FortiGate-5000 Series Introduction 5140SAP 14 5 CONSOLE USB 1 2 3 4 5 6 7 8 CONSOLE USB 1 2 3 4 5 6 7 8 CONSOLE USB 1 2 3 4 5 6 7 8 STA IPM PWR ACC 4 STA IPM PWR ACC 3 STA IPM LED MODE INT FLT OK HOT SWAP EXT FLT CLK RESET 1 5 3 7 9 11 13 ZRE 0 4 2 6 8 2 10 MANAGEMENT PWR ACC 12 12 Z R E 2 10 E1 8 15 6 14 4 E2 2 Z R E 1 1 Z R E 0 3 R S 2 3 2 5 5000SM 10/100 link/Act 10/100 link/Act SYSTEM 7 ALARM CONSOLE 9 SERIAL 2 SYST
FortiGate-5000 Series Introduction 8 January 2009 01-30000-83466-20090108 © Copyright 2009 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.
Contents Contents Introduction .............................................................................................. 7 Revision history .............................................................................................................. 7 About the FortiGate-5000 series chassis...................................................................... 8 FortiGate-5140 chassis...............................................................................................
Contents FortiGate-5050 chassis.......................................................................... 27 FortiGate-5050 front panel ........................................................................................... 28 FortiGate-5050 back panel ........................................................................................... 28 Physical description of the FortiGate-5050 chassis .................................................. 29 FortiGate-5020 chassis...............................
Contents FortiGate-5001SX security system ....................................................... 49 Front panel LEDs and connectors............................................................................... 50 LEDs ......................................................................................................................... 50 Connectors ............................................................................................................... 51 Base backplane gigabit interfaces ......
Contents 6 FortiGate-5000 Series Introduction 01-30000-83466-20090108 http://docs.fortinet.
Introduction Revision history Introduction This FortiGate-5000 Series Introduction is a high-level guide to all three FortiGate-5000 series chassis and the boards that you can install in them.
About the FortiGate-5000 series chassis Introduction Table 1: Revision History Version Description of changes 01-30000-83466-20081023 Added information about both FortiGate-5140 and both FortiGate-5050 chassis versions: • “FortiGate-5140-R chassis” on page 15 • “FortiGate-5140 chassis” on page 19 • “FortiGate-5050-R chassis” on page 23 • “FortiGate-5050 chassis” on page 27 About the FortiGate-5000 series chassis The FortiGate-5000 series Security Systems are chassis-based systems that MSSPs and
Introduction About the FortiGate-5000 series boards FortiGate-5020 chassis You can install one or two FortiGate-5000 series boards in the two slots of the FortiGate-5020 ATCA chassis. The FortiGate-5020 is a 4U chassis that contains two redundant AC to DC power supplies that connect to AC power. The FortiGate-5020 chassis also includes an internal cooling fan tray. For details about the FortiGate-5020 chassis, see “FortiGate-5020 chassis” on page 31.
About the FortiGate-5000 series boards Introduction FortiGate-RTM-XB2 module The FortiGate-RTM-XB2 system is a rear transition module (RTM) that provides two 10-gigabit fabric backplane interfaces and NP2 processor acceleration for FortiGate-5001A boards installed in FortiGate-5140 and FortiGate-5050 chassis.
Introduction Warnings and cautions FortiSwitch-5003 system OK INT FLT LED MODE HOT SWAP 1 RESET 3 EXT FLT 5 CLK 7 0 ZRE 9 2 11 4 13 6 10 8 12 14 Z R E 1 Z R E 0 Z R E 2 E1 15 E0 SYSTEM CONSOLE R S 2 3 2 E T H O MANAGEMENT The FortiSwitch-5003 system provides base backplane communication between FortiGate security boards installed in FortiGate-5140 or FortiGate-5050 chassis. Base backplane communication can be used for HA heartbeat communication and for data communication.
Warnings and cautions Introduction • • • • • • • • • • 12 ! CAUTION: Risk of Explosion if Battery is replaced by an Incorrect Type. Dispose of Used Batteries According to the Instructions. ! Caution: You should be aware of the following cautions and warnings before installing FortiGate-5000 series hardware Turning off all power switches may not turn off all power to the FortiGate-5000 series equipment.
