FortiExplorer User Guide
Contents
1. 2004 26 Fortinet Knowledge Base 2 a ee n aa 26 Comments on Fortinet technical documentation 26 Customer service and technical support 222 aa 2 eee ra arm 26 Index 21 FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com SsRATINET Introduction Welcome and thank you for selecting Fortinet products for your network protection This document explains what is FortiExplorer and what it can do for you when you are first setting up your FortiGate 60C or FortiWiFi 60C series product or after they are up and running as a means of managing them FortiExplorer is software similar to the Setup Wizard in the web based manager that allows you to configure basic settings so that you can quickly get the FortiGate unit or FortiWiFi 60C series product up and running on the network This chapter contains the following topics e Before you begin In latest FortiExplorer release which was release with the FortiOS 4 0 MR3 patch release 3 FortiExplorer is available for FortiGate 20C 40C 1000C and 600C models and on the FortiWiFi 40C model Before you begin Before you begin using this guide please ensure that e Your PC or Mac meets the required OS version for running FortiExplorer e Mac OS X 10 6 or later e Windows XP Vista or 7 e You have administrative access to the web based manager and or CLI e The FortiGate unit is integrated into your ne2. m Firmware v 0 buildu441 1103 18 MES o Registration Unknown Register How Firmware Check for update The firmware is up to date Upload Firmware Setup Wizard Configure Footitabe vi a setup wisarcd Web based Manager Configure FortiGate via a web interface Command Line Interface Configure FortiGate via a command line interface Hew Remember this device and check for updates with FDS automatically 1 Device Connected FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com Installing FortiExplorer Installing FortiExplorer You can easily download and install FortiExplorer from the FortiExplorer Download page from your computer FortiExplorer also comes on the CD that is shipped with the FortiGate 60C or FortiWiFi 60C series products FortiExplorer is available for both Windows and Mac OS FortiExplorer not only helps you to set up basic configurations but can also help you e register your device e check for updates for your device and FortiExplorer e upgrade or downgrade the firmware on your device e configure settings for your device using either the CLI or web based manager Installing FortiExplorer When using FortiExplorer for the first time ensure that the device is in its default settings If the unit needs to be reverted to default settings insert a pin or paper clip into the Reset button for a few seconds The device may take
3. 103 FortiSwitch 5003A Port 1 10 21 101 161 FortiGate 5050 SM Port 1 10 21 101 104 L r et Es JE us See EA L Engineering network 10 22 101 0 FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 21 http docs fortinet com Document conventions Appendix Cautions Notes and Tips Fortinet technical documentation uses the following guidance and styles for cautions notes and tips only apply to the current session or services that need restarting before an update will 1 A Must Read table details information that is easily missed configuration changes that apply A Tip provides shortcuts or alternative approaches to the task at hand a4 A Troubleshooting tip provides information to help you track down why your A configuration is not working Typographical conventions Fortinet documentation uses the following typographical conventions Table 2 Typographical conventions in Fortinet technical documentation Convention Button menu text From Minimum log level select Notification box field or check box label config system dns CLI input set primary lt address ipv4 gt end FGT 602803030703 get system settings CLI output comments null opmode nart HTTP connections are not secure and can be intercepted by a third party lt HTML gt lt HEAD gt lt TITLE gt Firewall Authentication lt TITLE gt lt HEAD gt lt BODY gt lt H4 gt You must authenticate to u
4. CLI sa ae va rv vr a Configuring additional settings using FortiExplorer Adding and removing devices 222 arva vr rak aa Checking for firmware updates 2 2 varar rar akkar Checking for FortiExplorer updates 2 a a rar arr aa ra Upgrading or downgrading device firmware Backing up the configuration file on the device 2 22 av aa 2 ra rene Upgrading firmware on the device 2 2222 a a a a a aa rann Downgrading firmware on the device zvav a rar ra aa Appendix Document conventions 2 222222 a va rank aa naa IP addresses vere Example Network configuration aoa oao 2 a e a kr aa Cautions Notes and Tips onono eee a a a ar aa ra Typographical conventions 2 2 eee a aka CLI command syntax conventions 2 aoa a a a e a rea rar Entering FortiOS configuration data oaoa e a a eee a a ke Entering text strings names LL aoa a a a a a akk Entering numeric values aooo eee eee eee Selecting options from alist aooaa a a a Enabling or disabling options 2 2 aooaa ee rar ra naa FortiExplorer User Guide FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com Contents Registering your Fortinet product a 00 eee ee eee 25 Fortinet products End User License Agreement 0204 25 Training 246 eae Oe BRED re SSN 26 DOCUMCHIAUON s e soss skr Sa S Eee EES SG BDO 26 Fortinet Tools and Documentation CD
5. FortiExplorer There are other settings that you can configure within FortiExplorer that are not web based manager or CLI specific These settings can help you to add or remove devices check for firmware updates for devices or check for firmware updates for FortiExplorer The following topics are included in this section e Adding and removing devices e Checking for firmware updates e Checking for FortiExplorer updates Adding and removing devices You can add or remove devices from the Saved Devices list located on the Saved Devices page If you delete a device in the Saved Devices list the device is permanently removed To add a device to the Saved Devices list 1 On the device s Status page select the check box beside Remember this device and check for updates with FDS automatically 2 Inthe Firmware section of the page select Check for update FortiExplorer checks for firmware updates for the device and then automatically adds the devices to the Saved Devices list Checking for firmware updates You can easily and quickly check to see if any device within the Saved Devices list needs its firmware updated The update results appear in the Saved Devices list only when you select the check box beside Remember this device and check for updates with FDS automatically To check for firmware updates 1 Inthe Saved Devices list select the row that contains the unit that you want to check for new firmware 2 Select Check for
6. a few minutes to reboot To install FortiExplorer on Windows using the software CD 1 Insert the software CD included in to your computer 2 Select one of the following to install e For Microsoft Windows XP select FortiExplorer for Microsoft Windows XP e For Microsoft Windows Vista and 7 select FortiExplorer for Microsoft Windows Vista and Windows 7 3 After the installation finishes connect the USB A cable end to your computer and connect the other end of the cable USB B to the USB MGMT port of the unit 4 The New Hardware Wizard opens first once the unit is connected to your computer and the USB cable Do the following e Select the option No not at this time and then select Next e Select Install the hardware automatically and then select Next The New Hardware Wizard installs the hardware and then FortiExplorer opens To install FortiExplorer on Mac OS 1 Goto the FortiExplorer Download page on the support web site 2 On the FortiExplorer Download page select Mac Download and save the file to your computer 3 Locate the file on your computer and open it 4 Select the FortiExplorer disk icon on your desktop and when it opens drag the FortiExplorer app file to the Applications folder You can install FortiExplorer on a PC running Windows using the above procedure Instead of selecting Mac Download select Windows Download FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http doc
7. device firmware explains how to properly back up your current configuration and then upgrade or downgrade the device s firmware from within FortiExplorer FortiExplorer User Guide for FortiOS 4 0 MR3 6 01 430 147724 20111116 http docs fortinet com SRT INET user Guide Installing FortiExplorer A Overview This section explains what FortiExplorer is and how FortiExplorer can help you install the FortiGate 60C or FortiWiFi 60C series products into your network FortiExplorer is software similar to the Setup Wizard in the web based manager that allows you to configure basic settings so that you can quickly get the FortiGate 60C or FortiWiFi 60C series product up and running on the network The following topics are included in this section e Overview e Installing FortiExplorer In latest FortiExplorer release which was released with the FortiOS 4 0 MR3 patch release 3 FortiExplorer is available for FortiGate 20C 40C 1000C and 600C models and on the FortiWiFi 40C model FortiExplorer is a user friendly connection and configuration tool that helps you to quickly and easily set up your device regardless of your level of network experience Figure 1 FortiExplorer s Status page and icons METT Y DEVICE Fortifxplorer FortiGate Fasy Configuration Utility FGT60C3G10002814 Status r FGTGOCIG10002814 Device Mode FortiGate 606 acao Serial Number FGTGDCIGLODD BA
8. device to factory defaults The following procedure assumes that you are using FortiExplorer to back up the configuration file However you can go to the device s web based manager using your web browser and back up the configuration file To back up the configuration file 1 Within FortiExplorer select Web based Manager and when the login screen appears log in 2 Inthe web based manager go to System gt Dashboard gt Status 3 In System Information widget select Backup in the System Configuration row 4 Select either Local PC FortiManager or USB Disk The USB Disk option is grayed out if no USB drive is inserted into the USB port The FortiManager option is not available if the device is not managed by a FortiManager system 5 If VDOMs are enabled select to back up the entire configuration Full Config or a specific VDOM s configuration VDOM Config If you are backing up a VDOM configuration select the VDOM from the list 7 To encrypt the configuration file select Encrypt configuration file Encryption must be enabled on the backup file to back up VPN certificates 8 Enter a password and enter it again to confirm it The password is needed to restore the file 9 Select Backup 10 The web browser will prompt you for a location to save the configuration file The configuration file will have a conf extension FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 17 http docs fortinet com Upgr
9. not only has the same configuration options but additional settings not available through the web based manager The CLI contains commands and sub commands that are used to configure a feature s settings and you can upload batches of commands from a text file For example a configuration script to help you configure a setting or settings You should review the FortiGate CLI Reference before connecting to the CLI so that you are familiar with the command tree structure in the CLI To use the CLI from FortiExplorer select CLI Log in to the CLI to start configuring settings 12 FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com Connecting to the device s web based manager and CLI Connecting to the CLI Figure 3 The CLI as it appears when accessed in FortiExplorer ForuExplorer Fortibate Easy Conl guratan Utility Ss Sa FESATINET DEVICE ie FETADCLGIONNZRI Web Wizard Farapa character ds 4 FLECHA SEIS login admin FGTS L ICIBRAZELS E 1 Device Connected one oe a n vz FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 13 http docs fortinet com Connecting to the CLI Connecting to the device s web based manager and CLI FortiExplorer User Guide for FortiOS 4 0 MR3 14 01 430 147724 20111116 http docs fortinet com SsRATINET Configuring additional settings using
10. update 3 Inthe Check Result column the result appears Checking for FortiExplorer updates In a similar way to checking a device for firmware updates you can check to see if FortiExplorer requires an update to its software FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 15 http docs fortinet com Checking for FortiExplorer updates Configuring additional settings using FortiExplorer To check for FortiExplorer updates 1 Select FortiExplorer gt Check for Updates FortiExplorer checks for updates This may take a few minutes 2 Ifthe check finds that FortiExplorer s software needs to be updated go ahead and update the software 16 FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com RTINMET Upgrading or downgrading device firmware This section explains how to properly upgrade or downgrade your device using FortiExplorer The following topics are included in this section e Backing up the configuration file on the device e Upgrading firmware on the device e Downgrading firmware on the device Backing up the configuration file on the device Whenever a device is about to be upgraded or downgraded you must back up the current configuration file A current backed up configuration file provides a way to easily restore settings if you have issues during the upgrade process that changes the current configuration or if you have to revert your
11. F RTINMET FortiExplorer User Guide for FortiOS 4 0 MR3 FortiExplorer User Guide v3 16 November 2011 01 430 147724 20111116 Copyright 2011 Fortinet Inc All rights reserved Contents and terms are subject to change by Fortinet without prior notice Reproduction or transmission of this publication is encouraged Trademarks The names of actual companies and products mentioned herein may be the trademarks of their respective owners Visit these links for more information and documentation for your Fortinet products Fortinet Knowledge Base http kb fortinet com Technical Documentation http docs fortinet com Training Services http campus training fortinet com Technical Support http support fortinet com You can report errors or omissions in this or any Fortinet technical document to techdoc fortinet com SsRATINET Jser Guide Contents Introduction Before you begin 1 e a How this guide is organized 22 aa vr vr rar kara Installing FortiExplorer OVENVIEW Lavere r ere ere dee RE Installing FortiExplorer 222222 aa vrak aar Configuring basic device settings and registering your device Configuring a device s basic settings using Setup Wizard Registering your device from FortiExplorer 2222 aar ra ra rann Connecting to the device s web based manager and CLI Connecting to the web based manager 2 eee eee ee ee aa Connecting to the
