Fortinet Fortiwifi-30b User manual

Products mentioned in this document are trademarks or registered trademarks

of their respective holders.

Regulatory Compliance

FCC Class B Part 15 CSA/CUS

20 May 2009

Visit these links for more information and documentation for your Fortinet product.

• Technical Documentation - http://docs.forticare.com

• Fortinet Knowledge Center - http://kb.fortinet.com

• Fortinet Technical Support - http://support.fortinet.com

• Training Services - http://campus.training.fortinet.com

Connecting

Tools and Documenation

Straight-through

Ethernet cable

Power Cable Power Supply

RJ-45 to

DB-9 Serial Cable

Trademarks

Products mentioned in this document are trademarks.

Forti Gate -30B

QuickStart Guide

STATUS WAN

INTERNAL

1 2 3POWER

USB

WAN

POWER STATUS

INTERNAL

321

LINK / ACTIVITY

10/100

WLAN

30B

Straight-through Ethernet cable connects

to Internet (public switch or router).

Attach the antenna to the

antenna mounts.

Straight-through Ethernet cables connect

to computers on internal network

Power cable

connects to power supply

Ground

RJ-45 to DB-9 serial cable

connects to management computer

123

USB

CONSOLE

WAN

C 12

123

USB

CONSOLE

4WAN

C 12

Power

Connection

RJ-45 Serial

Connection

USB

Ground

Antenna mount

WAN

Internal Interface,

switch connectors

1,2,3,4

Back

Power

LED

Status

LED

WAN

Interface

Internal

Interface

WLAN

LED

Front

Antenna mount

WAN

POWER STATUS

INTERNAL

321

LINK / ACTIVITY

10/100

WLAN

30B

Package Contents

Connect the FortiWiFi unit to a power outlet and to the internal and external networks.

• AfxtherubberfeettotheundersideoftheFortiWiFiunit,andattachtheantennasto

theantennamountsonthebackoftheFortiWiFiunit.

• Placetheunitonastablesurface.MakesuretheFortiWiFiunithasadequateairow

for cooling.

• PlacetheFortiWiFiunitinaprominentlocationwithinaroomformaximumcoverage,

rather than in a corner.

• Beawareoftheconstructionofyourenvironment,concreteandmetalwallscanhamper

signal strength.

• Keep the AP and wireless devices at least 10 feet away from appliances such as micro-

wave ovens and cordless phones.

FortiWi-30B

01-30007-97324-20090520

QuickStart Guide

LED State Description

Power

Green The unit is on.

Off The unit is off.

Status Green Onduringstartuporreboot.

Off Normal operation.

WLAN

Flashing

Green

FlashingwhenenablingWirelessLANport.

Green Wireless LAN port is up.

Off Wireless LAN port is down.

Link / Activity

Green Thecorrectcableisinuseandtheconnectedequip-

ment has power.

Flashing

Green

Network activity at this interface.

Off Nolinkestablished.

10/100 Green Theinterfaceisconnectedat100Mb.

Connector Type Speed Protocol Description

Internal RJ-45 10/100 Base-T Ethernet 4-port switch connection to up to four devices on the

internal network.

WLAN Antenna 802.11

b/g

Wireless connections to LAN.

WAN RJ-45 10/100 Base-T Ethernet Connection to the Internet.

CONSOLE RJ-45 9600bps

8/N/1

RS-232

serial

Optional connection to the management computer.

Provides access to the command line interface (CLI).

USB USB USB OptionalconnectionforUSBkeyforrmwarebackup

and installation.

Web-based manager

Theweb-basedmanagerisaneasytousemanagementtool.

Useittoconguretheadministratorpassword,theinterfaceanddefaultgatewayaddresses,

and the DNS server addresses.

Requirements:

• AnEthernetconnectionbetweentheunitandmanagementcomputer.

• AwebbrowsersuchasFireFoxorInternetExploreronthemanagementcomputer.

Command Line Interface (CLI)

TheCLIisafull-featuredmanagementtool.Useittoconguretheadministratorpassword,

theinterfaceaddresses,thedefaultgatewayaddress,andtheDNSserveraddresses.To

congureadvancedsettings,seetheToolsandDocumentationCD-ROM.

Requirements:

• TheRJ-45toDB9serialconnectionbetweentheunitandmanagementcomputer.

• A terminal emulation application (HyperTerminal for Windows) on the management

computer.

Conguration Tools

NAT/Route Mode

Internal Interface: IP: ____.____.____.____

Netmask: ____.____.____.____

WAN Interface: IP: ____.____.____.____

Netmask: ____.____.____.____

WLAN Interface IP: ____.____.____.____

Netmask: ____.____.____.____

TheinternalinterfaceIPaddressandnetmaskmustbevalidfortheinternalnetwork.

Transparent mode

Management IP: IP: ____.____.____.____

Netmask: ____.____.____.____

ThemanagementIPaddressandnetmaskmustbevalidforthenetworkfromwhichyouwill

manage the unit.

General settings

Administrator password:

Network Settings: Default Gateway: ____.____.____.____

Primary DNS Server: ____.____.____.____

Secondary DNS Server: ____.____.____.____

AdefaultgatewayisrequiredfortheunittorouteconnectionstotheInternet.

