Fortinet FortiGate FortiGate-5005FA2 Security System Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate FortiGate-5005FA2
  6. Security system manual
Fortinet FortiGate FortiGate-5005FA2 Security System Manual

Fortinet FortiGate FortiGate-5005FA2 Security System Manual

Fortinet fortigate fortigate-5005fa2: user guide
Hide thumbs Also See for FortiGate FortiGate-5005FA2:
Table of Contents

Advertisement

Quick Links

Download this manual
ACT
LINK
ACT
LINK
CONSOLE
A detailed guide to the features and capabilities FortiGate-5005FA2 Security System. This FortiGate-5005FA2
Security System Guide describes FortiGate-5005FA2 hardware features, how to install the FortiGate-5005FA2
module in a FortiGate-5000 series chassis, how to configure the FortiGate-5005FA2 security system for your
network, and contains troubleshooting information to help you diagnose and fix problems.
The most recent versions of this and all FortiGate-5000 series documents are available from the
page of the
Fortinet Technical Documentation
Visit
http://support.fortinet.com
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201
S e c u r i t y S y s t e m G u i d e
USB
USB
1
2
OOS
ACC
STATUS
web site (http://docs.forticare.com).
to register your FortiGate-5005FA2 system. By registering you can receive product
updates, technical support, and FortiGuard services.
www.fortinet.com
FortiGate-5005FA2
3
4
5
7
8
6
IPM
FortiGate-5000

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FortiGate FortiGate-5005FA2 and is the answer not in the manual?

Questions and answers

Related Manuals for Fortinet FortiGate FortiGate-5005FA2

Summary of Contents for Fortinet FortiGate FortiGate-5005FA2

  • Page 1 The most recent versions of this and all FortiGate-5000 series documents are available from the page of the Fortinet Technical Documentation Visit http://support.fortinet.com to register your FortiGate-5005FA2 system. By registering you can receive product updates, technical support, and FortiGuard services.

  • Page 2: Warnings And Cautions

    Some FortiGate-5000 series components may overload your supply circuit and impact your overcurrent protection and supply wiring. Refer to nameplate ratings to address this concern. • Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recommends direct connections to the branch circuit. •...

  • Page 3: Table Of Contents

    Removing a FortiGate-5005FA2 module... 13 Troubleshooting ... 15 FortiGate-5005FA2 does not start up... 15 Quick Configuration Guide ... 17 Registering your Fortinet product ... 17 Planning the configuration ... 17 NAT/Route mode ... 18 Transparent mode ... 18 Choosing the configuration tool ... 19 Web-based manager...
  • Page 4 For more information ... 29 Fortinet documentation ... 29 Fortinet Tools and Documentation CD... 29 Fortinet Knowledge Center ... 29 Comments on Fortinet technical documentation ... 29 Customer service and technical support ... 29 Register your Fortinet product... 29 Contents...

  • Page 5: Fortigate-5005Fa2 Security System

    FortiGate-5005FA2 security system FortiGate-5005FA2 security system The FortiGate-5005FA2 security system is a high-performance FortiGate security system with a total of 8 front panel Gigabit ethernet interfaces, two base backplane interfaces, and two fabric backplane interfaces. Use the front panel interfaces for connections to your networks and the backplane interfaces for communication between FortiGate-5000 series modules over the FortiGate-5000 chassis backplane.

  • Page 6: Front Panel Leds And Connectors

    The front panel also includes the RJ-45 console port for connecting to the FortiOS CLI and two USB ports. The USB ports can be used with a Fortinet USB key. For information about using the FortiUSB key, see the Series Firmware and FortiUSB Guide.

  • Page 7: Connectors

    FortiGate-5005FA2 security system Table 1: FortiGate-5005FA2 module LEDs (Continued) 1, 2, 3, 4, 5, 6, 7, 8 Connectors Table 2 Table 2: FortiGate-5005FA2 connectors Connector Type 1, 2, 3, 4, 5, 6 7, 8 CONSOLE RJ-45 Accelerated packet forwarding and policy enforcement FortiGate-5005FA2 Accelerated packet forwarding and policy enforcement results in accelerated small packet performance required for voice, video, and other multimedia streaming applications.

