Table of Contents
Advertisement
Quick Links
This FortiGate-5001C Security System Guide describes FortiGate-5001C hardware features, how to install a
FortiGate-5001C board in a FortiGate-5000 series chassis, and how to configure the FortiGate-5001C security system for
your network.
The most recent versions of this and all FortiGate-5000 series documents are available from the
the
Fortinet Technical Documentation
Visit
https://support.fortinet.com
updates, customer support, and FortiGuard services.
FortiGate-5001C Security System Guide
01-400-181221-20121130
web site (http://docs.fortinet.com).
to register your FortiGate-5001C security system. By registering you can receive product
FortiGate-5001C
Security System Guide
FortiGate-5000
page of
Advertisement
Table of Contents
Related Manuals for Fortinet FortiGate-5001C
Summary of Contents for Fortinet FortiGate-5001C
- Page 1 Security System Guide This FortiGate-5001C Security System Guide describes FortiGate-5001C hardware features, how to install a FortiGate-5001C board in a FortiGate-5000 series chassis, and how to configure the FortiGate-5001C security system for your network. The most recent versions of this and all FortiGate-5000 series documents are available from the...
-
Page 2: Warnings And Cautions
ESD connector such as the ESD sockets provided on FortiGate-5000 series chassis. • Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recommends direct connections to the building ground. • If you install a FortiGate-5000 series component in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient. -
Page 3: Table Of Contents
FortiGate-5001C mounting components ......14 Inserting a FortiGate-5001C board ......15 Shutting down and removing a FortiGate-5001C board . - Page 4 Using the CLI to configure Transparent mode ....30 Upgrading FortiGate-5001C firmware ......30 FortiGate-5001C base backplane data communication .
-
Page 5: Fortigate-5001C Security System
Table 1 lists the FortiGate-5000 series chassis that can support the FortiGate-5001C board. For most up-to-date list of all chassis that can support the FortiGate-5001C board see the FortiGate-5001C Release Notes. Table 1: FortiGate-5000 series chassis that support the FortiGate-5001C board... -
Page 6: Front Panel Components
• LED status indicators. Front panel components From the FortiGate-5001C front panel you can view the status of the front panel LEDs to verify that the board is functioning normally. You also connect the FortiGate-5001C board to your 10-gigabit network using the front panel SFP+ or SFP connectors. The front panel also includes two Ethernet management interfaces, an RJ-45 console port for connecting to the FortiOS CLI and a USB port. - Page 7 PWR (Power) Green The FortiGate-5001C board is powered on. The FortiGate-5001C board is powered on. Flashing The FortiGate-5001C is starting up. If this LED is STA (Status) Green flashing at any time other than system startup, a fault condition may exist.
-
Page 8: Connectors
Blue The FortiGate-5001C board is ready to be hot-swapped (removed from the chassis). If the IPM light is blue and no other LEDs are lit the FortiGate-5001C board has lost power Flashing The FortiGate-5001C board is changing from hot swap Blue to running mode or from running mode to hot swap. -
Page 9: Base Backplane Communication
Fabric backplane communication The FortiGate-5001C fabric backplane interfaces (fabric1 and fabric2) are typically used for data communication between FortiGate-5001C boards installed in the same or in different FortiGate-5000 series chassis. To support 10-gigabit fabric backplane communications your FortiGate-5000 series chassis must include one or more FortiSwitch-5003A or FortiSwitch-5003B boards or other 10-gigabit fabric backplane switching boards installed in the chassis in fabric slots 1 and 2. -
Page 10: Accelerated Ips, Ssl Vpn, And Ipsec Vpn (Cp8 Content Processors)
• The port2, fabric2 and base2 interfaces are connected to the other NP4 processor. For example, for maximum NP4 acceleration of traffic received on port1 the traffic must exit the FortiGate-5001C board on fabric1. Also, for maximum acceleration of traffic received on port2 the traffic must exit the FortiGate-5001C board on fabric2. -
Page 11: Hardware Installation
Troubleshooting Installing SFP+ transceivers The FortiGate-5001C board ships with two SR SFP+ transceivers that you must install for normal operation of the FortiGate-5001C front panel interfaces (port1 and port2). You can also configure front panel interfaces to operated at 1-gigabit and install SFP transceivers. -
Page 12: Changing Fortigate-5001C Sw2 Switch Settings
FortiGate-5001C board in a chassis that does not contain a functioning shelf manager. The default SW2 setting is required for most uses of the FortiGate-5001C including ELBCv3. The SW2 switch on the FortiGate-5001C board is factory set by Fortinet to detect a shelf manager (Figure 3). -
Page 13: Factory Default
(Requires Shelf Manager) By default a FortiGate-5001C board will not start up if the board is installed in a chassis that does not contain a shelf manager or that contains a shelf manager that is not operating. Before installing a FortiGate-5001C in a chassis that does not contain an... -
Page 14: Fortigate-5001C Mounting Components
“Inserting a FortiGate-5001C board” on page FortiGate-5001C mounting components To install a FortiGate-5001C board you slide the board into an open slot in the front of an ATCA chassis and then use the mounting components to lock the board into place in the slot. -
Page 15: Inserting A Fortigate-5001C Board
“Front panel components” on page It is important to carefully seat the FortiGate-5001C board all the way into the chassis, to avoid using excessive force on the handles, and to make sure that the handles are properly locked. Only then will the FortiGate-5001C board power-on and start up correctly. - Page 16 Hardware installation To insert a FortiGate-5001C board into a chassis slot Do not carry the FortiGate-5001C board by holding the handles or retention screws. When inserting or removing the FortiGate-5001C board from a chassis slot, handle the board by the front panel. The handles are not designed for carrying the board. If the handles become bent or damaged the FortiGate-5001C board may not align correctly in the chassis slot.
