Table of Contents
Advertisement
Quick Links
This FortiGate-5001D Security System Guide describes FortiGate-5001D hardware features, how to install a
FortiGate-5001D board in a FortiGate-5000 series chassis, and how to configure the FortiGate-5001D security system for
your network.
The most recent versions of this and all FortiGate-5000 series documents are available from the
the
Fortinet Technical Documentation
Visit
https://support.fortinet.com
updates, customer support, and FortiGuard services.
FortiGate-5001D Security System Guide
01-500-0242101-20151109
web site (http://docs.fortinet.com).
to register your FortiGate-5001D security system. By registering you can receive product
FortiGate-5001D
Security System Guide
FortiGate-5000
page of
Advertisement
Table of Contents
Related Manuals for Fortinet FortiGate-5001D
Summary of Contents for Fortinet FortiGate-5001D
- Page 1 Security System Guide This FortiGate-5001D Security System Guide describes FortiGate-5001D hardware features, how to install a FortiGate-5001D board in a FortiGate-5000 series chassis, and how to configure the FortiGate-5001D security system for your network. The most recent versions of this and all FortiGate-5000 series documents are available from the...
-
Page 2: Cautions And Warnings
(UTP). Mechanical loading – To avoid personal injury or damage to the appliance, Fortinet recommends that 2 or more people together install the appliance into the rack. Balance the equipment to avoid uneven mechanical loading and tipping. Do not place heavy objects on the appliance. -
Page 3: Table Of Contents
FortiGate-5001D mounting components ......Inserting a FortiGate-5001D board ...... - Page 4 Using the CLI to configure Transparent mode ....Upgrading FortiGate-5001D firmware ......
-
Page 5: Fortigate-5001D Security System
NP6-accelerated network processing for eligible traffic passing through these interfaces. You can also configure two or more FortiGate-5001D boards to create a high availability (HA) cluster using the base or fabric backplane interfaces for HA heartbeat communication through the chassis backplane, leaving front panel interfaces available for network connections. -
Page 6: Front Panel Components
• LED status indicators. Front panel components From the FortiGate-5001D front panel you can view the status of the front panel LEDs to verify that the board is functioning normally. You also connect the FortiGate-5001D board to your 40-gigabit network using the front panel QSFP+ connectors and to your 10-gigabit network using the front panel SFP+ or SFP connectors. - Page 7 FortiGate-5001D security system Front panel components Table 2: FortiGate-5001D Port 1 and 2 LEDs (4 x 10-gigabit mode) Green LED (left) Amber LED (right) Description Flashing The correct cable is connected to the interface and the connected equipment has power and all 10-gigabit connections are connected.
-
Page 8: Connectors
Blue The FortiGate-5001D board is ready to be hot-swapped (removed from the chassis). If the IPM light is blue and no other LEDs are lit the FortiGate-5001D board has lost power Flashing The FortiGate-5001D board is changing from hot swap Blue to running mode or from running mode to hot swap. -
Page 9: Nmi Switch
Fortinet Technical Documentation website. Fabric backplane communication The FortiGate-5001D fabric backplane interfaces (fabric1 and fabric2) are typically used for data communication between FortiGate-5001D boards installed in the same or in different FortiGate-5000 series chassis. These interfaces can operate as 40-gigabit or 10-gigabit interfaces... -
Page 10: Accelerated Packet Forwarding And Policy Enforcement (Np6 Network Processors)
Accelerated packet forwarding and policy enforcement (NP6 network processors) The FortiGate-5001D board includes two NP6 processors and an integrated switch fabric that provides fastpath acceleration by offloading communication sessions from the FortiGate CPU. All traffic from the front panel and backplane interfaces can be accelerated. -
Page 11: Splitting The Fortigate-5001D Front Panel Port1 And Port2 Interfaces
You can use the following command to split the 40-gigabit front panel port1 interface into a 4 x 10-gigabit interface: config system global set split-port port1 The FortiGate-5001D reboots and when it does you can see four new interfaces named port1/1, port1/2, port1/3, and port1/4. FortiGate-5001D Security System Guide 01-500-0242101-20151109... - Page 12 Splitting the FortiGate-5001D front panel port1 and port2 interfaces FortiGate-5001D security system FortiGate-5001D Security System Guide 01-500-0242101-20151109 http://docs.fortinet.com/...
