FortiGate-5000 Series
Introduction
5140SAP
SERIAL
1
SERIAL
2
ALARM
5140
13
11
9
7
5
3
1
2
4
6
8
10
12
14
USB
USB
USB
1
1
1
2
2
2
3
3
3
4
4
4
5
5
5
6
6
6
7
7
7
8
8
8
CONSOLE
CONSOLE
CONSOLE
5
4
STA IPM
STA IPM
STA IPM
PWR ACC
PWR
ACC
PWR ACC
3
2
1
POWER
ETH0 ETH1
ETH0
Service
RESET
STATUS
5000SM
10/100
5000SM
5050SAP
10/100
SMC
SMC
Hot Swap
link/Act
10/100
link/Act
10/100
SERIAL
1
SERIAL
2
link/Act
link/Act
2
1
1 2
ETH0 ETH1
ETH0
Service
RESET
STATUS
Hot Swap
PSU
PSU
A
B
FR
USB
1
2
3
4
5
6
7
8
CONSOLE
STA IPM
PWR ACC
ACT
USB
USB
ACC
7
8
LINK
ACT
1
2
3
4
5
6
LINK
CONSOLE
OOS
STATUS
IPM
FAN TRAY
FAN TRAY
FAN TRAY
2
0
1
The most recent versions of this and all FortiGate-5000 series documents are available from the FortiGate-5000
Visit http://support.fortinet.com to register your FortiGate-5000 Series product. By registering you can receive
product updates, technical support, and FortiGuard services.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
Download from Www.Somanuals.com. All Manuals Search And Download.
Contents
Contents
Introduction .............................................................................................. 7
Revision history .............................................................................................................. 7
About the FortiGate-5000 series chassis...................................................................... 8
FortiGate-5140 chassis............................................................................................... 8
FortiGate-5050 chassis............................................................................................... 8
FortiGate-5020 chassis............................................................................................... 9
About the FortiGate-5000 series boards....................................................................... 9
FortiGate-5001A security system ............................................................................... 9
FortiGate-RTM-XB2 module..................................................................................... 10
FortiGate-5005FA2 security system ......................................................................... 10
FortiGate-5001FA2 security system ......................................................................... 10
FortiGate-5001SX security system........................................................................... 10
FortiSwitch-5003A system........................................................................................ 10
FortiSwitch-5003 system .......................................................................................... 11
FortiGate-5005-DIST security system ...................................................................... 11
FortiController-5208 system ..................................................................................... 11
Warnings and cautions................................................................................................. 11
About Data Center DC power....................................................................................... 13
Fortinet documentation................................................................................................ 13
Fortinet Tools and Documentation CD ..................................................................... 13
Fortinet Knowledge Center....................................................................................... 13
Comments on Fortinet technical documentation ...................................................... 13
Customer service and technical support.................................................................... 13
Register your Fortinet product .................................................................................... 14
FortiGate-5140 chassis front panel ............................................................................. 16
FortiGate-5140 chassis back panel ............................................................................. 17
Physical description of the FortiGate-5140 chassis.................................................. 18
FortiGate-5140 chassis front panel ............................................................................. 19
FortiGate-5140 chassis back panel ............................................................................. 20
Physical description of the FortiGate-5140 chassis.................................................. 22
FortiGate-5050 front panel ........................................................................................... 24
FortiGate-5050 back panel ........................................................................................... 25
Physical description of the FortiGate-5050 chassis.................................................. 26
FortiGate-5000 Series Introduction
01-30000-83466-20090108
3
Download from Www.Somanuals.com. All Manuals Search And Download.
Contents
FortiGate-5050 front panel ........................................................................................... 28
FortiGate-5050 back panel ........................................................................................... 28
Physical description of the FortiGate-5050 chassis.................................................. 29
FortiGate-5020 front panel ........................................................................................... 31
FortiGate-5020 back panel ........................................................................................... 32
Physical description of the FortiGate-5020 chassis.................................................. 32
Front panel LEDs and connectors............................................................................... 34
LEDs......................................................................................................................... 35
Connectors ............................................................................................................... 36
Base backplane communication ................................................................................. 36
Fabric backplane communication ............................................................................... 36
AMC modules ................................................................................................................ 37
Front panel LED ............................................................................................................ 40
Fabric backplane 10-gigabit communication ............................................................. 40
Front panel LEDs and connectors............................................................................... 42
LEDs......................................................................................................................... 42
Connectors ............................................................................................................... 43
FA2 interfaces and active-active HA performance ................................................... 44
Base backplane gigabit communication..................................................................... 44
FortiGate-5005-DIST security system ......................................................................... 44
Front panel LEDs and connectors............................................................................... 46
LEDs......................................................................................................................... 46
Connectors ............................................................................................................... 47
FA2 interfaces and active-active HA performance ................................................... 48
Base backplane gigabit communication..................................................................... 48
FortiGate-5000 Series Introduction
01-30000-83466-20090108
4
Download from Www.Somanuals.com. All Manuals Search And Download.
Contents
Front panel LEDs and connectors............................................................................... 50
LEDs......................................................................................................................... 50
Connectors ............................................................................................................... 51
Base backplane gigabit interfaces .............................................................................. 51
Front panel LEDs and connectors............................................................................... 54
LEDs......................................................................................................................... 55
Base channel interfaces ........................................................................................... 56
Fabric channel interfaces.......................................................................................... 57
Front panel connectors............................................................................................. 58
FortiSwitch-5003A configurations............................................................................... 58
Base and fabric gigabit switching within a chassis ................................................... 58
Fabric 10-gigabit switching within a chassis............................................................. 59
Front panel LEDs and connectors............................................................................... 61
LEDs......................................................................................................................... 62
About the ZRE network activity LEDs....................................................................... 63
Connectors ............................................................................................................... 64
Base backplane communications ............................................................................... 64
Basic FortiGate security system configuration ......................................................... 67
FortiController-5208 I/O boards................................................................................... 68
FortiGate-5005FA2 worker boards .............................................................................. 69
FortiGate-5005-DIST security system chassis ........................................................... 70
FortiGate-5140 chassis............................................................................................. 70
FortiGate-5050 chassis............................................................................................. 71
FortiGate-5005-DIST interface names ......................................................................... 71
Front panel LEDs and connectors............................................................................... 74
LEDs......................................................................................................................... 74
Connectors ............................................................................................................... 75
Backplane gigabit interfaces ....................................................................................... 76
FortiGate-5000 Series Introduction
01-30000-83466-20090108
5
Download from Www.Somanuals.com. All Manuals Search And Download.
Contents
FortiGate-5000 Series Introduction
01-30000-83466-20090108
6
Download from Www.Somanuals.com. All Manuals Search And Download.
Introduction
Revision history
Introduction
This FortiGate-5000 Series Introduction is a high-level guide to all three
FortiGate-5000 series chassis and the boards that you can install in them.
This chapter includes the following topics:
•
•
•
•
•
•
•
Revision history
Table 1: Revision History
Version
Description of changes
01-30003-0378-20061207
01-30004-0378-20070201
New version.
installed in a FortiGate-5020 chassis. Added
01-30000-0378-20070615
Added the following sections:
•
•
•
•
01-30000-378-20080603
Terminology change: “module” changed to “board”
for all FortiGate-5000 series boards.
01-30000-83466-20081023
Added the following sections:
•
•
FortiGate-5000 Series Introduction
01-30000-83466-20090108
7
Download from Www.Somanuals.com. All Manuals Search And Download.
About the FortiGate-5000 series chassis
Introduction
Table 1: Revision History
Version
Description of changes
01-30000-83466-20081023
Added information about both FortiGate-5140 and
both FortiGate-5050 chassis versions:
•
•
•
•
About the FortiGate-5000 series chassis
The FortiGate-5000 series Security Systems are chassis-based systems that
MSSPs and large enterprises can use to provide subscriber security services
such as firewall, VPN, antivirus protection, spam filtering, web filtering and
intrusion prevention (IPS). The wide variety of system configurations available
with FortiGate-5000 series provide flexibility to meet the changing needs of
growing high performance networks. The FortiGate-5000 series chassis support
multiple hot-swappable FortiGate-5000 series boards and power supplies. This
modular approach provides a scalable, high-performance and failure-proof
solution.
FortiGate-5140 chassis
You can install up to 14 FortiGate-5000 series
boards in the 14 slots of the FortiGate-5140
ATCA chassis. The FortiGate-5140 is a 12U
chassis that contains two redundant hot
swappable DC power entry modules that
connect to -48 VDC Data Center DC power. The
FortiGate-5140 chassis also includes three hot
swappable cooling fan trays.
