Fortinet FortiGate 5001A-DW User Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate 5001A-DW
  6. User manual
Fortinet FortiGate 5001A-DW User Manual

Fortinet FortiGate 5001A-DW User Manual

Fortinet security system user's guide
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
5001A-SW
A detailed guide to the FortiGate-5001A-DW and FortiGate-5001A-SW Security Systems. This FortiGate-5001A
Security System Guide describes FortiGate-5001A hardware features, how to install a FortiGate-5001A board in a
FortiGate-5000 series chassis, and how to configure the FortiGate-5001A security system for your network.
The most recent versions of this and all FortiGate-5000 series documents are available from the
the
Fortinet Technical Documentation
Visit
http://support.fortinet.com
FortiGate-5001A Security System Guide
01-30000-83456-20081023
FortiGate-5001A
FortiGate-5001A-DW
FortiGate-5001A-SW
web site (http://docs.forticare.com).
to register your FortiGate-5001A security system. By registering you can receive product
updates, technical support, and FortiGuard services.
Security System Guide
FortiGate-5000
page of

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate 5001A-DW

Summary of Contents for Fortinet FortiGate 5001A-DW

  • Page 1 Security System Guide describes FortiGate-5001A hardware features, how to install a FortiGate-5001A board in a FortiGate-5000 series chassis, and how to configure the FortiGate-5001A security system for your network. The most recent versions of this and all FortiGate-5000 series documents are available from the Fortinet Technical Documentation Visit http://support.fortinet.com to register your FortiGate-5001A security system.

  • Page 2: Warnings And Cautions

    ESD protection by wearing an anti-static wrist strap and attaching it to an available ESD connector such as the ESD sockets provided on FortiGate-5000 series chassis. • Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recommends direct connections to the building ground. •...

  • Page 3: Table Of Contents

    FortiGate-5001A status LED is flashing during system operation... 24 FortiGate AMC modules not detected by FortiGate-5001A board ... 24 Quick Configuration Guide ... 25 Registering your Fortinet product ... 25 Planning the configuration ... 25 NAT/Route mode ... 26 Transparent mode ... 26 Choosing the configuration tool ...
  • Page 4 Powering off the FortiGate-5001A board... 37 Fortinet documentation ... 39 Fortinet Tools and Documentation CD... 39 Fortinet Knowledge Center ... 39 Comments on Fortinet technical documentation ... 39 Customer service and technical support ... 39 Register your Fortinet product... 39 Contents...

  • Page 5: Fortigate-5001A Security System

    FortiGate-5001A security system FortiGate-5001A security system The FortiGate-5001A security system is a high-performance Advanced Telecommunications Computing Architecture (ACTA) compliant FortiGate security system that can be installed in any ACTA chassis including the FortiGate-5140, FortiGate-5050, or FortiGate-5020 chassis. Two FortiGate-5001A models are available: •...

  • Page 6: Front Panel Leds And Connectors

    Front panel LEDs and connectors Front panel LEDs and connectors Figure 1: FortiGate-5001A-DW front panel Double-width AMC opening Retention Screw Extraction Lever Figure 2: FortiGate-5001A-SW front panel Single-width AMC opening 5001A-SW Retention Screw Extraction Lever The FortiGate-5001A board includes the following features: •...

  • Page 7: Leds

    FortiGate-5001A security system LEDs Table 1 Table 1: FortiGate-5001A LEDs 1, 2 (Left LED) 1, 2 (Right LED) Base CH0 Base CH1 Fabric CH0 Fabric CH1 FortiGate-5001A Security System Guide 01-30000-83456-20081023 lists and describes the FortiGate-5001A LEDs. State Description Green The correct cable is connected to the interface and the connected equipment has power.