-
Page 13: Hardware Installation
40-gigabit network. The QSFP+ transceivers are inserted into cage sockets numbered 1 and 2 on the FortiGate-5001D front panel. You can install the QSFP+ transceivers before or after inserting the FortiGate-5001D board into a chassis. -
Page 14: Changing Fortigate-5001D Sw6 Switch Settings
FortiGate-5001D in standalone mode (without a shelf manager) or in normal mode in a chassis with a shelf manager. The switch is factory set by Fortinet so that you can install the FortiGate-5001D in normal mode in a chassis that includes an operating shelf manger (such as a FortiGate-5000 series chassis). - Page 15 Normal Mode (Factory Default) By default a FortiGate-5001D board will not start up if the board is installed in a chassis that does not contain a shelf manager or that contains a shelf manager that is not operating. Before installing a FortiGate-5001D in a chassis that does not contain an...
-
Page 16: Fortigate-5001D Mounting Components
“Inserting a FortiGate-5001D board” on page FortiGate-5001D mounting components To install a FortiGate-5001D board you slide the board into an open slot in the front of an ATCA chassis and then use the mounting components to lock the board into place in the slot. -
Page 17: Inserting A Fortigate-5001D Board
“Front panel components” on page It is important to carefully seat the FortiGate-5001D board all the way into the chassis, to avoid using excessive force on the handles, and to make sure that the handles are properly locked. Only then will the FortiGate-5001D board power-on and start up correctly. - Page 18 The handles should hook into the sides of the chassis slot. Closing the handles draws the FortiGate-5001D board into place in the chassis slot and into full contact with the chassis backplane. The FortiGate-5001D front panel should be in contact with the chassis front panel and both handles should lock into place.
-
Page 19: Shutting Down And Removing A Fortigate-5001D Board
(FortiOS) properly before power cycling the FortiGate-5001D board. FortiGate-5001D boards are hot swappable. The procedure for removing a FortiGate-5001D board from a chassis slot is the same whether or not the chassis is powered on. To remove a FortiGate-5001D board from a chassis slot Do not carry the FortiGate-5001D board by holding the handles or retention screws. - Page 20 Shutting down and removing a FortiGate-5001D board Hardware installation 4 Fully loosen the retention screws on the FortiGate-5001D front panel. Retention Screw Loosen 5 Unlock the handles by squeezing the handle locks. 6 Slowly open both handles a small amount (about 8 degrees) until the IPM LED flashes blue.
-
Page 21: Power Cycling A Fortigate-5001D Board
Power cycling a FortiGate-5001D board This section describes how to cycle the power on a FortiGate-5001D board by opening the right handle (the lower handle when the board is installed vertically in a FortiGate-5140 chassis) to activate a switch that cycles the power without removing the board from the chassis. -
Page 22: Troubleshooting
Hardware installation 7 After 10 seconds snap both handles back into place. The board powers up, the LEDs light and in a few minutes the FortiGate-5001D board operates normally. 8 Fully tighten the retention screws to lock the FortiGate-5001D board into position in the chassis slot. -
Page 23: The Fortigate-5001D Can't Join A Forticontroller-5903 Salb Cluster And Other Fabric Backplane Communication Problems
In some SALB configurations and with some firmware builds you may have to manually set the speeds of FortiGate-5001D interfaces that connect to the fabric blackplane (for example, elbc-ctrl/1 and elbc-ctrl/2). Normally the speeds of these interfaces are set to auto and normally this would work. - Page 24 Troubleshooting Hardware installation FortiGate-5001D Security System Guide 01-500-0242101-20151109 http://docs.fortinet.com/...
