Fortinet FortiGate FortiGate-5001A Security System Manual
Fortinet fortigate fortigate-5001a: user guide
Hide thumbs
Also See for FortiGate FortiGate-5001A:
- Hardware manual (97 pages) ,
- Administration manual (764 pages) ,
- Introduction manual (77 pages)
Table of Contents
Advertisement
Quick Links
A detailed guide to the FortiGate-5001A Security System. This FortiGate-5001A Security System Guide describes
FortiGate-5001A hardware features, how to install the FortiGate-5001A board in a FortiGate-5000 series chassis, and
how to configure the FortiGate-5001A security system for your network.
The most recent versions of this and all FortiGate-5000 series documents are available from the
the
Fortinet Technical Documentation
Visit
http://support.fortinet.com
FortiGate-5001A Security System Guide
01-30000-0438-200800801
FortiGate-5001A
web site (http://docs.forticare.com).
to register your FortiGate-5001A system. By registering you can receive product
updates, technical support, and FortiGuard services.
Security System Guide
FortiGate-5000
page of
Advertisement
Table of Contents
Related Manuals for Fortinet FortiGate FortiGate-5001A
Summary of Contents for Fortinet FortiGate FortiGate-5001A
- Page 1 FortiGate-5001A hardware features, how to install the FortiGate-5001A board in a FortiGate-5000 series chassis, and how to configure the FortiGate-5001A security system for your network. The most recent versions of this and all FortiGate-5000 series documents are available from the Fortinet Technical Documentation Visit http://support.fortinet.com to register your FortiGate-5001A system.
-
Page 2: Warnings And Cautions
Some FortiGate-5000 series components may overload your supply circuit and impact your overcurrent protection and supply wiring. Refer to nameplate ratings to address this concern. • Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recommends direct connections to the branch circuit. •... -
Page 3: Table Of Contents
FortiGate-5001A status LED is flashing during system operation... 23 FortiGate AMC modules not detected by FortiGate-5001A board ... 23 Quick Configuration Guide ... 25 Registering your Fortinet product ... 25 Upgrading to High Encryption... 25 Planning the configuration ... 26 NAT/Route mode ... - Page 4 Powering off the FortiGate-5001A board... 36 Fortinet documentation ... 37 Fortinet Tools and Documentation CD... 37 Fortinet Knowledge Center ... 37 Comments on Fortinet technical documentation ... 37 Customer service and technical support ... 37 Register your Fortinet product... 37 Contents...
-
Page 5: Fortigate-5001A Security System
FortiGate-5001A security system FortiGate-5001A security system The FortiGate-5001A security system is a high-performance Advanced Telecommunications Computing Architecture (ACTA) compliant FortiGate security system that can be installed in any ACTA chassis including the FortiGate-5140, FortiGate-5050, or FortiGate-5020 chassis. The FortiGate-5001A security system contains two front panel gigabit ethernet interfaces, two base backplane gigabit interfaces, and two fabric backplane gigabit interfaces. -
Page 6: Front Panel Leds And Connectors
Front panel LEDs and connectors Front panel LEDs and connectors LEDs • Two fabric backplane gigabit interfaces (Fabric ch0 and Fabric CH1 on the front panel and fabric1 and fabric2 in the firmware) for data communications across the FortiGate-5000 chassis backplane. The fabric backplane gigabit interfaces can also be used for data communications across the FortiGate- 5000 chassis backplane if combined with a board that supports backplane fabric switching. -
Page 7: Connectors
FortiGate-5001A security system Table 1: FortiGate-5001A LEDs (Continued) Fabric CH1 Connectors Table 2 Table 2: FortiGate-5001A connectors Connector Type 1, 2 CONSOLE RJ-45 FortiGate-5001A Security System Guide 01-30000-0438-200800801 State Description Green Fabric backplane interface 1 (fabric2) is connected at 1 Gbps. -
Page 8: Base Backplane Gigabit Communication
Base backplane gigabit communication Base backplane gigabit communication Fabric backplane gigabit communication AMC modules The FortiGate-5001A base backplane gigabit interfaces can be used for HA heartbeat communication between FortiGate-5001A boards installed in the same or in different FortiGate-5000 chassis. You can also configure FortiGate-5001A boards to use the base backplane interfaces for data communication between FortiGate boards. -
Page 9: Hardware Installation
Hardware installation Hardware installation Before use, the FortiGate-5001A board must be correctly inserted into an Advanced Telecommunications Computing Architecture (ACTA) chassis such as the FortiGate-5140, FortiGate-5050, or FortiGate-5020 chassis. Before inserting the board into a chassis you should make sure the SW-11 switch is set correctly. -
Page 10: Changing Fortigate-5001A Sw11 Switch Settings
Changing FortiGate-5001A SW11 switch settings Changing FortiGate-5001A SW11 switch settings The SW11 switch on the FortiGate-5001A board is factory set by Fortinet to detect a shelf manager (Figure 3). This is the correct setting if you are installing the FortiGate-5001A in a chassis that contains an operating shelf manager (such as the FortiGate-5140 or FortiGate-5050 chassis). - Page 11 Hardware installation To change or verify the SW11 switch settings To complete this procedure, you need: • A FortiGate-5001A board • A tool for changing the SW11 switch setting (optional) • An electrostatic discharge (ESD) preventive wrist strap with connection cord Caution: FortiGate-5001A boards must be protected from static discharge and physical shock.
-
Page 12: Fortigate-5001A Mounting Components
FortiGate-5001A mounting components FortiGate-5001A mounting components To install a FortiGate-5001A board you slide the board into an open slot in the front of an ATCA chassis and then use the mounting components to lock the board into place in the slot. When locked into place and positioned correctly the board front panel is flush with the chassis front panel. -
Page 13: Inserting A Fortigate-5001A Board
Hardware installation The FortiGate-5001A handles align the board in the chassis slot and are used to insert and eject the board from the slot. The right handle activates a microswitch that turns on or turns off power to the board. If the FortiGate-5001A board is installed in a FortiGate-5140 chassis this is the lower handle. - Page 14 Inserting a FortiGate-5001A board Unlock the right handle by squeezing the handle lock. You do no need to unlock the left handle. Unlock Handle Open the left and right handles to their fully open positions. Alignment Pin Handle Open Lock Insert the FortiGate-5001A board into the empty slot in the chassis.
- Page 15 Hardware installation Table 4: FortiGate-5001A normal operating LEDs If you have installed an AMC module in the FortiGate-5001A board, the AMC LEDs are lit as described in Table 5: FortiGate AMC module normal operating LEDs If the board has not been inserted properly the IPM LED changes to solid blue and all other LEDS turn off.
-
Page 16: Removing A Fortigate-5001A Board
Removing a FortiGate-5001A board Removing a FortiGate-5001A board The following procedure describes how to correctly use the FortiGate-5001A mounting components described in “FortiGate-5001A mounting components” on page 12 to remove a FortiGate-5001A board from an ATCA chassis slot. FortiGate-5001A boards are hot swappable. The procedure for removing a FortiGate-5001A board from a chassis slot is the same whether or not the chassis is powered on. -
Page 17: Resetting A Fortigate-5001A Board
Hardware installation Open the left and right handles to their fully open positions. Pivoting the handles turns off the microswitch, turns off all LEDs, and ejects the board from the chassis slot. You need to use moderate pressure to eject the board. - Page 18 Resetting a FortiGate-5001A board Caution: FortiGate-5001A boards must be protected from static discharge and physical shock. Only handle or work with FortiGate-5001A boards at a static-free workstation. Always wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling FortiGate-5001A boards. Attach the ESD wrist strap to your wrist and to an ESD socket or to a bare metal surface on the chassis or frame.
-
Page 19: Installing And Removing Amc Modules
Hardware installation Installing and removing AMC modules You can install one FortiGate ADM module in the FortiGate-5001A-DW front panel AMC double-width opening. The following FortiGate ADM modules are available: • FortiGate-ADM-XB2, provides 2 accelerated XFP 10 gigabit interfaces. • FortiGate-ADM-FB8, provides 8 accelerated SFP 1 gigabit interfaces. Caution: Do not operate the FortiGate-5001A board with an open AMC opening. -
Page 20: Inserting Amc Slot Fillers
Installing and removing AMC modules Inserting AMC slot fillers Inserting AMC modules The FortiGate-5001A-DW includes one AMC double-width slot filler that must be installed in the double-width AMC slot if you do not have a FortiGate ADM module. Either a filler or an AMC module must be installed for proper cooling air flow. To install an AMC slot filler To complete this procedure, you need: •... -
Page 21: Removing Amc Modules
Insert the FortiGate ADM module into the empty slot in the FortiGate-5001A front panel. Make sure the Fortinet logo on the module front panel is right-side up. The Fortinet logo appears on the upper-right corner of the module front panel. -
Page 22: Troubleshooting
Troubleshooting Troubleshooting FortiGate-5001A does not start up Caution: Because the FortiGate-5001A board does not support hot swapping AMC modules, the FortiGate-5001A board must be disconnected from power and the left handle opened before you remove a FortiGate AMC module. See modules”... -
Page 23: Fortigate-5001A Status Led Is Flashing During System Operation
For details about installing a new firmware image in this way, see the FortiUSB If this does not solve the problem, contact Fortinet Technical Support. FortiGate-5001A status LED is flashing during system operation Normally, the FortiGate-5001A Status LED FortiGate-5001A board is operating normally. - Page 24 FortiGate-5001A board and the AMC module are functioning normally, the front panel LEDs will appear as described in Table 4 on page 15 Table 5 on page If this does not solve the problem, contact Fortinet Technical Support. FortiGate-5001A Security System Guide 01-30000-0438-200800801...
-
Page 25: Quick Configuration Guide
Register your product by visiting Registration. To register, enter your contact information and the serial numbers of the Fortinet products that you or your organization have purchased. You can register multiple Fortinet products in a single session without re-entering your contact information. -
Page 26: Planning The Configuration
Planning the configuration Planning the configuration NAT/Route mode Before beginning to configure your FortiGate-5001A security system, you need to plan how to integrate the system into your network. Your configuration plan depends on the operating mode that you select: NAT/Route mode (the default) or Transparent mode. -
Page 27: Transparent Mode
You would typically deploy a FortiGate-5001A security system in Transparent mode on a private network behind an existing firewall or behind a router. In the default Transparent mode configuration, the FortiGate-5001A security system functions as a firewall. No traffic can pass through the FortiGate-5001A security system until you add firewall policies. -
Page 28: Choosing The Configuration Tool
Choosing the configuration tool Choosing the configuration tool Web-based manager Command Line Interface (CLI) Factory default settings You can use either the web-based manager or the Command Line Interface (CLI) to configure the FortiGate board. The FortiGate-5001A web-based manager is an easy to use management tool. Use the web-based manager to configure the FortiGate-5001A administrator password, the interface addresses, the default gateway, and the DNS server addresses. -
Page 29: Configuring Nat/Route Mode
Quick Configuration Guide Configuring NAT/Route mode Table 8 settings for the FortiGate-5001A security system. You can use one table for each board to configure. Table 8: FortiGate-5001A board NAT/Route mode settings Admin Administrator Password: port1 port2 Default Route DNS Servers Using the web-based manager to configure NAT/Route mode Connect port1 of the FortiGate-5001A board to the same hub or switch as the computer you will use to configure the FortiGate board. -
Page 30: Using The Cli To Configure Nat/Route Mode
Apply. To configure the Default Gateway Go to Router > Static and select Edit icon for the static route. Select the Device that you recorded above. Set Gateway to the Default Gateway IP address that you added to page Select OK. -
Page 31: Configuring Transparent Mode
Configure the primary and secondary DNS server IP addresses to the settings that you added to config system dns Configure the default gateway to the setting that you added to page config router static Configuring Transparent mode Table 9 settings. Table 9: Transparent mode settings... -
Page 32: Using The Cli To Configure Transparent Mode
Configuring Transparent mode Using the CLI to configure Transparent mode To switch from NAT/Route mode to transparent mode Go to System > Status and select the Change link beside Operation Mode: NAT. Set Operation Mode to Transparent. Set the Management IP/Netmask to the settings that you added to page Set the default Gateway to the setting that you added to To change the admin administrator password... -
Page 33: Upgrading Fortigate-5001A Firmware
Quick Configuration Guide Upgrading FortiGate-5001A firmware Fortinet periodically updates the FortiGate-5001A FortiOS firmware to include enhancements and address issues. After you have registered your FortiGate-5001A security system (see page 25) you can download FortiGate-5001A firmware from the support web site http://support.fortinet.com. -
Page 34: Fortigate-5001A Base Backplane Data Communication
FortiGate-5001A base backplane data communication FortiGate-5001A base backplane data communication Enter the following command to copy the firmware image from the TFTP server to the FortiGate-5001A board: execute restore image <name_str> <tftp_ipv4> Where <name_str> is the name of the firmware image file and <tftp_ipv4> is the IP address of the TFTP server. - Page 35 Quick Configuration Guide In a FortiGate-5140 or FortiGate-5050 chassis, FortiGate-5001A base backplane communication requires one or two FortiSwitch-5003 boards. A FortiSwitch-5003 board installed in chassis slot 1 provides communication on the base1 interface. A FortiSwitch-5003 board installed in chassis slot 2 provides communication on the base2 interface.
-
Page 36: Powering Off The Fortigate-5001A Board
Powering off the FortiGate-5001A board Powering off the FortiGate-5001A board To avoid potential hardware problems, always shut down the FortiGate-5001A operating system properly before removing the FortiGate-5001A board from a chassis slot or before powering down the chassis. To power off a FortiGate-5001A board Shut down the FortiGate-5001A operating system: •... -
Page 37: For More Information
Fortinet Tools and Documentation CD All Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current for your product at shipping time. For the latest versions of all Fortinet documentation see the Fortinet Technical Documentation web site at http://docs.forticare.com. - Page 38 © Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.
Need help?
Do you have a question about the FortiGate FortiGate-5001A and is the answer not in the manual?
Questions and answers