  • Page 8: Connectors

    Base backplane communication Connectors Base backplane communication Fabric backplane communication Table 2 lists and describes the FortiGate-5001A connectors. Table 2: FortiGate-5001A connectors Connector Type Speed Protocol Description 1, 2 RJ-45 10/100/1000 Ethernet Base-T CONSOLE RJ-45 9600 bps RS-232 8/N/1 serial The FortiGate-5001A base backplane 1-gigabit interfaces can be used for HA heartbeat communication between FortiGate-5001A boards installed in the same or in different FortiGate-5000 chassis.

  • Page 9: Fortigate-Rtm-Xb2

    Screw Handle The FortiGate-RTM-XB2 NP2 processors provide hardware accelerated network processing for eligible traffic passing through the FortiGate-RTM-XB2 interfaces. For information about Fortinet NP2 processor acceleration, see the Hardware Acceleration Technical Follow the instructions in the FortiGate-RTM-XB2 module. AMC modules You can install one FortiGate AMC Double width Module (ADM) in the FortiGate-5001A-DW front panel AMC double-width opening.
  • Page 10 AMC modules • The FortiGate-ASM-FB4, provides 4 NP2 accelerated SFP 1-gigabit interfaces. • The FortiGate-ASM-S08, provides adds a removable hard disk that you can use to store log files and content archives. Figure 5: FortiGate-ASM-FB4 LINK LINK LINK LINK ASM-FB4 Note: You can operate a FortiGate-5001A board with both a FortiGate-RTM-XB2 module and a supported FortiGate AMC module installed at the same time.

  • Page 11: Hardware Installation

    Hardware installation Hardware installation Before use, the FortiGate-5001A board must be correctly inserted into an Advanced Telecommunications Computing Architecture (ACTA) chassis such as the FortiGate-5140, FortiGate-5050, or FortiGate-5020 chassis. Before inserting the board into a chassis you should make sure the SW-11 switch is set correctly.

  • Page 12: Changing Fortigate-5001A Sw11 Switch Settings

    Changing FortiGate-5001A SW11 switch settings Changing FortiGate-5001A SW11 switch settings The SW11 switch on the FortiGate-5001A board is factory set by Fortinet to detect a shelf manager (Figure 6). This is the correct setting if you are installing the FortiGate-5001A board in a chassis that contains an operating shelf manager (such as the FortiGate-5140 or FortiGate-5050 chassis).
  • Page 13 Hardware installation To change or verify the SW11 switch setting To complete this procedure, you need: • A FortiGate-5001A board • A tool for changing the SW11 switch setting (optional) • An electrostatic discharge (ESD) preventive wrist strap with connection cord Caution: FortiGate-5001A boards must be protected from static discharge and physical shock.

  • Page 14: Fortigate-5001A Mounting Components

    FortiGate-5001A mounting components FortiGate-5001A mounting components To install a FortiGate-5001A board you slide the board into an open slot in the front of an ATCA chassis and then use the mounting components to lock the board into place in the slot. When locked into place and positioned correctly the board front panel is flush with the chassis front panel.

  • Page 15: Inserting A Fortigate-5001A Board

    Hardware installation Figure 10: FortiGate-5001A-DW left (top) mounting components Alignment Retention Screw Inserting a FortiGate-5001A board The FortiGate-5001A board must be fully installed in a chassis slot, with the handles closed and locked and retention screws fully tightened for the FortiGate-5001A board to receive power and operate normally.
  • Page 16 Inserting a FortiGate-5001A board Attach the ESD wrist strap to your wrist and to an available ESD socket or wrist strap terminal. If required, remove the protective metal frame that the FortiGate-5001A board has been shipped in. Insert the FortiGate-5001A board into the empty slot in the chassis. Unlock the handles by squeezing the handle locks.
  • Page 17 Hardware installation Turn both handles to their fully-closed positions. The handles should hook into the sides of the chassis slot. Closing the handles draws the FortiGate-5001A board into place in the chassis slot and into full contact with the chassis backplane. The FortiGate-5001A front panel should be in contact with the chassis front panel.

