Fortinet FortiGate 3600 User Manual

Nat/route mode, Transparent mode, Fortigate-3600

Products mentioned in this document are trademarks or registered trade-

marks of their respective holders.

Regulatory Compliance

FCC Class A Part 15 CSA/CUS

23 January 2009

Checking the Package Contents

Connecting

Planning the Configuration

Internet

Router

Internal

network

Port 1

10.10.10.1

10.10.10.2

Internal Network

192.168.1.3

Internal

192.168.1.99

Routing policies controlling

traffic between internal

networks.

External

204.23.1.5

NAT mode policies controlling

traffic between internal

and external networks.

Internet

Router

DMZ network

Web Server

Mail Server

Internal

network

Hub or switch

Port 1

External

Internal

Esc

Enter

POWER

Hi-Temp

5/HA

INT

EXT

5/HA

INTERNAL

EXTERNAL

Esc

Enter

POWER

Hi-Temp

5/HA

INT

EXT

5/HA

INTERNAL

EXTERNAL

Front

Back

Power Cables (2)

Rack-Mount Brackets

Null-Modem Cable

(RS-232)

Ethernet Cables:

Orange - Crossover

Grey - Straight-through

LCD

Display

Control

Buttons

1, 2, 3, 4, 5/HA

Interfaces

Internal

Interface

External

Interface

RS-232 Serial

Connection

Redundant

Hot Swappable

Power Supplies

Redundant

Hot-Swappable

Fan Assemblies

Power

Supply

LEDs

Alarm

Cancel

Button

Documentation

FortiGate-3600

Products mentioned in this document are trademarks.

Q u i c k S t a r t G u i d e

Esc

Enter

POWER

Hi-Temp

5/HA

INT

EXT

5/HA

INTERNAL

EXTERNAL

Esc

Enter

POWER

Hi-Temp

5/HA

INT

EXT

5/HA

INTERNAL

EXTERNAL

Optional null modem cable connects

to serial port on management computer

Power cables connect to power outlets

Crossover Ethernet cable connects to management computer on internal network

Straight-through Ethernet cable connects to LAN or switch on internal network

SC fiber optic cables connect to other networks

Straight-through Ethernet cable connects

to Internet (public switch, router or modem)

Straight-through Ethernet cable connects

to another network

Connector

Type

Speed

Protocol Description

Internal

1000Base-SX Ethernet Copper gigabit connection to the internal

network.

External

1000Base-SX Ethernet Copper gigabit connection to the internet.

Port 1

RJ-45 10/100Base-T Ethernet Optional connection to a 10/100Base-T network.

Port 2 to 4

1000Base-SC Ethernet Optional multimode fiber optic connections to

other networks.

Port 5/HA

1000Base-SC Ethernet Optional multimode fiber optic connection to an-

other network, or to other FortiGate-3600 units

for high availability (HA).

CONSOLE

DB-9

9600 bps

RS-232

serial

Optional connection to the management com-

puter. Provides access to the command line

interface (CLI).

Connect the FortiGate unit to a power outlet and to the internal and external networks.

Place the unit on a stable surface.

The FortiGate unit requires 1.5 inches (3.75 cm) clearance above and on each side to

allow for cooling.

Make sure the power switch on the back of the unit is turned off before connecting the

power and network cables.

MAIN MENU appears when the unit is up and running.

If only one power supply is connected, an audible alarm sounds to indicate a failed

power supply. To stop this alarm, press the red alarm cancel button.

•

Before beginning to configure the FortiGate unit, you need to plan how to integrate the unit into your network. Your configuration plan is dependent upon the operating mode that you select:

NAT/Route mode (the default) or Transparent mode. Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, FortiGuard,

Web content filtering, Spam filtering, intrusion prevention (IPS), and virtual private networking (VPN).

NAT/Route mode

In NAT/Route mode, each FortiGate unit is visible to the network that it is connected to. All

of its interfaces are on different subnets. Each interface connected to a network must be

configured with an IP address that is valid for that network.

You would typically use NAT/Route mode when the FortiGate unit is deployed as a gateway

between private and public networks. In its default NAT/Route mode configuration, the unit

functions as a firewall. Firewall policies control communications through the FortiGate unit.

No traffic can pass through the FortiGate unit until you add firewall policies.

In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In NAT

mode, the FortiGate unit performs network address translation before IP packets are sent to

the destination network. In Route mode, no translation takes place.

Transparent mode

In Transparent mode, the FortiGate unit is invisible to the network. All of its interfaces are on

the same subnet. You only have to configure a management IP address so that you can make

configuration changes.

You would typically use the FortiGate unit in Transparent mode on a private network behind

an existing firewall or behind a router. In its default Transparent mode configuration, the unit

functions as a firewall. No traffic can pass through the FortiGate unit until you add firewall

policies.

You can connect up to four network segments to the FortiGate unit to control traffic between

these network segments.

FortiGate-3600

01-30006-0041-20090123

LED

State

Description

Power

Green

The FortiGate unit is on.

Off

The FortiGate unit is off.

Display Panel LEDs:

1, 2, 3, 4

5/HA, INT, EXT

Green

The correct cable is in use and the connected equip-

ment has power.

Flashing

Green

Network activity at this interface.

Off

No link established.

Port 1

Amber

The link is up.

Flashing

Amber

Network activity at this interface.

Green

Link speed is 100Mb/s

Off

Link speed is 10Mb/s

Internal, External

Amber

The link is up.

Flashing

Amber

Network activity at this interface.

Green

Link speed is 1000Mb/s

Off

Link speed is 100Mb/s