Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh FortiGate
Nguyn Hu Tin Hyperlogy JSC.

Ni dung
Cu hnh FortiGate
Cu hnh giao din, zone, a ch, cc dch v, di ch policy, profile, profile,

Theo di hot ng ca FortiGate ho

Trang theo di trng thi tr th Theo di log Dng lnh trn mn hnh console

Hyperlogy JSC.

Cc cch cu hnh FortiGate

Web: http, https CLI: Console, Telnet, Secure Shell FortiManager: SNMP FortiManager:

Hyperlogy JSC.

Copyright 2007 Hyperlogy JSC.

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Giao din web di

M trnh duyt v g vo a ch v d tr duy ch nh sau: sau:
http://192.168.1.1 https://192.168.1.1 Mn hnh ng nhp s hin ra nh sau: nh hi sau:

Hyperlogy JSC.

Giao din web di

Hyperlogy JSC.

Giao din web di

Hyperlogy JSC.

Copyright 2007 Hyperlogy JSC.

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Giao din web di

NAT/Route Mode Ch ny l ch mc nh. Mi interface l mt mng khc nhau. Cho php Firewall hot ng nh mt gateway Transparent Mode Firewall hot ng nh mt cu ni. Qun l Firewall qua mt a ch IP.
Hyperlogy JSC. 7

Cu hnh zone
System->Network->Zone System- >Network-

Hyperlogy JSC.

Cu hnh zone
Trong phn cu hnh zone ta c th nhm ph th nh cc giao din vo cng mt zone. di Mc ch c th to lut cho zone gm th lu nhiu giao din cng map mt lut. nhi di lu Hin th lung thng tin gia cc giao din Hi th lu gi di trong cng mt zone nu chn block. ch
Hyperlogy JSC. 9

Copyright 2007 Hyperlogy JSC.

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh giao din di

System->Network SystemChn giao din cn cu hnh xong nhn Ch di nh Edit. Trong phn ny bn c th: ph th
Thay i a ch IP cho giao din. ch di Thay i cc giao thc truy cp qun tr th qu tr Firewall trn giao din ny. di Bt ch log khi lu lng qua giao din. ch l di
Hyperlogy JSC. 10

Cu hnh giao din di

Hyperlogy JSC.

11

Cu hnh Update
Mun update phi ng k sn phm trn Mu ph ph trang: trang:
http://support.fortinet.com

C 2 cch update:
Update bng tay. tay. Update t ng. ng.

Hyperlogy JSC.

12

Copyright 2007 Hyperlogy JSC.

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh Update
Update bng tay
Update Antivirus cho Firewall Update h iu hnh cho Firewall

Update IPS cho Firewall

Hyperlogy JSC.

13

Cu hnh Update
Update t ng: ng:
System->Maintenance->Update Center System- >Maintenance-

Hyperlogy JSC.

14

Cu hnh nh tuyn tuy

nh tuyn tnh (Static Route) tuy

Hyperlogy JSC.

15

Copyright 2007 Hyperlogy JSC.

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh nh tuyn tuy

To mt tuyn ng i t lp a ch trn tuy ch giao din ti ch qua mt gateway xc di nh. nh.
V d:
ch: 10.238.254.0/24 ch: Gateway: 192.168.2.3/24 Giao din: wan1 di Distance: 10 ( u tin nh tuyn) ( tuy

Hyperlogy JSC.

16

Cu hnh nh tuyn tuy

Policy Route

Hyperlogy JSC.

17

Cu hnh nh tuyn tuy

Mc ch ca Policy Route l nh tuyn tuy lung tin i theo mt ng xc nh trc lu tr khi map theo Static route bn ngoi. ngo Ch : Ch
S dng tnh nng ny khi thc s cn thit th thi Nm r c lung thng tin i qua cc giao din lu di Lut y c map theo kiu t trn xung di Lu ki xu d

Hyperlogy JSC.

18

Copyright 2007 Hyperlogy JSC.

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh nh tuyn tuy

Mc ch ca Policy Route l nh tuyn tuy lung tin i theo mt ng xc nh trc lu tr khi map theo Static route bn ngoi. ngo Ch : Ch
S dng tnh nng ny khi thc s cn thit th thi Nm r c lung thng tin i qua cc giao din lu di Lut y c map theo kiu t trn xung di Lu ki xu d

Hyperlogy JSC.

19

Cu hnh nh tuyn tuy

Monitor

Hyperlogy JSC.

20

Cu hnh a ch ch

Hyperlogy JSC.

21

Copyright 2007 Hyperlogy JSC.

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh a ch ch
Vo tn v lp a ch cn thm. ch thm. Mc ch: Khi to lut trong phn Policy c ch: lu ph th s dng cc vng a ch to ra. th ch ra. Phn Group l to mt nhm cc a ch Ph nh ch cn dng. . ng

Hyperlogy JSC.

22

Cu hnh dch v
Dch v

Hyperlogy JSC.

23

Cu hnh dch v
Custom: To dch v theo ngi s dng ng

Hyperlogy JSC.

24

Copyright 2007 Hyperlogy JSC.

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh dch v
Nhm: To nhm dch v theo ngi s Nh nh ng dng

Hyperlogy JSC.