12. Standalone Configure Man Apr 18 12 50 29 2011 Change v4 0 bulld0441 100308 MRI Fife zs Syabem Time Firmaase Versan CPU Lege RM System Configuration Last Backup Hen Apr 11 10 54 54 2011 Backup Restore Top Sessions Current Adminstrator pimin Charge Passerd 1 an Total Dead Tap Sessans By Source Address 2001 04 16 12 50 31 Up timet O daria O Pours 18 mints Virtual Domain Disabbed Enable License Information Support Contract Registration Unreachable FartiGuard Services Antivirus Unreechable Configure Intrusion Protection Unreschable Confegure Web Firerirg Unreachable Centaure Emall Filtering Unreachable Cantaure vulnerability Mansgement Unreachable Configure 560006 Analysis Management Service Unreachable Device Connected When using the web based manager in the FortiExplorer window you can see five icons at the top of the page These icons help you to navigate through the web based manager You can also use Expand to open the web based manager in a web browser on your computer Figure 2 The five icons that appear above the web based manager in the FortiExplorer window Previous Next Refresh Close Connecting to the CLI The command line interface CLI is an alternative method of configuring the FortiGate unit The CLI complements the web based manager in that it
13. able 1 Examples of the IP numbering Location and device Head Office one FortiGate 109 011 101 100 10 011 201 100 172 20 120 191 Head Office second 10 012 101 100 10 012 201 100 172 20 120 192 E EN RR Branch Office one 10 021 101 100 10 021 201 100 172 20 120 193 Ce a EN KEE Office 7 one FortiGate with 109 079 101 100 10 079 101 100 172 20 120 194 Fe RE KNEE Office 3 one FortiGate web n a 10 031 201 110 server Bob in accounting onthe 10 0 11 101 200 corporate user network dhcp at Head Office one FortiGate Router outside the n a 172 20 120 195 FortiGate FortiExplorer User Guide for FortiOS 4 0 MR3 20 01 430 147724 20111116 http docs fortinet com Appendix Document conventions Example Network configuration The network configuration shown in Figure 6 or variations on it is used for many of the examples in this document In this example the 172 20 120 0 network is equivalent to the Internet The network consists of a head office and two branch offices Figure 1 Example network configuration WLAN 10 12 101 100 SSID example com Password supermarine DHCP range 10 12 101 200 249 Linux PC 10 11 101 20 S SI SI N FortiGate 620B HA cluster N Se gt N Windows PC Fa SS 10 31 101 10 ie Ed 5S Edi FortiManager 3000B Sy Pa Cluster Port 1 10 21 101 102 FortiGate 5005FA2 Port 1 10 21 101 102 FortiGate 5005FA2 Port 1 10 21 101
14. ading firmware on the device Upgrading or downgrading device firmware Upgrading firmware on the device In the FortiExplorer window you can select Upload Firmware and upgrade the firmware on your device When upgrading a device the network will be disrupted so it is best to upgrade the firmware during low traffic times To upgrade a new firmware image on a device 1 Back up the configuration file using the procedure To back up the configuration file on page 17 2 Inthe device s Status page select a new firmware image from the list in Upload Firmware If the firmware image that you want to install is not in the list select Choose an Upgrade File from the list to choose the new firmware image from your computer 3 With the firmware image to install selected in the list select Upload Firmware The firmware image uploads to the device This may take a few minutes Downgrading firmware on the device In the FortiExplorer window you select Upload Firmware to downgrade the firmware on the device When downgrading firmware on a device the network will be disrupted so it is best to downgrade during low traffic times To downgrade firmware on a device 1 Back up the configuration file using the procedure To back up the configuration file on page 17 2 Inthe device s Status page select an older firmware image from the list in Upload Firmware If the firmware image that you want to install is not in the list selec
15. docs fortinet com Feedback 29 Index 30 FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com SAT INET www fortinet com SAT INET www fortinet com
16. ears 2 Log in to the wizard using the default admin settings The default admin settings are admin and there is no password After entering the default admin settings the Welcome to the FortiGate Setup Wizard page appears You must select Next to continue 3 Inthe Admin Password step enter the new password and then select Next 4 To continue on select Next to go to each step 5 When you are at the last step Summary select Save to save the configuration settings to your computer The new configuration is saved to the device FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com Registering your device from FortiExplorer Configuring basic device settings and registering your device Figure 1 The Summary page within the Setup Wizard after saving the basic configuration file FortiExplorer FortiGate Easy Configuration Utility a Ev e i Sd weld vis FGTGOCIG10002814 Web Welcome Cui System setti Fortikxplorer Admin Pa tm lime US amp Canada The basic configuration has been saved successfuly Time Zon You can explore the full range of confiquration options by using Web based Manager or Command Network Line Interface 100 99 255 255 255 0 WAN Top f gu Primary WL SAS ESS FRED TERE ed 9 255 255 0 DHCP Server Disabled LAN Settings WiFi Settings Not Enabled Security Access Schedule always Access Schedule Basic Access Policy NAT In
