Home
/
Fortinet
/
FortiGate FortiGate-5005-DIST
/
Getting Started

Fortinet FortiGate FortiGate-5005-DIST, Getting Started

Share

Page: 17 / 38

Fortinet FortiGate FortiGate-5005-DIST Getting Started Download Page 17

Installing hardware components

Installing FortiGate-5005FA2 worker modules

FortiGate-5005-DIST Security System Getting Started
01-30000-0414-20070615

17

Verifying that FortiGate-5005FA2 modules can communicate with the primary
I/O module

From the primary I/O module CLI or web-based manager you can display
information about the status of the FortiGate-5005FA2 modules that are operating
in DIST mode. If the FortiGate-5005FA2 modules are operating in normal mode
they are not visible from primary I/O module CLI or web-based manager. Use the
procedures in this chapter to verify that the FortiGate-5005FA2 modules that you
have installed are operating in DIST mode or not.

To view FortiGate-5005FA2 module status from the primary I/O module CLI

1

Connect to the primary I/O module CLI.

See

“To connect to the FortiController-5208 console port” on page 13

.

2

Enter the command

execute worker list

. If the FortiGate-5005FA2 modules

are operating in DIST mode, a message similar to the following is displayed:

2 workers are found

Found a worker at Slot-10 with IP address-192.168.100.26

Found a worker at Slot-6 with IP address-192.168.100.22

This message could be displayed by a FortiGate-5005-DIST system running in a
FortiGate-5140 chassis with worker modules installed in chassis slots 6 and 10.
The message indicates that both worker modules are operating in DIST mode and
have successfully connected to the primary I/O module and become worker
modules in the DIST configuration. The FortiGate-5005FA2 modules listed in this
message are working properly and have been successfully installed.

If some or all of the worker modules do not appear in the list, use the procedure

“To view the status of FortiGate-5005FA2 modules from the FortiGate-5005FA2
CLI” on page 18

to verify the status of each module and determine a course of

action for changing the module to operate in DIST mode.

To view worker module status from the primary I/O module web-based
manager

1

Log into the primary I/O module web-based manager.

See

“Connecting to the FortiController-5208 CLI or web-based manager” on

page 13

.

The I/O blade system status page (also called the dashboard) is displayed (see

Figure 6

).

Note:

I/O and worker modules are assigned IP addresses for control communication over

the chassis backplane fabric interfaces. These IP addresses are assigned automatically
and cannot be changed. A special invisible virtual domain is used for backplane fabric
control communication. Because these IP addresses are in a separate virtual domain, they
will not conflict with the IP addresses that you assign to other FortiGate-5005-DIST
interfaces.

«
...
15
16
17
18
19
...
»

Summary of Contents for FortiGate FortiGate-5005-DIST

Page 1: ...IC BASE USB USB 3 4 1 2 5 6 7 8 OOS ACC STATUS IPM CONSOLE ACT ACT LINK LINK FABRIC BASE USB USB 3 4 1 2 5 6 7 8 OOS ACC STATUS IPM CONSOLE ACT ACT LINK LINK FABRIC BASE USB USB 3 4 1 2 5 6 7 8 OOS AC...

Page 2: ...ate 5000 series component in a closed or multi unit rack assembly the operating ambient temperature of the rack environment may be greater than room ambient Make sure the operating ambient temperature...

Page 3: ...CLI or web based manager 13 Configuring the primary I O module 14 Installing FortiGate 5005FA2 worker modules 15 Installing FortiGate 5005FA2 modules 16 Verifying that FortiGate 5005FA2 modules can c...

Page 4: ...urrently installed firmware versions 34 Upgrading I O module firmware 34 Upgrading worker module firmware installed on the primary I O module 36 Upgrading FortiController 5208 NPU firmware 37 For more...

Page 5: ...ic to the worker modules The worker modules provide FortiGate security system functions including firewall VPN IPS antivirus antispam and so on The following topics are included in this section Basic...

Page 6: ...100 link Act ETH0 Service RESET STATUS Hot Swap link Act ETH0 ETH1 10 100 5000SM 10 100 link Act ETH0 Service RESET STATUS Hot Swap link Act ETH0 ETH1 10 100 5000SM PAYLOAD OPERATION STATUS IPM X 1 X...

Page 7: ...led in slot 2 The worker modules apply all of the FortiGate security system functionality to traffic passing through the FortiGate 5005 DIST security system Traffic is distributed to the worker module...

Page 8: ...5140 CRITICAL RESET MAJO R MINOR USER1 USER2 USER3 5140SAP SERIAL 1 SERIAL 2 ALARM FILTER 1 2 0 1 2 10 100 link Act ETH0 Service RESET STATUS Hot Swap link Act ETH0 ETH1 10 100 5000SM 10 100 link Act...

Page 9: ...for the interfaces of the primary I O module installed in chassis slot 1 and 2 for the interfaces of the secondary I O module installed in chassis slot 2 The interfaces for the secondary I O module o...

Page 10: ...ntroller 5208 location FortiController 5208 front panel interface names Web based manager and CLI interface names Primary FortiController 5208 module installed in chassis slot 1 X1 port1_X1 X2 port1_X...

Page 11: ...ary I O module will connect with all components and after a few minutes the system will be operational However the first time you install a FortiGate 5005 DIST system you should follow the procedures...

Page 12: ...Verify that the chassis is operating normally Installing FortiController 5208 modules If your FortiGate 5005 DIST security system includes one FortiController 5208 module it must be installed in slot...

Page 13: ...3 Install SFP and XFP transceivers in the front panel interfaces of your FortiController 5208 I O module as required Connecting to the FortiController 5208 CLI or web based manager The following proce...

Page 14: ...he management computer to 192 168 1 2 and the netmask to 255 255 255 0 3 To access the web based manager start Internet Explorer on the management computer and browse to https 192 168 1 99 remember to...

Page 15: ...primary I O module If you have installed a FortiController 5208 module in slot 2 the module in slot 2 recognizes that the FortiController 5208 module in slot 1 is the primary I O module The FortiContr...

Page 16: ...ware on a FortiGate 5005FA2 module Installing FortiGate 5005FA2 modules This procedure describes how to install FortiGate 5005FA2 modules in a FortiGate 5005 DIST chassis This procedure also describes...

Page 17: ...ng in a FortiGate 5140 chassis with worker modules installed in chassis slots 6 and 10 The message indicates that both worker modules are operating in DIST mode and have successfully connected to the...

Page 18: ...appear in the list use the procedure To view the status of FortiGate 5005FA2 modules from the FortiGate 5005FA2 CLI on page 18 to verify the status of each module and determine a course of action for...

Page 19: ...and configured correctly In particular confirm the I O module in slot 1 is configured as the primary For details see To configure the primary I O module on page 15 If this does not solve the problem...

Page 20: ...ult firmware H Display this list of options Enter G F B I Q or H 5 Enter B The FortiGate 5005FA2 module exchanges the backup and default firmware and then restarts If the DIST firmware was installed i...

Page 21: ...system has two I O modules installed or slot 2 and above if one I O module is installed The FortiController 5208 module s should also have the appropriate XFP and SFP transceivers installed The module...

Page 22: ...erforms network address translation before IP packets are sent to the destination network In Route mode no translation takes place Figure 7 Example FortiGate 5005 DIST system operating in NAT Route mo...

Page 23: ...e the FortiGate module Web based manager The FortiGate web based manager is an easy to use management tool Use the web based manager to configure the FortiGate administrator password the interface add...

Page 24: ...re the FortiGate security system for your network add an administrator password change the network interface IP addresses add DNS server IP addresses and if required configure basic routing Note Conne...

Page 25: ..._____ _____ Netmask _____ _____ _____ _____ Management mng IP _____ _____ _____ _____ Netmask _____ _____ _____ _____ Secondary I O module interfaces X1 port2_X1 IP _____ _____ _____ _____ Netmask ___...

Page 26: ...le web based manager go to System Network Interface 2 Select the edit icon for the mng interface 3 Enter the IP address and netmask for the interface To configure interfaces 1 Go to Worker Blade Syste...

Page 27: ...t 6 Configure the port1_X1 interface execute worker manage config system interface edit port1_X1 set ip intf_ip netmask_ip end exit 7 Repeat to configure each interface as required for example to conf...

Page 28: ...Worker Blade System Status and select the Change link beside Operation Mode NAT 2 Set Operation Mode to Transparent 3 Set the Management IP Netmask to 192 168 1 99 24 4 Set the default Gateway to 192...

Page 29: ...sparent mode 1 Use the serial cable supplied with your FortiController 5208 module to connect the FortiController 5208 Com 2 port to the management computer serial port 2 Start a terminal emulation pr...

Page 30: ...rtiGate 5005 DIST system 1 Connect to the primary I O module and shut down the worker modules execute worker shutdown 2 If present shut down the secondary I O module execute secondary io execute shutd...

Page 31: ...O blade During this startup time the FortiGate 5005 DIST system cannot process traffic To start a configured FortiGate 5005 DIST system 1 Connect and turn on power to the chassis 2 Fully insert all mo...

Page 32: ...ary I O module from the primary I O module CLI or web based manager Viewing the currently installed firmware versions Upgrading I O module firmware Upgrading worker module firmware installed on the pr...

Page 33: ...he CLI 4 Make sure the I O module can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the IP address of the TFTP server is 192...

Page 34: ...og into the web based manager 8 Go to System Status and check the Firmware Version to confirm that the firmware upgrade is successfully installed Update antivirus and attack definitions To upgrade the...

Page 35: ...n recommended by Fortinet Customer Support you can use the following information to upgrade the firmware operating on FortiController 5208 module You must perform this procedure separately for each Fo...

Page 36: ...ntroller 5208 copies the firmware image from the TFTP server and installs the image on the FortiController 5208 NPU 5 Once the firmware has been installed you must restart the FortiController 5208 If...

Page 37: ...vailable from the Fortinet Knowledge Center The knowledge center contains troubleshooting and how to articles FAQs technical notes and more Visit the Fortinet Knowledge Center at http kc forticare com...

Page 38: ...rks Dynamic Threat Prevention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard FortiGuard Antispam FortiGuard Antivirus...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands