Fortinet FortiGate FortiGate-5005-DIST Getting Started Download Page 6 | Manualshive

Page: 6 / 38

Fortinet FortiGate FortiGate-5005-DIST Getting Started Download Page 6

FortiGate-5005-DIST Security System Getting Started

6

01-30000-0414-20070615

FortiController-5208 I/O modules

The FortiGate-5005-DIST Security System

Figure 1: Example basic FortiGate-5005-DIST security system

FortiController-5208 I/O modules

Data flows into and out of the FortiGate-5005-DIST system through the I/O
modules. The I/O modules are FortiController-5208 modules installed in chassis
slots 1 and 2 in a FortiGate-5050 or FortiGate-5140 chassis. The I/O module
installed in slot 1 is configured as the primary I/O module. The optional I/O module
installed in slot 2 becomes the secondary I/O module. A FortiGate-5005-DIST
system can include one or two I/O modules.

As the I/O module, the FortiController-5208 provides all FortiGate-5005-DIST
network connections. The FortiController-5208 module provides two 10 gigabit
interfaces and four 1 gigabit interfaces for network traffic. The FortiController-5208
front panel also contains four 1 gigabit interfaces. Two of these interfaces support
inter-chassis HA and two are for future use. Adding a second FortiController-5208
module doubles the number of FortiGate-5005-DIST network interfaces.

Figure 2: FortiController-5208 front panel

1

2

2

3

4

5

SMC

1

SMC

POWER

5050SAP

SERIAL

1

SERIAL

2

ALARM

10/100

link/Act

ETH0 Service

RESET

ST

AT

US

Hot Swap

link/Act

ETH0

ETH1

10/100

5000SM

10/100

link/Act

ETH0 Service

RESET

ST

AT

US

Hot Swap

link/Act

ETH0

ETH1

10/100

5000SM

PAYLOAD OPERATION

STATUS

IPM

X 1

X 2

1/2

3/4

D15/D16

C15/C16

1

2

3

4

5

6

7

8

9

10

11

12

D

13

14

15

16

D

1

2

3

4

5

6

7

8

9

10

11

12

C

13

14

15

16

C

10/100/1000 MBPS ETHERNET ACTIVITY

DATA

CONTROL

1

2

3

4

MANAGEMENT

COM 1

COM 2

X 1

X 2

CONSOLE

ACT

ACT

LINK

LINK

FABRIC

BASE

USB

USB

3

4

1

2

5

6

7

8

OOS

ACC

STATUS

IPM

CONSOLE

ACT

ACT

LINK

LINK

FA

BR

IC

BASE

USB

USB

3

4

1

2

5

6

7

8

OOS

ACC

STATUS

IPM

CONSOLE

ACT

ACT

LINK

LINK

FA

BR

IC

BASE

USB

USB

3

4

1

2

5

6

7

8

OOS

ACC

STATUS

IPM

CONSOLE

ACT

ACT

LINK

LINK

FA

BR

IC

BASE

USB

USB

3

4

1

2

5

6

7

8

OOS

ACC

STATUS

IPM

NAT mode policies

controlling 10G traffic

between internal and

external networks.

X2 (port1_X2)

204.23.1.5

X1 (port1_X1)

192.168.1.99

Management

interface (mng)

FortiGate-5005-DIST

security system in

NAT/Route mode

Internet

Internal

network

PAYLOAD OPERATION

STATUS

IPM

X 1

X 2

1/2

3/4

D15/D16

C15/C16

1

2

3

4

5

6

7

8

9

10

11

12

D

13

14

15

16

D

1

2

3

4

5

6

7

8

9

10

11

12

C

13

14

15

16

C

10/100/1000 MBPS ETHERNET ACTIVITY

DATA

CONTROL

1

2

3

4

MANAGEMENT

COM 1

COM 2

X 1

X 2

SFP Gigabit

Fiber or Copper

1

3

4

2

Management

RJ-45 Serial

Extraction

Lever

IPM

Status

X1 X2 XFP 10 Gigabit

Fiber or Copper

Payload

Operation

Link/

Traffic

Extraction

Lever

Mounting

Knot

Mounting

Knot

Link/Traffic

D15

D16

C15

C16

Management

RJ-45 Ethernet

«
...
4
5
6
7
8
...
»

