Fortinet FortiWiFi 60CM-3G4G User manual
FortiWiFi 60CM-3G4G
QuickStart Guide
August 20, 2013
19-437-170963-20130820
Copyright© 2013 Fortinet, Inc. All rights reserved. Fortinet®,
FortiGate®, and FortiGuard®, are registered trademarks of Fortinet,
Inc., and other Fortinet names herein may also be trademarks of
Fortinet. All other product or company names may be trademarks of
their respective owners. Performance metrics contained herein were
attained in internal lab tests under ideal conditions, and performance
may vary. Network variables, different network environments and
other conditions may affect performance results. Nothing herein
represents any binding commitment by Fortinet, and Fortinet
disclaims all warranties, whether express or implied, except to the
extent Fortinet enters a binding written contract, signed by Fortinet’s
General Counsel, with a purchaser that expressly warrants that the
identified product will perform according to the performance metrics
herein. For absolute clarity, any such warranty will be limited to
performance in the same ideal conditions as in Fortinet’s internal lab
tests. Fortinet disclaims in full any guarantees. Fortinet reserves the
right to change, modify, transfer, or otherwise revise this publication
without notice, and the most current version of the publication shall
be applicable.
Table of Contents
1 Package Contents
2 Connect Your Device
3 FortiExplorer
4 Configuration Options
5 Configure Network Interfaces
6 Hardware Identification
7 Technical Specifications
8 LED Specifications
9Register Your Product
10 Technical Documentation and Links
11 Cautions and Warnings
12 Product License Agreement
Thank you for purchasing the FortiWiFi 60CM-3G4G. The
FortiWiFi 60CM-3G4G multi-threat security appliance offers you unmatched
performance, flexibility, and security for your remote, branch, or small office
network.
Your box contains the following:
FortiWiFi 60CM-3G4G
QuickStart Guide
USB Cable
Ethernet Cable
Power Cable and Adapter
2 WiFi, 2 3G, and 2 4G Antennae
Wall-mount Template
FortiWiFi-60CM-3G4G
QuickStart Guide
QuickStart Guide
USB Cable
Ethernet Cable
Power Cable Power Adapter
The unit should be placed farther than 75mm on each side from a heat source. If you
are mounting more than one unit, place them in a vertical row to provide better ventila-
tion.
Required Materials:
Drill bit: Size is determined by the screw size.
Anchors: Twofor mounting on dry-wall, plasterboard, or gyprock.
Screws: Twoappropriate for anchors. Maximum diamter of 3.5mm.
Instructions:
1. Tapethis template to the wall in the desired location.
2. Mark the position of the drill holes on the wall.
3. Drill two holes.
4. Insert anchors into drilled holes.
5. Insert the screws into the anchors. Screws should protrude 5mm out of wall.
6. Place FortiWifi-60C key holes over the screws and slide the unit down into position.
The FortiWifi-60C can be placed in either position shown below.
Wall-Mount Template
FortiWifi-60C
Drill hole Drill hole
Wall-mount
Template
4
G
_
2
4
G
_
1
2 4G
Antennae
W
I
F
I
W
I
F
I
2 WiFi
Antennae
3
G
_
2
3
G
_
1
2 3G
Antennae
1. Package Contents
To attach the antennae to the back and front of the FortiWiFi unit, insert the antenna
base firmly into the appropriate antenna mount (see labels on the antennae), and
then tighten the fastening collar securely.
To attach your unit to a wall, refer to the wall mount template.
Ensure the FortiWiFi unit is placed on a stable surface. Connect the following to the
FortiWiFi unit:
1. Connect an Ethernet cable into the port labeled WAN1.
2. Connect the other end of your Ethernet cable to your Internet connection.
3. Connect an Ethernet cable to each workstation or laptop PC you wish to connect
to the FortiWiFi unit.
4. Connect an RJ-11 telephone cable to the MODEM port.
5. Connect the Power Supply to the FortiWiFi unit and plug the cable into an electrical
outlet.
CONSOLE
WAN1DMZ WAN2
USBDC+12V 5 1234
USB MGMT
WiFi
WiFi
MODEM
2
1
4
33
5
3
G
_
2
3
G
_
1
4
G
_
1
W
I
F
I
W
I
F
I
4
G
_
2
PWR STATUS HA
SPEED
LINK/ACT
WAN1 WAN2 DMZINTERNAL
3G/4G
12345
MODEM
FortiWiFi 60CM-3G4G
3G-1 4G-1 4G-2 3G-2
WIFI
RJ-11
Phone Jack
2. Connect Your Device
FortiExplorer provides a user-friendly tool that you can use to configure
a FortiWiFi unit over a standard USB connection, rather than using a
console cable or Ethernet connection.
Caution: Do not connect the USB cable until after FortiExplorer
has been installed.
Note: When using FortiExplorer for the first time, ensure the FortiWiFi
unit is using its factory default settings.
Installing FortiExplorer
FortiExplorer is available for Microsoft Windows XP, Vista, and 7. It is
also available for Mac OS 10.6 and higher.
Microsoft Windows Install
1. Extract the ZIP file (if downloaded) and double-click the .msi, or .exe
file and follow the instructions on-screen.
2. Connect the USB cable to the FortiWiFi unit and then to the
management computer.
3. The FortiExplorer Easy Configuration Utility opens when the USB
cable is connected. Select Install the hardware automatically and
select Next.
4. After a moment, FortiExplorer will launch.
CONSOLE
WAN1DMZ WAN2
USBDC+12V 5 1234
USB MGMT
WiFi
WiFi
MODEM
USB A to
USB B Cable
USB A cable end into
Management Computer
USB B cable end into
FortiWiFi Unit
3. FortiExplorer
Mac OS Install
1. Double-click the .dmg file and drag the FortiExplorer program file
into the Applications folder.
2. Connect the USB cable to the FortiWiFi unit and then to the
management computer.
3. Double-click the FortiExplorer icon to launch the application.
Configuration Options
With FortiExplorer, you are provided a number of options on how to
configure the FortiWiFi unit, depending on your level of comfort with
various interfaces.
The below image shows the FortiExplorer Easy Configuration Wizard.
Updating FortiExplorer and Firmware
FortiExplorer may be automatically updated from time to time.
You can also use FortiExplorer to check for new firmware for a
FortiWiFi unit. To check for new firmware, select the FortiWiFi unit
from the device list and select Check for New Firmware. FortiExplorer
will also monitor firmware updates for your devices and provide an
alert when one is available.
The FortiWiFi unit requires some basic configuration to add it to your
network. These basic steps include assigning IP addresses, DNS
settings, and the default gateway. Until these steps are completed
traffic will not flow through the device.
In addition to FortiExplorer, the FortiWiFi unit can be configured using
the Web-based Manager or the CLI.
This section will step you through both methods of connecting to the
unit. Use whichever method you are most comfortable with.
To Connect to the Web-based Manager:
1. Connect the FortiWiFi unit Port 1 to a management computer
using the provided Ethernet cable.
2. Configure the management computer to be on the same subnet
as the internal interface of the FortiWiFi unit:
a. Browse to the Network and Sharing Center > Change
Adapter Settings > Local Area Connection Properties
> Internet Protocol Version 4 (TCP/IPv4) Properties.
b. Change the IP address of the management computer
to 192.168.1.2 and the netmask to 255.255.255.0.
3. To access the FortiWiFi unit Web-based Manager, start a browser
of your choice and browse to https://192.168.1.99 (remember to
include the “s” in https://).
4. Type admin in the Name field, leave the Password field blank, and
select Login.
You can now proceed with configuring your FortiWiFi unit.
4. Configuration Options
To Connect to the CLI:
You can configure all FortiWiFi configuration options from the CLI
using config commands. The CLI also includes get, show, diagnose,
and execute commands for performing various configuration and
monitoring tasks.
1. Connect the FortiWiFi unit console port to the management
computer using the provided console cable.
2. Start a terminal emulation program on the management computer.
Use the following settings:
• Baud Rate: 9600
• Data bits: 8
• Parity: None
• Stop bits: 1
• Flow Control: None
3. Press Enter on your keyboard to connect to the CLI.
4. Type admin in the Name field, leave the Password field blank, and
press Enter.
You can now proceed with configuring your FortiWiFi unit.
To reset the unit to factory defaults
1. Enter the following commands:
execute factory reset
Note: The device will take approximately nine minutes to complete a
factory reset.
5. Configure Network Interfaces
This section describes how to configure your FortiWiFi 60CM-3G4G
with NAT/Router Mode onto your network using the 3G/4G
connection as a primary public internet connection.
Configure the network interfaces using the Web-based Manager:
1. In the Web-based Manager, go to System > Network > Interface
and select 4g from the interface list.
2. Under Addressing mode select DHCP, and check Retrieve default
gateway from server and Override internal DNS.
3. Under Administrative Access check HTTPS, PING, HTTP, SSH,
and TELNET.
4. Set Administrative Status to Up and then select OK.
5. Next, select internal from the interface list.
6. Under Addressing mode, select Manual and enter
192.168.1.99/255.255.255.0 into the IP/Netmask text box.
7. Under Administrative Access check HTTPS, PING, HTTP, SSH,
and TELNET.
8. Set Administrative Status to Up and then select OK.
9. Finally, select modem from the interface list.
10.Under Administrative Access check HTTPS, PING, HTTP, SSH,
and TELNET.
11.Select OK.
Configure the network interfaces using the CLI:
Enter the following commands in the CLI:
cong system interface
edit “4g”
set vdom “root”
set mode dhcp
set allowaccess ping https ssh http telnet
set type physical
set defaultgw enable
next
edit “modem”
set vdom “root”
set allowaccess ping https ssh http telnet
next
edit “internal”
set vdom “root”
set ip 192.168.1.99 255.255.255.0
set allowaccess ping https ssh http telnet
set type physical
next
end
Configure the network modem using the Web-based Manager:
1. In the Web-based Manager, go to System > Network > Modem.
2. Check Enable Modem.
3. Set the Mode to Redundant and select 4g in the Redundant for
drop-down list.
4. Set Dial Mode to Always Connect.
5. Under the CDMA Modem settings, in the Phone Number text box
enter #777.
6. Select Apply.
Configure the network modem using the CLI:
Enter the following commands in the CLI:
cong system modem
set status enable
set mode redundant
set interface “4g”
set modem-dev1 pcmcia-wireless
set phone1 “#777”
end
Configure the DHCP server using the Web-based Manager:
1. In the Web-based Manager, go to System > Network > DHCP
Server.
2. Select Internal.
3. For Mode select Server and check Enable.
4. For Type select Regular and enter the following information:
IP Range: 192.168.1.110 to 192.168.1.210.
Network Mask: 255.255.255.0
Default Gateway: 192.168.1.99
5. Select Use System DNS Setting.
6. Select OK.
Configure the DHCP server using the CLI:
Enter the following commands in the CLI:
cong system dhcp server
edit 1
set default-gateway 192.168.1.99
set dns-service default
set interface “internal”
cong ip-range
edit 1
set end-ip 192.168.1.210
set start-ip 192.168.1.110
next
end
set netmask 255.255.255.0
next
end
Configure the system network options (DNS) using the Web-
based Manager:
1. In the Web-based Manager, go to System > Network > DNS.
2. Enter the following information for the DNS Settings:
Primary DNS Server: 208.91.112.53
Secondary DNS Server: 208.91.112.52
3. Select Apply.
Configure the system network options (DNS) using the CLI:
Enter the following commands in the CLI:
cong system dns
set primary 208.91.112.53
set secondary 208.91.112.52
end
Configure the router using the Web-based Manager:
In the Web-based Manager, go to Router > Static > Static Route and
delete any static route settings.
Configure the router using the using the CLI:
Enter the following commands in the CLI:
cong router static
end
Configure the firewall policy using the Web-based Manager:
1. In the Web-based Manager, go to Policy > Policy > Policy, right-
click on internal -> 4g and select Edit, then enter or confirm the
following settings:
Source Interface/Zone: internal Source Address: all
Destination Interface/Zone: 4g Destination Address: all
Schedule: Always Service: ANY
Action: ACCEPT
2. Check Enable NAT, select Use Destination Interface Address, and
select OK.
3. Right-click on internal -> modem and select Edit, then enter or
confirm the following settings:
Source Interface/Zone: internal Source Address: all
Destination Interface/Zone: modem Destination Address: all
Schedule: Always Service: ANY
Action: ACCEPT
4. Check Enable NAT, select Use Destination Interface Address, and
select OK.
5. Right-click on internal -> wan1 and select Edit, then enter or confirm
the following settings:
Source Interface/Zone: internal Source Address: all
Destination Interface/Zone: wan1 Destination Address: all
Schedule: Always Service: ANY
Action: ACCEPT
6. Check Enable NAT, select Use Destination Interface Address, and
select OK.
