English dropdown-ico

Fortinet FortiGate-5000 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

Go to page of

Similar user manuals

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Fortinet FortiGate-5000, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Fortinet FortiGate-5000 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Fortinet FortiGate-5000. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Fortinet FortiGate-5000 should contain:
- informations concerning technical data of Fortinet FortiGate-5000
- name of the manufacturer and a year of construction of the Fortinet FortiGate-5000 item
- rules of operation, control and maintenance of the Fortinet FortiGate-5000 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Fortinet FortiGate-5000 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Fortinet FortiGate-5000, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Fortinet service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Fortinet FortiGate-5000.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Fortinet FortiGate-5000 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    FortiGate-5000 Series Introduction 01-30000-834 66-20090108 FAN TRA Y FAN TRA Y FAN TRA Y 1 3 1 1 975312468 1 0 1 2 1 4 5140 C R IT I C A L R E S E T M A J O R M IN O R U S E R 1 U S E R 2 U S E R 3 5140SAP SERIAL 1 SERIAL 2 ALARM FIL TER 12 0 12 10/100 link/Act ETH0 Service RESET STATUS Hot Swap link/Act ETH0 ETH1 10/100 5000SM 10/100 link/Act ETH[...]

  • Page 2

    FortiGate- 5000 Ser ies Introduc tion 8 January 2009 01-30000-83 466-20090108 © Copyright 2009 Fortine t, Inc. All rights reser ved. No part of this publication including text, examples , diagrams or illustrations may be reproduced, tra nsmitted, or translated in a ny form or by any mea ns, electronic, mechanical, manual, op tical or otherwise, fo[...]

  • Page 3

    Contents FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 3 http://docs.fortinet.com/ • Feedback Contents Introduction ............... ............................ .......................................... ......... 7 Revision history ................ ............. ............. ................ ............. ................ ......[...]

  • Page 4

    Contents FortiGate-5000 Series Introduction 4 01-30000-83466-200901 08 http://docs.fort inet.com/ • Feed back FortiGate-5050 chassis ......... ............................ ............................ ......... 27 FortiGate-5050 front panel .. ............. ............. ................ ............. ............. ................ ..... 28 Forti[...]

  • Page 5

    Contents FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 5 http://docs.fortinet.com/ • Feedback FortiGate-5001SX security system ............... ............................... ......... 49 Front panel LEDs and connector s ................ ................................ .......................... ..... 50 LEDs ................... [...]

  • Page 6

    Contents FortiGate-5000 Series Introduction 6 01-30000-83466-200901 08 http://docs.fort inet.com/ • Feed back[...]

  • Page 7

    Introduction Revision history FortiGate-5000 Series Introduction 01-30000-83466-200901 08 7 Introduction This FortiGate-5000 Series Introductio n is a high-level guide to all three FortiGate-5000 serie s chassis and the boards that you can inst all in them. This chapter includes the following topics: • Revision history • About the FortiGate-50 [...]

  • Page 8

    FortiGate-5000 Series Introduction 8 01-30000-83466-200901 08 About the FortiGate- 5000 series chassis Introduction About the FortiGate-5000 series chassis The For tiGate-5000 s eries Secu rity Systems are chassis- based syste ms that MSSPs and large enterprises can use to provide subscr iber security services such as firewall, VPN, antivirus prote[...]

  • Page 9

    Introduction About the FortiGate-5000 series boards FortiGate-5000 Series In troduction 01-30000-83466-2009 0108 9 FortiGate-5020 chassis Y ou can install one or two FortiG ate-5000 se ries boards in the two slot s of the FortiGate-5020 A TCA chassis. The FortiGate-5020 is a 4U chassis that contains two re dundant AC to DC power supplies that conne[...]

  • Page 10

    FortiGate-5000 Series Introduction 10 01-30000-83466-200901 08 About the FortiGate-5000 series boa rds Introduction FortiGate-RTM-XB2 module The FortiGate-R TM-XB2 system is a rear transition module (RTM ) that provides two 10-gigabit fabric backplane interfaces and NP2 processor accelera tion for FortiGate-5001A boa rds installed in Fort iGate-514[...]