Summary of Contents for FortiGate FortiGate-5005-DIST

Page 1: ...IC BASE USB USB 3 4 1 2 5 6 7 8 OOS ACC STATUS IPM CONSOLE ACT ACT LINK LINK FABRIC BASE USB USB 3 4 1 2 5 6 7 8 OOS ACC STATUS IPM CONSOLE ACT ACT LINK LINK FABRIC BASE USB USB 3 4 1 2 5 6 7 8 OOS AC...

Page 2: ...ate 5000 series component in a closed or multi unit rack assembly the operating ambient temperature of the rack environment may be greater than room ambient Make sure the operating ambient temperature...

Page 3: ...CLI or web based manager 13 Configuring the primary I O module 14 Installing FortiGate 5005FA2 worker modules 15 Installing FortiGate 5005FA2 modules 16 Verifying that FortiGate 5005FA2 modules can c...

Page 4: ...urrently installed firmware versions 34 Upgrading I O module firmware 34 Upgrading worker module firmware installed on the primary I O module 36 Upgrading FortiController 5208 NPU firmware 37 For more...

Page 5: ...ic to the worker modules The worker modules provide FortiGate security system functions including firewall VPN IPS antivirus antispam and so on The following topics are included in this section Basic...

Page 6: ...100 link Act ETH0 Service RESET STATUS Hot Swap link Act ETH0 ETH1 10 100 5000SM 10 100 link Act ETH0 Service RESET STATUS Hot Swap link Act ETH0 ETH1 10 100 5000SM PAYLOAD OPERATION STATUS IPM X 1 X...

Page 7: ...led in slot 2 The worker modules apply all of the FortiGate security system functionality to traffic passing through the FortiGate 5005 DIST security system Traffic is distributed to the worker module...

Page 8: ...5140 CRITICAL RESET MAJO R MINOR USER1 USER2 USER3 5140SAP SERIAL 1 SERIAL 2 ALARM FILTER 1 2 0 1 2 10 100 link Act ETH0 Service RESET STATUS Hot Swap link Act ETH0 ETH1 10 100 5000SM 10 100 link Act...

Page 9: ...for the interfaces of the primary I O module installed in chassis slot 1 and 2 for the interfaces of the secondary I O module installed in chassis slot 2 The interfaces for the secondary I O module o...

Page 10: ...ntroller 5208 location FortiController 5208 front panel interface names Web based manager and CLI interface names Primary FortiController 5208 module installed in chassis slot 1 X1 port1_X1 X2 port1_X...

Page 11: ...ary I O module will connect with all components and after a few minutes the system will be operational However the first time you install a FortiGate 5005 DIST system you should follow the procedures...

Page 12: ...Verify that the chassis is operating normally Installing FortiController 5208 modules If your FortiGate 5005 DIST security system includes one FortiController 5208 module it must be installed in slot...

Page 13: ...3 Install SFP and XFP transceivers in the front panel interfaces of your FortiController 5208 I O module as required Connecting to the FortiController 5208 CLI or web based manager The following proce...

Page 14: ...he management computer to 192 168 1 2 and the netmask to 255 255 255 0 3 To access the web based manager start Internet Explorer on the management computer and browse to https 192 168 1 99 remember to...

Page 15: ...primary I O module If you have installed a FortiController 5208 module in slot 2 the module in slot 2 recognizes that the FortiController 5208 module in slot 1 is the primary I O module The FortiContr...

Page 16: ...ware on a FortiGate 5005FA2 module Installing FortiGate 5005FA2 modules This procedure describes how to install FortiGate 5005FA2 modules in a FortiGate 5005 DIST chassis This procedure also describes...

Page 17: ...ng in a FortiGate 5140 chassis with worker modules installed in chassis slots 6 and 10 The message indicates that both worker modules are operating in DIST mode and have successfully connected to the...

Page 18: ...appear in the list use the procedure To view the status of FortiGate 5005FA2 modules from the FortiGate 5005FA2 CLI on page 18 to verify the status of each module and determine a course of action for...

Page 19: ...and configured correctly In particular confirm the I O module in slot 1 is configured as the primary For details see To configure the primary I O module on page 15 If this does not solve the problem...

Page 20: ...ult firmware H Display this list of options Enter G F B I Q or H 5 Enter B The FortiGate 5005FA2 module exchanges the backup and default firmware and then restarts If the DIST firmware was installed i...

Page 21: ...system has two I O modules installed or slot 2 and above if one I O module is installed The FortiController 5208 module s should also have the appropriate XFP and SFP transceivers installed The module...

Page 22: ...erforms network address translation before IP packets are sent to the destination network In Route mode no translation takes place Figure 7 Example FortiGate 5005 DIST system operating in NAT Route mo...

Page 23: ...e the FortiGate module Web based manager The FortiGate web based manager is an easy to use management tool Use the web based manager to configure the FortiGate administrator password the interface add...

Page 24: ...re the FortiGate security system for your network add an administrator password change the network interface IP addresses add DNS server IP addresses and if required configure basic routing Note Conne...

Page 25: ..._____ _____ Netmask _____ _____ _____ _____ Management mng IP _____ _____ _____ _____ Netmask _____ _____ _____ _____ Secondary I O module interfaces X1 port2_X1 IP _____ _____ _____ _____ Netmask ___...

Page 26: ...le web based manager go to System Network Interface 2 Select the edit icon for the mng interface 3 Enter the IP address and netmask for the interface To configure interfaces 1 Go to Worker Blade Syste...

Page 27: ...t 6 Configure the port1_X1 interface execute worker manage config system interface edit port1_X1 set ip intf_ip netmask_ip end exit 7 Repeat to configure each interface as required for example to conf...

Page 28: ...Worker Blade System Status and select the Change link beside Operation Mode NAT 2 Set Operation Mode to Transparent 3 Set the Management IP Netmask to 192 168 1 99 24 4 Set the default Gateway to 192...

Page 29: ...sparent mode 1 Use the serial cable supplied with your FortiController 5208 module to connect the FortiController 5208 Com 2 port to the management computer serial port 2 Start a terminal emulation pr...

Page 30: ...rtiGate 5005 DIST system 1 Connect to the primary I O module and shut down the worker modules execute worker shutdown 2 If present shut down the secondary I O module execute secondary io execute shutd...

Page 31: ...O blade During this startup time the FortiGate 5005 DIST system cannot process traffic To start a configured FortiGate 5005 DIST system 1 Connect and turn on power to the chassis 2 Fully insert all mo...

Page 32: ...ary I O module from the primary I O module CLI or web based manager Viewing the currently installed firmware versions Upgrading I O module firmware Upgrading worker module firmware installed on the pr...

Page 33: ...he CLI 4 Make sure the I O module can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the IP address of the TFTP server is 192...

Page 34: ...og into the web based manager 8 Go to System Status and check the Firmware Version to confirm that the firmware upgrade is successfully installed Update antivirus and attack definitions To upgrade the...

Page 35: ...n recommended by Fortinet Customer Support you can use the following information to upgrade the firmware operating on FortiController 5208 module You must perform this procedure separately for each Fo...

Page 36: ...ntroller 5208 copies the firmware image from the TFTP server and installs the image on the FortiController 5208 NPU 5 Once the firmware has been installed you must restart the FortiController 5208 If...

Page 37: ...vailable from the Fortinet Knowledge Center The knowledge center contains troubleshooting and how to articles FAQs technical notes and more Visit the Fortinet Knowledge Center at http kc forticare com...

Page 38: ...rks Dynamic Threat Prevention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard FortiGuard Antispam FortiGuard Antivirus...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands