Fortinet FortiCarrier-5001A-DW Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Security System
  5. FortiCarrier-5001A-DW
  6. Manual
Fortinet FortiCarrier-5001A-DW Manual

Fortinet FortiCarrier-5001A-DW Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
A detailed guide to the FortiCarrier-5001A-DW Security System. This FortiCarrier-5001A Security System Guide
describes FortiCarrier-5001A hardware features, how to install a FortiCarrier-5001A board in a FortiGate-5000 series
chassis, and how to configure the FortiCarrier-5001A security system for your network.
The most recent versions of this and all FortiGate-5000 series documents are available from the
the
Fortinet Technical Documentation
Visit
http://support.fortinet.com
FortiCarrier-5001A Security System Guide
01-400-91945 -20090223
FortiCarrier-5001A
FortiCarrier-5001A-DW
web site (http://docs.forticare.com).
to register your FortiCarrier-5001A security system. By registering you can receive
product updates, technical support, and FortiGuard services.
Security System Guide
FortiGate-5000
page of

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiCarrier-5001A-DW

Summary of Contents for Fortinet FortiCarrier-5001A-DW

  • Page 1 Security System Guide FortiCarrier-5001A-DW A detailed guide to the FortiCarrier-5001A-DW Security System. This FortiCarrier-5001A Security System Guide describes FortiCarrier-5001A hardware features, how to install a FortiCarrier-5001A board in a FortiGate-5000 series chassis, and how to configure the FortiCarrier-5001A security system for your network.

  • Page 2: Warnings And Cautions

    ESD connector such as the ESD sockets provided on FortiGate-5000 series chassis. • Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recommends direct connections to the building ground. •...

  • Page 3: Table Of Contents

    FortiCarrier-5001A status LED is flashing during system operation ......25 FortiGate AMC modules not detected by FortiCarrier-5001A board......25 Quick Configuration Guide ..............27 Registering your Fortinet product................27 Planning the configuration................... 27 NAT/Route mode ...................... 28 Transparent mode ....................28 Choosing the configuration tool..................
  • Page 4 Powering off the FortiCarrier-5001A board ..............39 For more information................41 Fortinet documentation ....................41 Fortinet Tools and Documentation CD ..............41 Fortinet Knowledge Center ..................41 Comments on Fortinet technical documentation ............. 41 Customer service and technical support..............41 Register your Fortinet product ..................

  • Page 5: Forticarrier-5001A Security System

    ACTA chassis including the FortiGate-5140, FortiGate-5050, or FortiGate-5020 chassis. The FortiCarrier-5001A-DW (double-width) board includes a double-width Advanced Mezzanine Card (AMC) opening. You can install a supported FortiGate AMC Double width Module (ADM) such as the FortiGate-ADM-XB2 or the FortiGate-ADM-FB8 in the AMC opening.

  • Page 6: Front Panel Leds And Connectors

    FortiGate-5000 chassis backplane. The fabric backplane interfaces operate at 1 Gbps. If you install a FortiGate-RTM-XB2 module the fabric backplane interfaces operate at 10 Gbps. • One double-width AMC opening (FortiCarrier-5001A-DW board). • One single-width AMC opening (FortiCarrier-5001A-SW board). •...

  • Page 7: Connectors

    FortiCarrier-5001A security system Base backplane communication Table 1: FortiCarrier-5001A LEDs (Continued) State Description Fabric CH1 Fabric backplane interface 1 (fabric2) is connected at 10 Gbps. Flashing Network activity at fabric backplane interface 1. Green Off or The ACC LED flashes green when the FortiCarrier-5001A Flashing board accesses the FortiOS flash disk.

  • Page 8: Fabric Backplane Communication

    Fabric backplane communication FortiCarrier-5001A security system backplane communications your FortiGate-5140 or FortiGate-5050 chassis must include one or more FortiSwitch-5003 boards, FortiSwitch-5003A boards, or other 1-gigabit base backplane switching boards installed in the chassis in base slots 1 and 2. The FortiGate-5020 chassis supports base backplane communication with no additions or changes to the chassis.