Configure the firewall policy using the using the CLI:
Enter the following commands in the CLI:
cong rewall policy
edit 1
set srcintf “internal”
set dstintf “wan1”
set srcaddr “all”
set dstaddr “all”
set action accept
set schedule “always”
set service “ANY”
set nat enable
next
edit 2
set srcintf “internal”
set dstintf “4g”
set srcaddr “all”
set dstaddr “all”
set action accept
set schedule “always”
set service “ANY”
set nat enable
next
edit 3
set srcintf “internal”
set dstintf “modem”
set srcaddr “all”
set dstaddr “all”
set action accept
set schedule “always”
set service “ANY”
set nat enable
next
end
6. Hardware Identification
The Mobile Equipment Identifier (MEID) number and the Media
Access Control (MAC) address can be found on a sticker attached to
the bottom of the device, or if the device is already mounted, can be
found using the Web-based Manager and/or the CLI.
To locate the 3G MEID using the Web-based Manager and CLI:
1. Disconnected 3G modem network connection:
In the Web-based Manager, go to System > Network > Modem,
select the Hang Up button, and then select Apply.
2. Open a CLI console window and run the following CLI command to
enter the AT command window:
diagnose sys modem com /dev/ttyacm0
3. Run the following commands in the AT command window to view
the MEID number:
AT$DFMEID
To locate the 4G MAC address using the Web-based Manager:
1. In the Web-based Manager, go to System > Network > Interface,
and then select 4g from the table.
2. In the Edit Interface window, the MAC address is shown in the
Name category.
To locate the MEID and MAC address on the sticker attached to
the device:
A sticker attached to the bottom of the device will show the MAC
address and MEID number. It will appear similar to the below image.
MEID:A1234567890ABC
MAC ID: FA12EB34DC56
CONSOLE
WAN1DMZ WAN2
USBDC+12V 5 1234
USB MGMT MODEM
WiFi
Power Connection
RJ-45 Serial Connection
USB port WAN2
WAN1DMZ Internal Interfaces
1 to 5
WiFi
Antenna mount
WiFi
Antenna mount
PWR STATUS HA
SPEED
LINK/ACT
WAN1 WAN2 DMZINTERNAL
3G/4G
12345
MODEM
RJ-11 Phone
Connection
FortiWiFi 60CM-3G4G
3G-1 4G-1 4G-2 3G-2
3G Antenna mounts
4G Antenna mounts
WiFi
WIFI
Ground USB
MGMT port
Interface Protocol Description Default IP Address
Internal
(Ports 1 to 5)
Gigabit
Ethernet
A 5-port switch connection for the
internal network.
192.168.1.99
WAN1 Gigabit
Ethernet
Connection to the Internet. 192.168.100.99
WAN2 Gigabit
Ethernet
Connection to the Internet. 192.168.101.99
DMZ Gigabit
Ethernet
Optional connection to a DMZ
network/device or to other FortiWiFi
units for High Availability (HA).
10.10.10.1
Console RS-232 Optional serial connection to the
Management Computer. Also gives
access to the CLI.
USB USB 2.0 Optional connection for a USB key,
modem or backup operation.
USB MGMT USB 2.0 Client port for management/configu-
ration by FortiExplorer.
WiFi 802.11
a/b/g/n
Dual-band radio supports
802.11a/b/g/n wireless connectivity.
Supports all popular encryption
standards (open, WEP64/128, WPA,
WPA2-personal, WPA2-enterprise,
captive-portal).
Default SSID:
Fortinet
3G CDMA 3G CDMA for WAN data
connectivity.
4G Wimax 4G Wimax for WAN data
connectivity.
7. Technical Specifications
Interface LEDs
PWR STATUS HA
SPEED
LINK/ACT
WAN1 WAN2 DMZINTERNAL
3G/4G
12345
MODEM
FortiWiFi 60CM-3G4G
3G-1 4G-1 4G-2 3G-2
WIFI
Unit LEDs
8. LED Specifications
LED State Description
Power Green The unit is on.
Off The unit is off.
Status Flashing Green The unit is starting up.
Green The unit is running normally.
HA Green The unit is being used in an HA cluster.
Ports 1 to 5 Link/Act Green Port is online.
Flashing Green Port is sending or receiving data.
Ports 1 to 5 Speed
Green Connected at 1 Gbps.
Amber Connected at 100 Mbps.
Off Connected at 10 Mbps or
disconnected.
WAN1, WAN2, &
DMZ Link/Act
Green Port is online (link).