5140SAP
SERIAL
1
SERIAL
2
ALARM
5140
13
11
9
7
5
3
1
2
4
6
8
10
12
14
E
T
H
0
E
T
H
1
E
Service
RESET
STATUS
Hot Swap
1
2
E
T
H
0
E
T
H
1
E0
Service
RESET
STATUS
Hot Swap
Fortinet supplies two FortiGate-5140 chassis
with very similar features. For details see:
R
•
•
FAN TRAY
FAN TRAY
FAN TRAY
2
0
1
FortiGate-5050 chassis
You can install up to five FortiGate-5000 series
USB
USB
USB
1
1
1
2
2
2
3
3
3
4
5
5
5
6
6
6
7
7
7
8
8
8
CONSOLE
CONSOLE
CONSOLE
5
4
ACC
STA IPM
PWR
boards in the five slots of the FortiGate-5050
ATCA chassis. The FortiGate-5050 is a 5U
chassis that contains two redundant DC power
connections that connect to -48 VDC Data
Center DC power. The FortiGate-5050 chassis
also includes a hot swappable cooling fan tray.
4
4
STA IPM
STA IPM
PWR ACC
PWR
ACC
3
2
1
POWER
5000SM
10/100
5000SM
5050SAP
SMC
10/100
SMC
link/Act
10/100
link/Act
10/100
SERIAL
1
SERIAL
2
link/Act
link/Act
2
1
Fortinet supplies two FortiGate-5050 chassis with very similar features. For details
see:
•
•
FortiGate-5000 Series Introduction
01-30000-83466-20090108
8
Download from Www.Somanuals.com. All Manuals Search And Download.
Introduction
About the FortiGate-5000 series boards
FortiGate-5020 chassis
You can install one or two FortiGate-5000 series
PSU
PSU
A
B
boards in the two slots of the FortiGate-5020
ATCA chassis. The FortiGate-5020 is a 4U
chassis that contains two redundant AC to DC
power supplies that connect to AC power. The
USB
1
2
3
4
5
6
7
8
CONSOLE
STA IPM
PWR
ACC
ACT
LINK
ACT
LINK
USB
OOS
USB
ACC
7
8
1
2
3
4
5
6
CONSOLE
STATUS
IPM
FortiGate-5020 chassis also includes an internal cooling fan tray. For details about
About the FortiGate-5000 series boards
Each FortiGate-5000 series board is a standalone FortiGate security system that
can also function as part of a FortiGate HA cluster. All FortiGate-5000 series
boards are also hot swappable. All FortiGate-5000 series units are high capacity
security systems with multiple gigabit interfaces, multiple virtual domain capacity,
and other high end FortiGate features.
FortiGate-5001A security system
The FortiGate-5001A board is an
independent high-performance
FortiGate security system with
two front panel gigabit ethernet interfaces, two base backplane gigabit interfaces,
and two fabric backplane gigabit interfaces. Use the front panel interfaces for
connections to your networks and the backplane interfaces for communication
between FortiGate-5000 series boards over the ACTA chassis backplane. The
fabric interfaces are reserved for future 10-gigabit operation but can be used now
for board to board 1-gigabit operation. In FortiGate-5140 and FortiGate-5050
chassis you must install a FortiSwitch-5003 board or another backplane switching
product to support backplane communication. For details about the
FortiGate-5001A security system, see “FortiGate-5001A security system” on
The FortiGate-5001A-DW front panel includes a double-width Advanced
Mezzanine Card (AMC) opening. You can install a supported FortiGate AMC
Double width Module (ADM) module such as the FortiGate-ADM-XB2 or the
FortiGate-ADM-FB8 in the AMC opening. The FortiGate-ADM-XB2 adds two
accelerated 10-gigabit interfaces to the FortiGate board and the FortiGate-
ADM-FB8 adds 8 accelerated 1 gigabit interfaces.
The FortiGate-5001A-SW (single-width) includes a single-width AMC opening.
You can install a supported FortiGate AMC Single width Module (ASM) such as
the FortiGate-ASM-FB4 or the FortiGate-ASM-S08 in the AMC opening. The
FortiGate-ASM-FB4 adds four accelerated 1-gigabit interfaces to the FortiGate
board and the FortiGate-ADM-S08 adds a removable hard disk that you can use
to store log files and content archives.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
9
Download from Www.Somanuals.com. All Manuals Search And Download.
