Professional Documents
Culture Documents
Jacob Chen
Fortinet Taiwan SE
Fortigate
CLI (command line Interface), : console, telnet, ssh.
WEB GUI (Graphic User Interface), : Internet
Explorer http https (SSL).
Fortigate
Route/NAT
Internal interface 192.168.1.99/24
https, http, ssh, ping
External interface 192.168.100.99/24
ping
Console log in
1. IP 192.168.1.0 / 24 IP
2. Fortigate Internal port port1 (
)
3. https://192.168.1.99 WEBGUI fortigate
4. Name admin, Password , Login
1
2
1 Route / NAT IP
1 Route / NAT IP (contd)
Interface
1. IP
2. ping server IP
3.
4. OK ( Fortigate
)
5. ARP table,
Web GUI IP
Fortigate
1 Route / NAT IP
(contd)
Keypad and
LCD Display
Transparent , IP
10.10.10.1
internal port port1( )
1 Transparent IP
(contd)
Keypad and
LCD Display
5. OK
1
1. Source interface inernal
2. Destination interface
external
3. Source Destination all
4. FG Route/NAT,
NAT, FG
Transparent
NAT
5. OK
1
SOHO , NAT
, Route/NAT
Transparent , .
1
(Address)
Manual (static IP address)
DHCP
PPPoE
Https, Ping, Http, Telnet, SSH, SNMP
1
Network - Interface Overview
1
Network interface - Manual
Edit interface/Vlan
1. IP
2. ping server IP
3.
1
Network Interface - DDNS
DDNS server
Domain, Username, password
1
Network interface PPPoE
1. PPPoE
2. Retrieve default gateway from server
3. ping server
1 Route / NAT, Transparent
Default Route
Route/NAT ,Fortigate
(NAT) .
Transparent , Fortigate (Gateway)
Fortigate System
Maintenance
Troubleshooting
Configuration
settings
web filtering lists
spam filtering lists
System Status
Fortigate
Status Session
Status Transparent
Command
#Configsyssetting
(setting)#setopmodetransparent
System - Network
802.1Q VLAN
Zones
DNS
Network Interface Create New
VLAN
1. VLAN
2. VLAN ID (802.1Q)
3. VLAN IP
Network DNS
fortigate Alert email URL blocking
DNS
Fortigate DNS relay DNS request ),
DNS fortigate
DNS server
System - Config
Time -
Options
HA (High Available)
Admin
SNMP v1/v2c
Replacement Message
System Config - Time
, .
log , FDS
System Config - Options
, , ,
LCD , fail over
System Config - HA
System Config - SNMP v1/v2c
System Config - Fortimanager
System - Admin
Administrators
Add administrator accounts (up to 12)
Access Profile
System Admin - Administrators
System Admin - Access Profile
System - Maintenance
Backup & Restore
Update Center
Support
Shutdown
System Maintenance - Backup & Restore
System Maintenance - Contract
System Maintenance - Update Center
System Maintenance - Support
http://support.fortinet.com
BUG
System Maintenance - Shutdown
System Virtual Domain
D:\FortiGate\FortiOS v4.0\v4.0_Image\4.2\v4.2.2(291)FGT_200B-v400-build0291-FORTINET.out
Firmware (Console)
1. Fortigate port1 internal port
2. TFTP Server
3. console fortigate serial port
Router - Static
IP gateway
, default route
Router - Policy
:
source address
protocol, service type, or port range
, ,
Incoming Interface and source IP
address
Ping server (DGD) outgoing
Interface
Protocol Number
NAMENUMCODECOMMENT
HOPOPT0/*IPv6Hop-by-HopOption*/
ICMP1/*InternetControlMessage.*/
IGMP3/*InternetGroupManagement*/
IP4/*IPinIP(encapsulation)MTUsetting.*/
TCP6/*TransmissionControl*/
UDP17/*UserDatagram*/
Router RIP
RIP version 1 (RFC 1058) and RIP version 2 (RFC 2453)
(Distance-vector) ,
(hop count)
(L3 device)
15 Hop
RIP version 2
RIP
netmask
Routing Table List
Route/NAT
. IPS Antivirus
IPS
Signature
Anomaly
Enable IPS IPS
IPS -
FortiASIC
protection profile
4500
ICSA
IPS
IPS L3-L7
(ploicy) (UTM Protection Profile)
stateful engine
ASIC
, IPS
: , , , ,
,
IPS
IPS ( )
IPS
IPS Anomaly
IPS Profile
IPS Policy
Antivirus
Protection profile , policy
Protection profiles
HTTP / HTTPS
FTP
IMAP / IMAPS
POP3 / POP3S
SMTP / SMTPS
IM
NNTP
fragmented email oversized files email
IP
AntiVirus
Anitvirus File Block
Anitvirus
Anitvirus
Protocol ( )
Protocol Config - config
FortiGate 1-15% oversized
files email
email
bypass (oversized pass)
email
( )
( )
Log Config
Log Access
Fortigate
(Log setting)
?
3
1. (Even Log)
3 Policy AntiVirus
3 IPS App. Control
3 DoS WebFilter
3 AntiSpam
3 (DLP)
Remote Syslog Server
WebTrends Server
Local Disk
Memory Buffer
FortiAlanyzer Appliance
Select log types and filter
options for each location
, FortiAnalyzer
FortiGate log
Log header
Log body
( fortigate )
SMTP
fortigate DNS
email
FortiAnalyzer
. Fortigate
. Fortigate
-
(Secondary IP)
. Fortigate
. Fortigate
Fortigate -
Service Session timeout
Default timeout
timeout
. Fortigate
Fortigate -
Fortigate -
. Fortigate
IP-MAC -
IP
. Fortigate
IP-MAC - IP MAC
IP
MAC
. Fortigate
-OSPF
Area
connected
static route
. Fortigate
-OSPF Area
area
OSPF
OSPF
. Fortigate
Trouble Shooting
- system top
TroubleShooting -Netlink
TroubleShooting -SessionClear