Fortinet FortiGate FortiGate-5005-DIST Getting Started
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate FortiGate-5005-DIST
  6. Getting started
Fortinet FortiGate FortiGate-5005-DIST Getting Started

Fortinet FortiGate FortiGate-5005-DIST Getting Started

Fortinet fortigate fortigate-5005-dist: user guide
Hide thumbs Also See for FortiGate FortiGate-5005-DIST:
Table of Contents

Advertisement

Quick Links

Download this manual
13
11
9
7
5
3
FABRIC
FABRIC
FABRIC
BASE
BASE
BASE
FILTER
0
1
FA N TR AY
This FortiGate-5005-DIST Security System Getting Started describes how to install FortiGate-5005-DIST security
system hardware components and how to configure a FortiGate-5005-DIST system onto your network.
The most recent versions of this and all FortiGate-5000 series documents are available from the
page of the
Fortinet Technical Documentation
Visit
http://support.fortinet.com
FortiGate-5005-DIST Security System Getting Started
01-30000-0414-20070615
FortiGate-5005-DIST Security System
5140SAP
SERIAL 1
SERIAL 2
ALARM
5140
1
2
4
6
8
10
FABRIC
FABRIC
FABRIC
BASE
BASE
BASE
2
FA N T R AY
FA N T R AY
web site (http://docs.forticare.com).
to register your FortiGate-5005-DIST Security System. By registering you can receive
product updates, technical support, and FortiGuard services.
G e t t i n g S t a r t e d
12
14
ACT
LINK
5
ACT
LINK
ACT
LINK
4
ACT
LINK
ETH0 ETH1
ACT
LINK
ETH0
3
Service
ACT
RESET
LINK
STATUS
ACT
Hot Swap
LINK
2
ACT
LINK
1 2
1
ETH0 ETH1
ETH0
Service
5000SM
SMC
RESET
10/100
link/Act
2
10/100
STATUS
link/Act
Hot Swap
www.fortinet.com
USB
USB
1
2
3
4
5
6
CONSOLE
OOS
ACC
STATUS
USB
USB
1
2
3
4
5
6
CONSOLE
OOS
ACC
STATUS
USB
USB
1
2
3
4
5
6
CONSOLE
OOS
ACC
STATUS
USB
USB
1
2
3
4
5
6
CONSOLE
OOS
ACC
STATUS
DATA
CONTROL
X 1
X 2
1
5
9
13
1
5
9
13
1
2
6
10
14
2
6
10
14
2
X 1
1/2
3/4
D15/D16
C15/C16
3
7
11
D
15
3
7
11
C
15
3
X 2
4
8
12
D
16
4
8
12
C
16
4
10/100/1000 MBPS ETHERNET ACTIVITY
STATUS
PAYLOAD OPERATION
5050SAP
SERIAL
SERIAL
1
2
7
8
IPM
7
8
IPM
7
8
IPM
7
8
POWER
IPM
MANAGEMENT
COM 1
COM 2
IPM
5000SM
SMC
10/100
link/Act
1
10/100
link/Act
FortiGate-5000

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FortiGate FortiGate-5005-DIST and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Fortinet FortiGate FortiGate-5005-DIST

Summary of Contents for Fortinet FortiGate FortiGate-5005-DIST

  • Page 1 FortiGate-5005-DIST system onto your network. The most recent versions of this and all FortiGate-5000 series documents are available from the page of the Fortinet Technical Documentation Visit http://support.fortinet.com to register your FortiGate-5005-DIST Security System. By registering you can receive product updates, technical support, and FortiGuard services.

  • Page 2: Warnings And Cautions

    Some FortiGate-5000 series components may overload your supply circuit and impact your overcurrent protection and supply wiring. Refer to nameplate ratings to address this concern. • Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recommends direct connections to the branch circuit. •...

  • Page 3: Table Of Contents

    Contents Contents Warnings and cautions ... 2 The FortiGate-5005-DIST Security System ... 5 Basic FortiGate security system configuration ... 5 FortiController-5208 I/O modules... 6 FortiGate-5005FA2 worker modules ... 7 FortiGate-5005-DIST security system chassis... 7 FortiGate-5140 chassis ... 8 FortiGate-5050 chassis ... 8 FortiGate-5005-DIST interface names...
  • Page 4 Fortinet documentation ... 39 Fortinet Tools and Documentation CD... 39 Fortinet Knowledge Center ... 39 Comments on Fortinet technical documentation ... 39 Customer service and technical support ... 39 Register your Fortinet product... 39 FortiGate-5005-DIST Security System Version 3.0 MR2 Getting Started...