  • Page 18: Removing A Fortigate-5001A Board

    Removing a FortiGate-5001A board Removing a FortiGate-5001A board Once the board is inserted correctly, fully tighten the retention screws to lock the FortiGate-5001A board into position in the chassis slot. Retention Screw Tighten The following procedure describes how to correctly use the FortiGate-5001A mounting components described in “FortiGate-5001A mounting components”...
  • Page 19 Hardware installation Fully loosen the retention screws on the FortiGate-5001A front panel. Unlock the handles by squeezing the handle locks. Open the handles to their fully open positions. Caution: To avoid damaging the lock, make sure you squeeze the handles fully to unlock them before opening.

  • Page 20: Resetting A Fortigate-5001A Board

    Resetting a FortiGate-5001A board Resetting a FortiGate-5001A board Installing and removing AMC modules You must eject the FortiGate-5001A board from the chassis slot to cycle the power and reset the board. See “Removing a FortiGate-5001A board” on page 18 for information about how to eject a FortiGate-5001A board from a chassis. This section describes installing a FortiGate AMC Double width Module (ADM) in the FortiGate-5001A-DW front panel AMC double-width opening or a FortiGate AMC Single width Module (ASM) in the FortiGate-5001A-SW front panel AMC...

  • Page 21: Inserting Amc Slot Filler Panels

    Hardware installation Inserting AMC slot filler panels The following procedure describes how to install a slot filler panel in the FortiGate-5001A front panel AMC opening. The FortiGate-5001A-DW board includes one AMC double-width slot filler panel and the FortiGate-5001A-SW board includes one AMC single-width slot filler panel. Caution: Do not operate the FortiGate-5001A board with an open AMC opening.

  • Page 22: Removing Amc Modules

    With the FortiGate-5001A left (top) handle fully open, insert the FortiGate AMC module into the empty slot in the FortiGate-5001A front panel. Make sure the Fortinet logo on the module front panel is right-side up. The Fortinet logo appears on the upper-right corner of the module front panel.

  • Page 23: Troubleshooting

    For details about installing a new firmware image in this way, see the FortiUSB If this does not solve the problem, contact Fortinet Technical Support. FortiGate-5001A Security System Guide 01-30000-83456-20081023 FortiGate-5000 Series Firmware and Guide.

  • Page 24: Fortigate-5001A Status Led Is Flashing During System Operation

    FortiGate-5001A board and the AMC module are functioning normally, the front panel LEDs will appear as described in page If this does not solve the problem, contact Fortinet Technical Support. Hardware installation is off when the FortiGate-5001A 18. You do not have to...

  • Page 25: Quick Configuration Guide

    Register your product by visiting Registration. To register, enter your contact information and the serial numbers of the Fortinet products that you or your organization have purchased. You can register multiple Fortinet products in a single session without re-entering your contact information.

  • Page 26: Nat/Route Mode

    Planning the configuration NAT/Route mode Transparent mode In NAT/Route mode, the FortiGate-5001A security system is visible to the networks that it is connected to. Each interface connected to a network must be configured with an IP address that is valid for that network. In many configurations, in NAT/Route mode all of the FortiGate interfaces are on different networks, and each network is on a separate subnet.

  • Page 27: Choosing The Configuration Tool

    Quick Configuration Guide Figure 12: Example FortiGate-5001A board operating in Transparent mode Transparent mode policies controlling traffic between internal and external You would typically deploy a FortiGate-5001A security system in Transparent mode on a private network behind an existing firewall or behind a router. In the default Transparent mode configuration, the FortiGate-5001A security system functions as a firewall.

  • Page 28: Command Line Interface (Cli)

    Factory default settings Command Line Interface (CLI) Factory default settings Configuring NAT/Route mode The CLI is a full-featured management tool. Use it to configure the administrator password, the interface addresses, the default gateway, and the DNS server addresses. Requirements: • The serial connector that came packaged with your FortiGate-5001A board.

