Differences

This shows you the differences between two versions of the page.

--- networking:router:fortinet [2020/03/19 10:36]
jcooper created
+++ networking:router:fortinet [2020/03/19 13:27] (current)
jcooper
@@ Line 1: / Line 1: @@
-====== MikroTik ======
+====== Fortinet ======
-See also **[[https://www.sonoracomm.com/wiki/doku.php?do=search&id=mikrotik|other Mikrotik pages in this wiki]]**
+http://www.fortinet.com
-See also **[[sonora:sc_mikrotik_script|Sonora Comm Default MikroTik Configuration Script]]**
+https://training.fortinet.com/
-See also **[[networking:router:mikrotik_failover|Mikrotik Failover to a Second Internet Connection]]**
+https://ctap.fortinet.com/
-http://www.mikrotik.com/index.html
+https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/724779/whats-new#What's_New
-http://www.mikrotik.com/download
-http://routerboard.com/
+Fortinet offers:
-Mikrotik offers:
-  * Inexpensive router hardware
-  * Inexpensive wireless hardware
-  * Inexpensive router OS
-  * Multi-platform support
-    * Including x86
-  * Convenient configuration tools:
-    * Command line (most convenient)
-    * Winbox for Windows (don't need to know IP address)
-    * Webfig web interface
-===== Third Party Products =====
-http://www.mikrotik.com/mfm
+  * Inexpensive Next Generation Firewall hardware
+  * Centrally managed wireless hardware
 ===== Distributors =====
-http://routerboard.com/distributors
+https://www.exclusive-networks.com/usa/
-===== Upgrading =====
-http://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS
-http://wiki.mikrotik.com/wiki/Bootloader_upgrade
-http://blog.butchevans.com/2010/08/routeros-upgrade-process/
-http://wiki.bluecrow.net/index.php/Mikrotik_Upgrading
-http://www.mikrotik.com/download
-===== Safe Mode =====
-http://wiki.mikrotik.com/wiki/Console#Safe_Mode
-**Enter Safe Mode:** ''[CTRL]+[X]''
-**Save Changes and Exit:** ''[CTRL]+[X]'' again
-**Exit Without Saving:** ''[CTRL]+[D]''
-Safe mode can be used to minimize the risk of losing contact with the router while performing configuration changes.
-  * Safe mode is entered by pressing [CTRL]+[X]
-  * To save changes and quit safe mode, press [CTRL]+[X] again
-  * To exit without saving the made changes, hit [CTRL]+[D]
-  * All configuration changes that are made in safe mode are automatically undone if safe mode session terminates abnormally
-===== Backup and Restore =====
-http://wiki.mikrotik.com/wiki/Manual:Configuration_Management#System_Backup
-==== Command Line ====
-<file>
-/system backup load name=[filename]
-/system backup save name=[filename]
-</file>
-You can also ''export'' or ''import'' the configuration to the console or to a file.
-  * If you are not at the root of the configuration system, it will only export the section you are in
-  * If you ''export compact'', it will only export the settings that are not default
-  * If you specify a file, you can download the file using the web interface
-  * If you don't specify a file, it will dump to the console
-  * ''export compact'' is the default behavior from V6 on
-<file>
-export compact file=mikrotik_config_backup
-</file>
-===== Configuration =====
-:!: Winbox runs well under Wine on Linux.
-http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration
-http://wiki.mikrotik.com/wiki/How_to_configure_a_home_router
-http://wiki.mikrotik.com/wiki/How_to_Connect_your_Home_Network_to_xDSL_Line
-==== Default Configurations and Useful Command Line Examples ====
-http://wiki.mikrotik.com/wiki/Manual:Default_Configurations
-==== Reset to Defaults ====
-=== CLI ===
-<file>
-/system reset-configuration
-</file>
-or
-<file>
-/system reset-configuration no-defaults=yes
-</file>
-=== Reset Button ===
-The reset button has three functions.
-Hold the button, then apply power.