Introduction About Data Center DC power About Data Center DC power The FortiGate-5140 and FortiGate-5050 chassis are designed to be installed in a Data Center or similar location that has available -48VDC power. Fortinet expects that most FortiGate-5140 or FortiGate-5050 customers will be installing their FortiGate equipment in a data center or similar location that is already equipped with a -48VDC power system that provides power to existing networking or telecom equipment.
Register your Fortinet product Introduction Register your Fortinet product Register your Fortinet product to receive Fortinet customer services such as product updates and technical support. You must also register your product for FortiGuard services such as FortiGuard Antivirus and Intrusion Prevention updates and for FortiGuard Web Filtering and AntiSpam. Register your product by visiting http://support.fortinet.com and selecting Product Registration.
FortiGate-5140-R chassis FortiGate-5140-R chassis You can install up to 14 FortiGate-5000 series boards in the 14 front panel slots of the FortiGate-5140 ATCA chassis. The FortiGate-5140 is a 12U chassis that contains two redundant hot swappable DC power entry modules that connect to -48 VDC Data Center DC power. The FortiGate-5140 chassis also includes three hot swappable cooling fan trays and a front accessible air filter.
FortiGate-5140 chassis front panel FortiGate-5140-R chassis FortiGate-5140 chassis front panel Figure 1 shows the front panel of a FortiGate-5140 chassis. Two FortiSwitch-5003A boards are installed in slots 1 and 2. Twelve FortiGate-5001A-DW boards installed in slots 3 to 14.
FortiGate-5140-R chassis FortiGate-5140 chassis back panel Also visible on the front of the FortiGate-5140 chassis: • Electrostatic discharge (ESD) socket, used for connecting an ESD wrist or ankle band when working with the chassis. • Front cable tray, used for managing and securing ethernet and other cables. • Front accessible air filter. • Three hot swappable FortiGate-5140 cooling fan trays.
Physical description of the FortiGate-5140 chassis FortiGate-5140-R chassis The power entry modules are hot swappable, which means you can remove and replace a defective PEM while the FortiGate-5140 is operating assuming that the FortiGate-5140 system has both PEMs connected to DC power for redundancy. The back panel also includes the back cable tray, an ESD socket and the chassis ground connector. The ground connector must be connected to Data Center ground.
FortiGate-5140 chassis FortiGate-5140 chassis front panel FortiGate-5140 chassis You can install up to 14 FortiGate-5000 series boards in the 14 front panel slots of the FortiGate-5140 ATCA chassis. The FortiGate-5140 is a 12U chassis that contains two redundant hot swappable DC power entry modules that connect to -48 VDC Data Center DC power. The FortiGate-5140 chassis also includes three hot swappable cooling fan trays.
FortiGate-5140 chassis back panel FortiGate-5140 chassis Figure 3: FortiGate-5140 chassis front panel with FortiGate-5001SX, FortiGate-5001FA2, and FortiSwitch-5003 boards installed FortiGate-5001SX FortiGate-5001FA2 boards boards slots 3, 5, 7, 9, FortiSwitch-5003 slots 4, 6, 8, 10, boards 11, and 13 12, and 14 slots 1 and 2 5140 13 11 9 7 5 3 1 2 4 6 8 10 12 ESD socket Slot numbers 14 Crit. PWR ACC PWR ACC PWR ACC PWR ACC Maj.
FortiGate-5140 chassis FortiGate-5140 chassis back panel Figure 4: FortiGate-5140 chassis back panel RTM slot filler panels PEM B HS operate Alarm HS RTN Chassis ground connector (green) A PEM -48V/-60 VDC nom 4 3 2 1 4 3 2 1 4 3 2 1 4 3 2 1 -48V/-60 VDC RTN nom (black) (red) Power Entry Module B (terminal block cover removed) HS operate Alarm HS Back cable tray RTN 4 3 2 1 4 3 2 1 4 3 2 1 4 3 2 1 -48V/-60 VDC RTN nom (black) (red) Power Entry Module A TERMIN
Physical description of the FortiGate-5140 chassis FortiGate-5140 chassis Physical description of the FortiGate-5140 chassis The FortiGate-5140 chassis is a 12U chassis that can be installed in a standard 19-inch rack. Table 3 describes the physical characteristics of the FortiGate-5140 chassis. Table 3: FortiGate-5140 chassis physical description Dimensions Shipping weight completely assembled with packaging Operating environment Storage environment Power consumption Power input 22 21 x 19 x 16.8 in.