About the FortiGate-5000 series boards
Introduction
FortiGate-RTM-XB2 module
The FortiGate-RTM-XB2 system
is a rear transition module (RTM)
that provides two 10-gigabit fabric
backplane interfaces and NP2 processor acceleration for FortiGate-5001A boards
installed in FortiGate-5140 and FortiGate-5050 chassis. For details about the
FortiGate-RTM-XB2 system, see “FortiGate-RTM-XB2 system” on page 39
FortiGate-5005FA2 security system
ACT
LINK
ACT
LINK
USB
USB
ACC
7
8
The FortiGate-5005FA2 board is
an independent high-performance
FortiGate security system with
1
2
3
4
5
6
CONSOLE
OOS
STATUS
IPM
eight gigabit ethernet interfaces. The FortiGate-5005FA2 board supports high-end
features including 802.1Q VLANs and multiple virtual domains. Two of the
FortiGate-5005FA2 interfaces (port7 and port8) include Fortinet technology to
accelerate small packet performance. FortiGate-5005FA2 boards also function as
worker boards in a FortiGate-5005-DIST security system. For details about the
FortiGate-5001FA2 security system
The FortiGate-5001FA2 security
USB
1
2
3
4
5
6
7
8
CONSOLE
STA IPM
PWR ACC
system is an independent high-
performance FortiGate security
system with eight gigabit ethernet interfaces. The FortiGate-5001FA2 board is
similar to the FortiGate-5001SX board except that two of the FortiGate-5001FA2
interfaces include Fortinet technology to accelerate small packet performance. For
details about the FortiGate-5001FA2 board, see “FortiGate-5001FA2-LENC
FortiGate-5001SX security system
The FortiGate-5001SX security
USB
1
2
3
4
5
6
7
8
CONSOLE
STA IPM
PWR ACC
system is an independent high-
performance FortiGate security
system with eight gigabit ethernet interfaces. The FortiGate-5001SX board
supports high-end features including 802.1Q VLANs and multiple virtual domains.
For details about the FortiGate-5001SX security system, see “FortiGate-5001SX
FortiSwitch-5003A system
The FortiSwitch-5003A system
provides 10/1-gigabit fabric
backplane channel layer-2
switching and 1-gigabit base backplane channel layer-2 switching in a dual star
architecture for the FortiGate-5140 and FortiGate-5050 chassis. The FortiGate
board provides a total capacity of 200 Gigabits per second (Gbps) throughput.For
details about the FortiSwitch-5003A system, see “FortiGate-5001SX security
FortiGate-5000 Series Introduction
01-30000-83466-20090108
10
Download from Www.Somanuals.com. All Manuals Search And Download.
Introduction
Warnings and cautions
FortiSwitch-5003 system
The FortiSwitch-5003 system
provides base backplane
communication between
FortiGate security boards installed in FortiGate-5140 or FortiGate-5050 chassis.
Base backplane communication can be used for HA heartbeat communication
and for data communication. The FortiSwitch-5003 board can also provide HA
heartbeat and data communication between chassis. The FortiSwitch-5003 board
is only used in FortiGate-5140 and FortiGate-5050 chassis. For details about the
FortiGate-5005-DIST security system
The FortiGate-5005-DIST security system is
very similar to a single FortiGate unit, but with
much higher capacity and with support for
failover protection and scalability. The
FortiGate-5005-DIST security system consists
of a FortiGate-5050 or FortiGate-5140 chassis
with one or two Input/Output or I/O boards
ACT
LINK
ACT
LINK
USB
USB
7
7
7
7
8
8
8
8
1
2
2
2
2
3
3
3
3
4
4
4
4
5
5
5
5
6
6
6
6
5
4
CONSOLE
CONSOLE
CONSOLE
CONSOLE
OOS
ACC
USB
STATUS
IPM
IPM
IPM
IPM
ACT
LINK
ACT
LINK
USB
1
OOS
ACC
USB
STATUS
ACT
LINK
ACT
LINK
USB
1
3
OOS
ACC
USB
STATUS
ACT
LINK
ACT
LINK
USB
1
2
1
POWER
OOS
ACC
STATUS
DATA
CONTROL
X
1
X
2
1
2
3
4
5
9
13
14
15
16
1
2
3
4
5
6
7
8
9
13
1
2
3
4
MANAGEMENT
COM
1
COM
2
6
7
8
10
11
12
10
11
12
14
15
16
X
X
1
2
1/2
3/4
D15/D16
C15/C16
D
D
C
C
10/100/1000 MBPS ETHERNET ACTIVITY
STATUS
PAYLOAD OPERATION
IPM
5000SM
5000SM
5050SAP
SMC
10/100
link/Act
10/100
link/Act
10/100
link/Act
10/100
link/Act
SMC
SERIAL
1
SERIAL
2
2
1
(FortiController-5208 boards) and one or more worker boards (FortiGate-5005FA2
boards running in DIST mode). The I/O boards provide 10 gigabit and 1gigabit
network connections and distribute traffic to the worker boards. The worker
boards provide FortiGate security system functions including firewall, VPN, IPS,
antivirus, antispam, and so on. For details about the FortiGate-5005-DIST security
FortiController-5208 system
DATA
CONTROL
An integral part of a
X
1
X
2
1
2
3
4
5
9
13
14
15
16
1
2
3
4
5
6
7
8
9
13
14
15
16
1
2
3
4
MANAGEMENT
COM
1
COM
2
6
7
8
10
11
12
10
11
12
X
X
1
2
1/2
3/4
D15/D16
C15/C16
D
D
C
C
10/100/1000 MBPS ETHERNET ACTIVITY
FortiGate-5005-DIST Security
System, the FortiController-5208
board provides all Fortigate-5005-DIST 10gigabit and 1 gigabit network
STATUS
PAYLOAD OPERATION
IPM
interfaces. The FortiContro0ller-5208 board also provides the management
interface to the FortiGate-5005-DIST system and controls backplane
communication between all FortiGate-5005-DIST components.
