Hng Dn Cu Hnh Firewall Fortigate 60 I.

Gii thiu v bi vit C th trong chng ta c nhiu bn cu hnh v lm vic vi cc dng UTM nh Astaro, SonicWall, Cisco, Juniper, Fortinet, Cyberoam ... rt nhiu, v ti liu ca nh sn xut cng y , nhng trong chng ta vn cn nhiu cc bn cha c iu kin hoc cha c dp lm vic vi cc dng UTM ny, do vy CMT cng ch mun c th mt qu trnh cu hnh v qun l thit b ny cho nhng bn mi cha c dp lm vic tham kho cng nh c iu kin trao i. Bi vit ny gip cc bn cha c iu kin lm vic vi cc dng UTM hiu r v nm c cc vn c bn nht, hin nay a s cc doanh nghip nh ti VN khng h c 1 firewall bo v h thng m h da vo cc tnh nng hin c ca cc dng router adsl c sn, hoc cng khng h quan tm n bo mt h thng. c 1 con firewall chuyn nghip nh ca Fortigate nu phi mua mi th c l ngoi kh nng nhiu doanh nghip nh, nhng nu bn ngh n 1 con qua s dng th CMT e rng cng khng qu sc ca cc cng ty. Bi ny CMT s cu hnh Fortigate 60, v bi sau CMT s cu hnh Fortigate 224B v c th l 400A ... Hi vng l cc bn ng gp thm nhng kin khc nhau cho cc dng UTM Thanks bn Hong gip to iu kin thit b CMT c th vit bi ny. Gii thiu v Fortigate 60 FortiGate Antivirus Firewall c thit k s dng chip chuyn dng dnh cho bo v v bo mt, v vy n bo v h thng mng thi gian thc ti cc cng kt ni. Da trn chip x l chuyn dng FortiASIC, Fortigate l h thng c o pht hin, dit virus v cc ni dung c hi khc m khng lm gim tc mng, v d nh khng lm gim tc truy xut web. FortiGate tch hp lun cc chc nng firewall, lc ni dung thng tin, VPN, phng nga v chng truy cp tri php, n to ra mt h thng chi ph hp l, thun tin trong s dng v bo v vng chc h thng mng. FortiGate 60 Antivirus Firewall c thit k chuyn bit cho cc mng c nh, n c hai kt ni ra ngoi Internet nhm m bo cho h thng hot ng bnh thng khi mt kt ni b trc trc, ngoi ra n cn c sn mt switch 4 cng dnh cho cc my tnh trong mng ni b, hai cng USB c s dng trong tng lai dnh cho cc modem tng t hay cc thit b khc. FortiGate 60 c bit ph hp cho cc h thng mng nh nh cc cng ty nh, cc chi nhnh cng ty. Mu virus v tn cng c cp nht t ng thng qua FortiResponse

II. Cc bc cu hnh Fortigate Mc nh ca FortiGate l : Cc a ch IP mc nh ca cc cng giao tip l : Internal : 192.168.1.99/24 WAN1 : 192.168.100.99/24 WAN2 : 192.168.101.99/24 DMZ : 10.10.10.1/24

Bi Lab ca chng ta s theo s th ny. II.1. Fortigate Status Monitor - Cm cable vo Internal port cu hnh ip ca network cng vi lp mng ca Internal l 192.168.1.0/24 - truy cp firewall thng qua giao din web (http, https) vi

username : admin password : trng

Sau khi logon vo thit b mn hnh giao din web ca Status thit b cho bn thy c tnh trng, cng nh thng tin thng s hot ng ca thit b. v bn c th thay i hay cp nht cc thng s ca thit b t mn hnh status ny m khng cn phi vo n menu chi tit bn trong mt cch nhanh chng.

System Information : s cho bn bit thng tin v thit b nh SN, thi gian hot ng lin tc, cu hnh HA, version ca os thit b, Mode ca thit b, v ang c bao nhiu Admin logon trn thit b ... License Information : s cho bn bit tnh trng cc bn quyn dch v hin c trn thit b. System Resources : cho bit phn trm cpu v memory ca thit b c s dng Statistics : cho bn bit cc sections cng nh s dng cc dch v, v quan trng nht l tnh trng tn cng t bn ngoi vo h thng. CLI Console : gip bn kt ni n giao din iu khin dng lnh thit b mt cch nhanh chng ngay trn giao din web status. Unit Operation : cho bit tnh trng ca cc port interface ca thit b, v bn c th khi ng li hoc tt thit b t giao din web ny.

Asterisk em n cho ngi s dng cc tnh nng v ng dng ca h thng tng i PBX v cung cp nhiu tnh nng m tng i PBX khng c, nh s kt hp gia chuyn mch VOIP v chuyn mch TDM, l kh nng m rng p ng nhu cu cho tng ng dng II.1. Cu hnh Network Interface Menu System -> Network -> cu hnh cc Interface ca FG60 Internal : interface kt ni n mng ni b bn trong. click vo biu tng edit ca internal thay i cc tham s cu hnh cho internal

Alias: bn c th t tn m t thm cho interface ny. Addressing mode: chn DHCP nhn ip ng c cp bi dhcp ca h thng, chn Manual thit lp IP tnh cho interface internal vi IP/netmask . administrative access: cho php access ti interface ny nu bn nh du chn dch v.

II.2. Cu hnh DHCP Chn System -> DHCP -> Service trn giao din web control ca cu hnh DHCP cho cc interface.

C nhng nt lnh quen thuc trn giao din web ca Fortigate m chng ta thng gp - Chn interface mun to dhcp Internal -> chn Add button to DHCP mi cp pht cho internal network.

- Name : t tn cho DHCP Server - Enable : chn actived dhcp - IP Range : dy ip c cp pht bi dhcp server ny - Default gateway : ip ca gateway - DNS : ip ca dns server Th Address lease cho bit nhng ip ang c cp pht. II.3. Cu hnh High Availability , SNMP, Operation Mode ... System -> Configure cu hnh cc dch v ny

cu hnh High Availability cho 2 cng WAN ca fortigate cn chn Enable cho interface wan v set Priority cho mi WAN, line wan no c Priority cao (s thp) s c u tin s dng, nu line wan ny li th h thng mi chn line wan c ch s u tin thp. - c 2 line s c chn s dng trong trng hp 2 line c priority bng nhau. cu hnh SNMP

- bn c th cu hnh snmp v1 hoc v2 h thng gim st mng ca bn theo di cc hot ng ca firewall.

Cu hnh Operation Mode NAT

II.4. Cu hnh Static Router Cu hnh Default route ra inter net

II.5. Cu hnh cc a ch v vng a ch

II.6. Cu hnh cc dch v

II.7. Cu hnh cc Protection profile

II.8. Cu hnh cc Policy

II.9. Cu hnh Virtual IP II.10. Cu hnh chng thc User/Group II.11. Cu hnh VPN II.12. Cu hnh dch v AntiVirus II.13. Cu hnh dch v AntiSpam II.14. Cu hnh dch v IPS II.15. Cu hnh dch v Web filter II.16. Cu hnh ghi log II.17. Backup v Restor cu hnh