FortiGate-5050-R chassis FortiGate-5050-R chassis You can install up to five FortiGate-5000 series boards in the five slots of the FortiGate-5050 ATCA chassis. The FortiGate-5050 is a 5U 19-inch rackmount ATCA chassis that contains two redundant DC power connections that connect to -48 VDC Data Center DC power. The FortiGate-5050 chassis also includes a hot swappable cooling fan tray.
FortiGate-5050 front panel FortiGate-5050-R chassis FortiGate-5050 front panel Figure 5 shows the front of a FortiGate-5050 chassis. Two FortiSwitch-5003 boards are installed in slots 1 and 2. Three FortiGate-5001SX boards are installed in slots 3, 4, and 5. The FortiGate-5050 primary and secondary Shelf Managers and the Shelf Alarm Panel (SAP) are also visible.
FortiGate-5050-R chassis FortiGate-5050 back panel FortiGate-5050 back panel Figure 6 shows the back of a FortiGate-5050 chassis. The FortiGate-5050 chassis back panel includes two redundant -48V to - 58V DC power input connectors labelled Input A and Input B. The power input connectors provide redundant DC power connections for the FortiGate-5050 chassis and distribute DC power to the fan tray and the FortiGate-5000 series boards installed in the FortiGate-5050 chassis.
Physical description of the FortiGate-5050 chassis FortiGate-5050-R chassis Physical description of the FortiGate-5050 chassis The FortiGate-5050 chassis is a 5U chassis that can be installed in a standard 19-inch rack. Table 4 describes the physical characteristics of the FortiGate-5050 chassis. Table 4: FortiGate-5050 chassis physical description Dimensions 8.75 x 17 x 15.5 in. (13.3 x 43.2 x 39.4 cm) (H x W x D) Shipping weight completely assembled with packaging 26.75 lb. (12.
FortiGate-5050 chassis FortiGate-5050 chassis You can install up to five FortiGate-5000 series boards in the five slots of the FortiGate-5050 ATCA chassis. The FortiGate-5050 is a 5U 19-inch rackmount ATCA chassis that contains two redundant DC power connections that connect to -48 VDC Data Center DC power. The FortiGate-5050 chassis also includes a hot swappable cooling fan tray.
FortiGate-5050 front panel FortiGate-5050 chassis FortiGate-5050 front panel Figure 7 shows the front of a FortiGate-5050 chassis. Two FortiSwitch-5003 boards are installed in slots 1 and 2. Three FortiGate-5001SX boards are installed in slots 3, 4, and 5. The FortiGate-5050 primary Shelf Manager is also visible. The factory-installed shelf managers provide power distribution, cooling, alarms, shelf status, and a telco alarm interface for the FortiGate-5050 chassis.
FortiGate-5050 chassis Physical description of the FortiGate-5050 chassis Figure 8: FortiGate-5050 chassis back panel 5 4 RTM slot filler panels 3 2 RTN Power wire INPUT A -48V INPUT B DC VOLTAGE RANGE -48V TO -58V RTN (-DC IN) GND Ground Connector (green) RTN 1 -48V DC VOLTAGE RANGE -48V TO -58V RTN (-DC IN) 25 AMP Positive (RTN) (red) -48V to -58V Positive (-DC in) (RTN) (black) (red) 25 AMP -48V to -58V (-DC in) (black) ESD k t The back panel includes the FortiGate-5050 chassis
Physical description of the FortiGate-5050 chassis 30 FortiGate-5050 chassis FortiGate-5000 Series Introduction 01-30000-83466-20090108 http://docs.fortinet.
FortiGate-5020 chassis FortiGate-5020 front panel FortiGate-5020 chassis You can install one or two FortiGate-5000 series boards in the two slots of the FortiGate-5020 ATCA chassis. The FortiGate-5020 is a 4U chassis that contains two redundant AC to DC power supplies that connect to AC power. The FortiGate-5020 chassis also includes an internal cooling fan tray. If both slots contain FortiGate-5000 boards, the FortiGate-5020 chassis provides up to 16 FortiGate gigabit ethernet interfaces.
FortiGate-5020 back panel FortiGate-5020 chassis FortiGate-5020 back panel Figure 10 shows the back of a FortiGate-5020 chassis. The chassis back panel includes two redundant AC power connectors and provides access to the hot swappable cooling fan tray. Each AC power connector includes a 25 Amp circuit breaker that also functions as the on/off switch for the AC power connector. You can use the power wire fixtures to secure AC power wires to prevent the power wires from being accidently disconnected.
FortiGate-5001A security system FortiGate-5001A security system The FortiGate-5001A security system is a high-performance Advanced Telecommunications Computing Architecture (ACTA) compliant FortiGate security system that can be installed in any ACTA chassis including the FortiGate-5140, FortiGate-5050, or FortiGate-5020 chassis. Two FortiGate-5001A models are available: • The FortiGate-5001A-DW (double-width) board includes a double-width Advanced Mezzanine Card (AMC) opening.
Front panel LEDs and connectors FortiGate-5001A security system Figure 11: FortiGate-5001A-DW front panel RJ-45 Console Double-width AMC opening Retention Screw Extraction Lever port1 and port2 10/100/1000 Copper Interfaces Fabric and Base network activity LEDs USB IPM LED (board position) Retention Screw ACC OOS Extraction Power Lever Status LEDs Figure 12: FortiGate-5001A-SW front panel RJ-45 Console Single-width AMC opening Fabric and Base network activity LEDs USB 5001A-SW Retention Screw E
FortiGate-5001A security system Front panel LEDs and connectors LEDs Table 7 lists and describes the FortiGate-5001A LEDs. Table 7: FortiGate-5001A LEDs LED State Description 1, 2 (Left LED) Green The correct cable is connected to the interface and the connected equipment has power. Flashing Network activity at the interface. Green 1, 2 (Right LED) Base CH0 Off No link is established. Green Connection at 1 Gbps. Amber Connection at 100 Mbps. Off Connection at 10 Mbps.
Base backplane communication FortiGate-5001A security system Connectors Table 8 lists and describes the FortiGate-5001A connectors. Table 8: FortiGate-5001A connectors Connector Type Speed Protocol Description 1, 2 10/100/1000 Base-T 9600 bps 8/N/1 Ethernet RJ-45 CONSOLE RJ-45 USB USB RS-232 serial Copper 1-gigabit connection to 10/100/1000Base-T copper networks. Serial connection to the command line interface. FortiUSB key firmware updates and configuration backup.
FortiGate-5001A security system AMC modules FortiGate-RTM-XB2 The FortiGate-RTM-XB2 module provides two 10-gigabit fabric backplane interfaces and NP2 processor acceleration for FortiGate-5001A fabric interfaces. For 10-gigabit fabric backplane communications, each FortiGate-5001A board requires one FortiGate-RTM-XB2 module. The FortiGate-RTM-XB2 module is an ATCA rear transition module (RTM) that installs into an RTM slot at the back of a FortiGate-5140 and FortiGate-5050 chassis.
AMC modules FortiGate-5001A security system • The FortiGate-ASM-FB4, provides 4 NP2 accelerated SFP 1-gigabit interfaces. • The FortiGate-ASM-S08, provides adds a removable hard disk that you can use to store log files and content archives. Figure 15: FortiGate-ASM-FB4 HS OOS PWR OT 1 LINK 2 ACT LINK 3 ACT LINK 4 ACT LINK ACT ASM-FB4 Note: You can operate a FortiGate-5001A board with both a FortiGate-RTM-XB2 module and a supported FortiGate AMC module installed at the same time.
FortiGate-RTM-XB2 system FortiGate-RTM-XB2 system The FortiGate-RTM-XB2 system provides two 10-gigabit fabric backplane interfaces and NP2 processor acceleration for FortiGate-5001A boards installed in FortiGate-5140 and FortiGate-5050 chassis. The FortiGate-RTM-XB2 is an ATCA rear transition module (RTM) that installs into an RTM slot at the back of a FortiGate-5140 and FortiGate-5050 chassis. You must install one FortiGate-RTM-XB2 module for each FortiGate-5001A board.
Front panel LED FortiGate-RTM-XB2 system Front panel LED From the FortiGate-RTM-XB2 font panel includes a power LED. Table 9: FortiGate-RTM-XB2 power LED LED State Description Power Green The FortiGate-RTM-XB2 module is powered on and properly connected to a FortiGate-5001A board. Fabric backplane 10-gigabit communication The FortiGate-RTM-XB2 module is used for fabric backplane 10-gigabit data communication.
FortiGate-5005FA2 security system FortiGate-5005FA2 security system The FortiGate-5005FA2 security system is a high-performance FortiGate security system with a total of 8 front panel gigabit ethernet interfaces, two base backplane interfaces, and two fabric backplane interfaces. Use the front panel interfaces for connections to your networks and the backplane interfaces for communication between FortiGate-5000 series boards over the FortiGate-5000 chassis backplane.
Front panel LEDs and connectors FortiGate-5005FA2 security system • 2 USB connectors. • Mounting hardware. • LED status indicators. The FortiGate-5005FA2 board comes supplied with fiber and copper SFP transceivers. You can order the SFP transceivers in any combination. Before you can connect any FortiGate-5005FA2 front panel interfaces, you must insert the SFP transceivers into the FortiGate-5005FA2 front panel cage slots.
FortiGate-5005FA2 security system Accelerated packet forwarding and policy enforcement Table 10: FortiGate-5005FA2 board LEDs (Continued) LED State Description IPM Blue The FortiGate-5005FA2 is ready to be hot-swapped (removed from the chassis). If the IPM light is blue and no other LEDs are lit the FortiGate-5005FA2 board has lost power Flashing The FortiGate-5005FA2 is changing from hot swap to running Blue mode or from running mode to hot swap. 1, 2, 3, 4, 5, 6, 7, 8 Off Normal operation.
Base backplane gigabit communication FortiGate-5005FA2 security system • Firewall and intrusion protection (IPS), when there is a reasonable percentage of P2P packets. • Firewall, intrusion protection (IPS), and antivirus, when there is a reasonable percentage of P2P packets. • Firewall and IPSec VPN applications. The following traffic scenarios should be handled by the normal (or nonaccelerated) FortiGate-5005FA2 interfaces: • Session oriented traffic when the session lifetime is very short.
FortiGate-5001FA2-LENC security system FortiGate-5001FA2-LENC security system The FortiGate-5001FA2-LENC security system is a high-performance FortiGate security system with a total of 8 front panel gigabit ethernet interfaces and two base backplane interfaces. Use the front panel interfaces for connections to your networks and the backplane interfaces for communication between FortiGate-5000 series boards over the FortiGate-5000 chassis backplane.
Front panel LEDs and connectors FortiGate-5001FA2-LENC security system • Mounting hardware • LED status indicators The FortiGate-5001FA2-LENC board comes supplied with four optical or four copper SFP transceivers. Before you can connect FortiGate-5001FA2-LENC interfaces 1 to 4, you must insert the SFP transceivers into the FortiGate-5001FA2-LENC front panel cage slots numbered 1 to 4. The FortiGate-5001FA2-LENC board ships with two RAM DIMMs installed on the FortiGate-5001FA2-LENC circuit board.
FortiGate-5001FA2-LENC security system Accelerated packet forwarding and policy enforcement Table 12: FortiGate-5001FA2-LENC board LEDs (Continued) LED State Description 5, 6, Link 7, 8 LED Green The correct cable is inserted into this interface and the connected equipment has power. Flashing Network activity at this interface. Speed Green LED Amber Unlit The interface is connected at 1000 Mbps. The interface is connected at 100 Mbps. The interface is connected at 10 Mbps.
