiGate-400 Installation and Configuration Guide Version 2.50 MR2

Index

Numerics

4/HA

configuring for HA 77, 82

A

accept

policy 174

action

policy option 174

active log

deleting all messages 291

searching 289, 290 viewing and maintaining saved logs 290

ActiveX 275

removing from web pages 274

address 179 adding 179

editing 180

group 181

IP/MAC binding 195

virtual IP 188

address group 181 example 181

address name 179

admin access level

administrator account 160

administrator account

adding 160 admin 160

changing password 161

editing 160, 161 netmask 160, 161

permission 161 trusted host 160, 161

alert email

configuring 292 configuring SMTP server 292

content of messages 257

critical firewall or VPN events 293 enabling 293 hard disk full 293 intrusion attempts 293

reducing messages 252

testing 293 virus incidents 293

FortiGate-400 Installation and Configuration Guide allow inbound

encrypt policy 175

allow outbound

encrypt policy 175

allow traffic

IP/MAC binding 194, 195

Anti-Virus & Web filter

policy 176

antivirus definition updates

manual 106

antivirus definitions

updating 115

antivirus updates 117

configuring 118

through a proxy server 124

attack definition updates

downloading 130, 131

manual 107

attack definitions

updating 115, 119

attack detection

checksum verification 250 disabling the NIDS 250

enabling and disabling signatures 252

selecting interfaces to monitor 250

viewing the signature list 251

attack log 284

content of messages 257

reducing messages 252

attack prevention

configuring signature threshold values 254

enabling prevention signatures 253

NIDS 253

attack updates

configuring 118

scheduling 117


authentication 175, 201

configuring 202

enabling 207

LDAP server 205

RADIUS server 204

timeout 159

auto

device in route 144

299

Index

AutoIKE 210 certificates 210 introduction 210 pre-shared keys 210

automatic antivirus and attack definition updates

configuring 118

B

backing up

system settings 108

bandwidth

guaranteed 175 maximum 175

banned word list

adding words 268, 278

blacklist

URL 271

block traffic

IP/MAC binding 194, 195

log option 283

blocking

access to Internet sites 269, 279 access to URLs 269, 279

adding filename patterns 262

file 261

oversized files and email 266

web pages 268, 278

C

certificates

introduction 210

checksum verification

configuring 250

clearing

communication sessions 113

URL block list 270

CLI 21

configuring IP addresses 63

configuring NAT/Route mode 47

connecting to 33

upgrading the firmware 95, 97

command line interface 21

Comments

firewall policy 177 policy 177

connecting

to network 49, 65

to the FDN 116 to the FortiResponse Distribution Network 116

web-based manager 32

contact information

registration 130

SNMP 162

content blocking

exempting URLs 275, 279

web page 268, 278

300

content filter 267, 277

content profiles

default 197

cookies

blocking 274

critical firewall events

alert email 293

critical VPN events

alert email 293

custom service 184

customer service 28

D

date and time setting

example 158, 165

date setting 157

default gateway

configuring (Transparent mode) 64

deleting log files 292

deny


destination

policy option 173, 174

destination route

adding 143 adding a default route 143

detection

NIDS 249

device

auto 144

DHCP

internal network 147

dialup L2TP

configuring Windows 2000 client 245

configuring Windows XP client 246

dialup PPTP




dialup VPN

viewing connection status 233

disabling NIDS 250

DMZ interface

configuring 50, 51

definition 295

do not log

log option 283

downloading

attack definition updates 130, 131

virus definition updates 130, 131

downloading log files 291

dynamic IP pool

IP pool 174

dynamic IP/MAC list

viewing 196

Fortinet Inc.