  • Page 29: Using The Web-Based Manager To Configure Nat/Route Mode

    Type admin in the Name field and select Login. To change the admin administrator password Go to System > Admin > Administrators. Select Change Password for the admin administrator and enter a new password. Note: See the Fortinet Knowledge Center article passwords FortiGate unit. To configure interfaces Go to System >...

  • Page 30: Using The Cli To Configure Nat/Route Mode

    Change the administrator password. config system admin edit admin set password <password> Note: See the Fortinet Knowledge Center article passwords if you forget or lose an administrator account password and cannot log into your FortiGate unit. Configure the port1 internal interface to the setting that you added to...

  • Page 31: Configuring Transparent Mode

    Quick Configuration Guide Repeat to configure each interface as required, for example, to configure the port2 interface to the setting that you added to config system interface Configure the primary and secondary DNS server IP addresses to the settings that you added to config system dns Configure the default gateway to the setting that you added to page...

  • Page 32: Using The Cli To Configure Transparent Mode

    Configuring Transparent mode Using the CLI to configure Transparent mode Type admin in the Name field and select Login. To switch from NAT/Route mode to transparent mode Go to System > Status and select the Change link beside Operation Mode: NAT. Set Operation Mode to Transparent.

  • Page 33: Upgrading Fortigate-5001A Firmware

    Quick Configuration Guide Upgrading FortiGate-5001A firmware Fortinet periodically updates the FortiGate-5001A FortiOS firmware to include enhancements and address issues. After you have registered your FortiGate-5001A security system (see page 25) you can download FortiGate-5001A firmware from the support web site http://support.fortinet.com.

  • Page 34: Fortigate-5001A Base Backplane Data Communication

    FortiGate-5001A base backplane data communication FortiGate-5001A base backplane data communication Where <name_str> is the name of the firmware image file and <tftp_ipv4> is the IP address of the TFTP server. For example, if the firmware image file name is image.out and the IP address of the TFTP server is 192.168.1.168, enter: execute restore image image.out 192.168.1.168 The FortiGate-5001A board responds with the message: This operation will replace the current firmware version!
  • Page 35 Quick Configuration Guide In a FortiGate-5140 or FortiGate-5050 chassis, FortiGate-5001A base backplane communication requires one or two FortiSwitch-5003A or FortiSwitch-5003 boards. A FortiSwitch board installed in chassis base slot 1 provides communication on the base1 interface. A FortiSwitch-5003 board installed in chassis base slot 2 provides communication on the base2 interface.

  • Page 36: Fortigate-5001A Fabric Backplane Data Communication

    FortiGate-5001A fabric backplane data communication FortiGate-5001A fabric backplane data communication This section describes how to configure FortiGate-5001A boards for fabric backplane data communication using the fabric1 and fabric2 interfaces. Fabric backplane data communication is supported for FortiGate-5001A boards installed in FortiGate-5140 and FortiGate-5050 chassis with a FortiSwitch-5003A board installed in chassis fabric slot 1 for the fabric1 interface and a FortiSwitch-5003A board installed in chassis fabric slot 2 for the fabric2 interface.

  • Page 37: Powering Off The Fortigate-5001A Board

    Quick Configuration Guide To enable fabric backplane data communication from the FortiGate-5001A From the FortiGate-5001A board CLI you can use the following steps to enable fabric backplane data communication. Enter the following command to show the backplane interfaces: config system global The fabric1 and fabric2 backplane interfaces now appear in all Interface lists.
  • Page 38 Powering off the FortiGate-5001A board Quick Configuration Guide FortiGate-5001A Security System Guide 01-30000-83456-20081023...

  • Page 39: For More Information

    Fortinet Tools and Documentation CD Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current for your product at shipping time. For the latest versions of all Fortinet documentation see the Fortinet Technical Documentation web site at http://docs.forticare.com.
  • Page 40 © Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.

This manual is also suitable for:

Fortigate 5001a-swFortigate-5001a-dwFortigate 5001aFortigate-5001a-sw

Table of Contents