Base backplane gigabit communication FortiGate-5001FA2-LENC security system • Firewall, intrusion protection (IPS), and antivirus, when there is a reasonable percentage of P2P packets. • Firewall and IPSec VPN applications. The following traffic scenarios should be handled by the normal (or nonaccelerated) FortiGate-5001FA2-LENC interfaces: • Session oriented traffic when the session lifetime is very short. • Firewall and antivirus only applications.
FortiGate-5001SX security system FortiGate-5001SX security system The FortiGate-5001SX security system is a high-performance FortiGate security system with a total of 8 front panel gigabit ethernet interfaces and two base backplane interfaces. Use the front panel interfaces for connections to your networks and the backplane interfaces for communication between FortiGate-5000 series boards over the FortiGate-5000 chassis backplane.
Front panel LEDs and connectors FortiGate-5001SX security system The FortiGate-5001SX board ships with two RAM DIMMs installed on the FortiGate-5001SX circuit board. You should confirm that the RAM DIMMs are installed correctly before inserting the FortiGate-5001SX board into a chassis. Front panel LEDs and connectors From the FortiGate-5001SX font panel you can view the status of the front panel LEDs to verify that the board is functioning normally.
FortiGate-5001SX security system Base backplane gigabit interfaces Connectors Table 15 lists and describes the FortiGate-5001SX connectors. Table 15: FortiGate-5001SX connectors Connector Type Speed 1, 2, 3, 4 1000Base-SX Ethernet LC SFP 5, 6, 7, 8 RJ-45 10/100/1000 Base-T CONSOLE DB-9 9600 bps 8/N/1 USB USB Protocol Description Four gigabit SFP interfaces that can accept fiber or copper gigabit transceivers. These interfaces only operate at 1000Mbps.
Base backplane gigabit interfaces 52 FortiGate-5001SX security system FortiGate-5000 Series Introduction 01-30000-83466-20090108
FortiSwitch-5003A system FortiSwitch-5003A system The FortiSwitch-5003A board provides 10/1-gigabit fabric backplane channel layer-2 switching and 1-gigabit base backplane channel layer-2 switching in a dual star architecture for the FortiGate-5140 and FortiGate-5050 chassis. The FortiSwitch-5003A board provides a total capacity of 200 Gigabits per second (Gbps) throughput. The FortiGate-5140 chassis is a 14-slot ATCA chassis and the FortiGate-5050 chassis is a 5-slot ATCA chassis.
Front panel LEDs and connectors FortiSwitch-5003A system Figure 21: FortiSwitch-5003A front panel Base Network Activity LEDs RJ-45 COM Port Fabric Network Activity LEDs B1 B2 Base 1G Copper 14/F8 F7 F6 F5 F4 F3 F2 F1 Fabric 10G Optical or Copper SFP Retention Screw OOS Healthy Fault Extraction LED LED LED Lever Reset MGMT 1G Active Switch Copper LED Interface BASE 10G Optical or Copper SFP Retention Screw Hot Swap Extraction LED Lever • One front panel base backplane 10-gigabit optical or copper S
FortiSwitch-5003A system Front panel LEDs and connectors LEDs Table 16 lists and describes the FortiSwitch-5003A front panel LEDs. Table 16: FortiSwitch-5003A front panel LEDs and switches LED State OOS (Out of Service) Off Normal operation. Red Out of service. The LED turns on if the FortiSwitch-5003A board fails. The LED may also flash briefly when the board is powering on. Green The FortiSwitch-5003A board is powered on and operating normally. Yellow Caution status.
Front panel LEDs and connectors FortiSwitch-5003A system Table 16: FortiSwitch-5003A front panel LEDs and switches (Continued) LED BASE 10G, 14/F8, F7, F6, F5, F4, F3, F2, F1 (Base and Fabric 10 gigabit LEDs) HS (Hot Swap) State Description Solid Green Indicates this interface is connected to a 10-gigabit network device with the correct cable and the attached network device has power. Blinking Green Indicates 10-gigabit network traffic on this interface. Off No link.
FortiSwitch-5003A system Front panel LEDs and connectors Table 17: Base channel interfaces and network activity LEDs Interface Name Description B1 and B2 Front panel gigabit base channel interfaces B1 and B2. Use these interfaces to connect your network to the base channel, to connect base channel 1 to base channel 2, or to connect a base channel on one chassis to a base channel on another chassis. BASE 10G Front panel 10-gigabit base channel interface.