E

email alert

testing 293

email filter log 285

enabling policy 178

encrypt

policy 174

encrypt policy

allow inbound 175 allow outbound 175

Inbound NAT 175

Outbound NAT 175

ending IP address

PPTP 236, 242

environmental specifications 31

event log 284

viewing 289

exempt URL list 275, 279 adding URL 275, 280 exempting URLs from content and URL blocking 275, 279

expire

system status 114

F

factory default

restoring system settings 108

FAQs 233

FDN

connecting to 116

FortiResponse Distribution Network 116

FDS

FortiResponse Distribution Server 116

filename pattern

adding 262

blocking 261

filter

RIP 154

Filtering 265

filtering log messages 284

filtering traffic 286

firewall

authentication timeout 159

configuring 169

introduction 17

overview 169

firewall events

enabling alert email 293

firewall policy

accept 174

Comments 177

deny 174

guaranteed bandwidth 175

Log Traffic 177

maximum bandwidth 175

firewall setup wizard 20, 46, 62

starting 46, 62

FortiGate-400 Installation and Configuration Guide

Index firmware

changing 94

installing 99 re-installing current version 99 reverting to an older version 99

upgrading 94

upgrading to a new version 95 upgrading using the CLI 95, 97 upgrading using the web-base manager 95, 96

first trap receiver IP address

SNMP 163

fixed port 174

FortiCare

service contracts 125

support contract number 129

Fortinet customer service 28

Fortinet support

recovering a lost password 128

FortiResponse Distribution Network 116 connecting to 116

FortiResponse Distribution Server 116

from IP

system status 113

from port

system status 113

front keypad and LCD

configuring IP address 63

G

get community

SNMP 162

grouping services 185

groups

address 181

user 207


H

HA 75

configuring 4/HA interface 77, 82

configuring HA group 78, 83

configuring HA interfaces 77, 82 installing and configuring FortiGate units 77, 82

managing HA group 86

NAT/Route mode 77

network connection 80, 85

replacing FortiGate unit after fail-over 90 returning to standalone 90

Transparent mode 82

hard disk

recording logs 283

status 107

hard disk full

alert email 293

high availability 75

introduction 19

HTTP

enabling web filtering 267, 277

301

Index

HTTPS 20, 139, 183, 295

I

ICMP 183, 295

configuring checksum verification 250

idle timeout


IDS log

viewing 289

IKE 295

IMAP 183, 295

Inbound NAT

encrypt policy 175

interface

RIP 152

internal address

example 180

internal address group

example 181

internal network

configuring 50

Internet

blocking access to Internet sites 269, 279 blocking access to URLs 269, 279

Internet key exchange 295

intrusion attempts

alert email 293

IP


IP address

IP/MAC binding 193

IP addresses

configuring from the CLI 63

configuring with front keypad and LCD 47, 63

IP pool

adding 192

IP spoofing 193

IP/MAC binding 193

adding 195

allow traffic 194, 195

block traffic 194, 195

enabling 196

static IP/MAC list 194

IPSec 295

IPSec VPN

authentication for user group 207

AutoIKE 210 certificates 210

disabling 245, 247

manual keys 210 pre-shared keys 210

remote gateway 207

status 233 timeout 233, 234

302

IPSec VPN tunnel

testing 234

J

Java applets 274, 275 removing from web pages 274

K

keyword

log search 289, 291

L

L2TP 207, 295


network configuration 242

L2TP gateway

configuring 242

language


LCD and keypad

configuring IP address 47

LDAP

example configuration 206

LDAP server

adding server address 205

deleting 206

log file

downloading 291

log hard disk

status 107

log options

block traffic 283 do not log 283 overwrite 283

log setting

filtering log entries 118, 284

traffic filter 287

log to local

logging 283

log to memory

configuring 284

viewing saved logs 289

Log Traffic


Fortinet Inc.