You can create a FortiGate-5005-DIST high-throughput multi-threat network
security system using one or two FortiGate boards and multiple FortiGate-5005
boards in a FortiGate-5050 or FortiGate-5140 chassis. A FortiGate-5020 chassis
cannot be used to create a FortiGate-5005-DIST system. Functionally, one or two
FortiGate boards using the processing power of multiple FortiGate-5005 boards
function much like a single FortiGate unit, but with far greater capacity. For details
about the FortiController-55208 board, see “FortiController-5208 system” on
Warnings and cautions
Only trained and qualified personnel should be allowed to install or
maintain FortiGate-5000 series equipment. Read and comply with all
warnings, cautions and notices in this document.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
11
Download from Www.Somanuals.com. All Manuals Search And Download.
Warnings and cautions
Introduction
CAUTION: Risk of Explosion if Battery is replaced by an Incorrect Type. Dispose
!
!
of Used Batteries According to the Instructions.
Caution: You should be aware of the following cautions and warnings before
installing FortiGate-5000 series hardware
•
•
Turning off all power switches may not turn off all power to the FortiGate-5000
series equipment. Some circuitry in the FortiGate-5000 series equipment may
continue to operate even though all power switches are off.
Many FortiGate-5000 components are hot swappable and can be installed or
removed while the power is on. But some of the procedures in this document
may require power to be turned off and completely disconnected. Follow all
instructions in the procedures in this document that describe disconnecting
FortiGate-5000 series equipment from power sources, telecommunications
links and networks before installing, or removing FortiGate-5000 series
components, or performing other maintenance tasks. Failure to follow the
instructions in this document can result in personal injury or equipment
damage.
•
Install FortiGate-5000 series chassis at the lower positions of a rack to avoid
making the rack top-heavy and unstable.
•
•
Do not insert metal objects or tools into open chassis slots.
Electrostatic discharge (ESD) can damage FortiGate-5000 series equipment.
Only perform the procedures described in this document from an ESD
workstation. If no such station is available, you can provide some ESD
protection by wearing an anti-static wrist strap and attaching it to an available
ESD connector such as the ESD sockets provided on FortiGate-5000 series
chassis.
•
•
Make sure all FortiGate-5000 series components have reliable grounding.
Fortinet recommends direct connections to the building ground.
If you install a FortiGate-5000 series component in a closed or multi-unit rack
assembly, the operating ambient temperature of the rack environment may be
greater than room ambient. Make sure the operating ambient temperature
does not exceed Fortinet’s maximum rated ambient temperature.
•
Installing FortiGate-5000 series equipment in a rack should be such that the
amount of airflow required for safe operation of the equipment is not
compromised.
•
•
FortiGate-5000 series chassis should be installed by a qualified electrician.
FortiGate-5000 series equipment shall be installed and connected to an
electrical supply source in accordance with the applicable codes and
regulations for the location in which it is installed. Particular attention shall be
paid to use of correct wire type and size to comply with the applicable codes
and regulations for the installation / location. Connection of the supply wiring to
the terminal block on the equipment may be accomplished using Listed wire
compression lugs, for example, Pressure Terminal Connector made by Ideal
Industries Inc. or equivalent which is suitable for AWG 10. Particular attention
shall be given to use of the appropriate compression tool specified by the
compression lug manufacturer, if one is specified.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
12
Download from Www.Somanuals.com. All Manuals Search And Download.
Introduction
About Data Center DC power
About Data Center DC power
The FortiGate-5140 and FortiGate-5050 chassis are designed to be installed in a
Data Center or similar location that has available -48VDC power. Fortinet expects
that most FortiGate-5140 or FortiGate-5050 customers will be installing their
FortiGate equipment in a data center or similar location that is already equipped
with a -48VDC power system that provides power to existing networking or
telecom equipment. The FortiGate-5140 and FortiGate-5050 chassis are
designed to be connected directly to this DC power system.
