[PDF] FortiGate Online Help 9 Nov 2010 the System

View - Download FortiGate Online Help

Previous PDF

Next PDF

FortiGate Online Help

FortiOS™ Handbook v2

for FortiOS 4.0 MR2

FortiOS™ Handbook: FortiGate Online Help

v2

9 November 2010

01-420-95110-20101109

for FortiOS 4.0 MR2

© Copyright 2010 Fortinet, Inc. All rights reserved. No part of this publication including text, examples,

diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means,

electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of

Fortinet, Inc.

Trademarks

Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient, FortiGate®, FortiGate Unified Threat Management System, FortiGuard®, FortiGuard-Antispam, FortiGuard-Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager,

Fortinet®, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and

FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual

companies and products mentioned herein may be the trademarks of their respective owners.

Web-based manager Web-based manager overview

FortiOS™ Handbook v2 FortiGate Online Help

01-420-95110-201011093

http://docs.fortinet.com/ • Feedback

Web-based manager

This section describes the features of the user-friendly web-based manager administrative interface (sometimes referred to as a graphical user interface, or GUI) of your unit. This section also explains common web-based manager tasks that an administrator does on a regular basis, as well as online help. The following topics are included in this section: •Web-based manager overview •Web-based manager menus and pages •Common web-based manager tasks •Organization of the online help

Web-based manager overview

The web-based manager is a user-friendly interface for configuring settings as well as managing the unit. Accessing the web-based manager is easy; by using HTTP or a secure HTTPS connection from any management computer running a web browser, you can enter a user name and password to log in to the web-based manager. The recommended minimum screen resolution for properly displaying the web-based manager is 1280 by

1024. You should verify that you have the supported web browser because certain web

browsers do not correctly display the information within the web-based manager interface. You can find which web browsers are supported in the Knowledge Base articles, Microsoft Windows WEB browsers supported by Fortinet products web-based manager (GUI) web browsers, and Mac OS browsers for use with Fortinet hardware web-based manager (GUI). After logging in to the web-based manager, you can use the menus, lists and pages to configure most settings. The web-based manager also provides the CLI Console widget, which allows you to connect to the command line interface (CLI) without exiting out of the web-based manager. Configuration changes made within the web-based manager take effect immediately, without resetting the unit or interrupting service. The web-based manager also includes detailed context-sensitive online help, that displays for the current web-based manager page. Organization of the online helpOrganization of the online helpOrganization of the online help

Web-based manager menus and pages

The web-based manager interface consists of main menus, menus and sub-menus. The navigation to get to them is as follows: System > Dashboard > Status or UTM > Antivirus > Profile. When you go to a submenu, for example UTM > Antivirus > Profile, you are on that submenu's page. These pages contains the icons necessary to configure settings, create new lists, as well as customize the display of information. Web-based manager menus and pages Web-based manager

FortiOS™ Handbook v2 FortiGate Online Help

401-420-95110-20101109

http://docs.fortinet.com/ • Feedback In Figure 1, the Status page is shown, with Widget and Dashboard located at the top of the page. In Figure 1, you can also see the submenus that are available in the Dashboard menu, as well as the menus within the System main menu. A main menu that is not shown in Figure 1 is the Current VDOM main menu, which appears only when VDOMs are enabled. For more information about the Current VDOM menu, see "Switching VDOMs" on page 13. Figure 1: Explanation of the web-based manager interface

This topic contains the following:

•Main menus in the web-based manager •Using web-based manager lists •Adding filters to web-based manager lists

Main menu

Menu

Sub-menu

A menu's page. In this example, the

Status page displays the System

Information, System Resources and Unit

Operation widgets. The page also

includes the Widget and Dashboard icons. Web-based manager Web-based manager menus and pages

FortiOS™ Handbook v2 FortiGate Online Help

01-420-95110-201011095

http://docs.fortinet.com/ • Feedback •Using page controls on web-based manager lists •Using column settings to control the columns displayed •Using filters with column settings

Main menus in the web-based manager

The web-based manager provides access to configuration options for all major FortiGate features from the main menus. The web-based manager contains the following main menus:

Using web-based manager lists

Many of the web-based manager pages contain lists. The information within these lists can be filtered, so that only specific information is displayed. Only an administrator with read and write access can filter web-based manager lists. Administrators with read-only access can only view web-based manager lists. Web-based manager lists also contain page controls that help you to navigate through the information on each page.

This topic contains the following:

•Adding filters to web-based manager lists •Filters for columns that contain numbers

SystemConfigure system settings, such as network interfaces, virtual domains, DHCP services, administrators, certificates, High Availability (HA), system time and set system options. The System menu also provides maintenance settings, such as manually updating FortiGuard services, as well as advanced settings. These advanced settings include uploading script files.

