Fortinet FortiGate-70G Firewall User Manual

1. Introduction

This manual provides essential information for the installation, configuration, operation, and maintenance of the Fortinet FortiGate-70G Firewall. The FortiGate-70G is designed to deliver enterprise-grade security for small offices, retail sites, and distributed branches, integrating advanced threat protection capabilities within a compact and manageable form factor. It operates on FortiOS and leverages FortiGuard AI-driven threat intelligence to provide comprehensive network security.

2. Product Overview

The FortiGate-70G is a next-generation firewall that consolidates critical security functions. Key features include:

• Next-generation firewall (NGFW) capabilities, Intrusion Prevention System (IPS), and web filtering.
• Secure SD-WAN for optimized cloud and SaaS performance with consistent security policies.
• Deep visibility through SSL inspection and application control for encrypted traffic.
• Simplified deployment and centralized management via FortiGate Cloud or FortiManager.
• Seamless integration with FortiSwitch and FortiAP for a unified wired and wireless network.

2.1. Device Layout

Figure 2.1: Front view of the Fortinet FortiGate-70G Firewall, showing status indicators and the Fortinet logo.

Figure 2.2: Front and rear views of the FortiGate-70G, illustrating the compact form factor and the 10 Gigabit Ethernet RJ45 ports on the rear panel.

Figure 2.3: Side view of the FortiGate-70G, indicating its physical dimensions: Height x Width x Length: 1.6 x 8.5 x 6.3 inches, Weight: 2.01 pounds.

3. Setup

3.1. Physical Connection

1. Power Connection: Connect the provided power adapter to the device and a suitable power outlet.
2. Network Connections: Connect your Internet Service Provider's (ISP) modem or router to the designated WAN port(s) on the FortiGate-70G. Connect your internal network devices (switches, computers) to the LAN ports.
3. Console Connection (Optional): For initial configuration or troubleshooting, connect a console cable from your management workstation to the console port on the FortiGate-70G.

3.2. Initial Configuration Access

Once powered on and connected, the FortiGate-70G can be accessed via a web browser or the command-line interface (CLI) through the console port. Refer to the Fortinet documentation for default IP addresses and login credentials for initial access.

4. Operating

The FortiGate-70G operates on FortiOS, providing a comprehensive suite of security and networking features. Management can be performed locally via the web-based GUI or CLI, or centrally through FortiGate Cloud or FortiManager.

4.1. Core Security Functions

• Firewall Policies: Configure rules to control traffic flow between network segments.
• Intrusion Prevention System (IPS): Protect against known exploits and vulnerabilities.
• Application Control: Identify and manage network applications.
• Web Filtering: Block access to malicious or inappropriate websites.
• Malware Defense: Detect and prevent malware infections.
• SSL Inspection: Decrypt and inspect encrypted traffic for hidden threats.

4.2. FortiGuard Security Services

The FortiGate-70G integrates with FortiGuard Security Services, which provide real-time threat intelligence updates. These services enhance the device's ability to protect against evolving threats.

Figure 4.1: Overview of FortiGuard Security Services, categorized by service offering and available bundles (A-la-carte, Enterprise Protection, Unified Threat Protection, Advanced Threat Protection).

Figure 4.2: Visual representation of Fortinet's protection tiers, showing how Advanced Threat Protection (Network & File Security), Unified Threat Protection (Web/DNS Security), and Enterprise Protection (SaaS & Data Security, Zero-Day Prevention) build upon each other, all underpinned by FortiCare Premium.

Figure 4.3: A pyramid diagram illustrating FortiGuard Security Services and their role in protecting against various attack surface elements, from Intrusion Prevention System (IPS) at the base to Data Loss Prevention (DLP) at the top.

5. Maintenance

5.1. Firmware Updates

Regularly update the FortiGate-70G firmware to ensure optimal performance, access to new features, and the latest security patches. Firmware updates can be managed through the FortiGate GUI or CLI.

5.2. Monitoring and Logging

Monitor system logs and security events regularly to identify potential issues or security incidents. The FortiGate-70G provides extensive logging capabilities, which can be viewed locally or integrated with FortiAnalyzer for centralized analysis.

5.3. Configuration Backup

Periodically back up your device configuration. This allows for quick restoration of settings in case of a system failure or misconfiguration.

6. Troubleshooting

6.1. Connectivity Issues

• No Internet Access: Verify WAN port connection, check ISP status, and review firewall policies.
• Internal Network Access: Ensure LAN connections are correct and check internal routing and firewall rules.
• Cannot Access GUI: Confirm the management workstation is on the correct network segment and try accessing via the console port.

6.2. Performance Issues

• Slow Network Speed: Check for high CPU/memory utilization on the FortiGate, review traffic logs for unusual activity, or consider optimizing security policies.
• Dropped Connections: Investigate firewall logs for blocked traffic and ensure appropriate policies are in place.

7. Specifications

The FortiGate-70G offers robust performance and connectivity for its class.

Figure 7.1: Performance specifications for the FortiGate-70G, including IPS Throughput, NGFW Throughput, Threat Protection Throughput, Firewall Throughput, and IPsec VPN Throughput.

8. Warranty and Support

For warranty information and technical support, please refer to the official Fortinet website or contact your authorized Fortinet reseller. Fortinet provides various support options, including documentation, knowledge bases, and direct technical assistance.

For additional resources, visit the Fortinet Official Website.