  • Page 5: The Fortigate-5005-Dist Security System

    The FortiGate-5005-DIST Security System The FortiGate-5005-DIST Security System The FortiGate-5005-DIST security system is very similar to a single FortiGate unit, but with much higher capacity and with support for failover protection and scalability. The FortiGate-5005-DIST security system consists of a FortiGate-5050 or FortiGate-5140 chassis with one or two Input/Output or I/O modules (FortiController-5208 modules) and one or more worker modules (FortiGate-5005FA2 modules running in DIST mode).

  • Page 6: Forticontroller-5208 I/O Modules

    FortiController-5208 I/O modules FortiController-5208 I/O modules Figure 1: Example basic FortiGate-5005-DIST security system Internet X2 (port1_X2) 204.23.1.5 LINK LINK CONSOLE STATUS NAT mode policies LINK LINK CONSOLE STATUS controlling 10G traffic LINK LINK CONSOLE between internal and STATUS LINK LINK CONSOLE external networks.

  • Page 7: Fortigate-5005Fa2 Worker Modules

    The FortiGate-5005-DIST Security System FortiGate-5005FA2 worker modules The FortiGate-5005FA2 security system serves as the worker module for the FortiGate-5005-DIST security system. Worker modules are identically configured and administered as a single unit from the primary I/O module. Workers are typically installed in slots 3 and above, though FortiGate-5005FA2 security systems with only one I/O module can also have a worker installed in slot 2.

  • Page 8: Fortigate-5005-Dist Security System Chassis

    FortiGate-5005-DIST security system chassis FortiGate-5005-DIST security system chassis FortiGate-5140 chassis FortiGate-5005-DIST security systems can be installed in FortiGate-5050 or FortiGate-5140 chassis. You can install one or two I/O modules in slot 1 and 2 of the FortiGate-5140 ATCA chassis. You can also install up to 12 worker modules in slots 3 to 14 if two I/O modules are used, or up to 13 worker modules in slots 2 to 14 if one I/O module is used.

  • Page 9: Fortigate-5050 Chassis

    The FortiGate-5005-DIST Security System FortiGate-5050 chassis You can install one or two I/O modules in slot 1 and 2 of the FortiGate-5050 ATCA chassis. You can also install up to three worker modules in slots 3 to 5 if two I/O modules are being used, or four worker modules in slots 2 to 5 if one I/O module is used.
  • Page 10 FortiGate-5005-DIST interface names Table 1: FortiGate-5005-DIST interface naming FortiController-5208 FortiController-5208 front location panel interface names Primary FortiController-5208 module installed in chassis slot 1 Management Secondary FortiController-5208 module installed in chassis slot 2 Management FortiGate-5005-DIST Security System Getting Started The FortiGate-5005-DIST Security System Web-based manager and CLI interface names port1_X1...

  • Page 11: Installing Hardware Components

    Installing hardware components Installing hardware components This section provides the information you need to install FortiGate-5005-DIST hardware components and to make sure that they are all functioning properly. Once you have completed the procedures in this chapter, you can configure the FortiGate-5005-DIST system onto your network using the procedures in Configuration Guide”...

  • Page 12: Installing The Chassis

    Installing the chassis Installing the chassis Installing FortiController-5208 modules • One or more FortiGate-5005-DIST worker modules • An electrostatic discharge (ESD) preventive wrist or ankle strap with connection cord The procedures in this chapter reference detailed hardware install information available in the following documents. You should have these documents available before installing your FortiGate-5005-DIST security system.

  • Page 13: Connecting To The Forticontroller-5208 Cli Or Web-Based Manager

    Installing hardware components Installing FortiController-5208 modules This procedure describes how to install one or two FortiController-5208 modules in a FortiGate-5005-DIST chassis. This procedure also describes how to confirm that the front panel LEDs indicate that the FortiController-5208 modules are operating normally. To install the FortiController-5208 modules Insert the FortiController-5208 module into chassis slot 1.