In this document, Data Center DC power refers to a -48VDC power system that is
already available at the location at which the FortiGate-5140 or FortiGate-5050
chassis is being installed.
Fortinet documentation
The most up-to-date publications and previous releases of Fortinet product
documentation are available from the Fortinet Technical Documentation web site
Fortinet Tools and Documentation CD
All Fortinet documentation is available from the Fortinet Tools and Documentation
CD shipped with your Fortinet product. The documents on this CD are current at
shipping time. For up-to-date versions of Fortinet documentation see the Fortinet
Fortinet Knowledge Center
Comments on Fortinet technical documentation
Please send information about any errors or omissions in this document, or any
Fortinet technical documentation, to [email protected].
Customer service and technical support
Fortinet Technical Support provides services designed to make sure that your
Fortinet systems install quickly, configure easily, and operate reliably in your
network.
to learn about the technical support services that Fortinet provides.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
13
Download from Www.Somanuals.com. All Manuals Search And Download.
Register your Fortinet product
Introduction
Register your Fortinet product
Register your Fortinet product to receive Fortinet customer services such as
product updates and technical support. You must also register your product for
FortiGuard services such as FortiGuard Antivirus and Intrusion Prevention
updates and for FortiGuard Web Filtering and AntiSpam.
Registration.
To register, enter your contact information and the serial numbers of the Fortinet
products that you or your organization have purchased. You can register multiple
Fortinet products in a single session without re-entering your contact information.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
14
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5140-R chassis
FortiGate-5140-R chassis
You can install up to 14 FortiGate-5000 series boards in the 14 front panel slots of the
FortiGate-5140 ATCA chassis. The FortiGate-5140 is a 12U chassis that contains two
redundant hot swappable DC power entry modules that connect to -48 VDC Data Center
DC power. The FortiGate-5140 chassis also includes three hot swappable cooling fan
trays and a front accessible air filter. If all 14 front panel slots contain FortiGate-5005A2,
FortiGate-5001SX, or FortiGate-5001FA2 boards the FortiGate-5140 chassis provides a
total of 112 FortiGate gigabit ethernet interfaces. If all 14 slots contain FortiGate-5001A
boards the FortiGate-5140 chassis supports 28 1-Gigabit ethernet FortiGate interfaces. If
you add FortiGate-ADM-XB2 modules to the FortiGate-5001A boards the FortiGate-5140
chassis supports another 28 10-Gigabit interfaces.
You can also install a FortiSwitch-5003A or FortiSwitch-5003 board in the FortiGate-5140
chassis to provide base backplane communications. Base backplane communications can
be used for HA heartbeat communications and for data communications. You can add a
second FortiSwitch-5003A or FortiSwitch-5003 board for redundancy. FortiSwitch-5003A
boards can also provide fabric backplane communication using the FortiGate-5140 fabric
backplane channels.
You can mix and match any combination of FortiGate-5000 series boards in the
FortiGate-5140 chassis. For example, you could install four FortiGate-5005FA2 boards,
four FortiGate-5001SX boards, and four FortiGate-5001FA2 boards. You can also install
FortiController-5208 and FortiGate-5005FA2 boards in a FortiGate-5140 chassis to create
a FortiGate-5005-DIST security system.
Some of the boards installed in a FortiGate-5140 chassis can be operating in a FortiGate
HA cluster and some can be operating as standalone FortiGate units. You can also
operate multiple HA clusters and standalone FortiGate units in a single FortiGate-5140
chassis. You can also use FortiSwitch-5003A or FortiSwitch-5003 boards to operate HA
clusters consisting of FortiGate-5000 series boards installed in multiple FortiGate-5000
chassis. You can also use FortiSwitch-5003A boards for fabric data communication
between chassis.
The FortiGate-5140 chassis requires -48VDC Data Center DC power. If DC power is not
available you can install a FortiGate-5053 power converter tray (purchased separately)
with FortiGate-5140 power supplies.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
15
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5140 chassis front panel
FortiGate-5140-R chassis
FortiGate-5140 chassis front panel
Figure 1 shows the front panel of a FortiGate-5140 chassis. Two FortiSwitch-5003A
boards are installed in slots 1 and 2. Twelve FortiGate-5001A-DW boards installed in slots
3 to 14.