-
Page 25: Quick Configuration Guide
NAT/Route mode (the default) or Transparent mode. NAT/Route mode In NAT/Route mode, the FortiGate-5001D security system is visible to the networks that it is connected to. Each interface connected to a network must be configured with an IP address that is valid for that network. -
Page 26: Transparent Mode
Transparent mode In Transparent mode, the FortiGate-5001D security system is invisible to the network. All of the FortiGate-5001D interfaces are connected to different segments of the same network. In Transparent mode you only have to configure a management IP address so... -
Page 27: Choosing The Configuration Tool
You can use either the web-based manager or the Command Line Interface (CLI) to configure the FortiGate board. Web-based manager The FortiGate-5001D web-based manager is an easy to use management tool. Use the web-based manager to configure the FortiGate-5001D administrator password, the interface addresses, the default gateway, and the DNS server addresses. -
Page 28: Factory Default Settings
Configuring NAT/Route mode Table 8 to gather the information you need to customize NAT/Route mode settings for the FortiGate-5001D security system. You can use one table for each board to configure. Table 8: FortiGate-5001D board NAT/Route mode settings Admin Administrator Password: _____._____._____._____... -
Page 29: Using The Web-Based Manager To Configure Nat/Route Mode
Configuring NAT/Route mode Using the web-based manager to configure NAT/Route mode 1 Connect port1 of the FortiGate-5001D board to the same hub or switch as the computer you will use to configure the FortiGate-5001D board. If you cannot connect to port1, see “Using the CLI to configure NAT/Route mode”... -
Page 30: Using The Cli To Configure Nat/Route Mode
Quick Configuration Guide Using the CLI to configure NAT/Route mode 1 Use the serial cable supplied with your FortiGate-5001D board to connect the FortiGate-5001D Console port to the management computer serial port. 2 Start a terminal emulation program (HyperTerminal) on the management computer. -
Page 31: Configuring Transparent Mode
_____._____._____._____ Using the web-based manager to configure Transparent mode 1 Connect port1 of the FortiGate-5001D board to the same hub or switch as the computer you will use to configure the FortiGate-5001D board. If you cannot connect to port1, see “Using the CLI to configure Transparent mode”... -
Page 32: Using The Cli To Configure Transparent Mode
Apply. Using the CLI to configure Transparent mode 1 Use the serial cable supplied with your FortiGate-5001D board to connect the FortiGate-5001D Console port to the management computer serial port. 2 Start a terminal emulation program (HyperTerminal) on the management computer. -
Page 33: Fortigate-5001D Base Backplane Data Communication
9 Update the FortiGate-5001D antivirus and attack definitions. See the FortiGate-5001D online help for details. To upgrade the firmware using the CLI To use the following procedure, you must have a TFTP server the FortiGate-5001D board can connect to. 1 Make sure the TFTP server is running. - Page 34 To enable base backplane data communication from the FortiGate-5001D CLI From the FortiGate-5001D board CLI you can use the following steps to enable base backplane data communication. 1 Enter the following command to show the backplane interfaces:...
-
Page 35: Fortigate-5001D Fabric Backplane Data Communication
To enable fabric backplane data communication from the FortiGate-5001D CLI From the FortiGate-5001D board CLI you can use the following steps to enable fabric backplane data communication. 1 Enter the following command to show the backplane interfaces:... -
Page 36: For More Information
For more information Training Services Fortinet Training Services offers courses that orient you quickly to your new equipment, and certifications to verify your knowledge level. Fortinet training programs serve the needs of Fortinet customers and partners world-wide. Visit Fortinet Training Services at http://campus.training.fortinet.com, or email training@fortinet.com. - Page 37 Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied.
-
Page 38: Regulatory Notices
China European Conformity (CE) - EU This is a Class A product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures. FortiGate-5001D Security System Guide 01-500-0242101-20151109 http://docs.fortinet.com/...
Need help?
Do you have a question about the FortiGate-5001D and is the answer not in the manual?
Questions and answers