  • Page 14: Configuring The Primary I/O Module

    You could also try connecting to the web-based manager using the following procedure. If you still cannot connect, contact Fortinet Support. To connect to the FortiController-5208 web-based manager You can confirm that the FortiController-5208 module is operating normally if you can connect to the web-based manager using the Management front panel Ethernet interface.

  • Page 15: Installing Fortigate-5005Fa2 Worker Modules

    Installing hardware components This section also contains an optional procedure for enabling bridge mode. Bridge mode provides fail open protection for the FortiGate-5005-DIST system. If you enable bridge mode, the FortiController-5208 modules will function similar to network hubs and continue to pass traffic if all FortiGate-5005FA2 modules fail. To configure the primary I/O module Connect to the CLI of the FortiController-5208 module installed in slot 1.

  • Page 16: Installing Fortigate-5005Fa2 Modules

    Installing FortiGate-5005FA2 worker modules Installing FortiGate-5005FA2 modules FortiGate-5005FA2 modules can operate in normal mode or in DIST mode depending on the firmware installed on the module. A FortiGate-5005FA2 module must be running DIST mode firmware before it can join a FortiGate-5005-DIST system.
  • Page 17 Installing hardware components Verifying that FortiGate-5005FA2 modules can communicate with the primary I/O module From the primary I/O module CLI or web-based manager you can display information about the status of the FortiGate-5005FA2 modules that are operating in DIST mode. If the FortiGate-5005FA2 modules are operating in normal mode they are not visible from primary I/O module CLI or web-based manager.
  • Page 18 Installing FortiGate-5005FA2 worker modules Figure 6: FortiController-5208 I/O module system status Check to see if the installed FortiGate-5005FA2 modules appear in the Blade Type list on the dashboard. Each FG5005 entry in the list indicates a FortiGate-5005FA2 module that has successfully connected to the primary I/O module and become worker a module in the DIST configuration.

  • Page 19: Installing Dist Firmware On A Fortigate-5005Fa2 Module

    FortiGate-5005FA2 module from the primary I/O module CLI or web-based manager. If the FortiGate-5005FA2 module does not appear on the primary I/O module CLI or web-based manager after a few minutes, contact Fortinet Support. • If the login: prompt appears after the system starts, the FortiGate-5005FA2 module is operating with standard firmware.
  • Page 20 I/O module. Check to make sure the primary I/O module is installed and configured correctly. If this does not solve the problem, contact Fortinet Support. • If the login: prompt appears, the FortiGate-5005FA2 module is still running...

  • Page 21: Quick Configuration Guide

    Quick Configuration Guide Quick Configuration Guide This section is a quick start guide to configuring a FortiGate-5005-DIST security system for your network. Before using this section: • Your FortiGate-5000 series chassis should be mounted and connected to your power system •...

  • Page 22: Nat/Route Mode

    Planning the configuration NAT/Route mode In NAT/Route mode, the FortiGate security system is visible to the networks that it is connected to. Each interface connected to a network must be configured with an IP address that is valid for that network. In many configurations, in NAT/Route mode all of the FortiGate security system interfaces are on different networks, and each network is on a separate subnet.

  • Page 23: Transparent Mode

    FortiGuard Distribution Network (FDN). You would typically deploy a FortiGate security system in Transparent mode on a private network behind an existing firewall or behind a router. In the default Transparent mode configuration, the FortiGate security system functions as a firewall.

  • Page 24: Command Line Interface (Cli)

    Factory default settings Command Line Interface (CLI) Factory default settings Requirements: • An Ethernet connection between the FortiController-5208 module and management computer. • Internet Explorer 6.0 or higher on the management computer. The CLI is a full-featured management tool. Use it to configure the administrator password, the interface addresses, the default gateway, and the DNS server addresses.

