Fortinet FortiGate FortiGate-5001FA2 Security System Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate FortiGate-5001FA2
  6. Security system manual
Fortinet FortiGate FortiGate-5001FA2 Security System Manual

Fortinet FortiGate FortiGate-5001FA2 Security System Manual

Fortinet fortigate fortigate-5001fa2: user guide
Hide thumbs Also See for FortiGate FortiGate-5001FA2:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual, Installation Manual
CONSOLE
PWR ACC
A detailed guide to the FortiGate-5001FA2 Security System. This FortiGate-5001FA2 Security System Guide
describes FortiGate-5001FA2 hardware features, how to install the FortiGate-5001FA2 board in a FortiGate-5000
series chassis, how to configure the FortiGate-5001FA2 security system for your network, and contains
troubleshooting information to help you diagnose and fix problems.
The most recent versions of this and all FortiGate-5000 series documents are available from the
page of the
Fortinet Technical Documentation
Visit
http://support.fortinet.com
FortiGate-5001FA2 Security System Guide
01-30000-0379-20080606
S e c u r i t y S y s t e m G u i d e
USB
1
2
web site (http://docs.forticare.com).
to register your FortiGate-5001FA2 system. By registering you can receive product
updates, technical support, and FortiGuard services.
www.fortinet.com
FortiGate-5001FA2
3
4
5
6
7
8
STA IPM
FortiGate-5000

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FortiGate FortiGate-5001FA2 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Fortinet FortiGate FortiGate-5001FA2

Summary of Contents for Fortinet FortiGate FortiGate-5001FA2

  • Page 1 FortiGate-5001FA2 security system for your network, and contains troubleshooting information to help you diagnose and fix problems. The most recent versions of this and all FortiGate-5000 series documents are available from the page of the Fortinet Technical Documentation Visit http://support.fortinet.com updates, technical support, and FortiGuard services.

  • Page 2: Warnings And Cautions

    Some FortiGate-5000 series components may overload your supply circuit and impact your overcurrent protection and supply wiring. Refer to nameplate ratings to address this concern. • Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recommends direct connections to the branch circuit. •...

  • Page 3: Table Of Contents

    Troubleshooting ... 18 FortiGate-5001FA2 does not startup... 18 FortiGate-5001FA2 cannot display chassis information... 20 Quick Configuration Guide ... 21 Registering your Fortinet product ... 21 Planning the configuration ... 21 NAT/Route mode ... 22 Transparent mode ... 22 Choosing the configuration tool ... 23 Web-based manager...
  • Page 4 For more information ... 33 Fortinet documentation ... 33 Fortinet Tools and Documentation CD... 33 Fortinet Knowledge Center ... 33 Comments on Fortinet technical documentation ... 33 Customer service and technical support ... 33 Register your Fortinet product... 33 Contents...

  • Page 5: Fortigate-5001Fa2 Security System

    FortiGate-5001FA2 security system FortiGate-5001FA2 security system The FortiGate-5001FA2 security system is a high-performance FortiGate security system with a total of 8 front panel gigabit ethernet interfaces and two base backplane interfaces. Use the front panel interfaces for connections to your networks and the backplane interfaces for communication between FortiGate-5000 series boards over the FortiGate-5000 chassis backplane.

  • Page 6: Front Panel Leds And Connectors

    The front panel also includes the RS-232 console port for connecting to the FortiOS CLI and a USB port. The USB port can be used with a Fortinet USB key. For information about using the FortiUSB key, see the Firmware and FortiUSB Guide.

  • Page 7: Connectors

    FortiGate-5001FA2 security system Table 1: FortiGate-5001FA2 board LEDs (Continued) 5, 6, 7, 8 Connectors Table 2 Table 2: FortiGate-5001FA2 connectors Connector Type 1 and 2 3 and 4 5, 6, 7, 8 CONSOLE DB-9 Accelerated packet forwarding and policy enforcement FortiGate-5001FA2 Accelerated packet forwarding and policy enforcement results in accelerated small packet performance required for voice, video, and other multimedia streaming applications.

  • Page 8: Fa2 Interfaces And Active-Active Ha Performance

    Base backplane gigabit communication FA2 interfaces and active-active HA performance Base backplane gigabit communication • Session Oriented Traffic with long session lifetime, such as FTP sessions. Packet size does not affect performance for traffic with long session lifetime. For long sessions, processing that would otherwise be handled by the FortiGate-5001FA2 CPUs is off-loaded to the acceleration module.

  • Page 9: Hardware Installation

    Hardware installation Hardware installation Before use, the FortiGate-5001FA2 board must be correctly inserted into an Advanced Telecommunications Computing Architecture (ACTA) chassis such as the FortiGate-5140, FortiGate-5050, or FortiGate-5020 chassis. Before inserting the board into a chassis you should make sure RAM DIMMS are installed and FortiGate-5001FA2 jumpers are set.

  • Page 10: Installing Sfp Transceivers

    Installing SFP transceivers Hardware installation Figure 2: Location of FortiGate-5001FA2 RAM DIMM slots RAM DIMM slots Front Faceplate Insert each RAM DIMM perpendicular to the RAM DIMM slots. Push the DIMM firmly into place using the minimum amount of force required. When the DIMM is properly seated, the socket guide posts click into place.

  • Page 11: Changing Fortigate-5001Fa2 Jumper Settings

    For cage slots 3 to 8, turn each SFP transceiver over before sliding it into the cage slot until it locks into place. Changing FortiGate-5001FA2 jumper settings The JP3 jumper on the FortiGate-5001FA2 board is factory set by Fortinet into one of two positions (see •...
  • Page 12 Changing FortiGate-5001FA2 jumper settings Normally, because the jumpers are factory set, you do not have to change them. However, if you are moving a FortiGate-5001FA2 from a FortiGate-5140 or FortiGate-5050 to a FortiGate-5020 or the reverse, you need to move the JP3 jumper.

  • Page 13: Inserting A Fortigate-5001Fa2 Board Into A Chassis

    Hardware installation To change or verify the JP3 jumper setting To complete this procedure, you need: • A FortiGate-5001FA2 board • A tool for moving jumpers (optional) • An electrostatic discharge (ESD) preventive wrist strap with connection cord Caution: FortiGate-5001FA2 boards must be protected from static discharge and physical shock.

  • Page 14: Before Inserting The Fortigate-5001Fa2 Board In A Chassis

    Inserting a FortiGate-5001FA2 board into a chassis Before inserting the FortiGate-5001FA2 board in a chassis Insertion procedure Figure 4: FortiGate-5001FA2 mounting components Closed Alignment Pin Retention Lock Screw Handle Open Before installing the FortiGate-5001FA2 board in a chassis you should verify that the RAM DIMMs are installed and the JP3 jumper is set correctly.
  • Page 15 Hardware installation Caution: FortiGate-5001FA2 boards must be protected from static discharge and physical shock. Only handle or work with FortiGate-5001FA2 boards at a static-free workstation. Always wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling FortiGate-5001FA2 boards. Attach the ESD wrist strap to your wrist and to an ESD socket or to a bare metal surface on the chassis or frame.
  • Page 16 Inserting a FortiGate-5001FA2 board into a chassis Turn both handles to their fully-closed positions. The handles should hook into the sides of the chassis slot. Closing the handles draws the FortiGate-5001FA2 board into place in the chassis slot and into contact with the chassis backplane.

  • Page 17: Removing A Fortigate-5001Fa2 Board From A Chassis

    Hardware installation Removing a FortiGate-5001FA2 board from a chassis The following procedure describes how to correctly use the FortiGate-5001FA2 mounting components shown in from a FortiGate-5000 series chassis slot. To remove a FortiGate-5001FA2 board from a FortiGate-5000 series chassis FortiGate-5001FA2 boards are hot swappable. The procedure for removing the FortiGate-5001FA2 board from a FortiGate-5000 series chassis slot is the same whether or not the FortiGate-5000 series chassis is powered on.

  • Page 18: Troubleshooting

    Troubleshooting Troubleshooting FortiGate-5001FA2 does not startup Open the left and right handles to their fully open positions. Opening the handles slides the board a short distance out of the slot, disconnecting the board from the chassis backplane. The IPM LED turns blue. All other LEDs turn off. Alignment Pin Handle Handle...
  • Page 19 LEDs are off). If the shelf manager is not functioning normally, you can try removing it from the chassis and reinstalling it. If this does not solve the problem, contact Fortinet Technical Support. If the shelf manager has been removed from the chassis, you should re-install it. If you are planning on operating the chassis without a shelf manager, you can move the FortiGate-5001FA2 JP3 jumper between pins 1 and 2.

  • Page 20: Fortigate-5001Fa2 Cannot Display Chassis Information

    FortiGate-5000 Series Firmware and FortiUSB Guide. If this does not solve the problem, contact Fortinet Technical Support. FortiGate-5001FA2 cannot display chassis information If the FortiGate-5001FA2 board is installed in a FortiGate-5140 or 5050 chassis, if...

  • Page 21: Quick Configuration Guide

    Register your product by visiting Registration. To register, enter your contact information and the serial numbers of the Fortinet products that you or your organization have purchased. You can register multiple Fortinet products in a single session without re-entering your contact information.

  • Page 22: Nat/Route Mode

    Planning the configuration NAT/Route mode Transparent mode In NAT/Route mode, the FortiGate-5001FA2 security system is visible to the networks that it is connected to. Each interface connected to a network must be configured with an IP address that is valid for that network. In many configurations, in NAT/Route mode all of the FortiGate interfaces are on different networks, and each network is on a separate subnet.

  • Page 23: Choosing The Configuration Tool

    You would typically deploy a FortiGate-5001FA2 security system in Transparent mode on a private network behind an existing firewall or behind a router. In the default Transparent mode configuration, the FortiGate-5001FA2 security system functions as a firewall. No traffic can pass through the FortiGate-5001FA2 security system until you add firewall policies.

  • Page 24: Factory Default Settings

    Factory default settings Factory default settings Configuring NAT/Route mode The FortiGate-5001FA2 unit ships with a factory default configuration. The default configuration allows you to connect to and use the FortiGate-5001FA2 web-based manager to configure the FortiGate-5001FA2 board onto the network. To configure the FortiGate-5001FA2 board onto the network you add an administrator password, change the network interface IP addresses, add DNS server IP addresses, and, if required, configure basic routing.

  • Page 25: Using The Web-Based Manager To Configure Nat/Route Mode

    Enter the Primary and Secondary DNS IP addresses that you added to page 24 To configure the Default Gateway Go to Router > Static and select Edit icon for the static route. Select the Device that you recorded above. Set Gateway to the Default Gateway IP address that you added to page Select OK.

  • Page 26: Using The Cli To Configure Nat/Route Mode

    Table 6 on page config system dns set primary <dns-server_ip> set secondary <dns-server_ip> Configure the default gateway to the setting that you added to config router static edit 1 set device <interface_name> set gateway <gateway_ip> Quick Configuration Guide Table 6 on...

  • Page 27: Configuring Transparent Mode

    Quick Configuration Guide Configuring Transparent mode Table 7 settings. Table 7: Transparent mode settings Admin Administrator Password: Management IP Default Route DNS Servers Using the web-based manager to configure Transparent mode Connect port1 of the FortiGate-5001FA2 board to the same hub or switch as the computer you will use to configure the FortiGate board.

  • Page 28: Using The Cli To Configure Transparent Mode

    Table 7 on page config system dns set primary <dns-server_ip> set secondary <dns-server_ip> Fortinet periodically updates the FortiGate-5001FA2 FortiOS firmware to include enhancements and address issues. After you have registered your FortiGate-5001FA2 security system (see page 21) you can download FortiGate-5001FA2 firmware from the support web site http://support.fortinet.com.
  • Page 29 Quick Configuration Guide Under System Information > Firmware Version, select Update. Type the path and filename of the firmware image file, or select Browse and locate the file. Select OK. The FortiGate-5001FA2 board uploads the firmware image file, upgrades to the new firmware version, restarts, and displays the FortiGate login.

  • Page 30: Fortigate-5001Fa2 Base Backplane Data Communication

    FortiGate-5001FA2 base backplane data communication FortiGate-5001FA2 base backplane data communication You can configure the FortiGate-5001FA2 boards for data communications using the two FortiGate-5140, FortiGate-5050, or FortiGate-5020 chassis base backplane interfaces. Note: Different FortiGate-5000 series boards may use different names for the base backplane interfaces.

  • Page 31: Powering Off The Fortigate-5001Fa2 Board

    Quick Configuration Guide Figure 9: FortiGate-5001FA2 interface list with backplane interfaces enabled To enable base backplane data communication from the FortiGate-5001FA2 From the FortiGate-5001FA2 board CLI you can use the following steps to enable base backplane data communication. Enter the following command to show the backplane interfaces: config system global The port9 and port10 backplane interfaces now appear in all Interface lists.
  • Page 32 Powering off the FortiGate-5001FA2 board Quick Configuration Guide FortiGate-5001FA2 Security System Guide 01-30000-0379-20080606...

  • Page 33: For More Information

    Fortinet Tools and Documentation CD All Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current for your product at shipping time. For the latest versions of all Fortinet documentation see the Fortinet Technical Documentation web site at http://docs.forticare.com.
  • Page 34 © Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.

Table of Contents