Security System Guide FortiGate-5001FA2-LENC A detailed guide to the FortiGate-5001FA2-LENC Security System. This FortiGate-5001FA2-LENC Security System Guide describes FortiGate-5001FA2-LENC hardware features, how to install the FortiGate-5001FA2-LENC board in a FortiGate-5000 series chassis, how to configure the FortiGate-5001FA2-LENC security system for your network, and contains troubleshooting information to help you diagnose and fix problems.
Warnings and cautions Only trained and qualified personnel should be allowed to install or maintain FortiGate-5000 series equipment. Read and comply with all warnings, cautions and notices in this document. • • • • • • • • • • • • ! CAUTION: Risk of Explosion if Battery is replaced by an Incorrect Type. Dispose of Used Batteries According to the Instructions.
Contents Contents Warnings and cautions ..................................................................................... 2 FortiGate-5001FA2-LENC security system ...................... 5 Front panel LEDs and connectors ................................................................... 6 LEDs ............................................................................................................. 6 Connectors ........................................................................................
Contents Powering off the FortiGate-5001FA2-LENC board ....................................... 32 For more information ...................................................... 33 Fortinet documentation .................................................................................. Fortinet Tools and Documentation CD........................................................ Fortinet Knowledge Center ........................................................................
FortiGate-5001FA2-LENC security system FortiGate-5001FA2-LENC security system The FortiGate-5001FA2-LENC security system is a high-performance FortiGate security system with a total of 8 front panel gigabit ethernet interfaces and two base backplane interfaces. Use the front panel interfaces for connections to your networks and the backplane interfaces for communication between FortiGate-5000 series boards over the FortiGate-5000 chassis backplane.
Front panel LEDs and connectors FortiGate-5001FA2-LENC security system • Mounting hardware • LED status indicators The FortiGate-5001FA2-LENC board comes supplied with four optical or four copper SFP transceivers. Before you can connect FortiGate-5001FA2-LENC interfaces 1 to 4, you must insert the SFP transceivers into the FortiGate-5001FA2-LENC front panel cage slots numbered 1 to 4. The FortiGate-5001FA2-LENC board ships with two RAM DIMMs installed on the FortiGate-5001FA2-LENC circuit board.
FortiGate-5001FA2-LENC security system Accelerated packet forwarding and policy enforcement Table 1: FortiGate-5001FA2-LENC board LEDs (Continued) LED State Description 5, 6, Link 7, 8 LED Green The correct cable is inserted into this interface and the connected equipment has power. Flashing Network activity at this interface. Speed Green LED Amber Unlit The interface is connected at 1000 Mbps. The interface is connected at 100 Mbps. The interface is connected at 10 Mbps.
Base backplane gigabit communication FortiGate-5001FA2-LENC security system • Session Oriented Traffic with long session lifetime, such as FTP sessions. Packet size does not affect performance for traffic with long session lifetime. For long sessions, processing that would otherwise be handled by the FortiGate-5001FA2-LENC CPUs is off-loaded to the acceleration module. • Firewall and intrusion protection (IPS), when there is a reasonable percentage of P2P packets.
Hardware installation RAM DIMMs Hardware installation Before use, the FortiGate-5001FA2-LENC board must be correctly inserted into an Advanced Telecommunications Computing Architecture (ACTA) chassis such as the FortiGate-5140, FortiGate-5050, or FortiGate-5020 chassis. Before inserting the board into a chassis you should make sure RAM DIMMS are installed and FortiGate-5001FA2-LENC jumpers are set.
Installing SFP transceivers Hardware installation Figure 2: Location of FortiGate-5001FA2-LENC RAM DIMM slots JP1 JP2 RAM DIMM slots JP3 Front Faceplate 3 Insert each RAM DIMM perpendicular to the RAM DIMM slots. Push the DIMM firmly into place using the minimum amount of force required. When the DIMM is properly seated, the socket guide posts click into place. Do not use excessive force when installing a DIMM. The RAM slots allow only one alignment of each RAM DIM.