  • Page 25: Configuring Nat/Route Mode

    Quick Configuration Guide Configuring NAT/Route mode Table 5 settings for the FortiGate-5005-DIST security system. You can use one table to record the configuration of each FortiController-5208 module. Table 5: FortiGate-5005-DIST module NAT/Route mode settings Admin Administrator Password: X1 (port1_X1) X2 (port1_X1) 1 (port1_1) 2 (port1_2) 3 (port1_3)

  • Page 26: Using The Web-Based Manager To Configure Nat/Route Mode

    Enter the Primary and Secondary DNS IP addresses as required and select Apply. To configure the Default Gateway Go to Router > Static and select Edit icon for the static route. Select the Device that you recorded in Set Gateway to the Default Gateway IP address you recorded in Select OK.
  • Page 27 Repeat to configure each interface as required, for example, to configure the port1_X2 interface. config system interface Configure the primary and secondary DNS server IP addresses. config system dns Configure the default gateway. config router static FortiGate-5005-DIST Security System Getting Started 01-30000-0414-20070615 edit mng set ip <intf_ip>/<netmask_ip> exit...

  • Page 28: Configuring Transparent Mode

    Configuring Transparent mode Configuring Transparent mode Using the web-based manager to configure Transparent mode Table 6 to gather the information you need to customize Transparent mode settings. Table 6: Transparent mode settings Admin Administrator Password: Netmask: Management IP The management IP address and netmask must be valid for the network where you will manage the FortiGate unit.

  • Page 29: Using The Cli To Configure Transparent Mode

    Quick Configuration Guide To change the management interface address Go to Worker Blade > System > Config > Operation. Enter the Management IP address and netmask that you recorded above and select Apply. When complete, select I/O Blade to return to the FortiController-5208 interface. To configure the Primary and Secondary DNS server IP addresses Go to System >...

  • Page 30: Powering Off The Fortigate-5005-Dist System

    Powering off the FortiGate-5005-DIST system Powering off the FortiGate-5005-DIST system To avoid potential hardware problems or data loss, always shut down the modules before powering down the chassis. Note: Executing a shutdown command will shut down the module’s operating system. The module itself will still receive power from the chassis and indicator lights on the module may remain lit after a successful shut down operation.

  • Page 31: Hardware Procedures

    Hardware procedures Hardware procedures This section describes procedures that you may be required to perform from time to time with your FortiGate-5005-DIST system. The following topics are included in this section: • Installing FortiGate-5005-DIST firmware • Starting a configured FortiGate-5005-DIST system •...

  • Page 32: Viewing The Currently Installed Firmware Versions

    Installing FortiGate-5005-DIST firmware Viewing the currently installed firmware versions Upgrading I/O module firmware You also install FortiGate-5005FA2 DIST firmware on the primary I/O module. The primary I/O module synchronizes this firmware to all FortiGate-5005FA2 modules. This happens even if the FortiGate-5005FA2 modules are running newer firmware versions.
  • Page 33 Hardware procedures Go to System > Status. In the IO Blade Status section, select Update on the Firmware Version line. Type the path and filename of the firmware image file, or select Browse and locate the file. Select OK. The I/O module uploads the firmware image file, upgrades to the new firmware version, closes all sessions, restarts, and displays the FortiGate login.

  • Page 34: Upgrading Worker Module Firmware Installed On The Primary I/O Module

    Installing FortiGate-5005-DIST firmware Upgrading worker module firmware installed on the primary I/O module Use the following procedure to upgrade the worker module firmware version. This procedure describes how to install worker module firmware on the primary I/O module. The primary I/O module synchronizes this firmware to all worker modules. Note: Installing firmware replaces the current antivirus and attack definitions with the definitions included with the firmware release that you are installing.

  • Page 35: Upgrading Forticontroller-5208 Npu Firmware

    You must perform this procedure separately for each FortiController-5208 module installed in your FortiGate-5005-DIST system. Caution: The following procedure is for advanced users only. You should contact Fortinet Customer Support before upgrading FortiController-5208 NPU firmware. A failed burn can render the FortiController-5208 unusable and may require returning the module to Fortinet for repair.
  • Page 36 Once the firmware has been installed you must restart the FortiController-5208. If the 5208 does not restart properly, or the NPU behaves strangely the firmware may not have burned properly. Contact Fortinet Customer Support for assistance in restoring the NPU firmware.

  • Page 37: For More Information

    Fortinet Tools and Documentation CD All Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current for your product at shipping time. For the latest versions of all Fortinet documentation see the Fortinet Technical Documentation web site at http://docs.forticare.com.
  • Page 38 © Copyright 2007 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.

Table of Contents