  • Page 11

    Introduction Warnings and cautions FortiGate-5000 Series In troduction 01-30000-83466-2009 0108 11 FortiSwitch-5003 system The FortiSwitch-5003 system provides base backplane communication between FortiGate security boards inst alled in FortiGate -5140 or FortiGate-5050 chassis. Base backplane communication can be used for HA heartbeat communicatio[...]

  • Page 12

    FortiGate-5000 Series Introduction 12 01-30000-83466-200901 08 Warnings and cautions Introduction • T urning of f all power switches may not turn off all po wer to the FortiGate-5000 series equipment. Some circuitr y in the FortiGate-5000 serie s equipment may continue t o operate even thoug h all power switches are off. • Many FortiGate-5000 c[...]

  • Page 13

    Introduction About Data Center DC power FortiGate-5000 Series In troduction 01-30000-83466-2009 0108 13 About Dat a Center DC power The FortiGate-5140 and FortiGate-5050 chassis are desig ned to be installed in a Data Center or similar loca tion that has availa ble -48VDC powe r . Fortinet expects that most FortiGate-5140 or FortiGate-5050 customer[...]

  • Page 14

    FortiGate-5000 Series Introduction 14 01-30000-83466-200901 08 Register your Fortinet product Introduction Register your Fortinet product Register your Fortinet product to re ceiv e Fortinet cus tomer services such as product updates and tech nical support. Y o u must also re gister your prod uct for FortiGuard services such as FortiGuard Antivirus[...]

  • Page 15

    FortiGate-5140-R chassis FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 15 http://docs.fortinet.com/ • Feedback FortiGate-5140-R chassis Y ou can install up to 14 FortiGate-5000 series boards in the 14 front panel slo ts of the FortiGate- 5140 A TCA ch assis. The F ortiGate-51 40 is a 12U chassis th at contains two redundant hot sw[...]

  • Page 16

    FortiGate-5140 chassis front panel FortiGate-5140-R chassis FortiGate-5000 Series Introduction 16 01-30000-83466-200901 08 http://docs.fort inet.com/ • Feed back FortiGate-5140 chassis front p anel Figure 1 shows the fron t pane l of a FortiGat e- 5140 chassis. T wo FortiSwitch-5003A boards are in stalled in slots 1 and 2. T welve FortiGate-5001A[...]

  • Page 17

    FortiGate-5140-R chassis FortiGate-5140 chassis back panel FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 17 http://docs.fortinet.com/ • Feedback Also visible on the front of the FortiGate-5140 chassis: • Electrosta tic discharge (ESD) socket, used for conne cting an ESD wrist or ankle band when working w ith the ch assis. • Fr[...]

  • Page 18

    Physical description of the FortiGate- 5140 chassis FortiGate-5140-R chassis FortiGate-5000 Series Introduction 18 01-30000-83466-200901 08 http://docs.fort inet.com/ • Feed back The power entry mod ules are hot swapp able, which means you ca n remove and replace a defective PEM wh ile the For tiGate-5140 is operating assuming th at the For tiGat[...]

  • Page 19

    FortiGate-5140 chassis FortiGate-5140 chassis front panel FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 19 http://docs.fortinet.com/ • Feedback FortiGate-5140 chassis Y ou can install up to 14 FortiGate-5000 series boards in the 14 front panel slo ts of the FortiGate- 5140 A TCA ch assis. The F ortiGate-51 40 is a 12U chassis th a[...]

  • Page 20

    FortiGate-5140 chassis back panel FortiGate-5140 chassis FortiGate-5000 Series Introduction 20 01-30000-83466-200901 08 http://docs.fort inet.com/ • Feed back Figure 3: FortiGate-5140 chassis front panel with FortiGate-5001SX, FortiGate-5001F A2, and FortiSwitch- 5003 board s inst alled Also visible on the front of the FortiGate-5140: • Electro[...]

  • Page 21

    FortiGate-5140 chassis FortiGate-5140 chassis back panel FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 21 http://docs.fortinet.com/ • Feedback Figure 4: FortiGate-5140 cha ssis back panel If you require redundant power you should conne ct both PEMs to DC power . If redundant power is not required, you should connect PEM A to DC po[...]

  • Page 22

    Physical description of the FortiGat e-5140 ch assis FortiGate-5140 chassis FortiGate-5000 Series Introduction 22 01-30000-83466-200901 08 http://docs.fort inet.com/ • Feed back Physical description of the FortiGate-5140 chassis The FortiGate-5140 chassis is a 12U chassis that can be installed in a st andard 19-inch rack. T able 3 describes the p[...]

  • Page 23

    FortiGate-5050-R chassis FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 23 http://docs.fortinet.com/ • Feedback FortiGate-5050-R chassis Y ou can install u p to five FortiGate-5000 series boards in the five slots o f the FortiGate-5050 A TCA chassis. The FortiGate-5050 is a 5U 19-inch rackm ount A TCA chassis that contains two redu[...]

  • Page 24

    FortiGate-5050 front panel FortiGate-5050-R chassis FortiGate-5000 Series Introduction 24 01-30000-83466-200901 08 http://docs.fort inet.com/ • Feed back FortiGate-5050 front panel Figure 5 shows the front of a FortiGate-50 50 ch assis. T wo FortiSwitch-5003 boards ar e insta lled in slots 1 and 2. Three FortiGate-5001 SX boards are inst alled in[...]

  • Page 25

    FortiGate-5050-R chassis FortiGate-5050 back panel FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 25 http://docs.fortinet.com/ • Feedback FortiGate-5050 back p anel Figure 6 shows the ba ck of a F ortiGate-50 50 ch assis. The FortiGate-5050 chassis back panel includes two redu ndant -48V to - 58V DC power input connectors labelled [...]

  • Page 26

    Physical description of the FortiGate- 5050 chassis FortiGate-5050-R chassis FortiGate-5000 Series Introduction 26 01-30000-83466-200901 08 http://docs.fort inet.com/ • Feed back Physical description of the FortiGate-5050 chassis The FortiGate-5050 chassis is a 5U chassis that can be installed in a st andard 19-inch rack. T able 4 describes the p[...]

  • Page 27

    FortiGate-5050 chassis FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 27 http://docs.fortinet.com/ • Feedback FortiGate-5050 chassis Y ou can install u p to five FortiGate-5000 series boards in the five slots o f the FortiGate-5050 A TCA chassis. The FortiGate-5050 is a 5U 19-inch rackm ount A TCA chassis that contains two redu nda[...]

  • Page 28

    FortiGate-5050 front panel FortiGate-5050 chassis FortiGate-5000 Series Introduction 28 01-30000-83466-200901 08 http://docs.fort inet.com/ • Feed back FortiGate-5050 front panel Figure 7 shows the front of a FortiGate-50 50 ch assis. T wo FortiSwitch-5003 boards ar e insta lled in slots 1 and 2. Three FortiGate-5001 SX boards are inst alled in s[...]

  • Page 29

    FortiGate-5050 chassis Physical description of the FortiGate-5050 chassis FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 29 http://docs.fortinet.com/ • Feedback Figure 8: FortiGate-5050 cha ssis back panel The back pane l includes the FortiGate-5050 chassis groun d connector which must be connected to Data Center gr ound. Use the p[...]

  • Page 30

    Physical description of the FortiGat e-5050 ch assis FortiGate-5050 chassis FortiGate-5000 Series Introduction 30 01-30000-83466-200901 08 http://docs.fort inet.com/ • Feed back[...]

  • Page 31

    FortiGate-5020 chassis FortiGate-5020 front panel FortiGate-5000 Series Introduction 01-30000-83466-200901 08 31 FortiGate-5020 chassis Y ou can install one or two FortiGa te-5000 series boards in the two slot s of the FortiGate-50 20 A TCA chassis. The FortiGat e-5020 is a 4U chassis that contains two redundant AC to DC power supplies tha t connec[...]

  • Page 32

    FortiGate-5000 Series Introduction 32 01-30000-83466-200901 08 FortiGate-5020 back panel FortiGate- 5020 chassis FortiGate-5020 back p anel Figure 10 shows the back of a FortiG ate-5020 c hassis. Th e chassis ba ck panel includes two redundant AC power connec tors and provides access to th e hot swappable cooling fan tray . Each AC powe r connector[...]

  • Page 33

    FortiGate-5001A security system FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 33 FortiGate-5001A security system The FortiGate-5001 A security system is a high-perfo rmance Advanced T elecommunications Com puting Architecture (ACT A) compliant FortiGat e security system that can be in stalled in any ACT A chassis including the Forti[...]

  • Page 34

    FortiGate-5000 Series Introduction 34 01-30000-83466-200901 08 Front panel LEDs and connectors FortiGate-5001A security system Figure 1 1: FortiGate-5 001A-DW front panel Figure 12: FortiGate-5001A-SW front panel The FortiGate-5001A boa rd incl udes the following features: • T wo front panel 10/100/10 00Base-T co pper 1- gigabit ethernet interfac[...]

  • Page 35

    FortiGate-5001A security system Front panel LEDs and connectors FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 35 LEDs Ta b l e 7 lists and de scribes the FortiGate-5001 A LEDs. T able 7: FortiGate-5001A LEDs LED St ate Description 1, 2 (Lef t LED) Green The correct cable is connec ted to the i nterface and the connected equipment ha[...]

  • Page 36

    FortiGate-5000 Series Introduction 36 01-30000-83466-200901 08 Base backplane communication Fo rtiGate-5001A security system Connectors Ta b l e 8 lists and describes the FortiGate-50 01A connector s. Base backplane communication The FortiGate-5001A base backplane 1-g i gabit interfaces can be used for HA heartbeat communication between Fo rtiGate-[...]

  • Page 37

    FortiGate-5001A security system AMC modules FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 37 FortiGate-RTM-XB2 The FortiGate-R TM-XB2 module provides two 10-gigabit fabric backplane interfaces and NP2 processor acceler ation for FortiGate-5001A fabric interfaces. For 10-gigabit fabric backpla ne communications, each FortiGate-500 1A[...]

  • Page 38

    FortiGate-5000 Series Introduction 38 01-30000-83466-200901 08 AMC modules FortiGate-5001A security system • The FortiGate-ASM-FB4, provides 4 NP2 accelerated SFP 1-gigabit interfaces . • The FortiGate-ASM-S08, pr ovides adds a re movable hard disk th at you can use to store log files and content ar chives. Figure 15: FortiGate-ASM-FB4 ASM-FB4 [...]

  • Page 39

    FortiGate-RTM-XB2 system FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 39 FortiGate-RTM-XB2 system The FortiGate-R TM-XB2 system provides two 10- gigabit fabric backplane interfaces and NP2 processor acceler ation for FortiGate-5001A boards inst alled in FortiGate-5140 and FortiGate-5050 chassis. The FortiGate-R TM-XB2 is an A TCA r[...]

  • Page 40

    FortiGate-5000 Series Introduction 40 01-30000-83466-200901 08 Front panel LED FortiGate-RTM-XB2 system Front p anel LED From the FortiGate-R TM-XB2 font p anel includes a power LED. Fabric backplane 10-gigabit communication The FortiGate-RTM -XB2 module is used for fabric backp lane 10-gigabit dat a communication. T o support fabric backplane comm[...]

  • Page 41

    FortiGate-5005F A2 security system FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 41 FortiGate-5005F A2 security system The FortiGate-5005F A2 security system is a high-performance FortiGate security system with a total of 8 front pa nel gigabit ethernet interfaces, two base backplane interfaces, and two fabric backplane interf aces.[...]

  • Page 42

    FortiGate-5000 Series Introduction 42 01-30000-83466-200901 08 Front panel LEDs and connectors Fo rtiGate-5005F A2 security system • 2 USB connectors. • Mounting hardware. • LED status indi cators. The FortiGa te-5005F A2 board comes supplie d with fiber and copper SFP transceivers. Y ou can order the SFP tr ansc eivers in any combination . B[...]

  • Page 43

    FortiGate-5005F A2 security system Accelera ted packet forwarding and policy enforcement FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 43 Connectors Ta b l e 1 1 lists and describes the FortiGate-5005F A2 connectors. Accelerated p acket forwarding and policy enforcement FortiGate-5005F A2 Accelerated packe t forwarding and policy en[...]