logging 21, 281

attack log 284

configuring traffic settings 286, 287

deleting all messages 291

deleting log files 292

downloading log files 291

email filter log 285


event log 284 filtering log messages 284

log to local 283

log to memory 284

log to remote host 282 log to WebTrends 282

recording 281

searching logs 289, 290

selecting what to log 284 traffic log 284

traffic sessions 286

update log 285

viewing logs 290

virus log 284 web filtering log 284

logs

maintaining 290

recording on FortiGate hard disk 283

recording on NetIQ WebTrends server 282

searching 290 viewing 290

M

MAC address 296

IP/MAC binding 193

maintaining logs 290

malicious scripts

removing from web pages 274, 280

management interface 138

management IP address

transparent mode 64

manual keys

introduction 210

matching

policy 177


messages

replacement 163

MIB

FortiGate 163

mode

Transparent 18

monitor

system status 110, 111, 112, 113

monitored interfaces 250

MTU size 137 changing 137

definition 296

improving network performance 137


Index

N

NAT

introduction 17

policy option 174

push updates 120

NAT mode

adding policy 172

IP addresses 47

NAT/Route mode

configuration from the CLI 47

HA 77

introduction 17

neighbor

RIP 153

netmask

administrator account 160, 161

network address translation

introduction 17

network connection

HA 80, 85

network intrusion detection 18

Network Intrusion Detection System 249

next hop router 136

NIDS 18, 249

attack prevention 253

detection 249

prevention 253

reducing alert email 257 reducing attack log messages 257

user-defined signatures 252

NTP 51, 64, 183, 296

NTP server 157 setting system date and time 157

O

one-time schedule 186 creating 186

operating mode

changing 109

Outbound NAT

encrypt policy 175

override serve

adding 118, 119

oversized files and email

blocking 266

overwrite

log option 283

P

password

adding 202

changing administrator account 161

Fortinet support 130

recovering a lost Fortinet support 128

PAT 190

permission


303

Index ping

management access 139

policy

accept 174

Anti-Virus & Web filter 176

arranging in policy list 177

Comments 177

deny 174

disabling 178 enabling 178

enabling authentication 207

fixed port 174


Log Traffic 177 matching 177


policy list

configuring 177

policy routing 146

POP3 183, 296

port address translation 190 port forwarding 190 adding virtual IP 190

virtual IP 188

port number

traffic filter display 287

power requirements 31 powering on 31

PPTP 207, 296

configuring gateway 236, 242




enabling 236, 242

ending IP address 236, 242

network configuration 236

starting IP 236, 242

PPTP dialup connection

configuring Windows 2000 client 239 configuring Windows 98 client 239


PPTP gateway

configuring 236

predefined services 182

pre-shared keys

introduction 210

prevention

NIDS 253

protocol

service 182

system status 113

proxy server 124 push updates 124

push updates

configuring 119

through a NAT device 120


304

Q

quarantine list

filtering 265

sorting 264 viewing 264

quarantining

blocked files 263 file 263 infected files 263

R

RADIUS

definition 296

example configuration 204

RADIUS server

adding server address 204 deleting 204

read & write access level


read only access level


recording logs 281

recording logs in system memory 284

recording logs on FortiGate hard disk 283

recording logs on NetIQ WebTrends server 282

recovering

a lost Fortinet support password 128

recurring schedule 187 creating 187

registered FortiGate units

viewing the list of 128

registering

FortiGate unit 125, 126, 127, 129

FortiGate unit after an RMA 131

list of registered FortiGate units 129

registration

contact information 130 security question 130

updating information 128

renaming zones 134

replacement messages

customizing 163

reporting 21, 281

resolve IP 287 traffic filter 287

restarting 109

restoring system settings 108 restoring system settings to factory default 108

reverting

firmware to an older version 99

RIP

configuring 149

filters 154

interface configuration 152

neighbors 153

settings 150

Fortinet Inc.

RMA

registering a FortiGate unit 131

route

adding default 143 adding to routing table 143

adding to routing table (Transparent mode) 145

destination 143

device 144

router

next hop 136

routing 296

adding static routes 143 configuring 143

configuring routing table 145

policy 146

routing table 296

adding default route 143 adding routes 143

adding routes (Transparent mode) 145 configuring 145

S

scanning

antivirus 260

schedule 186

applying to policy 188

automatic antivirus and attack definition updates 117

creating one-time 186

creating recurring 187

one-time 186

policy option 174

recurring 187

scheduled antivirus and attack updates 124

scheduled updates


scheduling 117

script filter 275

example settings 274

scripts

removing from web pages 274, 280

searching logs 289, 290 logs saved to FortiGate hard disk 290

logs saved to memory 289

security question

registration 130

serial number

displaying 107

service 182

custom 184

group 185

policy option 174

predefined 182 service name 182

user-defined 184

service contracts

Forticare 125

service group

adding 185


Index service name

traffic filter display 287

session

clearing 113

set time 157

setup wizard 46, 62 starting 46, 62

shutting down 110

signature threshold values 254

SMTP 184

configuring alert email 292

definition 296

SNMP

configuring 162 contact information 162

definition 296

first trap receiver IP address 163

get community 162

MIBs 163

system location 162

trap community 163

traps 164

source

log search 291

policy option 173

squidGuard 271

SSH 139, 184, 297

SSL 295

service definition 183

starting IP

PPTP 236, 242

static IP/MAC list 194

static NAT virtual IP 188

adding 189

static route

adding 143

status

IPSec VPN tunnel 233 viewing dialup connection status 233 viewing VPN tunnel status 233