  • Page 9: Amc Modules

    Screw Handle Handle The FortiGate-RTM-XB2 NP2 processors provide hardware accelerated network processing for eligible traffic passing through the FortiGate-RTM-XB2 interfaces. For information about Fortinet NP2 processor acceleration, see the Fortinet Hardware Acceleration Technical Note. Follow the instructions in the FortiGate-RTM-XB2 System Guide to install the FortiGate-RTM-XB2 module.
  • Page 10 AMC modules FortiCarrier-5001A security system FortiCarrier-5001A Security System Guide 01-400-91945 -20090223...

  • Page 11: Hardware Installation

    Caution: Because FortiCarrier-5001A boards do not support hot swapping AMC modules, the FortiCarrier-5001A board must be disconnected from power before you install a FortiGate AMC module. Also, the FortiCarrier-5001A-DW left (top) handle must be opened to install a FortiGate AMC module. See “Installing and removing AMC modules”...

  • Page 12: Changing Forticarrier-5001A Sw11 Switch Settings

    Changing FortiCarrier-5001A SW11 switch settings Hardware installation Changing FortiCarrier-5001A SW11 switch settings The SW11 switch on the FortiCarrier-5001A board is factory set by Fortinet to detect a shelf manager (Figure 4). This is the correct setting if you are installing the FortiCarrier-5001A board in a chassis that contains an operating shelf manager (such as the FortiGate-5140 or FortiGate-5050 chassis).
  • Page 13 Hardware installation Changing FortiCarrier-5001A SW11 switch settings Table 3: FortiCarrier-5001A SW11 settings for different chassis Chassis Correct SW11 Result of wrong jumper setting Setting FortiGate -5140 or 5050 or Shelf manager cannot find any ACTA chassis with an FortiCarrier-5001A board. No shelf operating shelf manager manager information about the (factory default shelf manager...

  • Page 14: Forticarrier-5001A Mounting Components

    FortiCarrier-5001A mounting components Hardware installation Figure 6: Location of SW11 on the FortiCarrier-5001A board Location of SW 11 Factory Default (Shelf Manager Required) 1 Off 2 On SW11 3 Off 4 Off Standalone Mode for FortiGate-5020 (no Shelf Manager) 1 Off FortiCarrier-5001A 2 On SW11...

  • Page 15: Inserting A Forticarrier-5001A Board

    FortiCarrier-5001A-DW left (top) handle lock. Also the FortiCarrier-5001A-DW left (top) handle does not lock into place in the same way as the right (bottom) handle. The hook is not present on FortiCarrier-5001A-DW left (top) handle because of the double-width AMC opening.
  • Page 16 Inserting a FortiCarrier-5001A board Hardware installation It is important to carefully seat the FortiCarrier-5001A board all the way into the chassis, to not use too much force on the handles, and to make sure that the handles are properly locked. Only then will the FortiCarrier-5001A board power-on and start up correctly.
  • Page 17 Hardware installation Inserting a FortiCarrier-5001A board Caution: To avoid damaging the lock, make sure you squeeze the handles fully to unlock them before opening. The handles should pop easily out of the board front panel. Alignment Pin Alignment Pin Handle Handle Open Lock...

  • Page 18: Removing A Forticarrier-5001A Board

    Removing a FortiCarrier-5001A board Hardware installation If you have installed an AMC module in the FortiCarrier-5001A board, the AMC LEDs are lit as described in Table Table 5: FortiGate AMC module normal operating LEDs State Amber If the board has not been inserted properly the IPM LED changes to solid blue and all other LEDS turn off.
  • Page 19 Hardware installation Removing a FortiCarrier-5001A board Caution: FortiCarrier-5001A boards must be protected from static discharge and physical shock. Only handle or work with FortiCarrier-5001A boards at a static-free workstation. Always wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling FortiCarrier-5001A boards.

  • Page 20: Resetting A Forticarrier-5001A Board

    Resetting a FortiCarrier-5001A board Hardware installation Turn both handles to their fully-closed positions. Alignment Pin Alignment Pin Close Handle Handle Fully Closed and Locked Carefully slide the board completely out of the slot. Re-attach the protective metal frame before shipping or storing the FortiCarrier-5001A board.

  • Page 21: Installing And Removing Amc Modules

    Installing and removing AMC modules This section describes installing a FortiGate AMC Double width Module (ADM) in the FortiCarrier-5001A-DW front panel AMC double-width opening. Caution: Do not operate the FortiCarrier-5001A board with an open AMC opening. For optimum cooling performance and safety, the AMC opening must contain a slot filler panel or a FortiGate AMC module.

  • Page 22: Inserting Amc Slot Filler Panels

    Inserting AMC slot filler panels The following procedure describes how to install a slot filler panel in the FortiCarrier-5001A front panel AMC opening. The FortiCarrier-5001A-DW board includes one AMC double-width slot filler panel. Caution: Do not operate the FortiCarrier-5001A board with an open AMC opening. For optimum cooling performance and safety, the AMC opening must contain a slot filler panel or a FortiGate AMC module.

  • Page 23: Inserting Amc Modules

    With the FortiCarrier-5001A left (top) handle fully open, insert the FortiGate AMC module into the empty slot in the FortiCarrier-5001A front panel. Make sure the Fortinet logo on the module front panel is right-side up. The Fortinet logo appears on the upper-right corner of the module front panel.

  • Page 24: Removing Amc Modules

    Troubleshooting Hardware installation Removing AMC modules Before removing an AMC module you need to shut down the FortiCarrier-5001A board using proper shut down procedures. To remove an AMC module from a FortiCarrier-5001A board Caution: Do not operate the FortiCarrier-5001A board with an open AMC opening. For optimum cooling performance and safety, the AMC opening must contain a slot filler panel or a FortiGate AMC module.

  • Page 25: Forticarrier-5001A Status Led Is Flashing During System Operation

    FortiGate-5000 Series Firmware and FortiUSB Guide. If this does not solve the problem, contact Fortinet Technical Support. FortiCarrier-5001A status LED is flashing during system operation Normally, the FortiCarrier-5001A Status LED is off when the FortiCarrier-5001A board is operating normally.
  • Page 26 FortiCarrier-5001A board and the AMC module are functioning normally, the front panel LEDs will appear as described in Table 4 on page 17 Table 5 on page If this does not solve the problem, contact Fortinet Technical Support. FortiCarrier-5001A Security System Guide 01-400-91945 -20090223...

  • Page 27: Quick Configuration Guide

    Product Registration. To register, enter your contact information and the serial numbers of the Fortinet products that you or your organization have purchased. You can register multiple Fortinet products in a single session without re-entering your contact information.

  • Page 28: Nat/Route Mode

    Planning the configuration Quick Configuration Guide NAT/Route mode In NAT/Route mode, the FortiCarrier-5001A security system is visible to the networks that it is connected to. Each interface connected to a network must be configured with an IP address that is valid for that network. In many configurations, in NAT/Route mode all of the FortiGate interfaces are on different networks, and each network is on a separate subnet.

  • Page 29: Choosing The Configuration Tool

    Quick Configuration Guide Choosing the configuration tool Figure 10: Example FortiCarrier-5001A board operating in Transparent mode Internet 204.23.1.2 Gateway to public Transparent mode policies network 192.168.1.1 controlling traffic between internal and external networks. FortiCarrier-5001A board in Transparent mode port2 port1 192.168.1.99 Management IP Internal Network...

  • Page 30: Command Line Interface (Cli)

    Factory default settings Quick Configuration Guide Command Line Interface (CLI) The CLI is a full-featured management tool. Use it to configure the administrator password, the interface addresses, the default gateway, and the DNS server addresses. Requirements: • The serial connector that came packaged with your FortiCarrier-5001A board. •...

  • Page 31: Using The Web-Based Manager To Configure Nat/Route Mode

    To change the admin administrator password Go to System > Admin > Administrators. Select Change Password for the admin administrator and enter a new password. Note: See the Fortinet Knowledge Center article Recovering lost administrator account passwords if you forget or lose an administrator account password and cannot log into your FortiCarrier unit.