17. ickly to your new equipment and certifications to verify your knowledge level Fortinet provides a variety of training programs to serve the needs of our customers and partners world wide To learn about the training services that Fortinet provides visit the Fortinet Training Services web site at http campus training fortinet com or email training fortinet com Documentation The Fortinet Technical Documentation web site http docs fortinet com provides the most up to date versions of Fortinet publications as well as additional technical documentation such as technical notes In addition to the Fortinet Technical Documentation web site you can find Fortinet technical documentation on the Fortinet Tools and Documentation CD Fortinet Tools and Documentation CD Many Fortinet publications are available on the Fortinet Tools and Documentation CD shipped with your Fortinet product The documents on this CD are current at shipping time For current versions of Fortinet documentation visit the Fortinet Technical Documentation web site http docs fortinet com Fortinet Knowledge Base The Fortinet Knowledge Base provides additional Fortinet technical documentation such as troubleshooting and how to articles examples FAQs technical notes a glossary and more Visit the Fortinet Knowledge Base at http kb fortinet com Comments on Fortinet technical documentation Please send information about any errors or omissions in this or any F
18. iguration such as policy A lt xxx index gt An index number referring to another part of the configuration such as 0 for the first static route lt xxx pattern gt A regular expression or word with wild cards that matches possible variations such as example com to match all email addresses ending in example com lt xxx fadn gt A fully qualified domain name FQDN such as mail example com lt xxx email gt An email address such as admin mail example com lt xxx url gt A uniform resource locator URL and its associated protocol and host name prefix which together form a uniform resource identifier URI such as http www fortinet com lt xxx ipv4 gt An IPv4 address such as 192 168 1 99 lt xxx v4mask gt A dotted decimal IPv4 netmask such as 25545255 FM UR lt xxx ipv4mask gt A dotted decimal IPv4 address and netmask separated by a space such as OZ 1 OG 6 Ing OO SSS ANNA lt xxx ipv4 mask gt A dotted decimal IPv4 address and CIDR notation netmask separated by a slash such as such as 192 166 51499724 lt xxx ipv6 gt colon delimited hexadecimal IPv6 address such as 3 2e 6a8b 78a3 0d82 1725 6a2 0370 6234 lt xxx v mask gt An IPv6 netmask such as 96 lt xxx ipv mask gt An IPv6 address and netmask separated by a space lt xxx str gt A string of characters that is not another data type such as P sswOrd Strings containing spaces or special characters must be surrounded in quotes o
19. ion about allowed numeric value ranges Both the web based manager and the CLI prevent you from entering invalid numbers Selecting options from a list If a configuration field can only contain one of a number of selected options the web based manager and CLI present you a list of acceptable options and you can select one from the list No other input is allowed From the CLI you must spell the selection name correctly Enabling or disabling options If a configuration field can only be on or off enabled or disabled the web based manager presents a check box or other control that can only be enabled or disabled From the CLI you can set the option to enable or disable Registering your Fortinet product Before you begin configuring and customizing features take a moment to register your Fortinet product at the Fortinet Technical Support web site https support fortinet com Many Fortinet customer services such as firmware updates technical support and FortiGuard Antivirus and other FortiGuard services require product registration For more information see the Fortinet Knowledge Center article Registration Frequently Asked Questions Fortinet products End User License Agreement See the Fortinet products End User License Agreement FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 25 http docs fortinet com Training Appendix Training Fortinet Training Services provides courses that orient you qu
20. ivirus 5 25 services 25 Fortinet Knowledge Center 26 Technical Documentation 26 Technical Documentation conventions 19 Technical Support 26 Technical Support registering with 25 Technical Support web site 25 Training Services 26 Fortinet customer service 26 Fortinet documentation 26 Fortinet Knowledge Center 26 G glossary 26 H how to 26 installing FortiExplorer on Mac OS 8 using CD 8 introduction Fortinet documentation 26 IP address private network 19 K Knowledge Center 26 M mode operation 5 O operation mode 5 P password administrator 5 product registration 25 R registering with Fortinet Technical Support 25 registering device 10 RFC 1918 19 S setting up basic settings 9 Setup Wizard 9 T technical documentation 26 documentation conventions 19 notes 26 support 26 FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com 27 Index technical support 26 Training Services 26 U upgrading firmware on device 18 V vulnerability Cross Site Scripting 24 XSS 24 W web based manager connecting 11 wizard setting up basic settings 9 X XSS vulnerability protection from 24 28 FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com Index FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http