FortiSwitch-5003A configurations FortiSwitch-5003A system Table 19: Fabric network activity LEDs Fabric network activity LED Interface or connection 2/1 Fabric channel connection between fabric channel 1 and fabric channel 2. This LED is lit if there are two FortiSwitch-5003A boards installed in the chassis to indicate fabric backplane communication between them. 3 to 13 Fabric backplane connection to FortiGate-5000 boards in chassis slots 3 to 13.
FortiSwitch-5003A system FortiSwitch-5003A configurations Figure 24: FortiSwitch-5003A base channel 1 HA heartbeat communication 5 4 3 Base channel 1 HA Heartbeat Communication 2 POWER Hot Swap ETH0 Service 5000SM 10/100 link/Act 10/100 link/Act STATUS SERIAL 2 RESET SERIAL 1 ETH0 ETH1 ALARM 5050SAP Hot Swap ETH0 Service ETH0 ETH1 2 STATUS 5000SM 10/100 link/Act 10/100 link/Act SMC RESET 1 SMC 1 Fabric 10-gigabit switching within a chassis One FortiGate-RTM-XB2 provides 10-gigabit
FortiSwitch-5003A configurations FortiSwitch-5003A system Layer-2 link aggregation and redundancy configurations The FortiSwitch-5003A board supports 802.3ad static mode layer-2 link aggregation, 802.1q VLANs, and 802.1s Multi-Spanning Tree Protocol (MSTP) for the fabric channels. You can use these features to configure link aggregation and support redundant FortiSwitch-5003A configurations to distribute traffic to multiple FortiGate-5001A or 5005FA2 boards.
FortiSwitch-5003 system Front panel LEDs and connectors FortiSwitch-5003 system The FortiSwitch-5003 board provides base backplane interface switching for the FortiGate-5140 chassis and the FortiGate-5050 chassis. You can use this switching for data communication or HA heartbeat communication between the base backplane interfaces of FortiGate-5000 series boards installed in slots 3 and up in these chassis.
Front panel LEDs and connectors FortiSwitch-5003 system Figure 27: FortiSwitch-5003 front panel Power LED 1 2 0 Hot Swap LED Extraction ZRE0 ZRE1 ZRE2 Lever Out of base backplane interfaces Service LED Mounting 10/100/1000Base-T Knot Ethernet LED MODE 3 4 RESET 5 6 INT FLT 7 8 OK 9 10 EXT FLT 11 12 CLK 13 14 ZRE E1 15 E0 Z R E 2 Z R E 1 Z R E 0 R S 2 3 2 SYSTEM CONSOLE HOT SWAP ZRE Network LED Mode Switch Activity LEDs Reset (ZRE 0 to 15) Switch CONSOLE RJ-45 Serial E T
FortiSwitch-5003 system Front panel LEDs and connectors Table 21: FortiSwitch-5003 board front panel LEDs and switches (Continued) LED State Description EXT FLT Off Normal operation. Yellow Cannot establish a link to a configured interface or another connection problem external to the FortiSwitch-5003 board. This LED may indicate issues that do not affect normal operation. Off Normal operation. Yellow Failure of internal tests.
Base backplane communications FortiSwitch-5003 system Connectors Table 23 lists and describes the FortiSwitch-5003 front panel connectors. Table 23: FortiSwitch-5003 connectors Connector Type ETH0 Speed RJ-45 100Base-T CONSOLE RJ-45 9600 bps ZRE0, ZRE1, ZRE2 Protocol Description Ethernet Front panel out of band management interface. A second out of band management interface, ETH1, connects to the shelf managers. Neither of the out of band management interfaces are used.
FortiSwitch-5003 system Base backplane communications In a single chassis, more than one cluster can use the same base backplane interface for HA heartbeat communication. To separate heartbeat communication for multiple clusters on the same base backplane interface, configure a different HA group name and password for each cluster. In a single chassis, you can also use the same base backplane interface for data and HA heartbeat communication.