  • Page 32: Using The Cli To Configure Nat/Route Mode

    Change the administrator password. config system admin edit admin set password <password> Note: See the Fortinet Knowledge Center article Recovering lost administrator account passwords if you forget or lose an administrator account password and cannot log into your FortiCarrier unit.

  • Page 33: Configuring Transparent Mode

    Quick Configuration Guide Configuring Transparent mode Repeat to configure each interface as required, for example, to configure the port2 interface to the setting that you added to Table 8 on page config system interface edit port2 Configure the primary and secondary DNS server IP addresses to the settings that you added to Table 8 on page config system dns...

  • Page 34: Using The Cli To Configure Transparent Mode

    Configuring Transparent mode Quick Configuration Guide Type admin in the Name field and select Login. To switch from NAT/Route mode to transparent mode Go to System > Status and select the Change link beside Operation Mode: NAT. Set Operation Mode to Transparent. Set the Management IP/Netmask to the settings that you added to Table 9 on page...

  • Page 35: Upgrading Forticarrier-5001A Firmware

    Quick Configuration Guide Upgrading FortiCarrier-5001A firmware Upgrading FortiCarrier-5001A firmware Fortinet periodically updates the FortiCarrier-5001A FortiOS firmware to include enhancements and address issues. After you have registered your FortiCarrier-5001A security system (see “Registering your Fortinet product” on page 27) you can download FortiCarrier-5001A firmware from the support web site http://support.fortinet.com.

  • Page 36: Forticarrier-5001A Base Backplane Data Communication

    FortiCarrier-5001A base backplane data communication Quick Configuration Guide Where <name_str> is the name of the firmware image file and <tftp_ipv4> is the IP address of the TFTP server. For example, if the firmware image file name is image.out and the IP address of the TFTP server is 192.168.1.168, enter: execute restore image image.out 192.168.1.168 The FortiCarrier-5001A board responds with the message: This operation will replace the current firmware version!
  • Page 37 Quick Configuration Guide FortiCarrier-5001A base backplane data communication In a FortiGate-5140 or FortiGate-5050 chassis, FortiCarrier-5001A base backplane communication requires one or two FortiSwitch-5003A or FortiSwitch- 5003 boards. A FortiSwitch board installed in chassis base slot 1 provides communication on the base1 interface. A FortiSwitch-5003 board installed in chassis base slot 2 provides communication on the base2 interface.

  • Page 38: Forticarrier-5001A Fabric Backplane Data Communication

    FortiCarrier-5001A fabric backplane data communication Quick Configuration Guide FortiCarrier-5001A fabric backplane data communication This section describes how to configure FortiCarrier-5001A boards for fabric backplane data communication using the fabric1 and fabric2 interfaces. Fabric backplane data communication is supported for FortiCarrier-5001A boards installed in FortiGate-5140 and FortiGate-5050 chassis with a FortiSwitch-5003A board installed in chassis fabric slot 1 for the fabric1 interface and a FortiSwitch- 5003A board installed in chassis fabric slot 2 for the fabric2 interface.

  • Page 39: Powering Off The Forticarrier-5001A Board

    Quick Configuration Guide Powering off the FortiCarrier-5001A board To enable fabric backplane data communication from the FortiCarrier-5001A From the FortiCarrier-5001A board CLI you can use the following steps to enable fabric backplane data communication. Enter the following command to show the backplane interfaces: config system global set show-backplane-intf enable The fabric1 and fabric2 backplane interfaces now appear in all Interface lists.
  • Page 40 Powering off the FortiCarrier-5001A board Quick Configuration Guide FortiCarrier-5001A Security System Guide 01-400-91945 -20090223...

  • Page 41: For More Information

    Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current for your product at shipping time. For the latest versions of all Fortinet documentation see the Fortinet Technical Documentation web site at http://docs.forticare.com.
  • Page 42 Register your Fortinet product For more information © Copyright 2009 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.

This manual is also suitable for:

Forticarrier-5001a

Table of Contents