subnet

definition 297

subnet address

definition 297

support contract number

adding 129 changing 129

support password

changing 130

syn interval 158

synchronize with NTP server 157 system configuration 157

system date and time

setting 157

system location

SNMP 162

system name

SNMP 162

305

Index system settings

backing up 108 restoring 108 restoring to factory default 108

system status 93, 149

system status monitor 110, 111, 112, 113

T

TCP


technical support 28

testing

alert email 293

time

log search 289, 291

setting 157 time zone 157

timeout

firewall authentication 159

idle 158

IPSec VPN 233, 234


to IP

system status 114

to port

system status 114

traffic

configuring global settings 286, 287

filtering 286 logging 286

traffic filter

adding entries 288

display 287 log setting 287 packet 287 port number 287 resolve IP 287 service name 287 session 287 type 287

traffic log 284

deleting all messages 291, 292

Traffic Priority 175

Traffic Shaping 175

Transparent mode 18

adding routes 145

changing to 63

configuring the default gateway 64

HA 82

management interface 138

management IP address 64

trap community

SNMP 163

traps

SNMP 164

troubleshooting 233

trusted host

administrator account 160, 161

306

U

UDP


unwanted content

blocking 268, 278

update 285

attack 118

push 119

updated

antivirus 118

updating

attack definitions 115, 119 virus definitions 115, 119

upgrade

firmware 95

upgrading

firmware 94

firmware using the CLI 95, 97 firmware using the web-based manager 95, 96

URL

adding to exempt URL list 275, 280

adding to URL block list 269, 279 blocking access 269, 279

URL block list

adding URL 269, 279

clearing 270

downloading 271 uploading 271

URL block message 268

URL blocking

exempt URL list 275, 279

URL exempt list

see also exempt URL list 275, 279

user authentication 201

user groups

configuring 207

deleting 208

user name and password

adding 203

adding user name 202

user-defined services 184

user-defined signature

NIDS 252

V

Viewing 264

viewing

dialup connection status 233

logs 290

logs saved to memory 289

VPN tunnel status 233

virtual IP 188

adding 189

port forwarding 188, 190 static NAT 188

virus definition updates

downloading 130, 131

Fortinet Inc.

virus definitions

updating 115, 119

virus incidents


virus list

displaying 266 viewing 266

virus log 284

virus protection

overview 259

worm protection 15

VLAN

configuring 139 network configuration 139

VLAN network

typical configuration 140

VPN

configuring L2TP gateway 242

configuring PPTP gateway 236, 242

introduction 19

L2TP configuration 242

PPTP configuration 236

Tunnel 174

viewing dialup connection status 233

VPN events


VPN tunnel

viewing status 233

W

web content filtering

introduction 16

web filtering

ActiveX 274 cookies 274

Java applets 274

overview 267, 277

web filtering log 284

web page

content blocking 268, 278


changing options 158

connecting to 32

introduction 20

language 159

timeout 158

WebTrends

recording logs on NetIQ WebTrends server 282

Windows 2000

configuring for L2TP 245

configuring for PPTP 239

connecting to L2TP VPN 246

connecting to PPTP VPN 240

Windows 98



Windows XP

configuring for L2TP 246


connecting to L2TP VPN 248


wizard

setting up firewall 46, 62 starting 46, 62

worm list

displaying 266 worm protection 266

Z

zone

adding 133 configuring 133

renaming 134

Index


307

Index

308

Fortinet Inc.

Index. Fortinet FortiGate 400

Index

Numerics

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

Z

Related manuals

Table of contents

Index. Fortinet FortiGate 400

Index

Numerics

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

Z

Related manuals

Fortinet

FortiGate-800

Fortinet

100

Fortinet

50A

Fortinet

FortiGate FortiGate-50R

Fortinet

FortiGate 60R

Fortinet

Switch FortiGate 4000

SHI

FGS

Fortinet

FortiGate 4000

Fortinet

110C

Table of contents