Fortinet FortiGate-5001C Manual Download Page 10 | Manualshive

Page: 10 / 36

Fortinet FortiGate-5001C Manual Download Page 10

Accelerated IPS, SSL VPN, and IPsec VPN (CP8 content processors)

FortiGate-5001C security system

FortiGate-5001C Security System Guide

10

01-400-181221-20121130

http://docs.fortinet.com/

Figure 2: FortiGate-5001C NP4 to interface mapping

Traffic between interfaces that use the same NP4 processor experiences the highest
acceleration.

• The port1, fabric1 and base1 interfaces are connected to one NP4 processor.

• The port2, fabric2 and base2 interfaces are connected to the other NP4 processor.

For example, for maximum NP4 acceleration of traffic received on port1 the traffic must
exit the FortiGate-5001C board on fabric1. Also, for maximum acceleration of traffic
received on port2 the traffic must exit the FortiGate-5001C board on fabric2.

Accelerated IPS, SSL VPN, and IPsec VPN (CP8 content
processors)

The FortiGate-5001C board includes two CP8 processors that provide the following
performance enhancements:

• Over 10Gbps throughput IPS content processor for packet content matching with

signatures

• High performance VPN bulk data engine

• IPSEC and SSL/TLS protocol processor

• DES/3DES/AES in accordance with FIPS46-3/FIPS81/FIPS197

• ARC4 in compliance with RC4

• MD5/SHA-1/SHA256 with RFC1321 and FIPS180

• HMAC in accordance with RFC2104/2403/2404 and FIPS198

• Key Exchange Processor support high performance IKE and RSA computation

• Public key exponentiation engine with hardware CRT support

• Primarily checking for RSA key generation

• Handshake accelerator with automatic key material generation

• Random Number generator compliance with ANSI X9.31

• Sub public key engine (PKCE) to support up to 4094 bit operation directly

• Message authentication module offers high performance cryptographic engine for

calculating SHA256/SHA1/MD5 of data up to 4G bytes (used by any application like
WAN opt.)

FortiASIC

NP4

FortiASIC

NP4

Ethernet Switch

CPU

CP8

CP8

System Bus

fabric1

base1

fabric2

base2

«
...
8
9
10
11
12
...
»

Summary of Contents for FortiGate-5001C

Page 1: ...cent versions of this and all FortiGate 5000 series documents are available from the FortiGate 5000 page of the Fortinet Technical Documentation web site http docs fortinet com Visit https support for...

Page 2: ...FortiGate 5000 series equipment Only perform the procedures described in this document from an ESD workstation If no such station is available you can provide some ESD protection by wearing an anti st...

Page 3: ...1C SW2 switch settings 12 FortiGate 5001C mounting components 14 Inserting a FortiGate 5001C board 15 Shutting down and removing a FortiGate 5001C board 17 Power cycling a FortiGate 5001C board 19 Tro...

Page 4: ...ing the CLI to configure Transparent mode 30 Upgrading FortiGate 5001C firmware 30 FortiGate 5001C base backplane data communication 32 FortiGate 5001C fabric backplane data communication 33 For more...

Page 5: ...terfaces can also operate as 1 gigabit SPF interfaces Use the front panel interfaces for connections to your networks and the backplane interfaces for communication across the ATCA chassis backplane T...

Page 6: ...rs that accelerate firewall and IPsec VPN Two CP8 content processors that accelerate IPS SSL VPN and IPsec VPN Internal 128 GByte SSD for storing log messages DLP archives SQL log message database his...

Page 7: ...es green when the FortiGate 5001C board accesses the FortiOS flash disk The FortiOS flash disk stores the current FortiOS firmware build and configuration files The system accesses the flash disk when...

Page 8: ...st power Flashing Blue The FortiGate 5001C board is changing from hot swap to running mode or from running mode to hot swap This happens when the FortiGate 5001C board is starting up or shutting down...

Page 9: ...3B boards or other 10 gigabit fabric backplane switching boards installed in the chassis in fabric slots 1 and 2 For information about base backplane communication in FortiGate 5000 series chassis see...

Page 10: ...P8 processors that provide the following performance enhancements Over 10Gbps throughput IPS content processor for packet content matching with signatures High performance VPN bulk data engine IPSEC a...

Page 11: ...ort1 and port2 You can also configure front panel interfaces to operated at 1 gigabit and install SFP transceivers The SFP or SPF transceivers are inserted into cage sockets numbered 1 and 2 on the Fo...

Page 12: ...rd is under the metal panel SW2 is located on the printed circuit board and is accessible from the left side of the board under the metal panel as shown in Figure 3 Figure 3 Location of SW2 on the For...

Page 13: ...n a chassis To change or verify the SW2 switch setting To complete this procedure you need A FortiGate 5001C board A tool for changing the SW2 switch setting optional Table 4 FortiGate 5001C SW2 setti...

Page 14: ...ents to lock the board into place in the slot When locked into place and positioned correctly the board front panel is flush with the chassis front panel The board is also connected to the chassis bac...

Page 15: ...lly tightened for the FortiGate 5001C board to receive power and operate normally If the FortiGate 5001C board is not receiving power the IPM LED glows solid blue and all other LEDs remain off See Fro...

Page 16: ...oard should glide smoothly into the chassis slot If you encounter any resistance while sliding the board in the board could be aligned incorrectly Pull the board back out and try inserting it again 7...

Page 17: ...Gate 5001C firmware starts up During start up the STATUS LED may continue to flash green Once the board has started up and is operating correctly the front panel LEDs are lit as described in Table 5 I...

Page 18: ...ork cables the console cable and any USB cables or keys 4 Fully loosen the retention screws on the FortiGate 5001C front panel 5 Unlock the handles by squeezing the handle locks 6 Slowly open both han...

Page 19: ...by opening the right handle the lower handle when the board is installed vertically in a FortiGate 5140 chassis to activate a switch that cycles the power without removing the board from the chassis T...

Page 20: ...ap both handles back into place The board powers up the LEDs light and in a few minutes the FortiGate 5001C board operates normally 8 Fully tighten the retention screws to lock the FortiGate 5001C boa...

Page 21: ...and try cycling the power to the board If the BIOS starts up interrupt the BIOS startup and install a new firmware image If this does not solve the problem contact Fortinet Customer Service and Suppor...

Page 22: ...Troubleshooting Hardware installation FortiGate 5001C Security System Guide 22 01 400 181221 20121130 http docs fortinet com...

Page 23: ...net customer services such as product updates and customer support You must also register your product for FortiGuard services such as FortiGuard Antivirus and Intrusion Prevention updates and for For...

Page 24: ...ute mode Transparent mode In Transparent mode the FortiGate 5001C security system is invisible to the network All of the FortiGate 5001C interfaces are connected to different segments of the same netw...

Page 25: ...t connection between the FortiGate 5001C board and management computer Internet Explorer 6 0 or higher on the management computer Command Line Interface CLI The CLI is a full featured management tool...

Page 26: ...1 IP Netmask 192 168 1 99 24 mgmt2 IP Netmask 192 168 100 99 24 Default route Gateway 192 168 100 1 Device mgmt2 Primary DNS Server 208 91 112 53 Secondary DNS Server 208 91 112 52 At any time during...

Page 27: ...o System Network Interface and edit each interface to configure 2 Set the addressing mode for the interface See the online help for information For manual addressing enter the IP address and netmask f...

Page 28: ...edit admin set password password end 5 Configure the mgmt1 port1 and port1 interfaces to the settings that you added to Table 7 on page 26 config system interface edit mgmt1 set ip intf_ip netmask_ip...

Page 29: ...System Dashboard Status and select the Change link beside Operation Mode NAT 2 Set Operation Mode to Transparent 3 Set the Management IP Netmask to the settings that you added to Table 8 on page 29 4...

Page 30: ...Configure the Management IP address and default gateway to the settings that you added to Table 8 on page 29 config system settings set opmode transparent set manageip mng_ip netmask set gateway gate...

Page 31: ...e root directory of the TFTP server 3 Log into the CLI 4 Make sure the FortiGate 5001C board can connect to the TFTP server You can use the following command to ping the computer running the TFTP serv...

Page 32: ...C base backplane communication see the FortiGate 5000 Backplane Communications Guide and the FortiSwitch 5000 Series CLI Reference To enable base backplane data communication from the FortiGate 5001C...

Page 33: ...1 Go to System Network Interface 2 Select Show backplane interfaces The fabric1 fabric2 base1 and base2 backplane interfaces now appear in all Interface lists You can now configure the fabric backplan...

Page 34: ...FortiGate 5001C fabric backplane data communication Quick Configuration Guide FortiGate 5001C Security System Guide 34 01 400 181221 20121130 http docs fortinet com...

Page 35: ...ticles examples FAQs technical notes and more Visit the Fortinet Knowledge Base at http kb fortinet com Comments on Fortinet technical documentation Send information about any errors or omissions in t...

Page 36: ...ether express or implied except to the extent Fortinet enters a binding written contract signed by Fortinet s General Counsel with a purchaser that expressly warrants that the identified product will...

Reviews:

No comments