  • Page 8: Fa2 Interfaces And Active-Active Ha Performance

    Base backplane gigabit communication FA2 interfaces and active-active HA performance Base backplane gigabit communication FortiGate-5005-DIST security system • Session Oriented Traffic with long session lifetime, such as FTP sessions. Packet size does not affect performance for traffic with long session lifetime. For long sessions, processing that would otherwise be handled by the FortiGate-5005FA2 CPUs is off-loaded to the acceleration module.

  • Page 9: Hardware Installation

    Hardware installation Hardware installation Before use, the FortiGate-5005FA2 module must be correctly inserted into a FortiGate-5140, FortiGate-5050, or FortiGate-5020 chassis. SFP transceivers must also be installed before the FortiGate-5005FA2 module can be connected to network devices. This section describes: • Installing SFP transceivers •...

  • Page 10: Installing Fortigate-5005Fa2 Modules

    Installing FortiGate-5005FA2 modules Installing FortiGate-5005FA2 modules Caution: Handling the SFP transceivers by holding the release latch can damage the connector. Do not force the SFP transceivers into the cage slots. If the transceiver does not easily slide in and click into place, it may not be aligned correctly. If this happens, remove the SFP transceiver, realign it and slide it in again.

  • Page 11: Insertion Procedure

    Hardware installation Insertion procedure FortiGate-5005FA2 modules are hot swappable. The procedure for inserting the FortiGate-5005FA2 module into a FortiGate-5000 series chassis slot is the same whether or not the FortiGate-5000 series chassis is powered on or not. To insert a FortiGate-5005FA2 module into a FortiGate-5000 series chassis Caution: Do not carry the FortiGate-5005FA2 module by holding the extraction levers.
  • Page 12 Installing FortiGate-5005FA2 modules Carefully guide the module into the chassis using the rails in the slot. Insert the module by applying moderate force to the front faceplate (not the extraction levers) to slide the module into the slot. The module should glide smoothly into the chassis.

  • Page 13: Removing A Fortigate-5005Fa2 Module

    Hardware installation Fully tighten the left and right mounting knots to lock the FortiGate-5005FA2 module into position in the chassis slot. Mounting Knot Removing a FortiGate-5005FA2 module The following procedure describes how to correctly use the FortiGate-5005FA2 mounting components shown in from a FortiGate-5000 series chassis slot.
  • Page 14 Removing a FortiGate-5005FA2 module Fully loosen the mounting knots on the left and right sides of the FortiGate-5005FA2 front panel. Mounting Knot Loosen Unlock the left and right extraction levers by squeezing the extraction lever locks. Open the left and right extraction levers to their fully open positions. Opening the extraction levers slides the module a short distance out of the slot, disconnecting the module from the chassis backplane.

  • Page 15: Troubleshooting

    If the BIOS starts up, interrupt the BIOS startup and install a new firmware image. For details about installing a new firmware image in this way, see the If this does not solve the problem, contact Fortinet Technical Support. FortiGate-5005FA2 Security System Guide 01-30000-0377-20070201...
  • Page 16 Troubleshooting Hardware installation FortiGate-5005FA2 Security System Guide 01-30000-0377-20070201...

  • Page 17: Quick Configuration Guide

    Register your product by visiting Registration. To register, enter your contact information and the serial numbers of the Fortinet products that you or your organization have purchased. You can register multiple Fortinet products in a single session without re-entering your contact information.

  • Page 18: Nat/Route Mode

    Planning the configuration NAT/Route mode Transparent mode In NAT/Route mode, the FortiGate-5005FA2 security system is visible to the networks that it is connected to. Each interface connected to a network must be configured with an IP address that is valid for that network. In many configurations, in NAT/Route mode all of the FortiGate interfaces are on different networks, and each network is on a separate subnet.

