Fortiexplorer User Guide 22

FortiExplorer v2.
2 Build 1046
User Guide
FortiExplorer v2.2 Build 1046 User Guide
May 27, 2013
01-502-202417-20130527
Copyright© 2013 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are
registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks
of Fortinet. All other product or company names may be trademarks of their respective owners.
Performance metrics contained herein were attained in internal lab tests under ideal conditions,
and performance may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment
by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the
extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a
purchaser that expressly warrants that the identified product will perform according to the
performance metrics herein. For absolute clarity, any such warranty will be limited to
performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in
full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise
this publication without notice, and the most current version of the publication shall be
applicable.
Technical Documentation docs.fortinet.com

Knowledge Base kb.fortinet.com
Customer Service & Support support.fortinet.com
Training Services training.fortinet.com
FortiGuard fortiguard.com
Document Feedback techdocs@fortinet.com
Table of Contents
Change Log....................................................................................................... 5
Introduction....................................................................................................... 6
Supported models ................................................................................................... 6
FortiGate ............................................................................................................ 6
FortiWiFi ............................................................................................................. 6
FortiSwitch ......................................................................................................... 6
FortiAP ............................................................................................................... 6
FortiOS support ....................................................................................................... 6
FortiAP support........................................................................................................ 6
FortiSwitch support ................................................................................................. 6
Download FortiExplorer ........................................................................................... 7
FortiExplorer software........................................................................................ 7
Installing FortiExplorer..................................................................................... 8
Installing FortiExplorer ............................................................................................. 8
Microsoft Windows install .................................................................................. 8
Mac OS X install................................................................................................. 9
Configuration options .............................................................................................. 9
Updating FortiExplorer and firmware....................................................................... 9
Register your device from FortiExplorer ................................................................ 10
Setup Wizard................................................................................................... 12
System settings ..................................................................................................... 12
Central management........................................................................................ 12
Admin password .............................................................................................. 13
Time zone......................................................................................................... 13
Network.................................................................................................................. 14
WAN topology.................................................................................................. 14
Primary WAN.................................................................................................... 15
Secondary WAN............................................................................................... 16
Load balancing ................................................................................................ 17
3G/4G modem ................................................................................................. 18
LAN settings..................................................................................................... 19
Security .................................................................................................................. 19
Schedule .......................................................................................................... 19
Internet access policy ...................................................................................... 20
Virtual Server.................................................................................................... 20
Remote VPN .................................................................................................... 21
Summary................................................................................................................ 22
Page 3
Device Management Options ........................................................................ 23
Connecting to the Web-based Manager ............................................................... 23
Connecting to the CLI console .............................................................................. 24
Firmware ......................................................................................................... 25
Add model ............................................................................................................. 25
Download firmware images ................................................................................... 26
Uploaded firmware ................................................................................................ 27
Watermark Tool .............................................................................................. 29
Using the DLP watermark tool............................................................................... 29
Apply watermark output message ................................................................... 30
FortiExplorer command line Watermark tool ......................................................... 31
Create a filter in FortiOS ........................................................................................ 32
USB Serial Console ........................................................................................ 33
Supported models ................................................................................................. 33
FortiGate .......................................................................................................... 33
FortiAP ............................................................................................................. 33
FortiSwitch ....................................................................................................... 33
Accessing the USB serial console menu ............................................................... 33
FortiGate BIOS menu............................................................................................. 34
Get firmware image from TFTP server ............................................................. 34
Format boot device.......................................................................................... 35
Configuration and information menu ............................................................... 35
Boot with backup firmware and set as default ................................................ 36
Quit menu and continue to boot ...................................................................... 36
Display this list of options ................................................................................ 36
FortiAP BIOS menu................................................................................................ 36
Get OS image from TFTP server...................................................................... 37
Quit this menu and continue to boot with default OS...................................... 37
FortiSwitch BIOS menu ......................................................................................... 38
Get firmware image from TFTP server. ............................................................ 38
Format boot device.......................................................................................... 39
Configuration and information menu ............................................................... 39
Boot with backup firmware and set as default ................................................ 40
Quit menu and continue to boot ...................................................................... 40
Fortinet Hardware Quick Inspection (HQIP)........................................................... 40
Index ................................................................................................................ 42
Table of Contents Page 4 FortiExplorer v2.2 Build 1046 User Guide

Change Log
Date Change Description
2013-04-10 Initial release.
2013-04-17 Added supported file type information for Watermark tool.
2013-05-27 Added USB Console Access chapter.
Page 5
Introduction
FortiExplorer is a standalone software solution that allows you to connect to your FortiGate
device using the USB interface of your management computer. FortiExplorer provides direct
access to the FortiOS setup wizard, Web-based Manager, and CLI console. FortiExplorer also
provides useful tools to allow you to manage firmware versions for various managed devices
and a watermark tool which can be used to apply a watermark signature to confidential files.
Supported models
FortiExplorer v2.2 Build 1046 supports the following models.
FortiGate
FG-20C, FG-20C-ADSL-A, FG-40C, FG-60C, FG-60C-POE, FG-60C-SFP, FG-60D, FG-100D,
FG-300C, FG-600C, FG-600C-DC, FG-800C, FG-1000C, FG-1000C-DC, FG-3240C, and
FG-3600C.
FortiWiFi
FWF-20C, FWF-20C-ADSL-A, FWF-40C, FWF-60C, FWF-60CM, FWF-60CM-3G4G-B,
FWF-60CX-ADSL-A, and FWF-60D.
FortiSwitch
FS-28C, FS-324B-POE, and FS-348B.
FortiAP
FAP-11C and FAP-28C.
See the FortiExplorer v2.2 Build 1046 Release Notes for additional information on FortiExplorer.
FortiOS support
FortiExplorer v2.2 Build 1046 supports FortiOS v5.0 Patch Release 2 or later.
FortiAP support
FortiExplorer v2.2 Build 1046 supports FortiAP v5.0 Patch Release 2 or later.
FortiSwitch support
FortiExplorer v2.2 Build 1046 supports FortiSwitch v1.0 Patch Release 2 or later.
Introduction Page 6 FortiExplorer v2.2 Build 1046 User Guide