  • Page 44

    FortiGate-5000 Series Introduction 44 01-30000-83466-200901 08 Base backplane gigabit communication FortiGate- 5005F A2 security system • Firewall an d intrusion prot ection (IPS ), when there is a reas onable perc entage of P2P packet s. • Firewall, intrusion pr otection (IPS) , and antivir us, when th ere is a rea sonable percentage of P2 P p[...]

  • Page 45

    FortiGate-5001F A2-LENC se curity system FortiGate-5000 Series Introduction 01-30000-83466-200901 08 45 FortiGate-5001F A2-LENC security system The FortiGate-5001 F A2-LENC security sy stem is a high-performance FortiGate security system with a tot al of 8 front pane l gigabit ethernet interfaces and two base backplane interfaces. Use the front pa [...]

  • Page 46

    FortiGate-5000 Series Introduction 46 01-30000-83466-200901 08 Front panel LEDs and connectors Fort iGate-5001F A2-LENC security system • Mounting hardware • LED status ind icators The FortiGate -5001F A2-LENC board co mes supplied with fo ur optical or four copper SFP transce ivers. Before you can connect For tiGate-5001F A2-LENC interfaces 1 [...]

  • Page 47

    FortiGate-5001F A2-LENC se curity system Accele rated packet forwarding and policy enforcement FortiGate-5000 Series In troduction 01-30000-83466-2009 0108 47 Connectors Ta b l e 1 3 lists and de scribes th e FortiGat e-5001F A2-LENC conn ectors. Accelerated p acket forwarding and policy enforcement FortiGate-5001F A2-LENC Accelerated p acket forwa[...]

  • Page 48

    FortiGate-5000 Series Introduction 48 01-30000-83466-200901 08 Base backplane gigabit communication FortiGate-500 1F A2-LENC security system • Firewall, intrusion pr otection (IPS) , and antivir us, when th ere is a rea sonable percentage of P2 P packets. • Firewall and IPSec VPN applications . The following traffic scenar ios should be hand le[...]

  • Page 49

    FortiGate-5001SX security system FortiGate-5000 Series Introduction 01-30000-83466-200901 08 49 FortiGate-5001SX security system The FortiGate-5001 SX security system is a high-perfor mance FortiGate securi ty system with a total of 8 front pan el gig abit ethernet interfaces and two base backplane in terfaces . Use the fro nt pane l interfaces for[...]

  • Page 50

    FortiGate-5000 Series Introduction 50 01-30000-83466-200901 08 Front panel LEDs and connectors FortiGate-5001SX security system The FortiGate -5001SX boar d ships with two RAM DIMMs installed on the FortiGate-5001SX circuit board. Y ou shou ld confirm that the RAM D IMMs are installed co rrectly before inserting th e FortiGate-5001SX boar d into a [...]

  • Page 51

    FortiGate-5001SX security system Base backplane gigabit interfaces FortiGate-5000 Series In troduction 01-30000-83466-2009 0108 51 Connectors Ta b l e 1 5 lists and de scribes the FortiGate- 5001SX conn ectors. Base backplane gigabit interfaces The FortiGate-50 01SX port9 and port10 bas e backplan e gigabit inte rfaces ca n be used for HA heartbeat[...]

  • Page 52

    FortiGate-5000 Series Introduction 52 01-30000-83466-200901 08 Base backplane gigabit interfaces FortiGate- 5001SX security system[...]

  • Page 53

    FortiSwitch-5003A system FortiGate-5000 Series Introduction 01-30000-83466-200901 08 53 FortiSwitch-5003A system The FortiSwitch-5003A boa rd provides 10/1-gigabit fabr ic backplane channel layer-2 switch ing and 1- gigabit base b a ckplane channel layer- 2 switching in a dual star architecture fo r the FortiGat e-5140 and FortiGate-505 0 chassis. [...]

  • Page 54

    FortiGate-5000 Series Introduction 54 01-30000-83466-200901 08 Front panel LEDs and connectors FortiSwitch-5003A system Figure 21: FortiSwitch-5003A front panel • One front p anel base backplane 1 0-gig abit optical or copper SFP+ interface (BASE 10G) that connects to the base backplane channel • Eight front panel fabric backplane 10- gigab it [...]