Hardware installation Changing FortiGate-5001FA2-LENC jumper settings You can install the following types of SFP transceivers for connectors 1, 2, 3, and 4: • optical SFP transceivers • • • SFP 1000Base-LX, SM module SFP 1000Base-SX, MM module (multimode) copper SFP transceivers • SFP 1000Base-T, SERDES version only (SGMII version not supported) To install SFP transceivers To complete this procedure, you need: ! • A FortiGate-5001FA2-LENC board • Four SFP transceivers • An electrostatic disch
Changing FortiGate-5001FA2-LENC jumper settings Hardware installation Normally, because the jumpers are factory set, you do not have to change them. However, if you are moving a FortiGate-5001FA2-LENC from a FortiGate-5140 or FortiGate-5050 to a FortiGate-5020 or the reverse, you need to move the JP3 jumper. Also, if a new FortiGate-5001FA2-LENC board does not function properly, you should check the JP3 jumper settings.
Hardware installation Inserting a FortiGate-5001FA2-LENC board into a chassis To change or verify the JP3 jumper setting To complete this procedure, you need: ! • A FortiGate-5001FA2-LENC board • A tool for moving jumpers (optional) • An electrostatic discharge (ESD) preventive wrist strap with connection cord Caution: FortiGate-5001FA2-LENC boards must be protected from static discharge and physical shock. Only handle or work with FortiGate-5001FA2-LENC boards at a static-free workstation.
Inserting a FortiGate-5001FA2-LENC board into a chassis Hardware installation Figure 4: FortiGate-5001FA2-LENC mounting components Closed Alignment Pin Alignment Pin Retention Screw Handle Retention Screw Lock Handle Lock Open Left Handle Power Switch Lock Switch Contact Before inserting the FortiGate-5001FA2-LENC board in a chassis Before installing the FortiGate-5001FA2-LENC board in a chassis you should verify that the RAM DIMMs are installed and the JP3 jumper is set correctly.
Hardware installation Inserting a FortiGate-5001FA2-LENC board into a chassis ! • A FortiGate-5000 series chassis with an empty slot • An electrostatic discharge (ESD) preventive wrist strap with connection cord Caution: FortiGate-5001FA2-LENC boards must be protected from static discharge and physical shock. Only handle or work with FortiGate-5001FA2-LENC boards at a static-free workstation.
Inserting a FortiGate-5001FA2-LENC board into a chassis 7 Hardware installation Turn both handles to their fully-closed positions. The handles should hook into the sides of the chassis slot. Closing the handles draws the FortiGate-5001FA2-LENC board into place in the chassis slot and into contact with the chassis backplane. The FortiGate-5001FA2-LENC front panel should be in contact with the chassis front panel. When the handles are fullyclosed they lock into place.
Hardware installation Removing a FortiGate-5001FA2-LENC board from a chassis Removing a FortiGate-5001FA2-LENC board from a chassis The following procedure describes how to correctly use the FortiGate-5001FA2-LENC mounting components shown in Figure 4 to remove a FortiGate-5001FA2-LENC board from a FortiGate-5000 series chassis slot. To remove a FortiGate-5001FA2-LENC board from a FortiGate-5000 series chassis FortiGate-5001FA2-LENC boards are hot swappable.
Troubleshooting Hardware installation 5 Open the left and right handles to their fully open positions. Opening the handles slides the board a short distance out of the slot, disconnecting the board from the chassis backplane. The IPM LED turns blue. All other LEDs turn off. Alignment Pin Handle Handle Fully Open Open 6 Pull the board about half way out. All LEDs turn off. 7 Turn both handles to their fully-closed positions. When the handles are fully-closed they lock into place.
Hardware installation Troubleshooting Figure 5: Location of FortiGate-5001FA2-LENC power switch Left Handle Power Switch Lock Switch Contact If the left handle is damaged or positioned incorrectly the FortiGate-5001FA2-LENC board does not receive power and will not start up. Make sure the left handle is correctly aligned, fully inserted and locked. Sometimes you may have to make small adjustments to the handle to achieve contact with the switch.
Troubleshooting Hardware installation All chassis: Firmware problem If the FortiGate-5001FA2-LENC board power switch is connected and the JP3 jumper and shelf manager are set as required, and the FortiGate-5001FA2-LENC still does not start up, the problem could be with FortiOS. Connect to the FortiGate-5001FA2-LENC console and try cycling the power to the board. If the BIOS starts up, interrupt the BIOS startup and install a new firmware image.
Quick Configuration Guide Registering your Fortinet product Quick Configuration Guide This section is a quick start guide to connecting and configuring a FortiGate-5001FA2-LENC security system for your network. Before using this chapter, your FortiGate-5000 series or compatible ATCA chassis should be mounted and connected to your power system.
Planning the configuration Quick Configuration Guide Planning the configuration Before beginning to configure your FortiGate-5001FA2-LENC security system, you need to plan how to integrate the system into your network. Your configuration plan depends on the operating mode that you select: NAT/Route mode (the default) or Transparent mode. NAT/Route mode In NAT/Route mode, the FortiGate-5001FA2-LENC security system is visible to the networks that it is connected to.
Quick Configuration Guide Choosing the configuration tool Transparent mode In Transparent mode, the FortiGate-5001FA2-LENC security system is invisible to the network. All of the FortiGate-5001FA2-LENC interfaces are connected to different segments of the same network.
Factory default settings Quick Configuration Guide Command Line Interface (CLI) The CLI is a full-featured management tool. Use it to configure the administrator password, the interface addresses, the default gateway, and the DNS server addresses. Requirements: • The serial connector that came packaged with your FortiGate-5001FA2-LENC board. • Terminal emulation application (for example, HyperTerminal for Windows) on the management computer.
Quick Configuration Guide Configuring NAT/Route mode Configuring NAT/Route mode Use Table 6 to gather the information you need to customize NAT/Route mode settings for the FortiGate-5001FA2-LENC security system. You can use one table for each board to configure. Table 6: FortiGate-5001FA2-LENC board NAT/Route mode settings Admin Administrator Password: port1 port2 IP: _____._____._____._____ Netmask: _____._____._____._____ IP: _____._____._____._____ Netmask: _____._____._____.
Configuring NAT/Route mode Quick Configuration Guide 3 Set the addressing mode for the interface. (See the online help for information.) • For manual addressing, enter the IP address and netmask for the interface that you added to Table 6 on page 25. • For DHCP addressing, select DHCP and any required settings. • For PPPoE addressing, select PPPoE and enter the username and password and any other required settings.
Quick Configuration Guide Configuring Transparent mode 7 Configure the primary and secondary DNS server IP addresses to the settings that you added to Table 6 on page 25. config system dns set primary set secondary end 8 Configure the default gateway to the setting that you added to Table 6 on page 25.
Configuring Transparent mode Quick Configuration Guide To switch from NAT/Route mode to transparent mode 1 Go to System > Status and select the Change link beside Operation Mode: NAT. 2 Set Operation Mode to Transparent. 3 Set the Management IP/Netmask to the settings that you added to Table 7 on page 27. 4 Set the default Gateway to the setting that you added to Table 7 on page 27. To change the admin administrator password 1 Go to System > Admin > Administrators.
Quick Configuration Guide Upgrading FortiGate-5001FA2-LENC firmware Upgrading FortiGate-5001FA2-LENC firmware Fortinet periodically updates the FortiGate-5001FA2-LENC FortiOS firmware to include enhancements and address issues. After you have registered your FortiGate-5001FA2-LENC security system (see “Registering your Fortinet product” on page 21) you can download FortiGate-5001FA2-LENC firmware from the support web site http://support.fortinet.com.
FortiGate-5001FA2-LENC base backplane data communication 5 Quick Configuration Guide Enter the following command to copy the firmware image from the TFTP server to the FortiGate-5001FA2-LENC board: execute restore image Where is the name of the firmware image file and is the IP address of the TFTP server. For example, if the firmware image file name is image.out and the IP address of the TFTP server is 192.168.1.168, enter: execute restore image image.
Quick Configuration Guide FortiGate-5001FA2-LENC base backplane data communication In a FortiGate-5140 or FortiGate-5050 chassis, FortiGate-5001FA2-LENC base backplane communication requires one or two FortiSwitch-5003 boards. A FortiSwitch-5003 board installed in chassis slot 1 provides communication on the port9 interface. A FortiSwitch-5003 board installed in chassis slot 2 provides communication on the port10 interface.
Powering off the FortiGate-5001FA2-LENC board Quick Configuration Guide Powering off the FortiGate-5001FA2-LENC board To avoid potential hardware problems, always shut down the FortiGate-5001FA2-LENC operating system properly before removing the FortiGate-5001FA2-LENC board from a chassis slot or before powering down the chassis.
For more information Fortinet documentation For more information Support for your Fortinet product is available as online help from within the web-based manager, from the Tools and Documentation CD included with the product, on the Fortinet Technical Documentation web site, from the Fortinet Knowledge Center web site, as well as from Fortinet Technical Support.
© Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.