RouterConfigure static and dynamic routing and view the router monitor. You can also configure multicast routing.

FirewallConfigure firewall policies that apply network protection features. You can also configure virtual IP addresses and IP pools.

This menu includes settings for configuring traffic shaping, load balancing and DoS policies.

UTMConfigure antivirus and email filtering, web filtering, intrusion protection, data leak prevention, and application control.

VPNConfigure IPSec and SSL virtual private networking.

UserConfigure user accounts for use with firewall policies that require user authentication. Also configure external authentication servers such as RADIUS, LDAP, TACACS+, and Windows AD. Configure monitoring of Firewall, IPSec, SSL, IM, and Banned Users.

WAN Opt. & CacheConfigure WAN optimization and web caching to improve performance and security of traffic passing between locations on your wide area network (WAN) or from the Internet to your web servers.

Endpoint Configure end points, view FortiClient configuration information, and configure application detection patterns. You can also configure a schedule that will run the network vulnerability scanner at the set times. This can be daily or weekly.

Wireless ControllerConfigure the unit to act as a wireless network controller, managing the wireless Access Point (AP) functionality of FortiWiFi and FortiAP units.

Log&ReportConfigure logging and alert email as well as reports. View log messages and reports.

Current VDOM Appears only when VDOMs are enabled on the unit. Allows you to quickly switch between VDOMs. To switch between VDOMs, select a VDOM from the drop-down list that is beside Current VDOM.

Web-based manager menus and pages Web-based manager

FortiOS™ Handbook v2 FortiGate Online Help

601-420-95110-20101109

http://docs.fortinet.com/ • Feedback •Filters for columns containing text strings •Filters for columns that can contain only specific items •Custom filters •Using page controls on web-based manager lists

Adding filters to web-based manager lists

You can add filters to control the information that is displayed in complex lists. You can view the following web-based manager pages for examples of lists with filters: Filters are useful for reducing the number of entries that are displayed on a list so that you can focus on the information that is important to you. For example, viewing only log messages that were recorded between 8:00 and 9:00 am. You add filters to a web-based manager list by selecting any filter icon to display the Edit Filters window. From the Edit Filters window you can select any column name to filter, and configure the filter for that column. You can also add filters for one or more columns at a time. The filter icon remains gray for unfiltered columns and changes to green for filtered columns. The filter configuration is retained after leaving the web-based manager page and even after logging out of the web-based manager or rebooting the unit. Different filter styles are available depending on the type of information displayed in individual columns. In all cases, you configure filters by specifying what to filter on and whether to display information that matches the filter, or by selecting NOT to display information that does not match the filter. Within the firewall policy, IPv6 policy, predefined signature and log and report log access lists, you can combine filters with column settings to provide even more control of the information displayed by the list.

Filters for columns that contain numbers

If the column includes numbers (for example, IP addresses, firewall policy IDs, or port numbers) you can filter by a single number or a range of numbers. For example, you could configure a source address column to display only entries for a single IP address or for all addresses in a range of addresses. To specify a range, separate the top and bottom values of the range with a hyphen, for example 25-50. • Firewall policy lists • Sniffer policy lists • DoS policy lists • IPv6 firewall policy lists

• Intrusion protection predefined signature lists• Firewall user lists (in Endpoint > Monitor > Firewall)

• IPSec VPN Monitor lists • Log access lists (in Log&Report > Log Access) • Application control lists (in UTM > Application Control > Application Control List) Note: Filter settings are stored in the unit's configuration and will be maintained the next time that you access any list for which you have added filters. Web-based manager Web-based manager menus and pages

FortiOS™ Handbook v2 FortiGate Online Help

01-420-95110-201011097

http://docs.fortinet.com/ • Feedback

Filters for columns containing text strings

If the column includes text strings (for example, names and log messages) you can filter by a text string. You can also filter information that is an exact match for the text string (equals), that contains the text string, or that does not equal or does not contain the text string. You can also specify whether to match the capitalization (case) of the text string. The text string can be blank and it can also be very long. The text string can also contain special characters such as <, &, > and so on. However, filtering ignores characters following a < unless the < is followed by a space (for example, filtering ignores characters and any characters inside them (for example, filtering ignores but does not ignore >string>). Filters for columns that can contain only specific items For columns that can contain only specific items (for example, a log message severity or a pre-defined signature action) you can select a single item from a list. In this case, you can only filter on a single selected item.

Custom filters

Other custom filters are also available. You can filter log messages according to date range and time range. You can also set the level filter to display log messages with multiple severity levels.

