Table of Contents
Advertisement
Quick Links
This FortiSwitch-5203B Security System Guide describes FortiSwitch-5203B hardware features, how to install a
FortiSwitch-5203B board in a FortiGate-5000 series chassis, and how to configure the FortiSwitch-5203B system for your
network.
The most recent versions of this and all FortiGate-5000 series documents are available from the
the
Fortinet Technical Documentation
Access to Fortinet customer services, such as firmware updates, support, and FortiGuard services, requires product
registration. You can register your FortiSwitch-5203B at http://support.fortinet.com.
FortiSwitch-5203B Security System Guide
01-520-145204-20151108
FortiSwitch-5203B
web site (http://docs.fortinet.com).
Security System Guide
FortiGate-5000
page of
Advertisement
Table of Contents
Related Manuals for Fortinet FortiSwitch-5203B
Summary of Contents for Fortinet FortiSwitch-5203B
- Page 1 Security System Guide This FortiSwitch-5203B Security System Guide describes FortiSwitch-5203B hardware features, how to install a FortiSwitch-5203B board in a FortiGate-5000 series chassis, and how to configure the FortiSwitch-5203B system for your network. The most recent versions of this and all FortiGate-5000 series documents are available from the...
-
Page 2: Warnings And Cautions
ESD connector such as the ESD sockets provided on FortiGate-5000 series chassis. • Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recommends direct connections to the building ground. • If you install a FortiGate-5000 series component in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient. -
Page 3: Table Of Contents
FortiSwitch-5203B mounting components ..... . . Inserting a FortiSwitch-5203B board ...... - Page 4 Customer service and support ......Fortinet products End User License Agreement ....
-
Page 5: Fortiswitch-5203B System
The FortiSwitch-5203B load balances sessions to the workers using weighted load balancing. The FortiSwitch-5203B board can be installed in any ATCA chassis that can provide sufficient power and cooling. You can install FortiSwitch-5203B boards in the following chassis: •... -
Page 6: Physical Description
853BTU/h Front panel components From the FortiSwitch-5203B font panel you can view the status of the board LEDs to verify that the board is functioning normally. You also connect the FortiSwitch-5203B board to your 10-gigabit network using the F1 to F8 front panel SFP+ connectors. The front panel also includes an Ethernet management interface, an RJ-45 console port for connecting to the FortiOS CLI and a USB port. -
Page 7: Leds
PWR (Power) Green The FortiSwitch-5203B board is powered on. The FortiSwitch-5203B board is powered on. Flashing The FortiSwitch-5203B is starting up. If this LED is STA (Status) Green flashing at any time other than system startup, a fault condition may exist. -
Page 8: About The Sh1 And Sh2 Leds
FortiSwitch-5203B board to the chassis shelf managers over the chassis backplane. The SH1 and SH2 LEDs indicate the status of the connections between the FortiSwitch-5203B board and a shelf manager. Whether or not these LEDs are lit depends on the configuration of the SH1 and SH2 interfaces on the FortiSwitch-5203B... -
Page 9: Front Panel Connectors
FortiSwitch-5203B and content cluster mode Operating as a FortiGate unit in content cluster mode the FortiSwitch-5203B board performs routing, firewalling, stateful inspection, IPsec and SSL VPN encryption/decryption, and other FortiGate functions. The FortiSwitch-5203B board includes two FortiASIC NP4 processors that offload and accelerate firewall and VPN processing. -
Page 10: Content Cluster Hardware Configuration
FortiSwitch-5203B and content cluster mode FortiSwitch-5203B system To operate the FortiSwitch-5203B board you must switch it to content cluster mode and configure content cluster settings. Then you install one or more FortiGate-5000-series boards in chassis slots 3 and up. These FortiGate boards, called workers, must all be running the same FortiOS firmware version as the FortiSwitch-5203B board and they must be configured to operate in content cluster mode. -
Page 11: Accelerated Packet Forwarding And Policy Enforcement (Np4 Network Processors)
The FortiSwitch-5203B board includes two NP4 processors that provide accelerated packet forwarding and policy enforcement for FortiSwitch-5203B front panel F1 to F8 interfaces and fabric backplane interfaces. Accelerated packet forwarding and policy enforcement results in accelerated small packet performance required for voice, video, and other multimedia streaming applications. - Page 12 FortiSwitch-5203B board on F2, F3, or F4. Also, for maximum acceleration of traffic received on F7 the traffic must exit the FortiSwitch-5203B board on F5, F6, or F8. When the FortiSwitch-5203B board is operating in content cluster mode the fabric backplane interfaces are not accelerated.
-
Page 13: Hardware Installation
The SFP+ transceivers are inserted into cage sockets numbered F1 to F8 for the fabric channel or B1 and B2 for the base channel on the FortiSwitch-5203B front panel. You can install the SFP+ transceivers before or after inserting the FortiSwitch-5203B board into a FortiGate or other ATCA chassis. -
Page 14: Changing Fortiswitch-5203B Sw2 Switch Settings
FortiSwitch-5203B board in a chassis that does not contain a functioning shelf manager. The default SW2 setting is required for most uses of the FortiSwitch-5203B including content clustering. The SW2 switch on the FortiSwitch-5203B board is factory set by Fortinet to detect a shelf manager (Figure 4). - Page 15 (Requires Shelf Manager) By default a FortiSwitch-5203B board will not start up if the board is installed in a chassis that does not contain a shelf manager or that contains a shelf manager that is not operating. Before installing a FortiSwitch-5203B in a chassis that does not contain an...
-
Page 16: Fortiswitch-5203B Mounting Components
“Inserting a FortiSwitch-5203B board” on page FortiSwitch-5203B mounting components To install a FortiSwitch-5203B board you slide the board into a hub/switch slot in the front of an ATCA chassis (usually slot 1 or 2) and then use the mounting components to lock the board into place in the slot. -
Page 17: Inserting A Fortiswitch-5203B Board
Only then will the FortiSwitch-5203B board power-on and start up correctly. FortiSwitch-5203B boards are hot swappable. The procedure for inserting a FortiSwitch-5203B board into a chassis slot is the same whether or not the chassis is powered on. FortiSwitch-5203B Security System Guide 01-520-145204-20151108 http://docs.fortinet.com/... - Page 18 Hardware installation To insert a FortiSwitch-5203B board into a chassis slot Do not carry the FortiSwitch-5203B board by holding the handles or retention screws. When inserting or removing the FortiSwitch-5203B board from a chassis slot, handle the board by the front panel. The handles are not designed for carrying the board. If the handles become bent or damaged the FortiSwitch-5203B board may not align correctly in the chassis slot.
- Page 19 The handles should hook into the sides of the chassis slot. Closing the handles draws the FortiSwitch-5203B board into place in the chassis slot and into full contact with the chassis backplane. The FortiSwitch-5203B front panel should be in contact with the chassis front panel.
-
Page 20: Shutting Down And Removing A Fortiswitch-5203B Board
FortiSwitch-5203B board from an ATCA chassis slot. FortiSwitch-5203B boards are hot swappable. The procedure for removing a FortiSwitch-5203B board from a chassis slot is the same whether or not the chassis is powered on. To remove a FortiSwitch-5203B board from a chassis slot Do not carry the FortiSwitch-5203B board by holding the handles or retention screws. - Page 21 • An electrostatic discharge (ESD) preventive wrist strap with connection cord FortiSwitch-5203B boards must be protected from static discharge and physical shock. Only handle or work with FortiSwitch-5203B boards at a static-free workstation. Always wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling FortiSwitch-5203B boards.
-
Page 22: Power Cycling A Fortiswitch-5203B Board
Power cycling a FortiSwitch-5203B board This section describes how to cycle the power on a FortiSwitch-5203B board by opening the right handle (the lower handle when the board is installed vertically in a FortiGate-5140 chassis) to activate a switch that cycles the power without removing the board from the chassis. -
Page 23: Troubleshooting
7 After 10 seconds snap both handles back into place. The board powers up, the LEDs light and in a few minutes the FortiSwitch-5203B board operates normally. 8 Fully tighten the retention screws to lock the FortiSwitch-5203B board into position in the chassis slot. - Page 24 Troubleshooting Hardware installation FortiSwitch-5203B Security System Guide 01-520-145204-20151108 http://docs.fortinet.com/...
-
Page 25: Configuring Content Clustering
Before using this chapter, your FortiGate or compatible ATCA chassis should be mounted and connected to your power system. In addition, one or more FortiSwitch-5203B boards should be inserted into the chassis in slots 1 or 2 and one or more FortiGate-5001B boards should be installed in chassis slots 3 and up. -
Page 26: Planning The Configuration
VDOM licenses for the FortiSwitch-5203Bs in the cluster. Planning the configuration Before beginning to configure your FortiSwitch-5203B, you need to plan how to integrate the content cluster into your network. Your configuration plan depends on the operating mode that you select: NAT/Route mode (the default) or Transparent mode. -
Page 27: Transparent Mode
Transparent mode In Transparent mode, the FortiSwitch-5203B content cluster is invisible to the network. All of the FortiSwitch-5203B interfaces are connected to different segments of the same network. In Transparent mode you only have to configure a management IP address so that you can connect to the cluster to make configuration changes and so the cluster can connect to external services such as the FortiGuard Distribution Network (FDN). -
Page 28: Choosing The Configuration Tool
FortiGate board. Some basic configuration settings can only be done from the CLI. Web-based manager The FortiSwitch-5203B web-based manager is an easy to use management tool. Use the web-based manager to configure the FortiSwitch-5203B administrator password, the interface addresses, the default gateway, and the DNS server addresses. -
Page 29: Factory Default Settings
Factory default settings The FortiSwitch-5203B unit ships with a factory default configuration. The default configuration allows you to connect to and use the FortiSwitch-5203B CLI to configure the FortiSwitch-5203B board. To configure the FortiSwitch-5203B board you add an administrator password, change the management interface IP address, and, if required, configure the default route for the management interface. - Page 30 The following procedure describes logging into the CLI using a console connection. You can also complete this procedure by logging into the CLI using a network connection. 1 Use the serial cable supplied with your FortiSwitch-5203B board to connect a management computer to the board’s Console port.