Factory default settings

NAT/Route mode Transparent mode

Internal interface 192.168.1.99 Management IP 0.0.0.0

WAN interface 192.168.100.99 Wireless settings

WLAN interface 10.10.80.1 SSID fortinet

Administrative account settings Geography World

User name admin Channel 5

Password (none)

Toresetthefactorydefaults,intheCLI,typethecommand

execute factory reset

Web-based Manager

1. Connect the internal interface to a management computer Ethernet interface. Use

straight-throughEthernetcablestoconnectthedevicesthroughahuborswitch.

2. Congurethemanagementcomputertobeonthesamesubnetastheinternalinter-

faceoftheunit.Todothis,changetheIPaddressofthemanagementcomputerto

192.168.1.2 and the netmask to 255.255.255.0.

3. Toaccesstheweb-basedmanager,startInternetExplorerandbrowseto

https://192.168.1.99(remembertoincludethe“s”inhttps://).

4. TypeadminintheNameeldandselectLogin.

NAT/Route mode

To change the administrator password

1. Go to System > Admin > Administrators.

2. Select Change Password for the admin administrator and enter a new password.

To congure interfaces

1. Go to System > Network > Interface.

2. Selecttheediticonforeachinterfacetocongure.

3. Set the addressing mode for the interface. (See the online help for information.)

• Formanualaddressing,entertheIPaddressandnetmaskfortheinterface.

• ForDHCPaddressing,selectDHCPandanyrequiredsettings.

• ForPPPoEaddressing,selectPPPoE,andentertheusernameandpasswordand

anyotherrequiredsettings.

To congure the Primary and Secondary DNS server IP addresses

1. Go to System > Network > Options,enterthePrimaryandSecondaryDNSIPad-

dressesthatyourecordedaboveandselectApply.

To congure a Default Gateway

1. Go to Router > Static and select Edit icon for the static route.

2. SetGatewaytotheDefaultGatewayIPaddressyourecordedaboveandselectOK.

Transparent mode

To switch from NAT/route mode to transparent mode

1. Go to System > Cong > Operation Mode and select Transparent.

2. Set the Management IP/Netmask to 192.168.1.99/24.

3. Set a default Gateway and select Apply.

To change the administrator password

1. Go to System > Admin > Administrators.

2. Select Change Password for the admin administrator and enter a new password.

To change the management interface

1. Go to System > Cong > Operation Mode.

2. EntertheManagementIPaddressandnetmaskthatyourecordedaboveandselect

Apply.

To congure the Primary and Secondary DNS server IP addresses

1. Go to System > Network > Options,enterthePrimaryandSecondaryDNSIP

addressesthatyourecordedaboveandselectApply.

Command Line Interface

1. UsetheRJ-45toDB9serialcabletoconnecttheunit’sConsoleporttothemanage-

ment computer serial port.

2. Start a terminal emulation program (HyperTerminal) on the management computer. Use

these settings:

• BaudRate(bps)9600,Databits8,ParityNone,Stopbits1,andFlowControlNone.

3. AttheLoginprompt,typeadminandpressEntertwice(nopasswordrequired).

NAT/Route mode

1. Conguretheinternalinterface.

cong system interface

edit internal

set ip <intf_ip>/<netmask_ip>

end

2. Repeattocongureeachinterface,forexample,toconguretheWANinterface.

cong system interface

edit wan

...

3. ConguretheprimaryandsecondaryDNSserverIPaddresses.

cong system dns

set primary <dns-server_ip>

set secondary <dns-server_ip>

end

4. Congurethedefaultgateway.

cong router static

edit 1

set gateway <gateway_ip>

end

Transparent Mode

1. ChangefromNAT/RoutemodetoTransparentmodeandconguretheManagementIP

address.

cong system settings

set opmode transparent

set manageip <mng_ip>/<netmask>

set gateway <gateway_ip>

end

2. ConguretheDNSserverIPaddress.

cong system dns

set primary <dns-server_ip>

set secondary <dns-server_ip>

end

Collecting Information

Conguring

NAT/Route Mode

InNAT/Routemode,theunitisvisibletothenetworkthatitisconnectedto.Allofitsinter-

facesareondifferentsubnets.Eachinterfaceconnectedtoanetworkmustbecongured

with an IP address that is valid for that network.

YouwouldtypicallyuseNAT/Routemodewhentheunitisdeployedasagatewaybetween

privateandpublicnetworks.InitsdefaultNAT/Routemodeconguration,theunitfunctions

asarewall.Firewallpoliciescontrolcommunicationsthroughtheunit.

InNAT/Routemode,rewallpoliciescanoperateinNATmodeorinRoutemode.InNAT

mode,theunitperformsnetworkaddresstranslationbeforeIPpacketsaresenttothe

destinationnetwork.InRoutemode,notranslationtakesplace.

Transparent Mode

InTransparentmode,theunitisinvisibletothenetwork.Allofitsinterfacesareonthesame

subnet.YouonlyhavetocongureamanagementIPaddresssothatyoucanmakecongu-

ration changes.

YouwouldtypicallyusetheunitinTransparentmodeonaprivatenetworkbehindanexisting

rewallorbehindarouter.InitsdefaultTransparentmodeconguration,theunitfunctions

asarewall.Youcanconnectuptothreenetworksegmentstotheunittocontroltrafc

betweenthesenetworksegments.

RefertotheToolsandDocumentationCD-ROMforinformationonhowtocontroltrafc,andhowtocongurewirelessconnections,antivirusprotection,FortiGuard,Webcontentltering,Spamltering,intrusion

prevention(IPS),andvirtualprivatenetworking(VPN).

Other Fortinet Wireless Router manuals