Download FortiExplorer
FortiExplorer is available for download from the Customer Service & Support web site
ihttps://support.fortinet.com in firmware images and from the Fortinet Resource Center
http://www.fortinet.com/resource_center/product_downloads.html. FortiExplorer is available for
both Microsoft Windows and Mac OS X computers.
The Watermark Tool is available for FortiExplorer v2.2 Build 1046 for Microsoft Windows only.
FortiExplorer software
The following FortiExplorer images are available from the Customer Service & Support site:
Microsoft Windows
• FortiExplorerSetup_xp_2.2.1046.exe
This image includes the FortiExplorer executable, the Microsoft Windows USB driver library,
and .net framework library.
• FortiExplorerSetup_vista_win7_2.2.1046.msi
This image includes the FortiExplorer MSI file.
• FortiExplorerSetup_win_upgrade_2.2.1046.msi
This image includes the FortiExplorer MSI file and the Microsoft Windows USB driver library.
• FortiExplorer_OnlineInstaller_2.2.1046.exe
This image is an online installer for FortiExplorer. When run, it will download the full installer
from the FortiGuard Distribution Servers (FDS).
Mac OS X
• FortiExplorer-2.2.1046.dmg
This image includes the FortiExplorer executable, the Mac OS X USB driver library, and .net
framework library.
• FortiExplorer_OnlineInstaller-2.2.1046.dmg
This image is an online installer for FortiExplorer. When run, it will download the full installer
from the FortiGuard Distribution Servers (FDS).
Introduction Page 7 FortiExplorer v2.2 Build 1046 User Guide

Installing FortiExplorer
FortiExplorer provides a user-friendly tool that you can use to configure a FortiGate unit over a
standard USB connection, rather than using a console cable or Ethernet connection.
Figure 1: Example connection to device
RESET
USB A to DC+12V
USB
MGMT USB WAN2 WAN1 DMZ 7 6 5 4 3 2 1
USB Mini-B Cable
USB A cable end into USB Mini-B cable end into

Management Computer your Fortinet device
When using the FortiExplorer setup wizard for the first time, ensure the FortiGate unit is using its
factory default settings.
Do not connect the USB cable until after FortiExplorer has been installed.
The following topics are discussed in this section:

• Installing FortiExplorer
• Configuration options
• Updating FortiExplorer and firmware
• Register your device from FortiExplorer
Installing FortiExplorer
FortiExplorer is available for Microsoft Windows XP, Vista, 7, and 8. It is also available for Mac
OS X v10.6 Snow Leopard and higher.
Microsoft Windows install

To install FortiExplorer on a Microsoft Windows workstation:
1. Double-click the .msi, or .exe file and follow the instructions on-screen. If loading from the
CD, select the appropriate version for your operating system.
2. Connect the USB cable to the FortiGate unit and then to the management computer.
3. The FortiExplorer Fortinet Device Easy Configuration Utility opens when the USB cable is
connected. Select Install the hardware automatically and select Next.
Installing FortiExplorer Page 8 FortiExplorer v2.2 Build 1046 User Guide

4. After a moment, FortiExplorer will launch.
Mac OS X install
To install FortiExplorer on a Mac OS X workstation:
1. Double-click the .dmg file and drag the FortiExplorer program file into the Applications
folder.
2. Connect the USB cable to the FortiGate unit and then to the management computer.
3. Double-click the FortiExplorer icon to launch the application.
Configuration options
With FortiExplorer, you are provided a number of options on how to configure the FortiGate unit,
depending on your level of comfort with various interfaces.
The below image shows the FortiExplorer Tool connected to a FortiGate 60C device.
Figure 2: FortiExplorer tool
Updating FortiExplorer and firmware
FortiExplorer may be automatically updated from time to time. Select the checkbox at the
bottom of the page to remember the device and check for updates with FDS automatically.
FortiExplorer will also monitor firmware updates for your devices and provide an alert when one
is available. FortiExplorer lists the three most recent firmware images that are available for your
device on the main page.