- Page 31 4 Enter the following command to change to content cluster mode: config system elbc set mode content-cluster set inter-chassis-support enable The board restarts. 5 Login again and set the HA configuration to match the FortiSwitch-5203B HA configuration. In this example: config system ha set mode a-a set hbdev “elbc-base” 1...
-
Page 32: Adjusting Weighted Load Balancing
If the cluster contains one FortiSwitch-5203B board the priorities of the FortiGate-5001B boards are in the range 1 to 12. If the cluster contains two FortiSwitch-5203B boards the priorities of the FortiGate-5001B boards are in the range 2 to 13. You can view the priorities of the cluster units using the diagnose sys ha status command. - Page 33 FortiSwitch-5203B board processes all other sessions. The backup FortiSwitch-5203B board is not operating in standby mode so sessions are distributed to it. The weight of the backup FortiSwitch-5203B board is set lower than the weights of the FortiSwitch-5203B Security System Guide 01-520-145204-20151108 http://docs.fortinet.com/...
-
Page 34: Configuring Nat/Route Mode
The first weight is 0 so no UTM proxy sessions are processed by the primary FortiSwitch-5203B board. The second and weight is 1 and the third and fourth weights are 2 so the backup FortiSwitch-5203B board processes some sessions, but most are processed by the FortiGate-5001B boards. -
Page 35: Using The Web-Based Manager To Configure Nat/Route Mode
Configuring NAT/Route mode Using the web-based manager to configure NAT/Route mode 1 Connect port1 of the FortiSwitch-5203B MGMT interface to the same hub or switch as the computer you will use to configure the board. 2 Configure the management computer to be on the same subnet as the MGMT interface of the FortiSwitch-5203B board. -
Page 36: Configuring Transparent Mode
FortiSwitch-5203B board. Using the web-based manager to configure Transparent mode 1 Connect port1 of the FortiSwitch-5203B MGMT interface to the same hub or switch as the computer you will use to configure the board. -
Page 37: Using The Cli To Configure Transparent Mode
2 Enter the Primary and Secondary DNS IP addresses. Using the CLI to configure Transparent mode 1 Use the serial cable supplied with your FortiSwitch-5203B board to connect a management computer to the Console port. 2 Start a terminal emulation program (HyperTerminal) on the management computer. -
Page 38: Backing Up The Cluster Configuration
FortiSwitch-5203B and the workers must be in content cluster mode before restoring their content cluster configurations. To restore their configurations you must individually restore the configurations of the FortiSwitch-5203B boards and of the workers. As you restore the configurations the individual boards will restart and join the cluster. -
Page 39: Upgrading Content Cluster Firmware
To worker firmware from the CLI This procedure upgrades the firmware running on all of the FortiGate-5001B boards in the cluster in a single operation from the FortiSwitch-5203B CLI. The firmware running on all of the FortiGate-5001B boards in the cluster is updated simultaneously. - Page 40 If the content cluster contains two FortiSwitch-5203B boards, this procedure upgrades the firmware running on both of them in a single operation. To use the following procedure, you must have a TFTP server the FortiSwitch-5203B board can connect to from its mgmt interface.
- Page 41 This operation will replace the current firmware version Do you want to continue? (y/n) 6 Type y. The FortiSwitch-5203B board uploads the firmware image file, upgrades to the new firmware version, and restarts. This process takes a few minutes. 7 Reconnect to the CLI.
-
Page 42: For More Information
For more information Training Services Fortinet Training Services offers courses that orient you quickly to your new equipment, and certifications to verify your knowledge level. Fortinet training programs serve the needs of Fortinet customers and partners world-wide. Visit Fortinet Training Services at http://campus.training.fortinet.com, or email training@fortinet.com. - Page 43 Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied.
-
Page 44: Regulatory Notices
China European Conformity (CE) - EU This is a Class A product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures. FortiSwitch-5203B Security System Guide 01-520-145204-20151108 http://docs.fortinet.com/...
Need help?
Do you have a question about the FortiSwitch-5203B and is the answer not in the manual?
Questions and answers