21. me subnet 001 099 physical address ports and non virtual interfaces 100 255 VLANs tunnels aggregate links redundant links vdom links etc FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com 19 Document conventions Appendix e D usage based addresses this part is determined by what device is doing e The following gives 16 reserved 140 users and 100 servers in the subnet e 001 009 reserved for networking hardware like routers gateways etc e 010 099 DHCP range users e 100 109 FortiGate devices typically only use 100 e 110 199 servers in general see later for details e 200 249 static range users e 250 255 reserved 255 is broadcast 000 not used e The D segment servers can be farther broken down into e 110 119 Email servers e 120 129 Web servers e 130 139 Syslog servers e 140 149 Authentication RADIUS LDAP TACACS FSAE etc e 150 159 VoIP SIP servers managers e 160 169 FortiAnalyzers e 170 179 FortiManagers e 180 189 Other Fortinet products FortiScan FortiDB etc e 190 199 Other non Fortinet servers NAS SQL DNS DDNS etc e Fortinet products non FortiGate are found from 160 189 The following table shows some examples of how to choose an IP number for a device based on the information given For internal and dmz it is assumed in this case there is only one interface being used T
22. og in using your administrator user name and password After logging in to the web based manager you can use the menus lists and pages to configure most settings Configuration changes made within the web based manager take effect immediately without resetting the device or interrupting service When accessing the web based manager from within FortiExplorer you can also access detailed context sensitive online help that displays for the current web based manager page To use the web based manager from FortiExplorer select Web Log in to the web based manager to start configuring settings FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com 11 Connecting to the CLI Connecting to the device s web based manager and CLI Figure 1 The web based manager as it appears when accessed in FortiExplorer SETT MG A RE re ime FortiGate 60C ELI rae E FGT60C3G10002814 Web Management 5 fl Network jg o Og Admin EEG Corteicates a h Maintenance al Manor Contig Router Firewall UTH VPN User WAM Opt amp Cache Endpoint Security WiFi Controller Log amp Repart NG Widget Dashboard FortlExplarer Fortitare Easy Configuration Utility F amp ATINET 2 2 8 Fanner Tr System Resources System Information Host Name POTOOL IG 10002814 Charge Sere Number FETEOCIG 10002814 Operation Mode MAT Change HA Status
23. ortinet technical document to techdoc fortinet com Customer service and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet products install quickly configure easily and operate reliably in your network To learn about the technical support services that Fortinet provides visit the Fortinet Technical Support web site at https support fortinet com You can dramatically improve the time that it takes to resolve your technical support ticket by providing your configuration file a network diagram and other specific information For a list of required information see the Fortinet Knowledge Base article FortiGate Troubleshooting Guide Technical Support Requirements 26 FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com sRATINET Index B backing up config file 17 C certification 26 CLI syntax conventions 22 comments documentation 26 connecting to CLI 12 connecting to web based manager 11 conventions 19 Cross Site Scripting protection from 24 customer service 26 D default password 5 device registering from FortiExplorer 10 upgrading firmware 18 document conventions CLI syntax 22 documentation 26 commenting on 26 conventions 19 Fortinet 26 downgrading firmware on device device downgrading firmware 18 F FAQ 26 FortiGate documentation commenting on 26 FortiGuard Antispam 5 Ant
24. r use escape sequences lt xxx int gt An integer number that is not another data type such as 15 for the number of minutes FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com 23 Entering FortiOS configuration data Appendix Table 3 Command syntax notation Continued A word or series of words that is constrained to a set of options delimited by either vertical bars or spaces You must enter at least one of the options unless the set of options is surrounded by square brackets Curly braces Mutually exclusive options For example enable disable indicates that you must enter either enable or disable but must not enter both Options delimited by vertical bars Non mutually exclusive options For example http https ping snmp ssh telnet indicates that you may enter all or a subset of those options in any order in a space delimited list such as Options ping https ssh delimited by Note To change the options you must re type the entire list For spaces example to add snmp to the previous example you would type ping https snmp ssh If the option adds to or subtracts from the existing list of options instead of replacing it or if the list is comma delimited the exception will be noted Entering FortiOS configuration data The configuration of a FortiGate unit is stored as a series of configuration settings in the FortiOS configuration da