-Depending on when you release the button, it will do these things:
-  * release immediately (0-5 seconds) after starting the device to load backup bootloader
-  * release when user LED starts to flash to reset RouterOS (5-10 seconds)
-  * release after user LED stops flashing to start Etherboot (Netinstall) mode (10+ seconds)
-Link how to use Netinstall: http://wiki.mikrotik.com/wiki/Netinstall
-==== First Login ====
-:!: Changing the LAN interface and DHCP pool probably requires a reboot!
-  * Default login name is **admin** and **blank password**.
-  * The default IP address is **192.168.88.1/24** on **ether1**.
-  * You can use the Winbox (Windows) utility to configure the unit by MAC address even if you don't know the IP address.
-  * Most models have a useful default configuration, however the rackmount models just have the IP address configured.
-==== Set Password ====
-**System -> Users -> Double-Click 'admin' -> Password**
-==== WAN Interface ====
-=== Dynamic Address ===
-**IP -> DHCP Client -> Add New -> ether1**
-=== Static Address ===
-**IP -> DHCP Client -> Delete if exists
-IP -> Addresses -> Add New**
-==== NAT ====
-**IP -> Firewall -> NAT -> Add New**
-  * Enabled
-  * Chain should be ''srcnat''
-  * Out. Interface should be set to WAN interface (ether1)
-  * Action should be set to ''masquerade''
-=== DMZ ===
-This is like the DMZ feature of other router/firewall devices:
-<file>
-/ip firewall nat add chain=dstnat dst-address=<external-IP> action=dst-nat to-addresses=<internal-IP>
-</file>
-==== Default Gateway ====
-**IP -> Routes -> Add New**
-  * Enabled
-  * Dst. Address should be ''0.0.0.0/0''
-  * Gateway (+) should be your WAN gateway address
-  * Comment ''Default Route''
-==== Name Resolution ====
-**IP -> DNS -> Add New**
-==== Time ====
-**SNTP Client -> Primary -> 199.102.46.73
-SNTP Client -> Secondary -> 64.16.214.60**
-**Clock -> Time Zone Name -> America/Phoenix**
-==== Interfaces ====
-Interfaces can be:
-  * Individual
-  * Bridged
-  * Switched (Slaved)
-=== WAN Interfaces ===
-**IP -> Addresses -> Add New -> Use Ether1 as WAN
-IP -> Addresses -> Add New -> Use Ether2 if WAN2 is needed**
-=== LAN Interfaces ===
-  * To see if an interface is switched (slaved), look for ''Master Port'' setting in interface details
-  * On smaller routers, LAN ports are typically configured as a switch (ether2 as master + slaves)
-  * For bridging, create a bridge interface, then assign ports to it
-  * Only single or master (switch) ports can be added to a bridge; slaved ports cannot
-**IP -> Addresses -> Add New -> Use others as LAN**
-==== Wireless ====
-http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration#Wireless
-  * Check if Ethernet LAN interfaces are switched, bridged or if they are separate ports
-    * Smaller routers have LAN interfaces and wireless bridged together
-  * Apply an appropriate security profile for wireless network security
-=== Wireless Channels ===
-:!: The scan feature cannot be run if you are connected wirelessly
-  * The default channel is channel 1 (2412 MHz)
-  * Click on ''Advanced'' and set the country to ''United States''
-  * Ideally, you will select a channel of 5-10 (2432-2457 MHz) and select HT (wide channels)
-  * The scan feature shows other, possibly competing wireless networks
-  *
-=== Bridged ===
-  * Router must have have level 4 or higher license
-  * Bridged LAN interface must exist
-  * Wireless interface mode is set to ''ap-bridge''
-    * If set to ''bridge'', only one client (station) will be able to connect to the router using wireless
-=== Wireless Security ===
-**Wireless -> Security Profiles -> Add New**
-  * Mode
-    * ''Dynamic Keys''
-    * Select ''WPA'' and ''WPA2''
-  * Unicast and Group Ciphers
-    * Select ''AES CCM''
-  * WPA and WPA2 pre-shared keys
-    * Should each be different :?:
-    * Turn blue when sufficient length
-==== DHCP Server ====
-:!: If you have any problems with the DHCP server (maybe it didn't hand out a gateway address?), try deleting all existing pools and all existing DHCP servers, then run the **DHCP Setup Wizard**.  In fact, this is probably the fastest, easiest way to configure the DHCP server in most all cases.