Register your device from FortiExplorer
You can use FortiExplorer to register your Fortinet device. By registering your device, you can
download firmware images, receive FortiGuard service updates including virus and attack
definitions, VCM updates, and access Fortinet Customer Service & Support.
You can select to register the device to an existing FortiCare account, see Figure 3, or you can
create a new FortiCare account, see Figure 4.
To register the device to an existing FortiCare account, select Existing FortiCare User - FortiCare
Login, enter your FortiCare username and password, select the country in the drop-down menu,
select the reseller in the drop-down menu, and select Register.
Figure 3: Register device to existing FortiCare account

To create a new FortiCare account, select New User - Create FortiCare Account, enter the
applicable information in the required fields and select Register.
Figure 4: Register device to new FortiCare account
Once registration is complete, the device will reflect a Registered status on the FortiExplorer
home page.

Setup Wizard
FortiExplorer allows you to configure your FortiGate unit using the setup wizard in FortiOS from
the FortiExplorer shell.
The setup wizard is intended for initial configuration of your device and includes basic settings.
This chapter provides an overview of the options for a FortiGate system. The options in FortiAP
and FortiSwitch are not covered.
System settings
Device system settings include central management, setting the admin password, and setting
time zone information.
Central management
Select the checkbox to enable central management and enter the IP address of your
FortiManager device. When central management is enabled, the setup wizard will allow you to
configure the primary WAN and LAN settings. All other settings will come from the
FortiManager.
Setup Wizard Page 12 FortiExplorer v2.2 Build 1046 User Guide

Figure 5: Central management page
When central management is selected, all further management will be performed on the
FortiManager.
Admin password
Select the checkbox to change the admin password. The default password is no password,
leave the Old Password field blank and enter the new password. Changing the password will
require re-authentication when the setup wizard is complete.
Figure 6: Admin password page
Time zone
Select the appropriate time zone for your location in the drop-down menu.

Figure 7: Time zone page
Network
Network settings include the WAN topology, primary WAN configuration, secondary WAN
configuration, load balancing configuration, 3G/4G modem configuration, and LAN
configuration.
The network menu is determined by the WAN topology selection. Menu items that are not
applicable to the topology selected will not be available.
WAN topology
Select a connection type for your Wide Area Network (WAN). Select one of the following
options:
• Single Ethernet
• 3G/4G modem only
• Dual Ethernet
• Ethernet with 3G/4G backup

Figure 8: WAN typology page
Primary WAN
Select the connection type for your primary WAN connection. Select one of the following:
• DHCP, if your ISP automatically assigns you a dynamic IP address
• Static IP, if your ISP assigns you a specific IP address or a group of addresses
Enter the IP address, netmask, default gateway IP address, and DNS server IP address for
WAN1.
• PPPoE, if your ISP provided you with client software, a username, and a password
Enter the PPPoE username and password.

Figure 9: Primary WAN page
Contact your Internet service provider if you are unsure which Internet connection type to select
for your primary WAN connection.
Secondary WAN
Select the connection type for your secondary WAN connection.
This wizard menu is only available when selecting Dual Ethernet in the WAN Topology page.
Select one of the following:

• DHCP, if your ISP automatically assigns you a dynamic IP address
• Static IP, if your ISP assigns you a specific IP address or a group of addresses
Enter the IP address, netmask, default gateway IP address, and DNS server IP address for
WAN1.
• PPPoE, if your ISP provided you with client software, a username, and a password
Enter the PPPoE username and password.

Figure 10:Secondary WAN page
Contact your Internet service provider if you are unsure which Internet connection type to select
for your secondary WAN connection.
Load balancing
Load balancing allows you to balance traffic between the primary and secondary WAN
interfaces.
This wizard menu is only available when selecting Dual Ethernet in the WAN Topology page.
Select one of the following:

• Round Robin
• Weighted Load Balance
• Spillover

Figure 11:Load balancing page
3G/4G modem
Configure 3G/4G modem dialup account information. Enter your phone number, username, and
password.
This wizard menu is only available when selecting 3G/4G modem only or Ethernet with 3G/4G
backup in the WAN Topology page.
Figure 12:3G/4G modem page

LAN settings
One this page you can configure LAN settings. Enter the IP address and netmask for the internal
interface or leave the default values. Select the checkbox to enable DHCP and enter the start
and end IP address
Figure 13:LAN settings page
Security
Security settings include schedule, internet access policy, virtual server, and remote VPN
settings.
Schedule
On the you can configure the Internet access schedule. You can select to enable Internet
access to a specified schedule or set to allow access always.
Figure 14:Schedule page

Internet access policy
This policy will enable Internet connectivity for the internal LAN and WiFi interfaces. The
selected traffic forwarding and UTM inspection options be applied to this policy. You can
configure the following settings:
• Enable Network Address Translation (NAT)
• Enable virus detection and removal (email, web browsing etc)
• Block exploits and intrusions
• Filter SPAM and malicious emails
• Block malicious web content
• Monitor application usage and block applications rated as unproductive
Figure 15:Internet access policy page
The FortiGate setup wizard deletes all security policies and adds a single security policy
configured by the wizard to allow Internet access from the Internal network.
Virtual Server
Select to enable virtual server access. This will setup public access to internal servers via the
WAN interface public IP address. Clients will connect to the public IP address on the external
port to access the internal server(s). You can configure up to five virtual servers using the setup
wizard.

Table 1: Virtual server page
Remote VPN
Select the checkbox to allow remote VPN access. You can configure up to three users and
select either SSL VPN or IPsec VPN. When selecting SSL VPN you can configure up to five SSL
VPN bookmarks. When selecting IPsec VPN, enter the pre-shared key.
Figure 16:Remote VPN page

Summary
The summary page allows you to verify the settings configured in the setup wizard before
committing the changes. Select Configure to save the settings to the device.
Figure 17:Summary page
Once the setup wizard in finished, you will be prompted to log back into the device.

Device Management Options
After installing and setting up the basic settings for your device, you can use FortiExplorer to
connect to the device’s Web-based Manager and CLI console for ongoing administration.
• Connecting to the Web-based Manager
• Connecting to the CLI console
Connecting to the Web-based Manager
To connect to the device Web-based Manager, go to Devices > Web-based Manager, and enter
your username and password. Optionally, select Tools > Web-based Manager to launch a web
browser session with the device on 127.0.0.1:12180.
When accessing the Web-based Manager from within the FortiExplorer shell, you can access
detailed content-sensitive online help that displays for the current Web-based Manager page.
Configuration changes made in the Web-based Manager take effect immediately, without
resetting the device of interrupting service.
Figure 18:Web-based Manager device access
For more information on configuring your FortiOS device see the FortiOS Handbook 5.0.
Device Management Options Page 23 FortiExplorer v2.2 Build 1046 User Guide
Connecting to the CLI console
The command line interface (CLI) is an alternative method of configuring the FortiGate unit. The
CLI complements the web-based manager in that it not only has the same configuration
options, but additional settings not available through the web-based manager.
The CLI contains commands and sub-commands that are used to configure a feature’s settings,
and you can upload batches of commands from a text file.
To connect to the device command line interface, go to Devices > Command-line Interface, and
enter your username and password. Optionally, select Tools > Command-line Interface to
launch a Telnet session window on 127.0.0.1.
Figure 19:CLI console device access
For more information on using the CLI console see the CLI Reference for FortiOS 5.0.
Device Management Options Page 24 FortiExplorer v2.2 Build 1046 User Guide
Firmware
You can use FortiExplorer to store and monitor firmware versions for managed Fortinet devices.
FortiExplorer will display the three most recent builds for the device. You can select Download,
enter your FortiCare username and password, and download the firmware image to
FortiExplorer. Optionally, you can download specific firmware images from the Customer
Service & Support website and upload the image to FortiExplorer.
Figure 20:Monitored firmware page

• Add model
• Download firmware images
• Uploaded firmware
Add model
Select Add Model in the toolbar to add device models to the Monitored Firmware page. In
FortiExplorer v2.2 Build 1046 you can add the following devices: FortiGate 20C, FortiGate 40C,
FortiGate 60C, FortiGate 100D, FortiGate 300C, FortiGate 600C, FortiGate 800C, FortiGate
1000C, FortiGate 3240C, FortiWiFi 20C, FortiWiFi 40C, FortiWiFi 40C, FortiWiFi 60C, FortiWiFi
60C-ADSL-A, FortiWiFi 60CM, and FortiAP 11C.
Firmware Page 25 FortiExplorer v2.2 Build 1046 User Guide

Figure 21:Add Model dialog box
Download firmware images
When selecting to download a firmware image, you will be prompted to enter your FortiCare
account credentials. The firmware image will be saved to FortiExplorer. Only the three most
current firmware versions are displayed in Online Updates.
Figure 22:Login to FortiCare dialog box

When connected to the FortiGate device you can select to Install the firmware image.
Figure 23:Install firmware image when connected to device
Before upgrading or downgrading the device, always read and review the applicable Firmware
Release Notes. The Firmware Release Notes are available on the Customer Service & Support
site in the file folder that contains firmware images. The Release Notes include support
information, special notices, supported upgrade and downgrade paths, resolved and known
issues for the firmware release.
Uploaded firmware
Optionally, you can upload firmware image .out files that you have downloaded from the
Customer Service & Support site into the FortiExplorer shell. You can upload firmware image
files for any monitored device.

Figure 24:Uploaded firmware images
When connected to the FortiGate device you can select to Install the firmware image.
Figure 25:Install firmware image when connected to device
Before upgrading or downgrading the device, always read and review the applicable Firmware
Release Notes. The Firmware Release Notes are available on the Customer Service & Support
site in the file folder that contains firmware images. The Release Notes include support
information, special notices, supported upgrade and downgrade paths, resolved and known
issues for the firmware release.

Watermark Tool
Watermarking is essentially marking files with a digital pattern to mark the file as being
proprietary to a specific company. The Watermark tool will apply a digital watermark to the file.
You can also select to add the watermark to an entire directory. The tool adds a small
(approximately 178 bytes) pattern to the file that is recognized by the DLP watermark filter
configured on your FortiOS device.
The following file types are supported: .txt, .pdf, .doc, .xls, .ppt, .docx, .pptx, and .xlsx.
The Watermark Tool is available for FortiExplorer v2.2 Build 1046 for Microsoft Windows only.
Watermarks can only be removed using the command line Watermark tool.

• Using the DLP watermark tool
• Create a filter in FortiOS
Using the DLP watermark tool
You can use the FortiExplorer DLP watermark tool to apply a corporate identifier to a specific
file or directory.
Apply a DLP watermark to a specific file:

1. Select Tools > DLP Watermark in the left hand menu. You can select to apply the watermark
to a specific file or to an entire directory.
2. Select the search icon to the right of the Select File field and browse for the file on your
workstation.
3. Select the sensitivity level in the drop-down menu. Select one of the following: Critical,
Private, or Warning.
4. Enter the corporate identifier in the Identifier field. The identifier can include 26
alpha-numeric and special characters.
5. Select the search icon to the right of the Output Directory field and browse for a folder on
your workstation to save the watermarked file.
6. Select Apply Watermark to apply the watermark to the selected file or directory.
Watermark Tool Page 29 FortiExplorer v2.2 Build 1046 User Guide

Figure 26:Apply watermark to selected file
You can apply multiple Watermarks to a file or directory.
Apply watermark output message

The following is an example output message generated by FortiExplorer when applying a
watermark to a specific file.
> fortinet-watermark-win.exe -v -d
"C:\Users\dshearman\Desktop\Confidential_Employee_Information"
-i "FTNT123321TNTF33333####FTNT1122451" -l "Critical" -o
"C:\Users\dshearman\Desktop\Confidential_Employee_Information"
Creating watermark. Pattern:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=identifier=FTNT123321TNTF33333#
###FTNT1122451
sensitivity=Critical=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-->
'C:\Users\dshearman\Desktop\Confidential_Employee_Information\C
onfidential_Document.pdf
Removing watermark at offset 539381, length 26
Inserted watermark size 176
--------------------------------------------------------
1 file(s) processed. (success = 1, failure = 0)

FortiExplorer command line Watermark tool
FortiExplorer v2.2 Build 1046 installer includes a command line Watermark tool,
fortinet-watermark-win.exe. This file is located in the C: > Program Files >
Fortinet > FortiExplorer directory. This tool can be launched from the
Administrator Command Prompt and can be used to add or delete Watermarks.
The following syntax lists usage and options available in this tool:
C:\>fortinet-watermark-win.exe
USAGE: fortinet-watermark-win.exe <options> -f <file name> -i
<identifier> -l <sensitivity level>
fortinet-watermark-win.exe <options> -d <directory> -i
<identifier> -l <sensitivity level>
Options:
-h print help
-v verbose information
-I inplace watermarking (don't copy file)
-o output directory
-e encode <to non-readable>
-a add additional watermark (by default replaces watermarks
existing watermarks)
-D delete all watermarks

Create a filter in FortiOS
You need to create a filter in FortiOS to recognize the watermark that you added using the
FortiExplorer watermark tool.
To create a DLP filter on your FortiOS device:

1. Select UTM Security Profiles > Data Leak Prevention > Sensor.
2. Select Create New in the toolbar.
The New Filter window opens.
Figure 27:New filter window
3. In Filter, select Files and set Watermark Sensitivity to Critical. In the Corporate Identifier field
enter the text added in Identifier field in FortiExplorer.
4. Select the services that you want to examine.
5. Select the action to take when the watermark is detected. The options include: None, Log
Only, Block, Quarantine User (for x Minutes), Quarantine IP Address (for x Minutes), or
Quarantine Interface (for x Minutes).
6. Select OK to save the setting.
7. Apply the DLP Sensor to the applicable firewall policies.

USB Serial Console
In FortiExplorer v2.2 build 1046 or later, you can access the BIOS configuration menu from
within the FortiExplorer shell. The USB serial console is available for devices which do not have
a hardware console port.
Supported models
The following models support this feature.
FortiGate
• FG-20C, FWF-20C
• FG-20C-ADSL-A, FWF-20C-ADSL-A
• FG-60D, FWF-60D
FortiAP
• FAP-11C
• FAP-28C
FortiSwitch
• FS-28C
Accessing the USB serial console menu
You can access the USB serial console menu from within the FortiExplorer shell. On device boot
you will be prompted to press any key to interrupt the boot sequence and enter the BIOS menu.
To access the USB serial console BIOS menu:

1. Install FortiExplorer and launch the application.
2. Connect the management computer to the Fortinet device using the USB cable that was
included in the box.
3. Power on the Fortinet device.
4. At the prompt, press any key.
USB Serial Console Page 33 FortiExplorer v2.2 Build 1046 User Guide
FortiGate BIOS menu
To enter the BIOS menu, press any key at the Press any key to display
configuration menu ..... screen.
If you do not press a key, the device will continue to boot. The time required to complete the
boot is dependent on the system BIOS.
The following options are available in the FortiGate BIOS menu:

• [G]: Get firmware image from TFTP server.
• [F]: Format boot device.
• [I]: Configuration and information.
• [B]: Boot with backup firmware and set as default.
• [Q]: Quit menu and continue to boot.
• [H]: Display this list of options.
Get firmware image from TFTP server

You can upload a new firmware image to your FortiGate device in the BIOS menu. Download
the firmware image from the Customer Service & Support FTP portal. In the portal you can verify
the MD5 checksum of firmware image you downloaded. Place the firmware image in the root
directory of your TFTP server and configure a static IP address on the network adapter of the
management computer.
To load a new firmware image from a TFTP server:

1. Select G in the BIOS menu to start firmware download.
The console displays:
Please connect TFTP server to Ethernet port ‘WAN1’.
Enter TFTP server address [192.168.1.145]:
2. Enter the IP address of the management computer running the TFTP server and select
Enter.
Enter Local Address [192.168.1.188]:
3. Enter an unused IP address that is on the same subnet as the TFTP server and select Enter.
Enter firmware image file name [image.out]:
4. Enter the firmware image file name and select Enter.
5. The FortiGate unit installs the new firmware image and restarts, The installation may take a
few minutes to complete.
Windows Firewall may block the TFTP connection. If you experience issues when attempting to
TFTP the firmware image, either disable Windows Firewall on your management computer or
configure to allow these connections.
Format boot device
You can format the boot device in the BIOS configuration menu.
To format the boot device:

1. Select F in the BIOS menu to format the boot device.
It will erase data in boot device. Continue? [yes/no]
2. In the prompt, enter yes and select Enter.
3. The console displays:
Formatting ............ Done
4. Once complete, the configuration menu is displayed.
Configuration and information menu

To access the configuration and information menu, press I in the BIOS menu. In this menu, you
can configure the serial port baudrate, set the image download port, enable or diable DHCP,
and display hardware information.
The following options are available in this menu:
• [S]: Set serial port baudrate (will take effect on next boot).
• [T]: Set image download port (will take effect now and on next boot).
• [C]: Set DHCP enable (will take effect now and on next boot).
• [I]: Display hardware information.
• [Q]: Quit this menu.
Set serial port baudrate

Select S to set the serial port baudrate, select 0-4, and select Enter to save the setting. The
default serial port baudrate is 0: 9600.
[S]: Set serial port baudrate (will take effect on next boot).
0: 9600
1: 19200
2: 38400
3: 57600
4: 115000
Enter baudrate option [9600]:
Set image download port

Select T to set the image download port. The default image download port may vary depending
on the device model.
[T]: Set image download port (will take effect now and on next boot).
0: Any of port 1 - 7
1: WAN1
2: WAN2
Enter image download port number [WAN1]:
Enable or disable DHCP
Select C to set DHCP as enabled or disabled. If you do not have a DHCP server enabled on your
management computer, set the DHCP server to disabled.
[C]: Set DHCP enable (will take effect now and on next boot).
Current setting: Enabled
Please select DHCP setting
[1]: Enable DHCP
[2]: Disable DHCP
Display hardware information

Select I to display hardware information. This menu option displays CPU, model, memory, and
BIOS information.
Quit the configuration and information menu

Select Q to quit the configuration and information menu and return to the main BIOS menu.
Display the list of options

Select H to display the list of options in this menu.
Boot with backup firmware and set as default

For devices with two partitions, you can select B to boot with the firmware image on the backup
partition.
[B]: Boot with backup firmware and set as default.
Loading backup firmware from boot device...
Reinitializing...
Quit menu and continue to boot

To quit the BIOS menu and continue to boot, select Q.
[Q]: Quit menu and continue to boot.
Display this list of options

[H]: Display this list of options.
FortiAP BIOS menu
To enter the BIOS menu, press any key at the Hit any key to stop autoboot screen.
The following options are available in the FortiAP configuration menu:
• [G]: Get OS image from TFTP server.
• [Q]: Quit menu and continue to boot with default OS.
Get OS image from TFTP server.

You can upload a new firmware image to your FortiAP device in the BIOS menu. Download the
firmware image from the Customer Service & Support FTP portal. In the portal you can verify the
MD5 checksum of firmware image you downloaded. Place the firmware image in the root
To load a firmware image from a TFTP server:

2. Enter the IP address of the management computer running the TFTP server and select
Enter.
5. The FortiAP unit installs the new firmware image and restarts, The installation may take a few
minutes to complete.
Quit this menu and continue to boot with default OS

Select Q to quit this menu and continue to boot with the default OS.

Select H to display the list of menu options.
FortiSwitch BIOS menu
To enter the BIOS menu, press any key at the Press any key to display
configuration menu ..... screen.
The following options are available in the FortiSwitch BIOS menu:

• [G]: Get firmware image from TFTP server.
• [F]: Format boot device.
• [I]: Configuration and information.
• [B]: Boot with backup firmware and set as default.
• [Q]: Quit menu and continue to boot.
Get firmware image from TFTP server.

You can upload a new firmware image to your FortiSwitch device in the BIOS menu. Download
the firmware image from the Customer Service & Support FTP portal. In the portal you can verify
the MD5 checksum of firmware image you downloaded. Place the firmware image in the root
To load a firmware image from a TFTP server:

2. Enter the IP address of the management computer running the TFTP server and select Enter.
5. The FortiSwitch unit installs the new firmware image and restarts, The installation may take a
few minutes to complete.
Format boot device
You can format the boot device in the BIOS configuration menu.
To format the boot device:

1. Select F in the BIOS menu to start the format.
It will erase data in boot device. Continue? [yes/no]
2. In the prompt, enter yes and select Enter.
3. The console displays:
Formatting ............ Done
4. Once complete, the configuration menu is displayed.
Configuration and information menu

To access the configuration and information menu, press I in the BIOS menu. In this menu, you
can configure the serial port baudrate, set the image download port, enable or diable DHCP,
and display hardware information.
The following options are available in this menu:
• [S]: Set serial port baudrate (will take effect on next boot).
• [T]: Set image download port (will take effect now and on next boot).
• [C]: Set DHCP enable (will take effect now and on next boot).
• [I]: Display hardware information.
• [Q]: Quit this menu.
Set serial port baudrate

Select S to set the serial port baudrate, select 0-4, and select Enter to save the setting. The
default serial port baudrate is 0: 9600.
[S]: Set serial port baudrate (will take effect on next boot).
0: 9600
1: 19200
2: 38400
3: 57600
4: 115000
Enter baudrate option [9600]:
Set image download port

Select T to set the image download port. The default image download port may vary depending
on the device model.
[T]: Set image download port (will take effect now and on next boot).
0: Any of port 1 - 7
1: WAN1
2: WAN2
Enter image download port number [WAN1]:
Enable or disable DHCP
Select C to set DHCP as enabled or disabled. If you do not have a DHCP server enabled on your
management computer, set the DHCP server to disabled.
[C]: Set DHCP enable (will take effect now and on next boot).
Current setting: Enabled
Please select DHCP setting
[1]: Enable DHCP
[2]: Disable DHCP
Display hardware information

Select I to display hardware information. This menu option displays CPU, model, memory, and
BIOS information.
Quit the configuration and information menu

Select Q to quit the configuration and information menu and return to the main BIOS menu.
Display the list of options

Select H to display the list of options in this menu.
Boot with backup firmware and set as default

For devices with two partitions, you can select B to boot with the firmware image on the backup
partition.
[B]: Boot with backup firmware and set as default.
Loading backup firmware from boot device...
Reinitializing...
Quit menu and continue to boot

To quit the BIOS menu and continue to boot, select Q.
[Q]: Quit menu and continue to boot.

[H]: Display this list of options.
Fortinet Hardware Quick Inspection (HQIP)
You can run the Fortinet Hardware Quick Inspection (HQIP) test from the USB Serial Console in
FortiExplorer. You can obtain the HQIP image from Technical Support.
To run the Fortinet Hardware Quick Inspection (HQIP) test:

1. Power on the device and enter the BIOS menu by pressing any key at the prompt.
2. Select [G]: Get firmware image from TFTP server in the configuration menu. See
Get firmware image from TFTP server for information on loading an image from a TFTP
server.
3. The FortiGate will import the HQIP firmware image from the TFTP server.
4. When prompted, select R to run the HQIP firmware image without saving.
5. In the FortiExplorer shell, select Devices > Command-line Interface and login to the device
using the username admin with no password.
6. Enter the following CLI command at the FortiTest prompt to start the HQIP test:
diagnose hqip start
7. Wire the network ports as indicated for the NIC loopback test, install a USB key, and press
any key to continue. The HQIP completes the following tests.
• BIOS Integrity Check
• System Configuration Check
• Memory Test
• CPU Test
• CPU/Memory Performance Test
• FortiASIC Test
• USB Test
• Boot Device Test
• Hard Disk Test
• Network Interface Controller Test
• NPU DDR Memory Test
• LED Test
• Reset Button Test
8. When complete, the HQIP report is displayed. Save the full output and submit to Technical
Support with your support ticket.
9. Reboot the system using the execute reboot CLI command. The device will reboot and
load the regular FortiOS firmware image.
Index
Numerics F
3G/4G modem filter
network settings 18 action 32
DLP sensor 32
A services 32
add model firmware
devices 25 FortiCare account 25
monitored firmware 25 install firmware 28
admin monitor firmware 25
password 13 release notes 28
upload 25
B format boot device
BIOS configuration USB serial console 35, 39
USB serial console 33 FortiCare
BIOS menu create a new account 11
FortiGate 34 FortiCare account
firmware 25
C FortiExplorer
central management configuration options 9
FortiManager 12 download 7
system settings 12 FortiExplorer software 7
command line installing 8
watermark 31 Mac OS X 7, 9
command line interface Microsoft Windows 7, 8
device management 24 register Fortinet device 10
configuration and information menu software updates 9
DHCP 36, 40 USB connection 8
hardware information 36, 40 FortiExplorer software 7
image download port 35, 39 FortiGate
serial port baudrate 35, 39 BIOS menu 34
USB serial console 35, 39 Fortinet Hardware Quick Inspection (HQIP) 40
configuration option
FortiExplorer 9 H
corporate identifier hardware information
DLP sensor 29 configuration and information menu 36, 40
create a new account
FortiCare 11 I
identifier
D watermark 29
default image download port
password 13 configuration and information menu 35, 39
device management install firmware
command line interface 24 firmware 28
Telnet 24 installing
Web-based Manager 23 FortiExplorer 8
DHCP Internet access policy
configuration and information menu 36, 40 block malicious web content 20
connection type 15 email filtering 20
DLP sensor exploits and intrusions 20
corporate identifier 29 monitor and block applications 20
filter 32 NAT 20
download virus detection 20
FortiExplorer 7
Page 42
L S
LAN settings 19 schedule
DHCP 19 security settings 19
load balancing security settings
round robin 17 Internet access policy 20
spillover 17 remote VPN 21
weighted load balance 17 schedule 19
virtual server 20
M sensitivity level
Mac OS X watermark 29
FortiExplorer 7, 9 serial port baudrate
monitor firmware configuration and information menu 35, 39
firmware 25 setup wizard 12
monitored firmware network settings 14
add model 25 security settings 19
devices 25 summary 22
online updates 26 system settings 12
software updates
N FortiExplorer 9
NAT spillover
Internet access policy 20 load balancing 17
network settings static IP
3G/4G modem 18 connection type 15
LAN settings 19 summary
load balancing 17 setup wizard 22
primary WAN 15 system settings
secondary WAN 16 central management 12
WAN topology 14 setup wizard 12
time zone 13
O
online updates T
monitored firmware 26 Telnet
output directory device management 24
watermark 29 time zone
output message system settings 13
watermark 30
U
P upload
password firmware 25
admin 13 upload firmware image from TFTP server
default 13 USB serial console 34, 37, 38
pattern USB connection
watermark 30 FortiExplorer 8
pattern size USB serial console
watermark 29 BIOS configuration 33
PPPoE configuration and information menu 35, 39
connection type 15 format boot device 35, 39
primary WAN 15 upload firmware image from TFTP server 34, 37, 38
USB serial console menu
R accessing 33
register Fortinet device
FortiExplorer 10 V
release notes 28 virtual server
remote VPN security settings 20
security settings 21 virus detection
round robin Internet access policy 20
load balancing 17
Index Page 43 FortiExplorer v2.2 Build 1046 User Guide

W watermark
WAN connection type command line 31
DHCP 15 identifier 29
PPPoE 15 output directory 29
Static IP 15 output message 30
pattern 30
WAN topology
pattern size 29
3G/4G modem only 14
sensitivity level 29
dual Ethernet 14
Ethernet with 3G/4G backup 14 Web-based Manager
network settings 14 device management 23
single Ethernet 14 weighted load balance
load balancing 17
Index Page 44 FortiExplorer v2.2 Build 1046 User Guide

Fortiexplorer User Guide 22

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Fortiexplorer User Guide 22

Hochgeladen von

Copyright:

Verfügbare Formate

FortiExplorer v2.

Technical Documentation docs.fortinet.com

Table of Contents Page 4 FortiExplorer v2.2 Build 1046 User Guide

Date Change Description

2013-04-10 Initial release.

2013-04-17 Added supported file type information for Watermark tool.

2013-05-27 Added USB Console Access chapter.

FortiExplorer v2.2 Build 1046 supports the following models.

Introduction Page 6 FortiExplorer v2.2 Build 1046 User Guide

Introduction Page 7 FortiExplorer v2.2 Build 1046 User Guide

Figure 1: Example connection to device

USB Mini-B Cable

USB A cable end into USB Mini-B cable end into

The following topics are discussed in this section:

Microsoft Windows install

Installing FortiExplorer Page 8 FortiExplorer v2.2 Build 1046 User Guide

Figure 2: FortiExplorer tool

Updating FortiExplorer and firmware

Installing FortiExplorer Page 9 FortiExplorer v2.2 Build 1046 User Guide

Figure 3: Register device to existing FortiCare account

Installing FortiExplorer Page 10 FortiExplorer v2.2 Build 1046 User Guide

Figure 4: Register device to new FortiCare account

Installing FortiExplorer Page 11 FortiExplorer v2.2 Build 1046 User Guide

Setup Wizard Page 12 FortiExplorer v2.2 Build 1046 User Guide

Figure 6: Admin password page

Setup Wizard Page 13 FortiExplorer v2.2 Build 1046 User Guide

Setup Wizard Page 14 FortiExplorer v2.2 Build 1046 User Guide

Setup Wizard Page 15 FortiExplorer v2.2 Build 1046 User Guide

Select the connection type for your secondary WAN connection.

Select one of the following:

Setup Wizard Page 16 FortiExplorer v2.2 Build 1046 User Guide

Select one of the following:

Setup Wizard Page 17 FortiExplorer v2.2 Build 1046 User Guide

Figure 12:3G/4G modem page

Setup Wizard Page 18 FortiExplorer v2.2 Build 1046 User Guide

Figure 13:LAN settings page

Figure 14:Schedule page

Setup Wizard Page 19 FortiExplorer v2.2 Build 1046 User Guide

Figure 15:Internet access policy page

Setup Wizard Page 20 FortiExplorer v2.2 Build 1046 User Guide

Figure 16:Remote VPN page

Setup Wizard Page 21 FortiExplorer v2.2 Build 1046 User Guide

Figure 17:Summary page

Setup Wizard Page 22 FortiExplorer v2.2 Build 1046 User Guide

Connecting to the Web-based Manager

Figure 18:Web-based Manager device access

Figure 19:CLI console device access

Figure 20:Monitored firmware page

The following topics are discussed in this section:

Firmware Page 25 FortiExplorer v2.2 Build 1046 User Guide

Download firmware images

Figure 22:Login to FortiCare dialog box

Firmware Page 26 FortiExplorer v2.2 Build 1046 User Guide

Figure 23:Install firmware image when connected to device

Firmware Page 27 FortiExplorer v2.2 Build 1046 User Guide

Figure 25:Install firmware image when connected to device

Firmware Page 28 FortiExplorer v2.2 Build 1046 User Guide

The following topics are discussed in this section:

Using the DLP watermark tool

Apply a DLP watermark to a specific file:

Watermark Tool Page 29 FortiExplorer v2.2 Build 1046 User Guide

You can apply multiple Watermarks to a file or directory.

Apply watermark output message