manualshive.com logo in svg

Fortinet FortiGate FortiGate-5001FA2, Security System Manual

The Fortinet FortiGate FortiGate-5001FA2 is a robust and advanced security system designed to protect your network from cyber threats. Ensure seamless operation and optimal security by accessing the comprehensive Security System Manual, available for free download exclusively from manualshive.com, offering detailed instructions and helpful insights.

Share
Download
background image

FortiGate-5001FA2   Security System Guide

8

01-30000-0379-20080606

Base backplane gigabit communication

FortiGate-5001FA2 security system

• Session Oriented Traffic with long session lifetime, such as FTP sessions.

Packet size does not affect performance for traffic with long session lifetime. 
For long sessions, processing that would otherwise be handled by the 
FortiGate-5001FA2 CPUs is off-loaded to the acceleration module.

• Firewall and intrusion protection (IPS), when there is a reasonable percentage 

of P2P packets.

• Firewall, intrusion protection (IPS), and antivirus, when there is a reasonable 

percentage of P2P packets.

• Firewall and IPSec VPN applications.

The following traffic scenarios should be handled by the normal (or non-
accelerated) FortiGate-5001FA2 interfaces:

• Session oriented traffic when the session lifetime is very short.
• Firewall and antivirus only applications. 

Traffic will not be off-loaded to the FortiGate-5001FA2 accelerator module. The 
result will be high CPU usage because of the high CPU requirement for 
antivirus scanning.

FA2 interfaces and active-active HA performance

FortiOS v3.0 MR4 firmware can also use FA2 acceleration to improve 
active-active HA load balancing performance. See the 

FortiGate HA Overview

 or 

the 

FortiGate HA Guide

 for more information.

Base backplane gigabit communication

The FortiGate-5001FA2 port9 and port10 base backplane gigabit interfaces can 
be used for HA heartbeat communication between FortiGate-5001FA2 boards 
installed in the same or in different FortiGate-5000 chassis. You can also 
configure FortiGate-5001FA2 boards to use the base backplane interfaces for 
data communication between FortiGate boards. To support base backplane 
communications your FortiGate-5140 or 5050 chassis must include one or more 
FortiSwitch-5003 boards. FortiSwitch-5003 boards are installed in chassis slots 1 
and 2. The FortiGate-5020 chassis supports base backplane communication with 
no additions or changes to the chassis.

For information about base backplane communication in FortiGate-5140 and 
FortiGate-5050 chassis, see the 

FortiGate-5000 Base Backplane Communication 

Guide

. For information about the FortiSwitch-5003 board, see the 

FortiSwitch-5003 Guide

.

Summary of Contents for FortiGate FortiGate-5001FA2

Page 1: ...FA2 board in a FortiGate 5000 series chassis how to configure the FortiGate 5001FA2 security system for your network and contains troubleshooting information to help you diagnose and fix problems The most recent versions of this and all FortiGate 5000 series documents are available from the FortiGate 5000 page of the Fortinet Technical Documentation web site http docs forticare com Visit http supp...

Page 2: ... assembly the operating ambient temperature of the rack environment may be greater than room ambient Make sure the operating ambient temperature does not exceed the manufacturer s maximum rated ambient temperature Installing FortiGate 5000 series equipment in a rack should be such that the amount of airflow required for safe operation of the equipment is not compromised Refer to the ATCA specifica...

Page 3: ...Gate 5001FA2 board from a chassis 17 Troubleshooting 18 FortiGate 5001FA2 does not startup 18 FortiGate 5001FA2 cannot display chassis information 20 Quick Configuration Guide 21 Registering your Fortinet product 21 Planning the configuration 21 NAT Route mode 22 Transparent mode 22 Choosing the configuration tool 23 Web based manager 23 Command Line Interface CLI 23 Factory default settings 24 Co...

Page 4: ...0080606 Contents For more information 33 Fortinet documentation 33 Fortinet Tools and Documentation CD 33 Fortinet Knowledge Center 33 Comments on Fortinet technical documentation 33 Customer service and technical support 33 Register your Fortinet product 33 ...

Page 5: ...pports high end FortiGate features including 802 1Q VLANs multiple virtual domains 802 3ad aggregate interfaces and FortiGate 5000 chassis monitoring Figure 1 FortiGate 5001FA2 front panel The FortiGate 5001FA2 board includes the following features A total of eight front panel gigabit interfaces Two accelerated packet forwarding and policy enforcement gigabit interfaces that can accept optical Sma...

Page 6: ...s and describes the FortiGate 5001FA2 board LEDs Table 1 FortiGate 5001FA2 board LEDs LED State Description PWR Green The FortiGate 50012FA2 board is powered on ACC Off or Flashing red The ACC LED flashes red when the FortiGate 5001FA2 board accesses the FortiOS flash disk The FortiOS flash disk stores the current FortiOS firmware build and configuration files The system accesses the flash disk wh...

Page 7: ... equipment has power Flashing Network activity at this interface Speed LED Green The interface is connected at 1000 Mbps Amber The interface is connected at 100 Mbps Unlit The interface is connected at 10 Mbps Table 1 FortiGate 5001FA2 board LEDs Continued LED State Description Table 2 FortiGate 5001FA2 connectors Connector Type Speed Protocol Description 1 and 2 LC SFP 1000Base SX Ethernet Two ac...

Page 8: ...high CPU requirement for antivirus scanning FA2 interfaces and active active HA performance FortiOS v3 0 MR4 firmware can also use FA2 acceleration to improve active active HA load balancing performance See the FortiGate HA Overview or the FortiGate HA Guide for more information Base backplane gigabit communication The FortiGate 5001FA2 port9 and port10 base backplane gigabit interfaces can be use...

Page 9: ...001FA2 board ships with two RAM DIMMs installed on the FortiGate 5001FA2 circuit board You should confirm that the RAM DIMMs are installed correctly before inserting the FortiGate 5001FA2 board into a chassis To install FortiGate 5001FA2 RAM DIMMs To complete this procedure you need A FortiGate 5001FA2 board Two RAM DIMMs to be installed into the FortiGate 5001FA2 board RAM DIMM slots An electrost...

Page 10: ... If you cannot lock the locking levers the DIM is not aligned correctly or is in upside down Installing SFP transceivers The FortiGate 5001FA2 board ships with four SFP transceivers that you must install for normal operation of the FortiGate 5001FA2 board The SFP transceivers are inserted into cage sockets numbered 1 to 4 on the FortiGate 5001FA2 front panel You can install the SFP transceivers be...

Page 11: ...mper settings The JP3 jumper on the FortiGate 5001FA2 board is factory set by Fortinet into one of two positions see Figure 3 on page 12 For a FortiGate 5140 or FortiGate 5050 chassis the jumper connects pins 2 and 3 For a FortiGate 5020 chassis the jumper connects pins 1 and 2 The jumper must connect pins 2 and 3 if the chassis contains a shelf manager Both the FortiGate 5140 and the FortiGate 50...

Page 12: ...orrect JP3 Jumper Setting Result of wrong jumper setting FortiGate 5140 pins 2 and 3 Shelf manager cannot find FortiGate 5001FA2 board No chassis information available FortiGate 5050 pins 2 and 3 Shelf manager cannot find FortiGate 5001FA2 board No chassis information available FortiGate 5020 pins 1 and 2 FortiGate 5001FA2 board will not start up Note If the shelf manager in a FortiGate 5140 or Fo...

Page 13: ...tiGate 5001FA2 board into a chassis The following procedure describes how to correctly use the FortiGate 5001FA2 mounting components shown in Figure 4 to insert a FortiGate 5001FA2 board into a FortiGate 5000 series chassis slot The FortiGate 5001FA2 board left handle contacts to a hidden power switch The board must be fully installed in a chassis slot and this handle must be closed and locked for...

Page 14: ...r not the FortiGate 5000 series chassis is powered on To insert a FortiGate 5001FA2 board into a FortiGate 5000 series chassis To complete this procedure you need A FortiGate 5001FA2 board A FortiGate 5000 series chassis with an empty slot An electrostatic discharge ESD preventive wrist strap with connection cord Closed Open Alignment Pin Retention Screw Lock Handle Alignment Pin Retention Screw L...

Page 15: ... the front faceplate not the handles to slide the board into the slot The board should glide smoothly into the chassis If you encounter any resistance while sliding the board in the board could be aligned incorrectly Pull the board back out and try inserting it again 6 Slide the board in until the alignment pins are inserted half way into their sockets in the chassis If the chassis is powered on t...

Page 16: ...they lock into place If the chassis is powered on as the board slides into place the IPM LED starts flashing blue 8 Fully tighten the left and right retention screws to lock the FortiGate 5001FA2 board into position in the chassis slot If the chassis is powered on the PWR LED turns green and the STA LED turns red The ACC LED also starts flashing red After a few minutes if the board is operating co...

Page 17: ...assis or frame 2 Disconnect all cables from the FortiGate 5001FA2 board including all network cables the console cable and any USB cables or keys 3 Fully loosen the retention screws on the left and right sides of the FortiGate 5001FA2 front panel 4 Unlock the left and right handles by squeezing the handle locks Caution Do not carry the FortiGate 5001FA2 board by holding the handles When inserting ...

Page 18: ...mpletely out of the slot Troubleshooting This section describes the following troubleshooting topics FortiGate 5001FA2 does not startup FortiGate 5001FA2 cannot display chassis information FortiGate 5001FA2 does not startup Positioning of FortiGate 5001FA2 handles the presence or absence of a functioning shelf manager incorrect jumper settings and firmware problems may all prevent a FortiGate 5001...

Page 19: ...rtiGate 5140 or 5050 chassis shelf manager not installed or not functioning If you are operating a FortiGate 5001FA2 in a FortiGate 5140 or 5050 chassis the FortiGate 5001FA2 board will not start up if the JP3 jumper connects pins 2 and 3 see Figure 3 on page 12 and a shelf manager is not installed or is not operating correctly If the shelf manager is not installed or not operating correctly when ...

Page 20: ...d if the JP3 jumper is set between pins 2 and 3 the FortiGate 5001FA2 board should be able to communicate with the chassis shelf manager If the FortiGate 5001FA2 board can communicate with the shelf manager the FortiGate 5001FA2 web based manager System Chassis pages should display information about the boards installed in the chassis If any one of the conditions listed above are not met theFortiG...

Page 21: ... mode Configuring Transparent mode Upgrading FortiGate 5001FA2 firmware FortiGate 5001FA2 base backplane data communication Powering off the FortiGate 5001FA2 board Registering your Fortinet product Register your Fortinet product to receive Fortinet customer services such as product updates and technical support You must also register your product for FortiGuard services such as FortiGuard Antivir...

Page 22: ...perate in NAT mode or in Route mode In NAT mode the FortiGate firewall performs network address translation before IP packets are sent to the destination network In Route mode no translation takes place Figure 7 Example FortiGate 5001FA2 board operating in NAT Route mode Transparent mode In Transparent mode the FortiGate 5001FA2 security system is invisible to the network All of the FortiGate 5001...

Page 23: ... interface addresses the default gateway and the DNS server addresses Requirements An Ethernet connection between the FortiGate 5001FA2 board and management computer Internet Explorer 6 0 or higher on the management computer Command Line Interface CLI The CLI is a full featured management tool Use it to configure the administrator password the interface addresses the default gateway and the DNS se...

Page 24: ...tmask 192 168 100 99 24 Default route Gateway 192 168 100 1 Device port2 Primary DNS Server 65 39 139 53 Secondary DNS Server 65 39 139 53 Note At any time during the configuration process if you run into problems you can reset the FortiGate 5001FA2 board to the factory defaults and start over From the web based manager go to System Status find System Operation at the bottom of the page and select...

Page 25: ...inistrator and enter a new password To configure interfaces 1 Go to System Network Interface 2 Select the edit icon for each interface to configure 3 Set the addressing mode for the interface See the online help for information For manual addressing enter the IP address and netmask for the interface that you added to Table 6 on page 24 For DHCP addressing select DHCP and any required settings For ...

Page 26: ...inistrator password config system admin edit admin set password password end 5 Configure the port1 internal interface to the setting that you added to Table 6 on page 24 config system interface edit port1 set ip intf_ip netmask_ip end 6 Repeat to configure each interface as required for example to configure the port2 interface to the setting that you added to Table 6 on page 24 config system inter...

Page 27: ...sparent 3 Set the Management IP Netmask to the settings that you added to Table 7 on page 27 4 Set the default Gateway to the setting that you added to Table 7 on page 27 To change the admin administrator password 1 Go to System Admin Administrators 2 Select Change Password for the admin administrator and enter the password that you added to Table 7 on page 27 To change the management interface 1 ...

Page 28: ...arent set manageip mng_ip netmask set gateway gateway_ip end 5 Configure the primary and secondary DNS server IP addresses to the settings that you added to Table 7 on page 27 config system dns set primary dns server_ip set secondary dns server_ip end Upgrading FortiGate 5001FA2 firmware Fortinet periodically updates the FortiGate 5001FA2 FortiOS firmware to include enhancements and address issues...

Page 29: ... TFTP server 3 Log into the CLI 4 Make sure the FortiGate board can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the IP address of the TFTP server is 192 168 1 168 execute ping 192 168 1 168 5 Enter the following command to copy the firmware image from the TFTP server to the FortiGate 5001FA2 board execute restore image na...

Page 30: ...stalled in chassis slot 2 provides communication on the port10 interface The FortiGate 5020 chassis supports base backplane data communication for both interfaces with no additions or changes to the chassis For details and configuration examples of FortiGate 5001FA2 base backplane communication using the FortiSwitch 5003 board see the FortiGate 5000 Base Backplane Communication Guide To enable bas...

Page 31: ...port10 backplane interfaces now appear in all Interface lists Powering off the FortiGate 5001FA2 board To avoid potential hardware problems always shut down the FortiGate 5001FA2 operating system properly before removing the FortiGate 5001FA2 board from a chassis slot or before powering down the chassis To power off a FortiGate 5001FA2 board 1 Shut down the FortiGate 5001FA2 operating system From ...

Page 32: ...FortiGate 5001FA2 Security System Guide 32 01 30000 0379 20080606 Powering off the FortiGate 5001FA2 board Quick Configuration Guide ...

Page 33: ...ble from the Fortinet Knowledge Center The knowledge center contains troubleshooting and how to articles FAQs technical notes and more Visit the Fortinet Knowledge Center at http kc forticare com Comments on Fortinet technical documentation Please send information about any errors or omissions in this document or any Fortinet technical documentation to techdoc fortinet com Customer service and tec...

Page 34: ... and FortiGuard are registered trademarks and Dynamic Threat Prevention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion FortiGuard Web FortiLog FortiAnalyzer FortiManager FortiOS FortiPartner FortiProtect FortiReporter FortiResponse FortiShield and FortiVoIP are trade...

Reviews:

No comments

Related manuals for FortiGate FortiGate-5001FA2

Watchguard XTM 5 Series Quick Start Manual preview
XTM 5 Series
Brand: Watchguard Pages: 13
ZyXEL Communications ZyXEL ZyWALL 5 User Manual preview
ZyXEL ZyWALL 5
Brand: ZyXEL Communications Pages: 668
PaloAlto Networks PA-7050 PAN-AIRDUCT Hardware Reference Manual preview
PA-7050 PAN-AIRDUCT
Brand: PaloAlto Networks Pages: 70
IBM SP3001 Getting Started Manual preview
SP3001
Brand: IBM Pages: 6
FIBER SENSYS Fiber Defender FD348R Application Note preview
Fiber Defender FD348R
Brand: FIBER SENSYS Pages: 31

Brands by name

Popular brands

Load more brands