  • Page 19: Choosing The Configuration Tool

    You would typically deploy a FortiGate-5005FA2 security system in Transparent mode on a private network behind an existing firewall or behind a router. In the default Transparent mode configuration, the FortiGate-5005FA2 security system functions as a firewall. No traffic can pass through the FortiGate-5005FA2 security system until you add firewall policies.

  • Page 20: Command Line Interface (Cli)

    Factory default settings Command Line Interface (CLI) Factory default settings The CLI is a full-featured management tool. Use it to configure the administrator password, the interface addresses, the default gateway, and the DNS server addresses. Requirements: • The serial connector that came packaged with your FortiGate-5005FA2 module.

  • Page 21: Configuring Nat/Route Mode

    Quick Configuration Guide Configuring NAT/Route mode Table 5 settings for the FortiGate-5005FA2 security system. You can use one table for each module to configure. Table 5: FortiGate-5005FA2 module NAT/Route mode settings Admin Administrator Password: port1 port2 port3 port4 port5 port6 port7 port8 Default Route...

  • Page 22: Using The Cli To Configure Nat/Route Mode

    Apply. To configure the Default Gateway Go to Router > Static and select Edit icon for the static route. Select the Device that you recorded above. Set Gateway to the Default Gateway IP address that you added to page Select OK.

  • Page 23: Configuring Transparent Mode

    Configure the primary and secondary DNS server IP addresses to the settings that you added to config system dns Configure the default gateway to the setting that you added to config router static Configuring Transparent mode Table 6 settings. Table 6: Transparent mode settings...

  • Page 24: Using The Cli To Configure Transparent Mode

    Configuring Transparent mode Using the CLI to configure Transparent mode Configure the management computer to be on the same subnet as the port1 interface of the FortiGate-5005FA2 module. To do this, change the IP address of the management computer to 192.168.1.2 and the netmask to 255.255.255.0. To access the FortiGate web-based manager, start Internet Explorer and browse to https://192.168.1.99 (remember to include the “s”...

  • Page 25: Upgrading Fortigate-5005Fa2 Firmware

    Configure the primary and secondary DNS server IP addresses to the settings that you added to config system dns Upgrading FortiGate-5005FA2 firmware Fortinet periodically updates the FortiGate-5005FA2 FortiOS firmware to include enhancements and address issues. After you have registered your FortiGate-5005FA2 security system (see page 17) you can download FortiGate-5005FA2 firmware from the support web site http://support.fortinet.com.

  • Page 26: Fortigate-5005Fa2 Base Backplane Data Communication

    FortiGate-5005FA2 base backplane data communication FortiGate-5005FA2 base backplane data communication Make sure the FortiGate module can connect to the TFTP server. You can use the following command to ping the computer running the TFTP server. For example, if the IP address of the TFTP server is 192.168.1.168: execute ping 192.168.1.168 Enter the following command to copy the firmware image from the TFTP server to the FortiGate-5005FA2 module:...
  • Page 27 Quick Configuration Guide In a FortiGate-5140 or FortiGate-5050 chassis, FortiGate-5005FA2 base backplane communication requires one or two FortiSwitch-5003 modules. A FortiSwitch-5003 module installed in chassis slot 1 provides communication on the base1 interface. A FortiSwitch-5003 module installed in chassis slot 2 provides communication on the base2 interface.

  • Page 28: Powering Off The Fortigate-5005Fa2 Module

    Powering off the FortiGate-5005FA2 module Powering off the FortiGate-5005FA2 module To avoid potential hardware problems, always shut down the FortiGate-5005FA2 operating system properly before removing the FortiGate-5005FA2 module from a chassis slot or before powering down the chassis. To power off a FortiGate-5005FA2 module Shut down the FortiGate-5005FA2 operating system: •...

  • Page 29: For More Information

    Fortinet Tools and Documentation CD All Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current for your product at shipping time. For the latest versions of all Fortinet documentation see the Fortinet Technical Documentation web site at http://docs.forticare.com.
  • Page 30 © Copyright 2007 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.

Table of Contents