25. s fortinet com SsRATINET Configuring basic device settings and registering your device This section explains how to configure basic device settings using FortiExplorer s Setup Wizard The Setup Wizard is similar to the Setup Wizard that is available on all FortiGate products This section also explains how to register your FortiGate unit after you have configured basic settings on your device The following topics are included in this section e Configuring a device s basic settings using Setup Wizard e Registering your device from FortiExplorer Configuring a device s basic settings using Setup Wizard The FortiExplorer Setup Wizard helps you to set up basic FortiGate or FortiWiFi configuration settings When you select Setup Wizard each basic configuration step is Clearly laid out and if you need to go back to a previous step you can with the Back option The Setup Wizard helps you to configure e an administrator password e time zone e WAN and LAN settings e Internet access e an access schedule e a virtual server or remote VPN After completing all of the steps you can review your device s new settings from the Summary page The summary page helps you to verify the settings to make sure that everything is correct before updating your device with the new configuration To configure basic settings on your FortiGate unit using the Setup Wizard 1 Select Wizard in the DEVICE list The login page of the Setup Wizard app
26. se this service lt H4 gt Visit the Fortinet Technical Support web site Hyperlink https support fortinet com Type a name for the remote VPN peer or client such as Central Office l Go to VPN gt IPSEC gt Auto Key IKE Publication For details see the FortiOS Handbook CLI command syntax conventions Keyboard entry This guide uses the following conventions to describe the syntax to use when entering commands in the Command Line Interface CLI FortiExplorer User Guide for FortiOS 4 0 MR3 22 01 430 147724 20111116 http docs fortinet com Appendix Document conventions Brackets braces and pipes are used to denote valid permutations of the syntax Constraint notations such as lt address ipv4 gt indicate which data types or string patterns are acceptable value input Table 3 Command syntax notation Square brackets Angle brackets lt gt A non required word or series of words For example verbose 1 ST indicates that you may either omit or type both the verbose word and its accompanying option Such as verbose 3 A word constrained by data type To define acceptable input the angled brackets contain a descriptive name followed by an underscore and suffix that indicates the valid data type For example retries ME indicates that you should enter a number of retries such as 5 Data types include lt xxx name gt name referring to another part of the conf
27. ss tree address name 64 subnet type Start 10 end 1p 24 FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com Appendix Registering your Fortinet product rgan 1256 cache ttl 0 86400 wildcard comment 64 xss associated interface 16 Color 0 32 Note that the tree command output also shows the number of characters allowed for other firewall address name settings For example the fully qualified domain name fqdn field can contain up to 256 characters Entering numeric values Numeric values are used to configure various sizes rates numeric addresses or other numeric values For example a static routing priority of 10 a port number of 8080 or an IP address of 10 10 10 1 Numeric values can be entered as a series of digits without spaces or commas for example 10 or 64400 in dotted decimal format for example the IP address 10 10 10 1 or as in the case of MAC or IPv6 addresses separated by colons for example the MAC address 00 09 0F B7 37 00 Most numeric values are standard base 10 numbers but some fields again such as MAC addresses require hexadecimal numbers Most web based manager numeric value configuration fields limit the number of numeric digits that you can add or contain extra information to make it easier to add the acceptable number of digits and to add numbers in the allowed range CLI help includes informat
28. t Choose an Upgrade File from the list to choose the new firmware image from your computer 3 With the firmware image to install selected in the list select Upload Firmware The firmware image uploads to the device This may take a few minutes 18 FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com SsRTINET Appendix Document conventions Fortinet technical documentation uses the conventions described below IP addresses To avoid publication of public IP addresses that belong to Fortinet or any other organization the IP addresses used in Fortinet technical documentation are fictional and follow the documentation guidelines specific to Fortinet The addresses used are from the private IP address ranges defined in RFC 1918 Address Allocation for Private Internets available at http ietf org rfc rfc1918 txt number 1918 Most of the examples in this document use the following IP addressing e IP addresses are made up of A B C D o A e B e C can be one of 192 172 or 10 the non public addresses covered in RFC 1918 168 or the branch device virtual device number Branch number can be Oxx 1xx 2xx O is Head office 1 is remote 2 is other Device or virtual device allows multiple FortiGate units in this address space VDOMS Devices can be from x01 to x99 interface FortiGate units can have up to 40 interfaces potentially more than one on the sa
29. tabase To change the configuration you can use the web based manager or CLI to add delete or change configuration settings These configuration changes are stored in the configuration database as they are made Individual settings in the configuration database can be text strings numeric values selections from a list of allowed options or on off enable disable Entering text strings names Text strings are used to name entities in the configuration For example the name of a firewall address administrative user and so on You can enter any character in a FortiGate configuration text string except to prevent Cross Site Scripting XSS vulnerabilities text strings in FortiGate configuration names cannot include the following characters double quote amp ampersand single quote lt less than and lt greater than You can determine the limit to the number of characters that are allowed in a text string by determining how many characters the web based manager or CLI allows for a given name field From the CLI you can also use the tree command to view the number of characters that are allowed For example firewall address names can contain up to 64 characters When you add a firewall address to the web based manager you are limited to entering 64 characters in the firewall address name field From the CLI you can do the following to confirm that the firewall address name field allows 64 characters config firewall addre
30. ternet Access Virtual Server Number 0 Virtual Server Remote VPN Remote VPN Save amp Click Finish button to save your settings to the unit 1 Device Connected Registering your device from FortiExplorer You can use FortiExplorer to quickly register your device By registering the device you can receive updates to threat detection and prevention databases including Antivirus and Intrusion Detection and you have access to Fortinet technical support There are two ways to register the device by selecting Register Now on the Status page in the FortiExplorer window or by logging in to your device s web based manager where a window appears and asks if you want to register your device Follow the steps that appear within the window to complete the registration process FortiExplorer User Guide for FortiOS 4 0 MR3 10 01 430 147724 20111116 http docs fortinet com SsRATINET Connecting to the device s web based manager and CLI After installing and setting up the basic settings for your device you can connect to the device s web based manager and CLI The following topics are included in this section e Connecting to the web based manager e Connecting to the CLI Connecting to the web based manager The web based manager is a user friendly interface for configuring settings as well as managing your device Accessing the web based manager is easy to use the web based manager interface select Web and then l
31. twork e The operation mode has been configured e The system time DNS settings administrator password and network interfaces have been configured e Firmware FortiGuard Antivirus and FortiGuard Antispam updates are completed e FortiGuard Analysis amp Management Service is properly configured While using the instructions in this guide note that administrators are assumed to be super admin administrators unless otherwise specified Some restrictions will apply to other administrators How this guide is organized This document contains the following sections e Installing FortiExplorer explains how to install FortiExplorer on your computer and provides procedures for installing on either Windows or Mac OS e Configuring basic device settings and registering your device explains how to configure the basic settings using FortiExplorer s Setup Wizard as well as how to register the device from within FortiExplorer e Connecting to the device s web based manager and CLI explains how you can connect to either the device s web based manager or CLI FortiExplorer User Guide for FortiOS 4 0 MR3 01 430 147724 20111116 http docs fortinet com Before you begin Introduction e Configuring additional settings using FortiExplorer explains how to check for firmware updates for your device check for firmware updates for FortiExplorer and how to remove or add a device in the Saved Devices list e Upgrading or downgrading
Download Pdf Manuals
Related Search