Fortinet 5001A-SW manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Fortinet 5001A-SW, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Fortinet 5001A-SW one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Fortinet 5001A-SW. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Fortinet 5001A-SW should contain:
- informations concerning technical data of Fortinet 5001A-SW
- name of the manufacturer and a year of construction of the Fortinet 5001A-SW item
- rules of operation, control and maintenance of the Fortinet 5001A-SW item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Fortinet 5001A-SW alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Fortinet 5001A-SW, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Fortinet service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Fortinet 5001A-SW.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Fortinet 5001A-SW item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    FortiGate-5001A Security System Guide 01-30000-834 56-20081023 5001A -SW FortiGate-5001A Security System Guide A detailed guid e to the FortiGate-5001A- DW and FortiGate-50 01A-SW Security Systems. This FortiGate-5001A Security System Guide describes FortiGate-5001A hard wa re features, how to inst all a FortiGate-500 1A board in a FortiGate-50 00 [...]

  • Page 2

    FortiGate-5001A Security System Guide 01-30000-834 56-20081023 W arnings and cautions Only trained and qual ified personnel should b e allo wed to install or maintain FortiGate-5000 series equipment. Read and comply with all warning s, cautions and notices in this document. • T urn ing of f all po wer switches may not tur n of f all power to the [...]

  • Page 3

    Contents FortiGate-5001A Se curity System Guide 01-30000-83456-200810 23 3 Contents Warnings and cautions .............. ............. ................ ................ ............. ............. 2 FortiGate-5001A security system .................. ................... 5 Front panel LEDs and connectors ............ ................ ................[...]

  • Page 4

    FortiGate-5001A Security System Guide 4 01-30000-83456-200810 23 Contents Configuring Transparent mode ........... .... ... ...... ... .... ... ... ... .... ... ... ... ... .... ... ... ... . 31 Using the web-based manager to conf igure Transparent mode ... .............. 31 Using the CLI to configure Transparen t mode ..... ................... ...[...]

  • Page 5

    FortiGate-5001A security system FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 5 FortiGate-5001A security system The FortiGate-5001 A security system is a high-perfo rmance Advanced T elecommunications Computing Ar chitecture (ACT A) compliant FortiGate security system that can be installe d in any ACT A chassis including the FortiG[...]

  • Page 6

    FortiGate-5001A Security System Guide 6 01-30000-83456-200810 23 Front panel LEDs and connectors FortiGate-5001A security system Figure 1: FortiGate-5001A-DW fr ont panel Figure 2: FortiGate-5001A-SW front panel The FortiGate-5001A boa rd incl udes the following features: • T wo front p anel 10/100/1000Ba se-T co pper 1-gigabit etherne t interfac[...]

  • Page 7

    FortiGate-5001A security system Front panel LEDs and connectors FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 7 LEDs Ta b l e 1 lists and describes the Fort iGate-5001A LEDs. T able 1: FortiGate-5001A LEDs LED St ate Descr iption 1, 2 (Lef t LED) Green The correct cable is connec ted to the interface a nd the connected equipment ha[...]

  • Page 8

    FortiGate-5001A Security System Guide 8 01-30000-83456-200810 23 Base backplane communication Fo rtiGate-5001A security system Connectors Ta b l e 2 lists and describes the For tiGa te - 50 01 A con n ector s. Base backplane communication The FortiGate-5001A base backplane 1-gi gabit interfaces can be used for HA heartbeat communication betwe en Fo[...]

  • Page 9

    FortiGate-5001A security system AMC modules FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 9 FortiGate-RTM-XB2 The FortiGate-R TM-XB2 module provides two 10-gigabit fabric backplane interfaces and NP2 processor acce leration for FortiGate-5001A fabric interfaces. For 10-gigabit fabric backpla ne communications, each FortiGate- 5001A[...]

  • Page 10

    FortiGate-5001A Security System Guide 10 01-30000-83456-200810 23 AMC modules FortiGate-5001A security system • The FortiGate-ASM-FB4, provides 4 NP2 accelerated SFP 1-gigabit interfaces . • The FortiGate-ASM-S08, pr ovides adds a re movable hard disk th at you can use to store log files and content ar chives. Figure 5: FortiGate-ASM-FB4 ASM-FB[...]

  • Page 11

    Hardware installation FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 11 Hardware inst allation Before use, the FortiGat e-5001A bo ard must be correctly inse rted into a n Advanced T elecommunications Computing Ar chitecture (ACT A) chassis such as the FortiGate-5140, FortiGate-5050, or FortiGate-5020 chassis. Before inserting the b[...]

  • Page 12

    FortiGate-5001A Security System Guide 12 01-30000-83456-200810 23 Changing FortiGate-5001A SW1 1 switch settin gs Hardware installation Changing FortiGate-5001A SW1 1 switch settings The SW1 1 switch on the For tiGate-5001A boar d is factory set by Fort inet to detect a shelf manager ( Figur e 6 ). This is the cor rect sett ing if you are inst alli[...]

  • Page 13

    Hardware installation Changing Fort iGate-50 01A SW1 1 switch settings FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 13 T o chang e or verify the SW1 1 sw itch setting T o complete this procedure, you ne ed: • A FortiGate-5001A boar d • A tool for changing the SW1 1 switch setting (optional) • An electrost atic discharge (ESD[...]

  • Page 14

    FortiGate-5001A Security System Guide 14 01-30000-83456-200810 23 FortiGate-5001A mo unting co mponents Hardware installation FortiGate-5001A mounting component s T o install a FortiGate- 5001A board you slide the boar d into an open slot in the front of an A TCA chassis and then use the mounting compo nents to lock the board into place in the slot[...]

  • Page 15

    Hardware installation Inserting a FortiGate-5001 A board FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 15 Figure 10: FortiGate-5001A-DW left (top) mounting comp onents Inserting a FortiGate-5001A board The FortiGate-5001 A board must be fully inst alled in a chassis slot, with the handles closed and locked and re tention screws ful[...]

  • Page 16

    FortiGate-5001A Security System Guide 16 01-30000-83456-200810 23 Inserting a FortiGate-5001A boa rd Hardware installation 1 Attach the ESD wrist strap to yo ur wrist and to an available ES D socket or w rist strap terminal. 2 If required , remove the pro tective metal frame that the FortiGate-5001A board has been shipped in. 3 Insert the Fort iGat[...]

  • Page 17

    Hardware installation Inserting a FortiGate-5001 A board FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 17 9 T urn both handles to th eir f ully-closed position s. The handles should hook into the sides of the chassis slot. Closing the handles draws the FortiGate-50 01A board into place in the chassis slot and into full contact with[...]

  • Page 18

    FortiGate-5001A Security System Guide 18 01-30000-83456-200810 23 Removing a FortiGate-5001A board Hardware installation 10 Once the board is inserted correctly , fully tighten the retent io n screws to lock the FortiGate-5001A board into po sition in the chassis slot. Removing a FortiGate-5001A board The following procedure describes how to co rre[...]

  • Page 19

    Hardware installation Removing a FortiGa te-5001A board FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 19 3 Fully loosen the retention scr ews on the FortiGate-5001A fro nt panel. 4 Unlock the handles by squeezing the handle locks. 5 Open the handles to their fully open positions. Y ou need to open the handles with moderate pres sur[...]

  • Page 20

    FortiGate-5001A Security System Guide 20 01-30000-83456-200810 23 Resetting a FortiGate-5001A board Hardware installation Resetting a FortiGate-5001A board Y ou must eject the FortiGate-5001A board from the chassis slot to cycle the power and reset the board . See “Removing a FortiGate-5001A bo ard” on page 18 for information about how to eject[...]

  • Page 21

    Hardware installation Installing and removing AMC modules FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 21 Inserting AMC slot filler panels The following procedur e desc ribes how to install a slot filler panel in the FortiGate-5001A front p anel AMC opening. The FortiGate-5001A-DW board includes one AMC double-width slot filler pa[...]

  • Page 22

    FortiGate-5001A Security System Guide 22 01-30000-83456-200810 23 Installing and removing AMC modules Hardware installation T o complete this proced ure, you need: • A FortiGat e-5001A bo ard with an op en slot • FortiGate AMC mo dule to install • An electrostatic dischar ge (ESD) prevent ive wrist strap with connection cord 1 Attach the ESD [...]

  • Page 23

    Hardware installation T roubl eshooting FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 23 1 Attach the ESD wrist strap to your wrist and to an available ESD socket or wrist strap terminal. 2 Eject the FortiGate-5001A boar d from the chassis slot. 3 With the FortiGate-5001 A left (top) ha ndle fully open, pull the latch on the AMC mo[...]

  • Page 24

    FortiGate-5001A Security System Guide 24 01-30000-83456-200810 23 T roublesh ooting Hardware installation FortiGate-5001A status LED is flashing dur ing system operation Normally , the FortiGate-5001A S tatus LE D is off when the For tiGate-5001A board is operating n ormally . If this LED start s flashing while the board is operating, a fault condi[...]

  • Page 25

    Quick Configuration Guide Registering your Fortinet product FortiGate-5001A Se curity System Guide 01-30000-83456-200810 23 25 Quick Configuration Guide This section is a quick start guide to connectin g and configuring a FortiGate-5001A security system for your network. Before using this chapter , your FortiGate-5000 series or comp atible A TCA ch[...]

  • Page 26

    FortiGate-5001A Security System Guide 26 01-30000-83456-200810 23 Planning the confi guration Quick Configuration Guide NAT/Route mode In NA T/Route mode, the FortiGate-5001A security system is visi ble to the networks that it is connected to. Each in terface connected to a network must be configured with an IP addres s that is valid for that netw [...]

  • Page 27

    Quick Configuration Guide Choosing the configuration to ol FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 27 Figure 12: E xam ple FortiGate-5001A board oper ating in T ransparent mode Y ou would typically deploy a FortiGate-5001A security system in T ransparent mode on a private network be hind an exis ting firewall or behind a ro u[...]

  • Page 28

    FortiGate-5001A Security System Guide 28 01-30000-83456-200810 23 Factory default settings Quick Configuration Guide Command Line Interface (CLI) The CLI is a full-featured management tool . Use it to configur e the administrator password, the inter face addresses, the default gateway , and the DNS server addresses. Requirement s: • The serial co[...]

  • Page 29

    Quick Configuration Guide Configuring NA T/Route mode FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 29 Using the web-based manager to configure NAT/Route mode 1 Connect port1 of the F ortiGate-5001A board to the sam e hub or switch a s the computer you will use to co nfigure the Fo rtiGate board. 2 Configure the manag ement compute[...]

  • Page 30

    FortiGate-5001A Security System Guide 30 01-30000-83456-200810 23 Configuring NA T/Route mode Quick Configu ration Guide 3 Set the addressing mode for the interface. ( See the online help for information.) • For manual addr essing, enter the IP address and ne tmask for the interface th at you added to T able 8 on page 29 . • For DHCP addressing[...]

  • Page 31

    Quick Configuration Guide Configuring T ransparent mode FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 31 6 Repeat to configure each interf ace as requ ired, for example, to con figure the port2 interface to the setting that you ad ded to T able 8 on page 29 . config system interface edit port2 ... 7 Configure the primar y and secon[...]

  • Page 32

    FortiGate-5001A Security System Guide 32 01-30000-83456-200810 23 Configuring T ransparent mode Quick Configuration Guide 4 T ype admin in the Name field and select Login. T o switch from NA T/Route mode to transp arent mode 1 Go to System > St atus and select the Change link beside Operation Mode: NA T . 2 Set Operation Mode to T ransparent. 3 [...]

  • Page 33

    Quick Configuration Guide Upgrading FortiGate-5001A firmware FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 33 Upgrading FortiGate-5001A firmware Fortinet periodically updates the Fort iGate-5001A FortiOS firmware to includ e enhancement s and address issues. Af ter you have registered your FortiGate-5001A secu rity system (see “R[...]

  • Page 34

    FortiGate-5001A Security System Guide 34 01-30000-83456-200810 23 FortiGate-5001A base back plane data commu nicatio n Quick Configuration Guide Where <name_str> is the name of the fir mware im age file and <tftp_ipv4 > is the IP address of the TFTP serve r . For ex am ple, if the firmware image fil e name is image.out and the IP addres[...]

  • Page 35

    Quick Configuration Guide FortiGate-5001A base backplane data communicati on FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 35 In a FortiGat e-5140 or FortiGate- 5050 chassis, FortiGate-5001A base backplane communication requires one or two FortiSwitch-500 3A or FortiSwitch-5003 boards. A FortiSwitch board inst alled in chassis base[...]

  • Page 36

    FortiGate-5001A Security System Guide 36 01-30000-83456-200810 23 FortiGate-5001A fabric backplane data communication Quick Configuration Guide FortiGate-5001A fabric backp lane dat a communication This section describes how to configur e FortiGa te-5001A boards for fabric backplane dat a communication using the fabric1 and fabric2 interfaces. Fabr[...]

  • Page 37

    Quick Configuration Guide Powering off the FortiGate-5001A board FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 37 T o enable fabric backplane dat a communication from the FortiGate-500 1A CLI From the FortiGate-5001A board CLI you can use the following step s to enable fabric backplane data commu nication. 1 Enter the following com[...]

  • Page 38

    FortiGate-5001A Security System Guide 38 01-30000-83456-200810 23 Powering off the FortiGate-5001A board Quick Configuration Guide[...]

  • Page 39

    For more information Fortinet documentation FortiGate-5001A Security System Guide 01-30000-83456-2008 1023 39 For more information Support for your Fo rt ine t pr od u ct is availab l e as onlin e he lp fr om w ithin the web-based manager, fro m the T ools and Document ation CD included with the product, on the Fortinet T ech nical Docume ntation w[...]

  • Page 40

    FortiGate-5001A Security System Guide 01-30000-83456-200810 23 www.fortinet.com © Copyright 2008 Fortinet, Inc. All rights rese rved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or tran slated in any form or by any means, electronic, mechan ical, manual, optical or otherwise, for [...]