Base backplane communications 66 FortiSwitch-5003 system FortiGate-5000 Series Introduction 01-30000-83466-20090108
The FortiGate-5005-DIST security system Basic FortiGate security system configuration The FortiGate-5005-DIST security system The FortiGate-5005-DIST security system is very similar to a single FortiGate unit, but with much higher capacity and with support for failover protection and scalability.
FortiController-5208 I/O boards The FortiGate-5005-DIST security system Figure 29: Example basic FortiGate-5005-DIST security system Internet FortiGate-5005-DIST security system in NAT/Route mode X2 (port1_X2) 204.23.1.
The FortiGate-5005-DIST security system FortiGate-5005FA2 worker boards FortiGate-5005FA2 worker boards The FortiGate-5005FA2 security system serves as the worker board for the FortiGate-5005-DIST security system. Worker boards are identically configured and administered as a single unit from the primary I/O board. Workers are typically installed in slots 3 and above, though FortiGate-5005FA2 security systems with only one I/O board can also have a worker installed in slot 2.
FortiGate-5005-DIST security system chassis The FortiGate-5005-DIST security system FortiGate-5005-DIST security system chassis FortiGate-5005-DIST security systems can be installed in FortiGate-5050 or FortiGate-5140 chassis. FortiGate-5140 chassis You can install one or two I/O boards in slot 1 and 2 of the FortiGate-5140 ATCA chassis. You can also install up to 12 worker boards in slots 3 to 14 if two I/O boards are used, or up to 13 worker boards in slots 2 to 14 if one I/O board is used.
The FortiGate-5005-DIST security system FortiGate-5005-DIST interface names FortiGate-5050 chassis You can install one or two I/O boards in slot 1 and 2 of the FortiGate-5050 ATCA chassis. You can also install up to three worker boards in slots 3 to 5 if two I/O boards are being used, or four worker boards in slots 2 to 5 if one I/O board is used. The FortiGate-5050 is a 5U chassis that contains two redundant DC power connections that connect to -48 VDC Data Center DC power.
FortiGate-5005-DIST interface names The FortiGate-5005-DIST security system Table 24: FortiGate-5005-DIST interface naming FortiController-5208 FortiController-5208 front location panel interface names Web-based manager and CLI interface names Primary FortiController-5208 board installed in chassis slot 1 X1 port1_X1 X2 port1_X2 1 port1_1 2 port1_2 3 port1_3 4 port1_4 Management mng X1 port2_X1 Secondary FortiController-5208 board installed in chassis slot 2 72 X2 port2_X2 1 port2_
FortiController-5208 system FortiController-5208 system You can create a FortiGate-5005-DIST high-throughput multi-threat network security system using one or two FortiController-5208 boards and multiple FortiGate-5005 boards in a FortiGate-5050 or FortiGate-5140 chassis. A FortiGate-5020 chassis cannot be used to create a FortiGate-5005-DIST system.
Front panel LEDs and connectors FortiController-5208 system • Inserting a FortiController-5208 module into a chassis • Removing a FortiController-5208 module from a chassis • Troubleshooting Front panel LEDs and connectors From the FortiController-5208 front panel you can view the status of the board LEDs to verify that the board is functioning normally. LEDs also indicate connections and traffic for the front panel and backplane interfaces.
FortiController-5208 system Front panel LEDs and connectors Table 25: FortiController-5208 board LEDs (Continued) LED CONTROL 1-16 State Description Green The control LEDs display the fabric backplane connections of the FortiController-5208 board, an optional secondary FortiController-5208 board, and all the 5005 boards, over which management communication is sent. LED 1 is for the FortiController-5208 board’s connection.
Backplane gigabit interfaces FortiController-5208 system Table 26: FortiController-5208 connectors (Continued) Connector Type 1, 2, 3, 4 LC SFP 1000 Mbps Ethernet D15, D16 LC SFP 1000 Mbps Ethernet C15, C16 COM1, COM2 LC SFP RJ-45 9600 bps MANAGEMENT RJ-45 Speed Protocol Description RS-232 serial 1000 Mbps Ethernet Four 1 gigabit SFP interfaces that can accept fiber or copper transceivers. These interfaces operate only at 1000Mbps.
www.fortinet.