  • Page 55

    FortiSwitch-5003A system Front panel LEDs and connectors FortiGate-5000 Series In troduction 01-30000-83466-2009 0108 55 LEDs Ta b l e 1 6 lists and describes the FortiSwitch-5003A front p anel LEDs. T able 16: FortiSwitch-5003A front panel LEDs and switches LED St ate Description OOS (Out of Service) Of f Normal operation. Red O ut of service. The[...]

  • Page 56

    FortiGate-5000 Series Introduction 56 01-30000-83466-200901 08 Front panel LEDs and connectors FortiSwitch-5003A system Base channel interfaces Ta b l e 1 7 list s and describes the FortiSwitch-5 003A base backplane channel interfaces. The base backplane i nterfaces are not configurable or visible from th e FortiSwitch-5003A CLI. Figure 22: FortiSw[...]

  • Page 57

    FortiSwitch-5003A system Front panel LEDs and connectors FortiGate-5000 Series In troduction 01-30000-83466-2009 0108 57 Fabric channel interfaces Ta b l e 1 8 lists and describes the FortiSwitch-5003 A fabric channel interfaces. Y ou can configure fabric interface settings, group fabric interfaces into trunks, and configure MSTP sp anning tree set[...]

  • Page 58

    FortiGate-5000 Series Introduction 58 01-30000-83466-200901 08 FortiSwitch-5003 A configurations FortiSwitch-5003A system Front panel connectors Ta b l e 2 0 list s and describes the FortiSwitch-5 003A front p anel connectors. FortiSwitch-5003A configurations Y ou can operate the FortiSwitch-5 003A board as a fabric and base ch annel layer-2 switch[...]

  • Page 59

    FortiSwitch-5003A system FortiSwitch-5003A configurations FortiGate-5000 Series In troduction 01-30000-83466-2009 0108 59 Figure 24: FortiSwitch-5003A base channel 1 HA heartb eat communication Fabric 10-gigabit sw itching within a chassis One FortiGate-R TM-XB2 provides 10-gigabit con nections to both FortiGate-5001A fabric channels. The FortiGate[...]

  • Page 60

    FortiGate-5000 Series Introduction 60 01-30000-83466-200901 08 FortiSwitch-5003 A configurations FortiSwitch-5003A system Layer-2 link aggregation a nd redundancy configurations The FortiSwitch-5003A board suppor ts 802.3ad st atic mode layer- 2 link aggregation, 802.1q VLANs, and 802.1s Multi-S panning T ree Protocol (MSTP) for the fabric channels[...]

  • Page 61

    FortiSwitch-5003 system Front panel LEDs and connectors FortiGate-5000 Series Introduction 01-30000-83466-200901 08 61 FortiSwitch-5003 system The FortiSwitch-5003 bo ard provides base backplan e interface switching for the FortiGate-5140 ch assis and the FortiG ate-5050 cha ssis. Y ou can use this switching for data comm unication or HA heartbeat [...]

  • Page 62

    FortiGate-5000 Series Introduction 62 01-30000-83466-200901 08 Front panel LEDs and connectors FortiSwitch-5003 system Figure 27: FortiSwitch-5003 front panel LEDs Ta b l e 2 1 list s and describes the FortiSwitch-500 3 board front pane l LEDs. MANAGEMENT SYSTEM E1 ZRE LED MODE 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 E0 OK CLK INT EXT FLT HOT SWAP RE[...]

  • Page 63

    FortiSwitch-5003 system Front panel LEDs and connectors FortiGate-5000 Series In troduction 01-30000-83466-2009 0108 63 About the ZRE n etwork activity LED s The ZRE network activity LEDs show links and network activity for the interfaces and connections listed in Ta b l e 2 2 . Figure 28: FortiSwitch-5003 ZRE networ k activity LEDs EXT FL T Off No[...]

  • Page 64

    FortiGate-5000 Series Introduction 64 01-30000-83466-200901 08 Base backplane communications FortiSwitch-5003 system Connectors Ta b l e 2 3 list s and describes the FortiSwitch-5 003 front p anel connectors. Base backplane communications This section provides a brief introducti on to using FortiSwitch -5003 boards for base backplane commu nication[...]