Figure 1: FortiGate-5140 chassis front panel with FortiGate-5001A-DW and FortiSwitch-5003A
boards installed
FortiGate-5001A-DW
boards
FortiGate-5001A-DW
boards
FortiSwitch-5003A
boards
slots 3, 5, 7, 9,
11, and 13
slots 4, 6, 8, 10,
12, and 14
slots 1 and 2
ESD socket
Shelf alarm
5140SAP
SERIAL
1
SERIAL
2
ALARM
5140
panel (SAP)
MAJOR MINOR USER1 USER2 USER3
RESET CRITICAL
13
11
9
7
5
3
1
2
4
6
8
10
12
14
Slot
numbers
ETH0 ETH1
ETH0
Service
Primary
RESET
STATUS
shelf manager
Hot Swap
1 2
ETH0 ETH1
ETH0
Secondary
Service
RESET
shelf manager
STATUS
Hot Swap
Front accessible
air filter
FR
Front cable
tray
Cooling fan
trays 0, 1, 2
FAN TRAY
FAN TRAY
FAN TRAY
0
1
2
The FortiGate-5140 shelf alarm panel (SAP) and primary and secondary FortiGate-5140
Shelf Managers are also visible. The factory installed shelf alarm panel displays alarms,
provides a telco alarm interface, and also provides serial connections to the shelf
managers. The factory installed shelf managers provide power distribution, cooling,
alarms, and shelf status for the FortiGate-5140 chassis.
Caution: Do not operate the FortiGate-5140 chassis with open slots on the front panel. For
optimum cooling performance and safety, the slots must contain a FortiGate-5000 series
board or an air baffle slot filler. As well the removable terminal block cover must be installed
over the power connectors on the back of the chassis.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
16
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5140-R chassis
FortiGate-5140 chassis back panel
Also visible on the front of the FortiGate-5140 chassis:
•
Electrostatic discharge (ESD) socket, used for connecting an ESD wrist or ankle band
when working with the chassis.
•
•
•
Front cable tray, used for managing and securing ethernet and other cables.
Front accessible air filter.
Three hot swappable FortiGate-5140 cooling fan trays.
FortiGate-5140 chassis back panel
Figure 2 on page 17 shows the back panel of the FortiGate-5140 chassis. The back panel
includes two hot-swappable redundant -48V/-60 VDC power entry modules (PEMs)
labelled A and B. Fortinet ships the FortiGate-5140 chassis with PEM A and B installed.
The PEMs provide redundant DC power connections for the FortiGate-5140 chassis and
distribute DC power to the chassis slots and to the fan trays.
Figure 2: FortiGate-5140 chassis back panel
RTM
slot filler
panels
RTM
slot numbers
Back cable
14
12
10
8
6
4
2
1
3
5
7
9
11
13
tray
ESD
socket
-48V/-60 VDC nom
RETURN
-48V/-60 VDC nom
RETURN
4
3
2
1
4
3
2
1
4
3
2
1
4
3
2
1
TERMINAL BLOCK COVER
Chassis
ground
Remove terminal block cover and
decable before removing PEM.
4
3
2
1
4
3
2
1
connector
(green)
B
A
PEM
PEM
-48V/-60 VDC RTN
nom (black) (red)
-48V/-60 VDC RTN
nom (black) (red)
TERMINAL BLOCK COVER
Power
Entry Module B
Power
Remove terminal block cover and
decable before removing PEM.
Entry Module A
(terminal block
cover removed)
If you require redundant power you should connect both PEMs to DC power. If redundant
power is not required, you should connect PEM A to DC power. Each PEM has four
-48V/-60 VDC connectors and 4 RTN connections. All eight of these connectors should be
connected to DC power. Figure 2 on page 17 shows the terminal block cover removed
from PEM A and the wiring required to connect PEM A to DC power. While operating the
FortiGate-5140 both terminal block covers should be installed.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
17
Download from Www.Somanuals.com. All Manuals Search And Download.
Physical description of the FortiGate-5140 chassis
FortiGate-5140-R chassis
The power entry modules are hot swappable, which means you can remove and replace a
defective PEM while the FortiGate-5140 is operating assuming that the FortiGate-5140
system has both PEMs connected to DC power for redundancy.
The back panel also includes the back cable tray, an ESD socket and the chassis ground
connector. The ground connector must be connected to Data Center ground. Use the back
cable tray for securing and managing DC power, RTN, and ground wires.
Physical description of the FortiGate-5140 chassis
The FortiGate-5140 chassis is a 12U chassis that can be installed in a standard 19-inch
rack. Table 2 describes the physical characteristics of the FortiGate-5140 chassis.