-**IP -> DHCP Server -> DHCP -> DHCP Setup**
-<file>
-/ip dhcp-server setup
-/ip dns set allow-remote-requests=yes
-</file>
-=== Manual DHCP Server Configuration ===
-Create the address pool first:
-**IP -> Pool -> Add New**
-  * Addresses: ''192.168.1.65-192.168.1.199''
-Add the DHCP server:
-**IP -> DHCP Server -> Add New**
-  * Use mostly defaults
-  * Interface: ''ether2''
-  * Assign the pool just created
-  * Also configure caching DNS for DHCP clients
-This will also create a caching DNS server for use by DHCP clients:
-**IP -> DNS -> Settings -> Click (+) twice then enter two DNS server
-IPs -> DNS -> Settings -> Allow Remote Requests**
-==== Port Forwarding (Destination NAT) ====
-http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration#Port_forwarding
-  * If change of port is not required,then to-ports can be left unset
-  * UPnP is available if dynamic port forwarding is desired
-**IP -> Firewall -> NAT -> Add New**
-<file>
-/ip firewall nat add chain=dstnat dst-address=<external address> protocol=tcp dst-port=<external port> \
- action=dst-nat to-address=<internal address> to-ports=<internal port>
-</file>
-==== Remote Management ====
-http://aacable.wordpress.com/2011/08/15/mikrotik-howto-prevent-mt-host-from-invalid-login-attempts-from-lanwan-users/
-**IP -> Services -> www**
-  * Port: 81
-  * Available From: 209.193.64.248/29 (+) 192.168.1.0/24
-===== Firewall =====
-http://wiki.mikrotik.com/wiki/Home_Firewall
-http://wirelessconnect.eu/articles/securing_mikrotik_router_firewall
-http://wiki.mikrotik.com/wiki/Manual:IP/Firewall
-<file>
-/ ip firewall filter
-add chain=input connection-state=established comment="Accept established connections"
-add chain=input connection-state=related comment="Accept related connections"
-add chain=input connection-state=invalid action=drop comment="Drop invalid connections"
-add chain=input protocol=udp action=accept comment="Allow all UDP" disabled=no
-add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings"
-add chain=input protocol=icmp action=drop comment="Drop excess pings"
-add chain=input in-interface=ether2 src-address=192.168.1.0/24 comment="From our LAN" action=accept
-add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
-add chain=input action=drop comment="Drop everything else"
-</file>
-===== Dynamic DNS =====
-http://networkingforintegrators.com/2012/08/dyndns-updater-for-mikrotik/
-http://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_dynDNS
-http://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_dynDNS_behind_NAT
-===== Scripts =====
-http://networkingforintegrators.com/2013/02/mikrotik-how-to-import-a-script-in-an-rsc-file/
-===== Serial Port =====
-http://wiki.mikrotik.com/wiki/Manual:System/Serial_Console
-==== Serial Console ====
-The Serial Console feature is for configuring the router.
-  * Enabled by default
-  * 115200,8,N,1
-  * No flow control
-  * Requires null-modem cable
-:!: If choosing a USB serial adapter, choose one with a FTDI chipset such as this one:
-http://www.amazon.com/Premium-Speed-Serial-RS-232-Converter/dp/tech-data/B006PIU2KO
+===== CTAP Cyber Threat Assessment Program =====
-:!: When choosing a serial terminal program, you can use Putty:
+https://ctap.fortinet.com/
-http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
+  * CTAP is an assessment tool for sales generation
+  * Registered evaluations are worth $250 from Fortinet
+  * Supported models are:
+FG-60E Threat Protection Throughput - 200 Mbps\\
+FG-100D Threat Protection Throughput - 200 Mbps\\
+FG-300D Threat Protection Throughput - 1.5 Gbps\\
+FG-300E Threat Protection Throughput - 3 Gbps\\
+FG-1500D Threat Protection Throughput - 5 Gbps\\
-**System -> Console
-System -> Ports**
-<file>
-/system console print
-/port print detail
-</file>
-==== Serial Terminal ====
-http://wiki.mikrotik.com/wiki/Serial_Port_Usage
-  * The Serial Terminal feature is for connecting to other devices

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools