Summary of Contents for Fortinet FortiGate FortiGate-5001SX
Page 1
The most recent versions of this and all FortiGate-5000 series documents are available from the page of the Fortinet Technical Documentation Visit http://support.fortinet.com to register your FortiGate-5001SX system. By registering you can receive product updates, technical support, and FortiGuard services.
Some FortiGate-5000 series components may overload your supply circuit and impact your overcurrent protection and supply wiring. Refer to nameplate ratings to address this concern. • Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recommends direct connections to the branch circuit. •...
Troubleshooting ... 19 FortiGate-5001SX does not startup ... 19 FortiGate-5001SX cannot display chassis information ... 21 Quick Configuration Guide ... 23 Registering your Fortinet product ... 23 Planning the configuration ... 23 NAT/Route mode ... 24 Transparent mode ... 24 Choosing the configuration tool ...
Page 4
For more information ... 35 Fortinet documentation ... 35 Fortinet Tools and Documentation CD... 35 Fortinet Knowledge Center ... 35 Comments on Fortinet technical documentation ... 35 Customer service and technical support ... 35 Register your Fortinet product... 35 Contents...
FortiGate-5001SX security system FortiGate-5001SX security system The FortiGate-5001SX security system is a high-performance FortiGate security system with a total of 8 front panel Gigabit ethernet interfaces and two base backplane interfaces. Use the front panel interfaces for connections to your networks and the backplane interfaces for communication between FortiGate-5000 series modules over the FortiGate-5000 chassis backplane.
The front panel also includes the RS-232 console port for connecting to the FortiOS CLI and a USB port. The USB port can be used with a Fortinet USB key. For information about using the FortiUSB key, see the Firmware and FortiUSB Guide.
FortiGate-5001SX security system Table 1: FortiGate-5001SX LEDs (Continued) 5, 6, 7, 8 Connectors Table 2 Table 2: FortiGate-5001SX connectors Connector Type 1, 2, 3, 4 5, 6, 7, 8 CONSOLE DB-9 Base backplane gigabit interfaces The FortiGate-5001SX port9 and port10 base backplane gigabit interfaces can be used for HA heartbeat communication between FortiGate-5001SX modules installed in the same or in different FortiGate-5000 chassis.
Page 8
Base backplane gigabit interfaces FortiGate-5001SX security system FortiGate-5001SX Security System Guide 01-30000-0380-20070201...
Hardware installation Hardware installation Before use, the FortiGate-5001SX module must be correctly inserted into a FortiGate-5140, FortiGate-5050, or FortiGate-5020 chassis. Before inserting the module into a chassis you should make sure RAM DIMMS are installed and FortiGate-5001SX jumpers are set. SFP transceivers must also be installed for interfaces 1 to 4 before these interfaces can be connected to network devices.
Page 10
RAM DIMMs Hardware installation Figure 2: Location of FortiGate-5001SX RAM DIMM slots RAM DIMM slots Front Faceplate Insert each RAM DIMM perpendicular to the RAM DIMM slots. Push the DIMM firmly into place using the minimum amount of force required. When the DIMM is properly seated, the socket guide posts click into place.
Hardware installation Installing SFP transceivers The FortiGate-5001SX module ships with four SFP transceivers that you must install for normal operation of the FortiGate-5001SX module. The SFP transceivers are inserted into cage sockets numbered 1 to 4 on the FortiGate-5001SX front panel. You can install the SFP transceivers before or after inserting the FortiGate-5001SX module into a FortiGate chassis.
Changing FortiGate-5001SX jumper settings Changing FortiGate-5001SX jumper settings The JP3 jumper on the FortiGate-5001SX module is factory set by Fortinet into one of two positions (see Figure 3 on page • For a FortiGate-5140 or FortiGate-5050 chassis, the jumper connects pins 2 and 3 •...
Page 13
Hardware installation If you have installed the FortiGate-5001SX module in a chassis, remove it. For removal instructions, see chassis” on page Figure 3 If required, carefully move the jumper to the correct setting. You can now insert the module into a chassis and verify that it is operating correctly.
Inserting a FortiGate-5001SX module into a chassis Inserting a FortiGate-5001SX module into a chassis The following procedure describes how to correctly use the FortiGate-5001SX mounting components shown in Figure 4 into a FortiGate-5000 series chassis slot. The FortiGate-5001SX module left extraction lever contacts to a hidden power switch.
Hardware installation Before inserting the FortiGate-5001SX module in a chassis Before installing the FortiGate-5001SX module in a chassis you should verify that the RAM DIMMs are installed and the JP3 jumper is set correctly. You can also install the SFP transceivers before inserting the module. •...
Page 16
Inserting a FortiGate-5001SX module into a chassis Open the left and right extraction levers to their fully open positions. Alignment Pin Open Left Extraction Left Extraction Lever Insert the FortiGate-5001SX module into the empty slot in the chassis. Carefully guide the module into the chassis using the rails in the slot. Insert the module by applying moderate force to the front faceplate (not the extraction levers) to slide the module into the slot.
Hardware installation Fully tighten the left extraction lever locking screw to lock the left extraction lever. Mounting Knot Fully tighten the left and right mounting knots to lock the FortiGate-5001SX module into position in the chassis slot. If the chassis is powered on the PWR LED turns green and the STA LED turns RED.
Page 18
Removing a FortiGate-5001SX module from a chassis Caution: FortiGate-5001SX modules must be protected from static discharge and physical shock. Only handle or work with FortiGate-5001SX modules at a static-free workstation. Always wear a grounded electrostatic discharge (ESD) preventive wrist or ankle strap when handling FortiGate-5001SX modules.
Hardware installation Turn both extraction levers to their fully-closed positions. Alignment Pin Left Extraction Fully tighten the left extraction lever locking screw to lock the left extraction lever. Tighten Carefully slide the module completely out of the slot. Troubleshooting This section describes the following troubleshooting topics: •...
Page 20
LEDs are off). If the shelf manager is not functioning normally, you can try removing it from the chassis and reinstalling it. If this does not solve the problem, contact Fortinet Technical Support. If the shelf manager has been removed from the chassis, you should re-install it. If you are planning on operating the chassis without a shelf manager, you can move the FortiGate-5001SX JP3 jumper between pins 1 and 2.
BIOS startup and install a new firmware image. For details about installing a new firmware image in this way, see the FortiUSB If this does not solve the problem, contact Fortinet Technical Support. FortiGate-5001SX cannot display chassis information If the FortiGate-5001SX module is installed in a FortiGate-5140 or 5050 chassis, if...
Page 22
Troubleshooting Hardware installation FortiGate-5001SX Security System Guide 01-30000-0380-20070201...
Register your product by visiting Registration. To register, enter your contact information and the serial numbers of the Fortinet products that you or your organization have purchased. You can register multiple Fortinet products in a single session without re-entering your contact information.
Planning the configuration NAT/Route mode Transparent mode In NAT/Route mode, the FortiGate-5001SX security system is visible to the networks that it is connected to. Each interface connected to a network must be configured with an IP address that is valid for that network. In many configurations, in NAT/Route mode all of the FortiGate interfaces are on different networks, and each network is on a separate subnet.
You would typically deploy a FortiGate-5001SX security system in Transparent mode on a private network behind an existing firewall or behind a router. In the default Transparent mode configuration, the FortiGate-5001SX security system functions as a firewall. No traffic can pass through the FortiGate-5001SX security system until you add firewall policies.
Factory default settings Command Line Interface (CLI) Factory default settings The CLI is a full-featured management tool. Use it to configure the administrator password, the interface addresses, the default gateway, and the DNS server addresses. Requirements: • The serial connector that came packaged with your FortiGate-5001SX module. •...
Quick Configuration Guide Configuring NAT/Route mode Table 6 settings for the FortiGate-5001SX security system. You can use one table for each module to configure. Table 6: FortiGate-5001SX module NAT/Route mode settings Admin Administrator Password: port1 port2 port3 port4 port5 port6 port7 port8 Default Route...
Apply. To configure the Default Gateway Go to Router > Static and select Edit icon for the static route. Select the Device that you recorded above. Set Gateway to the Default Gateway IP address that you added to page Select OK.
Configure the primary and secondary DNS server IP addresses to the settings that you added to config system dns Configure the default gateway to the setting that you added to config router static Configuring Transparent mode Table 7 settings. Table 7: Transparent mode settings...
Configuring Transparent mode Using the CLI to configure Transparent mode Configure the management computer to be on the same subnet as the port1 interface of the FortiGate-5001SX module. To do this, change the IP address of the management computer to 192.168.1.2 and the netmask to 255.255.255.0. To access the FortiGate web-based manager, start Internet Explorer and browse to https://192.168.1.99 (remember to include the “s”...
Configure the primary and secondary DNS server IP addresses to the settings that you added to config system dns Upgrading FortiGate-5001SX firmware Fortinet periodically updates the FortiGate-5001SX FortiOS firmware to include enhancements and address issues. After you have registered your FortiGate-5001SX security system (see page 23) you can download FortiGate-5001SX firmware from the support web site http://support.fortinet.com.
FortiGate-5001SX base backplane data communication FortiGate-5001SX base backplane data communication Make sure the FortiGate module can connect to the TFTP server. You can use the following command to ping the computer running the TFTP server. For example, if the IP address of the TFTP server is 192.168.1.168: execute ping 192.168.1.168 Enter the following command to copy the firmware image from the TFTP server to the FortiGate-5001SX module:...
Quick Configuration Guide In a FortiGate-5140 or FortiGate-5050 chassis, FortiGate-5001SX base backplane communication requires one or two FortiSwitch-5003 modules. A FortiSwitch-5003 module installed in chassis slot 1 provides communication on the port9 interface. A FortiSwitch-5003 module installed in chassis slot 2 provides communication on the port10 interface.
Page 34
Powering off the FortiGate-5001SX module Quick Configuration Guide FortiGate-5001SX Security System Guide 01-30000-0380-20070201...
Fortinet Tools and Documentation CD All Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current for your product at shipping time. For the latest versions of all Fortinet documentation see the Fortinet Technical Documentation web site at http://docs.forticare.com.
Need help?
Do you have a question about the FortiGate FortiGate-5001SX and is the answer not in the manual?
Questions and answers