Using page controls on web-based manager lists

The web-based manager includes page controls to make it easier to view lists that contain more items than you can display on a typical browser window. Web-based manager pages with page controls include: • Application Database list (in Endpoint > NAC > Application Database) • Monitoring routes list (in Router > Monitor > Routing Monitor) • Predefined signatures list (in UTM > Intrusion Protection > Predefined) • Application List (in UTM > Application Control > Application List) • Wireless client list (in Wireless Controller > Wireless Client > Wireless Client) • Firewall user monitor list (in User > Monitor > Firewall) • Banned user list (in User > Monitor > Banned User) • log and report log access lists (in Log&Report > Log Access) • Endpoint monitor list (in Endpoint > Monitor > Endpoint Monitor)

Figure 2: Page controls

First PagePrevious Page

Total Number of Pages

Current Page

(enter a page number to display that page)

Last page

Next page

Web-based manager menus and pages Web-based manager

FortiOS™ Handbook v2 FortiGate Online Help

801-420-95110-20101109

http://docs.fortinet.com/ • Feedback Using column settings to control the columns displayed Using column settings, you can format some web-based manager lists so that information that is important to you is easy to find and less important information is hidden or less distracting. On web-based manager pages that contain complex lists, you can change column settings to control the information columns that are displayed for the list and to control the order in which they are displayed. Web-based manager pages with column settings controls include: • Network interface list • Firewall policy and IPv6 policy • Intrusion protection predefined signatures list • Firewall user monitor list • IPSec VPN Monitor • Endpoint NAC list of known endpoints • Log and report log access lists. The following procedure assumes that you are already at the page where you want to change column settings to control how the columns display on the page.

To change column settings

1From within the page, select Column Settings.

2From Available Fields, select the column heading to be displayed.

3Select the right arrow to move the heading to Show these fields in this order.

4Repeat steps 2 and 3 until all column headings are in Show these fields in this order.

5To remove a column, select a column heading in Show these fields in this order and

use the left arrow to move the column to Available Fields.

6To change the order of the columns, select the column heading and then select the

Move Up or Move Down arrows.

For example, you can change interface list column headings to display only the IP/Netmask, MAC address, MTU, and interface Type for each interface. First PageDisplay the first page of items in the list. Previous PageDisplay the previous page of items in the list.

Current PageThe current page number of list items that are displayed. You can enter a page number and press Enter to display the items on that page. For example if there are 5 pages of items and you enter 3, page 3 of the sessions will be displayed.

Total Number of PagesThe number of pages of list items that you can view. Next PageDisplay the next page of items in the list. Last PageDisplay the last page of items in the list. Note: Any changes that you make to the column settings of a list are stored in the unit's configuration and will display the next time that you access the list.

Web-based manager Common web-based manager tasks

FortiOS™ Handbook v2 FortiGate Online Help

01-420-95110-201011099

http://docs.fortinet.com/ • Feedback

Using filters with column settings

On most web-based manager pages that contain lists, you can combine filters with column settings to provide even more control of the information displayed by the list. For example, you can go to Intrusion Protection > Predefined and configure the Intrusion Protection predefined signatures list to show only the names of signatures that protect against vulnerabilities for a selected application. To do this, set Column Settings to only display Applications and Name. Then apply a filter to the Applications column so that only selected applications are listed. In the pre-defined signatures list you can also sort the list by different columns; you might want to sort the list by application so that all signatures for each application are grouped together.

Common web-based manager tasks

This topic describes how to do common web-based manager tasks that occur when first setting up the unit, as well as afterward. A common web-based manager task that an administrator may do on a regular basis is switch VDOMs, log out, or change another administrator's password. You should change administrator passwords on a regular basis for improved security. This topic describes the following common web-based manager tasks: •Connecting to the web-based manager •Modifying current settings •Entering text strings (names) •Entering numeric values •Changing your administrator password •Changing the web-based manager language •Changing administrative access to the unit •Changing the web-based manager idle timeout •Switching VDOMs •Connecting to the CLI from the web-based manager •Contacting Customer Support •Logging out

Connecting to the web-based manager

When first connecting to the web-based manager, you require the following: • a unit connected to your network according to the instructions in the QuickStart Guide and Install Guide for that unit • the IP address of a FortiGate interface that you can connect to • a computer with an Ethernet connection to a network that can connect to the unit • a supported web browser. See the Knowledge Base articles Microsoft Windows WEB browsers supported by Fortinet products web-based manager (GUI) web browsers and Mac OS browsers for use with Fortinet hardware web-based manager (GUI).

Common web-based manager tasksWeb-based manager

FortiOS™ Handbook v2 FortiGate Online Help

1001-420-95110-20101109

http://docs.fortinet.com/ • Feedback

To connect to the web-based manager

1Start your web browser and browse to https:// followed by the IP address of the unit's

interface that you can connect to. For example, if the IP address is 192.168.1.99, browse to https://192.168.1.99. (remember to include the "s" in https://). To support a secure HTTPS authentication method, the unit ships with a self-signed security certificate, which is offered to remote clients whenever they initiate a HTTPS connection to the unit. When you connect, the unit displays two security warnings in a browser. The first warning prompts you to accept and optionally install the unit's self-signed security certificate. If you do not accept the certificate, the unit refuses the connection. If you accept the certificate, the login page appears. The credentials entered are encrypted before they are sent to the unit. If you choose to accept the certificate permanently, the warning is not displayed again. Just before the login page is displayed, a second warning informs you that the FortiGate certificate distinguished name differs from the original request. This warning occurs because the unit redirects the connection. This is an informational message.

Select OK to continue logging in.

2Type admin or the name of a configured administrator in the Name field.

3Type the password for the administrator account in the Password field.

4Select Login.

Modifying current settings

When you are modifying current settings, such as changing an administrator's password, you must highlight the item and then select the icon because all available icons are not accessible otherwise. This way of accessing icons is explained in the following procedure. Use the following procedure whenever you are modifying current settings.

To access icons for modifying items within a list

1In the Check box column, within the row of the setting you want to change, select the

check box to highlight the row. The grayed icons are now accessible. On some pages, all icons may not be accessible when you highlight the row.

2With the icon or icons now accessible, select the icon that you want to use to make

modifications with (such as the Edit icon). After the modifications are made, and you are back to the list on the page, the check box is unselected and the row unhighlighted.

Entering text strings (names)

Text strings are used to name entities in the configuration, such as the name of an administrator. You can enter any character in a FortiGate configuration text string except, to prevent Cross-Site Scripting (XSS) vulnerabilities, text strings in FortiGate configuration names cannot include the following characters: " (double quote), & (ampersand), ' (single quote), < (less than) and < (greater than) XSS is security vulnerability usually found in web applications. These XSS vulnerabilities are used by malicious attackers to bypass client-side security mechanisms to gain access privileges to information that is maintained by the browser on behalf of the user, such as session cookies.

Web-based manager Common web-based manager tasks

FortiOS™ Handbook v2 FortiGate Online Help

01-420-95110-2010110911

http://docs.fortinet.com/ • Feedback You can determine what the maximum number of characters that is allowed in a text string by using the tree command in the CLI. The following is an example of how the tree command displays the number of characters a text string can have: config firewall address tree -- [address] --*name (64) |- subnet |- type |- start-ip |- end-ip |- fqdn (256) |- cache-ttl (0,86400) |- wildcard |- comment (64 xss) |- associated-interface (16) +- color (0,32) The tree command also includes the maximum number of characters allowed for a text string for other settings as well. In the above example, the FQDN field can contain up to

256 characters.

Entering numeric values

Numeric values are used to configure various sizes, rates, numeric addresses, or other numeric values. For example, a static routing priority of 10, a port number of 8080, or an IP address of 10.10.10.1. Numeric values can be entered as a series of digits without spaces or commas (for example, 10 or 64400), in dotted decimal format (for example the IP address 10.10.10.1) or as in the case of MAC or IPv6 addresses separated by colons (for example, the MAC address 00:09:0F:B7:37:00). Most numeric values are standard base-10 numbers, but some fields (again such as MAC addresses) require hexadecimal numbers. Most web-based manager numeric value configuration fields limit the number of numeric digits that you can add or contain extra information to make it easier to add the acceptable number of digits and to add numbers in the allowed range. CLI help includes information about allowed numeric value ranges. Both the web-based manager and the CLI prevent you from entering invalid numbers.

Changing your administrator password

By default, you can log in to the web-based manager by using the admin administratorquotesdbs_dbs21.pdfusesText_27

[PDF] fortinet warranty check by serial number

[PDF] fortios

[PDF] fortios 6.0 0

[PDF] fortios 6.0 4

[PDF] fortios 6.0 6

[PDF] fortios 6.4 datasheet

[PDF] fortios release dates

[PDF] fortios upgrade path

[PDF] fortipresence

[PDF] fortisandbox rest api reference

[PDF] fortisandbox 1000d datasheet

[PDF] fortisandbox 100d datasheet

[PDF] fortisandbox 2000e datasheet

[PDF] fortisandbox 3000d datasheet

[PDF] fortisandbox 3000e datasheet