-
Page 17: Shutting Down And Removing A Fortigate-5001C Board
The handles should hook into the sides of the chassis slot. Closing the handles draws the FortiGate-5001C board into place in the chassis slot and into full contact with the chassis backplane. The FortiGate-5001C front panel should be in contact with the chassis front panel and both handles should lock into place. - Page 18 Shutting down and removing a FortiGate-5001C board Hardware installation FortiGate-5001C boards are hot swappable. The procedure for removing a FortiGate-5001C board from a chassis slot is the same whether or not the chassis is powered on. To remove a FortiGate-5001C board from a chassis slot Do not carry the FortiGate-5001C board by holding the handles or retention screws.
-
Page 19: Power Cycling A Fortigate-5001C Board
Power cycling a FortiGate-5001C board This section describes how to cycle the power on a FortiGate-5001C board by opening the right handle (the lower handle when the board is installed vertically in a FortiGate-5140 chassis) to activate a switch that cycles the power without removing the board from the chassis. -
Page 20: Troubleshooting
7 After 10 seconds snap both handles back into place. The board powers up, the LEDs light and in a few minutes the FortiGate-5001C board operates normally. 8 Fully tighten the retention screws to lock the FortiGate-5001C board into position in the chassis slot. -
Page 21: Fortigate-5001C Sta (Status) Led Is Flashing During System Operation
FortiGate-5000 series components. All chassis: Firmware problem If the FortiGate-5001C board is receiving power and the handles are fully closed, and you have restarted the chassis and the FortiGate-5001C still does not start up, the problem could be with FortiOS. Connect to the FortiGate-5001C console and try cycling the power to the board. - Page 22 Troubleshooting Hardware installation FortiGate-5001C Security System Guide 01-400-181221-20121130 http://docs.fortinet.com/...
-
Page 23: Quick Configuration Guide
NAT/Route mode (the default) or Transparent mode. NAT/Route mode In NAT/Route mode, the FortiGate-5001C security system is visible to the networks that it is connected to. Each interface connected to a network must be configured with an IP address that is valid for that network. -
Page 24: Transparent Mode
Transparent mode In Transparent mode, the FortiGate-5001C security system is invisible to the network. All of the FortiGate-5001C interfaces are connected to different segments of the same network. In Transparent mode you only have to configure a management IP address so... -
Page 25: Choosing The Configuration Tool
You can use either the web-based manager or the Command Line Interface (CLI) to configure the FortiGate board. Web-based manager The FortiGate-5001C web-based manager is an easy to use management tool. Use the web-based manager to configure the FortiGate-5001C administrator password, the interface addresses, the default gateway, and the DNS server addresses. -
Page 26: Factory Default Settings
Configuring NAT/Route mode Table 7 to gather the information you need to customize NAT/Route mode settings for the FortiGate-5001C security system. You can use one table for each board to configure. Table 7: FortiGate-5001C board NAT/Route mode settings Admin Administrator Password: _____._____._____._____... -
Page 27: Using The Web-Based Manager To Configure Nat/Route Mode
Configuring NAT/Route mode Using the web-based manager to configure NAT/Route mode 1 Connect port1 of the FortiGate-5001C board to the same hub or switch as the computer you will use to configure the FortiGate-5001C board. If you cannot connect to port1, see “Using the CLI to configure NAT/Route mode”... -
Page 28: Using The Cli To Configure Nat/Route Mode
Quick Configuration Guide Using the CLI to configure NAT/Route mode 1 Use the serial cable supplied with your FortiGate-5001C board to connect the FortiGate-5001C Console port to the management computer serial port. 2 Start a terminal emulation program (HyperTerminal) on the management computer. -
Page 29: Configuring Transparent Mode
_____._____._____._____ Using the web-based manager to configure Transparent mode 1 Connect port1 of the FortiGate-5001C board to the same hub or switch as the computer you will use to configure the FortiGate-5001C board. If you cannot connect to port1, see “Using the CLI to configure Transparent mode”... -
Page 30: Using The Cli To Configure Transparent Mode
Apply. Using the CLI to configure Transparent mode 1 Use the serial cable supplied with your FortiGate-5001C board to connect the FortiGate-5001C Console port to the management computer serial port. 2 Start a terminal emulation program (HyperTerminal) on the management computer. - Page 31 9 Update the FortiGate-5001C antivirus and attack definitions. See the FortiGate-5001C online help for details. To upgrade the firmware using the CLI To use the following procedure, you must have a TFTP server the FortiGate-5001C board can connect to. 1 Make sure the TFTP server is running.
-
Page 32: Fortigate-5001C Base Backplane Data Communication
To enable base backplane data communication from the FortiGate-5001C CLI From the FortiGate-5001C board CLI you can use the following steps to enable base backplane data communication. 1 Enter the following command to show the backplane interfaces:... -
Page 33: Fortigate-5001C Fabric Backplane Data Communication
To enable fabric backplane data communication from the FortiGate-5001C CLI From the FortiGate-5001C board CLI you can use the following steps to enable fabric backplane data communication. 1 Enter the following command to show the backplane interfaces:... - Page 34 FortiGate-5001C fabric backplane data communication Quick Configuration Guide FortiGate-5001C Security System Guide 01-400-181221-20121130 http://docs.fortinet.com/...
-
Page 35: For More Information Training Services
FortiGate-5001C For more information Training Services Fortinet Training Services offers courses that orient you quickly to your new equipment, and certifications to verify your knowledge level. Fortinet training programs serve the needs of Fortinet customers and partners world-wide. Visit Fortinet Training Services at http://campus.training.fortinet.com, or email training@fortinet.com. - Page 36 For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.