FortiCache 4.0.1 Administration Guide

Network settings

The Network menu allows you to configure the unit to operate on the network. This menu provides features for configuring and viewing basic network settings, such as the unit’s interfaces, Domain Name System (DNS) options, and routing table.

This section describes:

l Interfaces l DNS settings l Routing table

Interfaces

In System > Network > Interfaces, you can configure the interfaces that handle incoming and outgoing traffic.

The following information is available:

Create New   Select to create a new interface.
Edit   Modifies settings within the interface. When you select Edit, you are automatically redirected to the Edit Interface page.
Delete Removes an interface from the list.

To remove multiple interfaces from within the list, on the interface page, in each of the rows of the interfaces you want removed, select the check box and then select Delete. To remove all interfaces from the list, on the Interface page, select the check box in the check box column and then select Delete.

Column Settings Select to change the columns that are displayed on the interface list.
Name The names of the physical interfaces on your FortiCache unit. This includes any alias names that have been configured.
Type The type of the interface.
IP/Netmask The current IP address/netmask of the interface.

When IPv6 Support is enabled on the GUI, IPv6 addresses may be displayed in this column.

Access The administrative access configuration for the interface.
Administrative Status The administrative status for the interface.

If the administrative status is a green arrow, the interface is up and can accept network traffic. If the administrative status is a red arrow, the interface is administratively down and cannot accept traffic. To change the administrative status of an interface, select the Edit icon to edit the interface and change the Administrative Status setting for the interface.

Link Status The status of the interface physical connection. Link status can be either up or down. If link status is up there is an active physical connection between the physical interface and a network switch. If link status is down the interface is not connected to the network or there is a problem with the connection. You cannot change link status from the GUI.

Link status is only displayed for physical interfaces.

MTU The maximum number of bytes per transmission unit (MTU) for the interface.
Mode Shows the addressing mode of the interface. The addressing mode can be manual, DHCP, or PPPoE.
Secondary IP Displays the secondary IP addresses added to the interface.
Ref. Displays the number of times the object is referenced to other objects. To view the location of the referenced object, select the number in Ref., and the Object Usage window appears displaying the various locations of the referenced object.

Interface settings

Selecting Create New opens the New Interface page provides settings for configuring a new interface. Selecting an interface from the interface list opens the Edit Interface page.

Configure the following settings:

Name Enter a name of the interface. Physical interface names cannot be changed.
Alias Enter an alternate name for a physical interface on the FortiCache unit. The alias can be a maximum of 25 characters. The alias name will not appears in logs. This field appears when editing an existing physical interface.
Link Status Indicates whether the interface is connected to a network (link status is Up) or not (link status is Down). This field appears when editing an existing physical interface.
Type Select the type of the interface you want to add from the drop-down list. The options include: 802.3ad Aggregate, Redundant Interface, Loopback Interface, and Software Switch.

You cannot change the interface type except when adding a new interface.

Dedicated Management Port Dedicate an interface for management to simplify configuration in transparent network deployments. This includes the ability to specify Trusted Hosts. See below.
Physical Interface Members This section has two different forms depending on the interface type: Software switch interface: this section is a display-only field showing the interfaces that belong to the software switch virtual interface.

802.3ad aggregate interface: select interfaces from the drop-down list, and add more interfaces as required.

 

Addressing mode The only addressing mode available on FortiCache units is Manual.

If IPv6 configuration is enabled you can add both a IPv4 and an IPv6 IP address.

IP/Netmask Enter an IPv4 address/subnet mask for the interface. FortiCache interfaces cannot have IP addresses on the same subnet.
IPv6 Address If IPv6 support is enabled on the GUI, enter an IPv6 address/subnet mask for the interface. A single interface can have both an IPv4 and IPv6 address or just one or the other.
Enable one-arm sniffer Available when editing a physical interface. Select to configure this interface to operate as a one-armed sniffer as part of configuring a FortiCache unit to operate as an IDS appliance by sniffing packets for attacks without actually receiving and otherwise processing the packets. Once the interface is enabled for sniffing you cannot use the interface for other traffic. You must add sniffer policies for the interface to actually sniff packets.
Enable Explicit Web Proxy Select to enable explicit web proxying on this interface. When enabled, this interface will be displayed on System > Network > Web Proxy under Listen on Interfaces and web traffic on this interface will be proxied according to the Web Proxy settings.
Override Default MTU Value To change the MTU, select Override default MTU value (1 500) and enter the MTU size based on the addressing mode of the interface.

l     68 to 1 500 bytes for static mode l 576 to 1 500 bytes for DHCP mode l 576 to 1 492 bytes for PPPoE mode

l     larger frame sizes if supported by the FortiCache model

Only available on physical interfaces. Virtual interfaces associated with a physical interface inherit the physical interface MTU size.

In Transparent mode, if you change the MTU of an interface, you must change the MTU of all interfaces to match the new MTU.

This option is not available if Type is set to Loopback Interface.

Administrative Access

IPv6 Administrative Access

Select the types of administrative access permitted for IPv4/IPv6 connections to this interface.
HTTPS Allow secure HTTPS connections to the GUI through this interface.
PING Interface responds to pings. Use this setting to verify your installation and for testing.
HTTP Allow HTTP connections to the GUI through this interface. HTTP connections are not secure and can be intercepted by a third party.
FMG-Access Allow FortiCache Manager access on this interface.
SSH Allow SSH connections to the CLI through this interface.
SNMP Allow a remote SNMP manager to request SNMP information by connecting to this interface.
TELNET Allow Telnet connections to the CLI through this interface. Telnet connections are not secure and can be intercepted by a third party.
Enable Explicit Web Proxy Select to enable explicit web proxy on the interface.
Listen for RADIUS

Accounting Messages

Select to listen for Remote Authentication and Dial-in User Service (RADIUS) accounting messages on the interface.
Secondary IP Address Add additional IPv4 addresses to this interface.
Comments Enter a description up to 63 characters to describe the interface.
Administrative Status Select either Up (green arrow) or Down (red arrow) as the status of this interface.

Up indicates the interface is active and can accept network traffic.

Down indicates the interface is not active and cannot accept traffic.

Dedicated management interface

The ability to dedicate an interface for management simplifies configuration in transparent network deployments. The management interface can be fixed to an interface and a specific routing policy defined, separate to the transparent bridge. IPv6 is supported.

To dedicate an interface to management

  1. Go to System > Network > Interfaces.
  2. Select an interface to edit, and enable Dedicated Management Port.
  3. If necessary, specify Trusted Hosts.

DNS settings

Several FortiCache functions use DNS, including alert email. You can specify the IP addresses of the DNS servers to which your unit connects. DNS server IP addresses are usually supplied by your ISP. To configure DNS settings select System > Network > DNS.

Configure the following settings:

Primary DNS Server Enter the primary DNS server IP address.
Secondary DNS Server Enter the secondary DNS server IP address.
Local Domain Name Enter the domain name to append to addresses with no domain portion when performing DNS lookups.

Routing table

If the unit is operating in Transparent mode, you can go to System > Network > Routing Table to add static routes to control the flow of traffic through the unit.

Create New Creates a new static or IPv6 route.
Edit Modifies settings within the static route.
Delete Removes a static route from the list.

To remove multiple static routes from within the list, on the Static Route page, in each of the rows of the routes you want removed, select the check box and then select Delete.

To remove all static routes from the list, on the Static Route page, select the check box in the check box column and then select Delete.

Column Settings Select to add, remove, or change the order of information columns. By default, the Distance Priority and Distance columns are not displayed.
IP/Netmask The destination IP addresses and network masks of packets that the FortiCache unit intercepts.
Gateway The IP addresses of the next-hop routers to which intercepted packets are forwarded.
Device The interface or port number the static route is configured to.
Comment A description of the route (optional).
Distance The number of hops the static route has to the configured gateway. Routes with the same distance will be considered as equal-cost multi-path (ECMP)
Priority A number for the priority of the static route. Routes with a larger number will have a lower priority. Routes with the same priority will be considered as ECMP.

Adding a static route

Selecting Create New opens the New Static Route page, which provides settings for configuring a new static route. Selecting a route from the route list opens the Edit Static Route page.

Destination IP/Mask   Enter the IP address and netmask of the new static route. To create a default route, set the IP and netmask to 0.0.0.0/0.0.0.0.
Device   Select the static route’s interface or port number.
Gateway   Enter the gateway IP address for those packets that you intend the unit to intercept.

 

Administrative Distance Enter a number to determine the cost of the route. When multiple paths exist to the same destination, smaller distances are preferred.
Comments Enter a description up to 63 characters to describe the new interface.
Advanced Options Select to show the Priority option.
Priority Enter a number for the priority of the static route. Routes with a larger number will have a lower priority.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.