  • Page 65

    FortiSwitch-5003 system Base backplane communicati ons FortiGate-5000 Series In troduction 01-30000-83466-2009 0108 65 In a single chassis, more than one cluster can use the same base backplane interface for HA heartbeat communication. T o sepa rate heartbeat communication for multiple clusters on the same base backplane interf ace, configure a dif[...]

  • Page 66

    FortiGate-5000 Series Introduction 66 01-30000-83466-200901 08 Base backplane communications FortiSwitch-5003 system[...]

  • Page 67

    The FortiGate-5005-DIST securi ty system Basic FortiGate security system configuration FortiGate-5000 Series Introduction 01-30000-83466-200901 08 67 The FortiGate-5005-DIST security system The FortiGate-5005-DIST se curity system is very simila r to a single FortiGate unit, but with mu ch higher capacity a nd with supp ort for f ailover prot ectio[...]

  • Page 68

    FortiGate-5000 Series Introduction 68 01-30000-83466-200901 08 FortiController- 5208 I/O boards The FortiGate-5005-DIST security system Figure 29: Example basic FortiGate-5005-DIST security system FortiController-5208 I/O boards Data flows into and ou t of the FortiGate-5005-DIST syste m through the I/O boards. The I/O boards a re FortiController-5[...]

  • Page 69

    The FortiGate-5005-DIST security syst em FortiGate-5005F A2 worker boards FortiGate-5000 Series In troduction 01-30000-83466-2009 0108 69 FortiGate-5005F A2 worker boards The FortiGate-5005 F A2 security system serves as the worker board for the FortiGate-5005-DIST security system. Work er boards are iden tically configured and administered as a si[...]

  • Page 70

    FortiGate-5000 Series Introduction 70 01-30000-83466-200901 08 FortiGate-5005-DIST security system chassis The FortiG ate-5005-DIST security system FortiGate-5005-DIST secu rity system chassis FortiGate-5005-DIST security systems ca n be installed in FortiGate-5050 or FortiGate -5140 cha ssis. FortiGate-5140 chassis Y ou can install one or two I/O [...]

  • Page 71

    The FortiGate-5005-DIST security syst em FortiGate-5005-DIST interface names FortiGate-5000 Series In troduction 01-30000-83466-2009 0108 71 FortiGate-5050 chassis Y ou can install one or two I/O board s in slot 1 and 2 of the FortiGate-5050 A TCA chassis. Y ou can also install up to thre e worker boards in slot s 3 to 5 if two I/O boards are being[...]

  • Page 72

    FortiGate-5000 Series Introduction 72 01-30000-83466-200901 08 FortiGate-5005-DIST interf ace names The FortiGate- 5005-DIST security system T able 24: For tiGate-5005-DIST interface naming FortiController-520 8 location FortiControlle r-5208 front panel interface names Web-b ased manage r and CLI interface names Primary FortiController-5208 board [...]

  • Page 73

    FortiController-5208 system FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 73 FortiController-5208 system Y ou can create a FortiGate-5005-DIST high- throughput multi-threat network security system using one or two Fort iControll er-5208 boards and multiple FortiGate- 5005 boar ds in a Fort iGate-5050 or FortiG ate-5140 c hassis. A F[...]

  • Page 74

    FortiGate-5000 Series Introduction 74 01-30000-83466-200901 08 Front panel LEDs and connectors FortiControlle r-5208 system • Inserting a FortiController-52 08 module into a chassis • Removing a FortiController- 5208 module from a chassis • T roubleshooting Front p anel LEDs and connectors From the FortiController -5208 front pane l you can v[...]

  • Page 75

    FortiController-5208 system Front panel LEDs and connectors FortiGate-5000 Seri es Intro duction 01-30000-83466-2009 0108 75 The control LEDs of a secondary FortiController-5208 board will be sync hronized to the control LEDs of the primary because all the inst alled boards use the same fabric backplane network to communicate. Each FortiController [...]

  • Page 76

    FortiGate-5000 Series Introduction 76 01-30000-83466-200901 08 Backplane gigabit interfaces FortiControlle r-5208 system Backplane gigabit interfaces The FortiController-520 8 board uses the ch assis backplane gigabit in terfaces for all communication with boards inst alle d in the chassis . This communi cation includes: • Management communicatio[...]

  • Page 77

    www.fortinet.com[...]