Table of Contents
Advertisement
Quick Links
This FortiController-5103B Session-Aware Load Balancer Guide describes FortiController-5103B hardware features, how
to install a FortiController-5103B board in a FortiGate-5000 series chassis, and how to configure the
FortiController-5103B system for your network.
The most recent versions of this and all FortiGate-5000 series documents are available from the
the
Fortinet Technical Documentation
Access to Fortinet customer services, such as firmware updates, support, and FortiGuard services, requires product
registration. You can register your FortiController-5103B at http://support.fortinet.com.
FortiController-5103B Session-Aware Load
Balancer Guide
10-500-161552-20140822
FortiController-5103B
Session-Aware Load Balancer Guide
web site (http://docs.fortinet.com).
FortiGate-5000
page of
Advertisement
Table of Contents
Related Manuals for Fortinet FortiController-5103B
Summary of Contents for Fortinet FortiController-5103B
- Page 1 Session-Aware Load Balancer Guide This FortiController-5103B Session-Aware Load Balancer Guide describes FortiController-5103B hardware features, how to install a FortiController-5103B board in a FortiGate-5000 series chassis, and how to configure the FortiController-5103B system for your network. The most recent versions of this and all FortiGate-5000 series documents are available from the...
-
Page 2: Warnings And Cautions
ESD connector such as the ESD sockets provided on FortiGate-5000 series chassis. • Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recommends direct connections to the building ground. • If you install a FortiGate-5000 series component in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient. -
Page 3: Table Of Contents
FortiController-5103B mounting components ..... Inserting a FortiController-5103B board ...... - Page 4 Contents Fortinet products End User License Agreement ....Regulatory Notices ........
-
Page 5: Forticontroller-5103B System
10 Gbps of traffic to each cluster member. Performance of the cluster shows linear improvement if more workers are added. Clusters can be formed with one or two FortiController-5103B boards and up to 12 workers. All of the workers must be the same model. Currently FortiGate-5001B, FortiGate-5001C, FortiGate-5101C, and FortiGate-5001D models are supported. -
Page 6: Physical Description
Physical description FortiController-5103B system You can also install FortiController-5103B boards in a second chassis with another set of workers to provide chassis failover protection. In an active-passive HA configuration you can install one or two FortiController-5103B boards in each chassis. In dual FortiController-5103B configuration, each chassis has two FortiController-5103B boards. -
Page 7: Front Panel Leds And Connectors
B1 and B2 connectors for the base channels, an Ethernet management interface (MGMT), an RJ-45 console port for connecting to the FortiController-5103B CLI and a USB port. The USB port can be used with any USB key for backing up and restoring configuration files. - Page 8 Green backplane. If the FortiController-5103B board is installed in chassis slot 1, this LED indicates a connection to shelf manager 2. If the FortiController-5103B board is installed in chassis slot 2, this LED indicates a connection to shelf manager 1.
-
Page 9: About The Sh1 And Sh2 Leds
FortiController-5103B board to the chassis shelf managers over the chassis backplane. The SH1 and SH2 LEDs indicate the status of the connections between the FortiController-5103B board and a shelf manager. Whether or not these LEDs are lit depends on the configuration of the SH1 and SH2 interfaces on the... -
Page 10: Forticontroller-5103B Session-Aware Load Balancing
FortiController-5103B board and up to 12 FortiGate-5000 workers. A single FortiController-5103B board can distribute up to 96 million concurrent sessions and start 36 million new sessions a second. A second FortiController-5103B board can be added for redundancy or to create a dual-mode cluster that doubles the number of network interfaces. -
Page 11: Setting Up A Session-Aware Load Balanced Cluster
You connect the FortiController-5103B 1 to 8 front panel interfaces to networks such as the Internet or various internal networks. The workers see these interfaces are named fctrl/f1 to fctrl/f8. -
Page 12: Configuring And Managing The Load Balanced Cluster
The custom port number begins with the standard port number for the protocol you are using and is followed by the chassis slot number. For example: • To connect with a web browser to the FortiController-5103B board in slot 1 browse to https://10.10.10.1:44301 •... -
Page 13: Adding A Second Forticontroller-5103B Board
If a worker fails or is removed from the cluster, the FortiController-5103B detects its absence and re- balances and redistributes sessions to the remaining workers. -
Page 14: Adding A Second Chassis
The FortiController-5103B board in slot1 is the primary FortiController-5103B board for management purposes, but the F1 to F8 ports on both FortiController-5103B boards are active. The workers show 16 interfaces named fctrl1/f1 to fctrl1/f8 and fctrl2/f1 to fctrl2/f8. -
Page 15: Hardware Installation
The SFP+ transceivers are inserted into cage sockets numbered F1 to F8 for the fabric channel or B1 and B2 for the base channel on the FortiController-5103B front panel. You can install the SFP+ transceivers before or after inserting the FortiController-5103B board into a chassis. -
Page 16: Forticontroller-5103B Mounting Components
FortiController-5103B mounting components To install a FortiController-5103B board you slide the board into a hub/switch slot in the front of an ATCA chassis (usually slot 1 or 2) and then use the mounting components to lock the board into place in the slot. When locked into place and positioned correctly the board front panel is flush with the chassis front panel. -
Page 17: Inserting A Forticontroller-5103B Board
Only then will the FortiController-5103B board power-on and start up correctly. FortiController-5103B boards are hot swappable. The procedure for inserting a FortiController-5103B board into a chassis slot is the same whether or not the chassis is powered on. To insert a FortiController-5103B board into a chassis slot Do not carry the FortiController-5103B board by holding the handles or retention screws. - Page 18 The handles should hook into the sides of the chassis slot. Closing the handles draws the FortiController-5103B board into place in the chassis slot and into full contact with the chassis backplane. The FortiController-5103B front panel should be in contact with the chassis front panel.