Flashing Green Port is sending or receiving data.
WAN1, WAN2, &
DMZ Speed
Green Connected at 1 Gbps.
Amber Connected at 100 Mbps.
Off Connected at 10 Mbps or
disconnected.
Modem Green Internal modem is in use.
3G/4G Flashing Green 3G/4G interface is active.
Off 3G/4G interface is not active.
WiFi
Green Wireless interface is up
Flashing green Wireless interface is active
Off Wireless interface is down
If you did not register your product using the FortiExplorer wizard, please register
your product now.
Register
Register your Fortinet product in order to receive:
•TechnicalSupport•Newproductfeatures•Protectionfromnewthreats
Enregistrer
Vous devez enregistrer le produit pour recevoir:
•Supporttechnique•Nouvellesfonctionnalitéesduproduit•Protectioncontrede
nouvelles menaces
Registra
La reistrazione ti permette di usufruire di:
•SupportoTecnico•Nuovefunzionalita•Proteezionedalleultimeminaccce
Registrar
Debe registrar el producto para recibir:
•Apoyotécnico•Nuevasfuncionalidadesdelproducto•Proteccióncontra
ataques
登録のお願い
本日、フォーティネット製品の登録をしてください。
登録すると次のメリットがあります。
テクニカルサポート • 新機能の追加 • 新しい脅威への防御
请马上注册
您的飞塔产品
您在注册以后才能得到技术支持、新产品特点信息、最新威胁防护
Web: http://www.fortinet.com/register
Toll free: 1-866-648-4638
Phone: 1-408-486-7899
Fax: 1-408-235-7737
Email: r[email protected]
9. Register Your Product
The following Fortinet web pages provide information and resources for your Fortinet product:
1. Customer Service & Support: https://support.fortinet.com
On this page you can create a support account with Fortinet, register and manage your
products, download updates, firmware images and release notes, and create technical support
tickets.
2. Technical Documentation: http://docs.fortinet.com
This page provides the most up-to-date versions of Fortinet publications for the entire family of
Fortinet products. The following guides more information on the installation and configuration
of your FortiWiFi unit:
• Hardware Guide: This guide describes how to mount your FortiWiFi unit, hardware
acceleration, and configuring Redundant Array of Independent Disks (RAID).
• System Administration Guide: This guide describes initial configuration of your FortiWiFi
unit, centralized management, tightening security, best practices, and configuration
examples.
• Fundamentals Guide: This guide describes NAT versus Transparent mode, packet flow
and inspection, firewall components, virtual IPs, security policies, UTM profiles, and
troubleshooting traffic.
• UTM Guide: This guide includes examples and step-by-step instructions for the UTM
features available on your FortiWiFi unit, such as AntiVirus, intrusion prevention system
(IPS), web and email filtering, Data Leak Prevention (DLP), and application control.
• Troubleshooting Guide: This guide describes the troubleshooting process and best
practice concepts, how Fortinet Support operates, and diagnostic commands in the CLI.
3. Knowledge Base: http://kb.fortinet.com
This page provides Fortinet technical documentation, such as troubleshooting, how-to articles,
example configurations , FAQs, technical notes, and more.
4. Technical Discussion Forums: http://support.fortinet.com/forum
This page allows you to communicate with other customers and Fortinet partners about
Fortinet products, services, and configuration issues in a forum environment.
5. Training Services: http://training.fortinet.com
This page provides course descriptions, availability, schedules, and locations of training
programs in your area.
6. FortiGuard Threat Research and Response: http://www.fortiguard.com
This page provides up-to-date information on vulnerabilities and threats, and includes a virus
scanner, Internet Protocol (IP) signature look-up, web filtering tools, and related information.
Comments on Technical Documentation
Please send comments or information about any errors or omissions in this or any Fortinet
10. Technical Documentation and Links
This manual suits for next models
3
Table of contents
Other Fortinet Wireless Router manuals
Popular Wireless Router manuals by other brands
ZyXEL Communications
ZyXEL Communications WSR30 user guide
Huawei
Huawei Speed Wi-Fi HOME L01 Notes of usage
ZyXEL Communications
ZyXEL Communications X-550N quick start guide
D-Link
D-Link DIR-320NRU Quick installation guide
Nexxt
Nexxt Trinity3G/4G Quick installation guide
ZyXEL Communications
ZyXEL Communications NBG-4615 quick start guide