25

Cu hnh policy
Mc ny l mc quan trng nht ca tr nh Firewall. Cu hnh Policy cho php cc vng i vo ph nhau c s dng dch v g. V d:
T Internal vo Wan1 c s dng dch v http. T Dmz vo Internal c s dng dch v LotusNote. LotusNote.
Hyperlogy JSC. 26

Cu hnh policy

Hyperlogy JSC.

27

Copyright 2007 Hyperlogy JSC.

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh Policy

Hyperlogy JSC.

28

Cu hnh VIP
VIP Chc nng dng map mt trang web hoc Ch ho mt dch v no trong mng ni b ra ngoi ngo internet thng qua mt a ch IP public bn ch ngoi. ngo VIP c 2 ch l Static nat v Port Forwarding. ch
Static nat l nat tnh mt a ch tht t ngoi vo ch th ngo trong. trong. Port Forwarding l nat mt port t a ch ngoi vo ch ngo mt port trong ca mt a ch bn trong. ch trong.
Hyperlogy JSC. 29

Cu hnh VIP

Hyperlogy JSC.

30

Copyright 2007 Hyperlogy JSC.

10

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh profile
Chc nng ny dng kch hot tnh Ch ho nng lc chn virus, chn file, chn spam, ch ch ch lc web, chng tn cng IPS. ch Mc nh c cc Protection Profile sau: sau:
Strict, scan, web, unfiltered. Ngi s dng c th to thm cc Profile Ng th khc theo yu cu s dng. kh ng.

Hyperlogy JSC.

31

Cu hnh profile

Hyperlogy JSC.

32

Cu hnh Profile
To mt Profile mi:

Hyperlogy JSC.

33

Copyright 2007 Hyperlogy JSC.

11

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh IPS
IPS chng tn cng h thng do cc bug ch th ca chng trnh ng dng ang chy. tr ch
Signature: Cc mu tn cng ng dng sn c . Animaly: Tnh bt thng ca lung tin qua Animaly: th lu li. Nh icmp, v.v icmp, v.v

Hyperlogy JSC.

34

Cu hnh IPS

Hyperlogy JSC.

35

Cu hnh AntiVirus
Tnh nng ny chng cc loi virus c ch lo cp nht qua cc trung tm nghin cu nh ca fortinet trn ton th gii. to th gi Phn ny c 2 tnh nng chnh l Ph ch
File block. Virus List.

Hyperlogy JSC.

36

Copyright 2007 Hyperlogy JSC.

12

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh IPS

Hyperlogy JSC.

37

Cu hnh AntiSpam
Spam l mt vn rt ln trn th gii th gi hin nay. hi Vic lc chn spam rt kh khn do spam Vi ch kh c bin i di nhiu hnh thc khc bi d nhi th kh nhau. Ph bin nht by gi l th rc. nhau. Ph bi nh gi Trong firewall FG c tnh nng chng spam ch theo cc mc sau: sau:
Fortiguard Antispam IP address
Hyperlogy JSC. 38

Cu hnh AntiSpam
DNSBL Email-address EmailMime Headers Banned Word

Hyperlogy JSC.

39

Copyright 2007 Hyperlogy JSC.

13

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh Web filtering

Tnh nng tip theo l lc web ti
Content Block URL Block URL Exempt Category Block Script Filter

Hyperlogy JSC.

40

Cu hnh Lc Web

Hyperlogy JSC.

41

Cu hnh log v cnh bo

Trong phn log c hai phn chnh ph ph ch
Cu hnh log
t log hin th. hi th Thng bo qua email. Lc thng tin hin th log. hi th

Xem log
Xem event. Xem tn cng. cng. Xem virus tn cng. cng. Xem spam. Xem thng tin v trang c lc.
Hyperlogy JSC. 42

Copyright 2007 Hyperlogy JSC.

14

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh log v cnh bo

Trong dng firewall cho doanh nghip va nghi ln v ISP c lp thm cng lu log. Cn xem log trn firewall c th xem log th trn mem. . mem Xem log trn thit b Fortilog. thi Fortilog.

Hyperlogy JSC.

43

Cu hnh log v cnh bo

Hyperlogy JSC.

44

Cu hnh CLI
Nu s dng cu hnh qua cng console th c th s dng cc cng c sau: th th sau:
HyperTerminal SecureCRT v.v.v. v.v.v.

Nu s dng cu hnh qua telnet,ssh th c th th s dng putty, command, SecureCRT. th SecureCRT.

Hyperlogy JSC.

45

Copyright 2007 Hyperlogy JSC.

15

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh CLI

Hyperlogy JSC.

46

Cu hnh CLI
S dng dng lnh c th kim tra c th ki gi tin ang i v debug c li xy ra trong qu trnh kt ni trn Firewall. qu tr V d
diagnose sniffer packet internal 'tcp and port 80 'tcp 80 diagnose debug application ike 7 diagnose debug enable

Hyperlogy JSC.

47

Cu hnh CLI
Nu s dng cu hnh qua cng console th c th s dng cc cng c sau: th th sau:
HyperTerminal SecureCRT v.v.v. v.v.v.

Nu s dng cu hnh qua telnet,ssh th c th th s dng putty, command, SecureCRT. th SecureCRT.

Hyperlogy JSC.

48

Copyright 2007 Hyperlogy JSC.

16

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Trn trng cm n ! tr
Hyperlogy JSC.

Copyright 2007 Hyperlogy JSC.

17