-
Page 19: Shutting Down And Removing A Forticontroller-5103B Board
FortiController-5103B board from an ATCA chassis slot. FortiController-5103B boards are hot swappable. The procedure for removing a FortiController-5103B board from a chassis slot is the same whether or not the chassis is powered on. To remove a FortiController-5103B board from a chassis slot Do not carry the FortiController-5103B board by holding the handles or retention screws. - Page 20 • An electrostatic discharge (ESD) preventive wrist strap with connection cord FortiController-5103B boards must be protected from static discharge and physical shock. Only handle or work with FortiController-5103B boards at a static-free workstation. Always wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling FortiController-5103B boards.
-
Page 21: Resetting A Forticontroller-5103B Board
Fully Clo ed and Locked 10 Carefully slide the board completely out of the slot. 11 Re-attach the protective metal frame if you are going ship the FortiController-5103B board or store it outside of a chassis. Resetting a FortiController-5103B board You can use the following procedure to reset a FortiController-5103B board without removing it from the chassis. -
Page 22: Troubleshooting
Troubleshooting Hardware installation 4 After 10 seconds snap the right handle back into place. The board powers up, the LEDs light and in a few minutes the FortiController-5103B board operates normally. Troubleshooting This section describes the following troubleshooting topics: •... -
Page 23: Basic Configuration
Basic Configuration This section describes the basics of connecting and configuring a session-aware load balanced (SALB) cluster consisting of a FortiController-5103B board installed in slot 1 and 2 or more workers installed in chassis slots 3 and up. Before using this chapter, your chassis should be mounted and connected to your power system and the boards should be installed in the chassis. -
Page 24: Connecting To The Forticontroller-5103B Web-Based Manager (Gui)
Connecting to the FortiController-5103B command line interface (CLI) You can connect to the FortiController-5103B CLI using the serial cable that came packaged with your FortiController-5103B board or an Ethernet connection to the mgmt interface. -
Page 25: Factory Default Settings
FortiController-5103B web-based manager or CLI to configure the FortiController-5103B board. To configure the FortiController-5103B board you should add a password for the admin administrator account, change the management interface IP address, and, if required, configure the default route for the management interface. - Page 26 6 Log into the FortiController-5103B web-based manager using admin with no password. 7 Check the firmware version that the FortiController-5103B is running (from the dashboard or from the CLI using the get system status command). 8 Check the FortiSwitch-ATCA release notes and confirm that your FortiController-5103B is running the latest supported firmware.
- Page 27 Config. 8 Edit the External Management IP/Netmask and change it to an IP address and netmask for the network that the mgmt interfaces of the FortiController-5103B and the FortiGate-5000 boards are connected to. The External Management IP/Netmask must be on the same subnet as the FortiController-5103B management IP address.
-
Page 28: Upgrading Cluster Firmware
Verifying the configuration and the status of the boards in the cluster Use the following command from the FortiController-5103B CLI to verify that the FortiController-5103B board can communicate with all of the FortiGate-5001B boards in the cluster and to show the status of each board. For example, for the cluster shown in... - Page 29 You can also use the following commands to display detailed session aware load balancing diagnostics: diangnose salb {dp | tcam-rules} The dp option provides diagnostics for the FortiASIC DP processors and the tcam-rules option provides diagnostics for content aware routing rules (TCAM). FortiController-5103B Session-Aware Load Balancer Guide 10-500-161552-20140822 http://docs.fortinet.com/...
-
Page 30: For More Information
For more information Training Services Fortinet Training Services offers courses that orient you quickly to your new equipment, and certifications to verify your knowledge level. Fortinet training programs serve the needs of Fortinet customers and partners world-wide. Visit Fortinet Training Services at http://campus.training.fortinet.com, or email training@fortinet.com. - Page 31 Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied.
- Page 32 European Conformity (CE) - EU This is a Class A product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures. FortiController-5103B Session-Aware Load Balancer Guide 10-500-161552-20140822 http://docs.fortinet.com/...