Table 2: FortiGate-5140 chassis physical description
Dimensions
21 x 19 x 20.6 in. (53.3 x 48.3 x 52.4 cm)
(Height x Width x Depth)
Shipping weight
110 lb. (50 kg)
completely assembled
with packaging
Operating environment
Temperature: 32 to 104°F (5 to 45°C)
Relative humidity: 5 to 85% (Non-condensing)
Temperature: -13 to 158°F (-25 to 70°C)
Relative humidity: 5 to 85% (Non-condensing)
Maximum: 2,980W DC
Storage environment
Power consumption
Power input
2x redundant -37VDC to -72VDC, 30A per power feed (total 4 + 4
power feeds)
FortiGate-5000 Series Introduction
01-30000-83466-20090108
18
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5140 chassis
FortiGate-5140 chassis front panel
FortiGate-5140 chassis
You can install up to 14 FortiGate-5000 series boards in the 14 front panel slots of the
FortiGate-5140 ATCA chassis. The FortiGate-5140 is a 12U chassis that contains two
redundant hot swappable DC power entry modules that connect to -48 VDC Data Center
DC power. The FortiGate-5140 chassis also includes three hot swappable cooling fan
trays. If all 14 front panel slots contain FortiGate-5005A2, FortiGate-5001SX, or
FortiGate-5001FA2 boards the FortiGate-5140 chassis provides a total of 112 1-Gigabit
ethernet FortiGate interfaces. If all 14 slots contain FortiGate-5001A boards the
FortiGate-5140 chassis supports 28 1-Gigabit ethernet FortiGate interfaces. If you add
FortiGate-ADM-XB2 modules to the FortiGate-5001A boards the FortiGate-5140 chassis
supports another 28 10-Gigabit interfaces.
You can also install a FortiSwitch-5003A or FortiSwitch-5003 board in the FortiGate-5140
chassis to provide base backplane communications. Base backplane communications can
be used for HA heartbeat communications and for data communications. You can add a
second FortiSwitch-5003A or FortiSwitch-5003 board for redundancy. FortiSwitch-5003A
boards can also provide fabric backplane communication using the FortiGate-5140 fabric
backplane channels.
You can mix and match any combination of FortiGate-5000 series boards in the
FortiGate-5140 chassis. For example, you could install four FortiGate-5005FA2 boards,
four FortiGate-5001SX boards, and four FortiGate-5001FA2 boards. You can also install
FortiController-5208 and FortiGate-5005FA2 boards in a FortiGate-5140 chassis to create
a FortiGate-5005-DIST security system.
Some of the boards installed in a FortiGate-5140 chassis can be operating in a FortiGate
HA cluster and some can be operating as standalone FortiGate units. You can also
operate multiple HA clusters and standalone FortiGate units in a single FortiGate-5140
chassis. You can also use FortiSwitch-5003A or FortiSwitch-5003 boards to operate HA
clusters consisting of FortiGate-5000 series boards installed in multiple FortiGate-5000
chassis. You can also use FortiSwitch-5003A boards for fabric data communication
between chassis.
The FortiGate-5140 chassis requires -48VDC Data Center DC power. If DC power is not
available you can install a FortiGate-5053 power converter tray (purchased separately)
with FortiGate-5140 power supplies.
FortiGate-5140 chassis front panel
Figure 3 shows the front panel of a FortiGate-5140 chassis. Two FortiSwitch-5003 boards
are installed in slots 1 and 2. Six FortiGate-5001SX boards are installed in slots 3, 5, 7, 9,
11, and 13 and six FortiGate-5001FA2 boards are installed in slots 4, 6, 8, 10, 12, and 14.
The primary and secondary FortiGate-5140 Shelf Managers are also visible. The factory
installed shelf managers provide power distribution, cooling, alarms, shelf status, and a
telco alarm interface for the FortiGate-5140 chassis.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
19
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5140 chassis back panel
FortiGate-5140 chassis
Figure 3: FortiGate-5140 chassis front panel with FortiGate-5001SX, FortiGate-5001FA2, and
FortiSwitch-5003 boards installed
FortiGate-5001SX
boards
slots 3, 5, 7, 9,
11, and 13
FortiGate-5001FA2
boards
slots 4, 6, 8, 10,
12, and 14
FortiSwitch-5003
boards
slots 1 and 2
5140
ESD socket
Slot
numbers
13
11
9
7
5
3
1
2
4
6
8
10
12
14
Crit.
Maj.
Min.
3
2
1
MANAGEMENT
MANAGEMENT
E
T
E
T
H
O
H
O
Rst
SYSTEM
SYSTEM
CONSOLE
CONSOLE
R
S
2
3
2
R
S
2
3
2
Serial
Serial
1
2
Z
R
E
0
Z
R
E
0
Z
R
E
1
Z
R
E
1
Link
Act
100
Z
R
E
2
Z
R
E
2
FortiGate-5140
Shelf Manager
E2
E1
15
13
11
9
E2
E1
15
13
11
9
14
12
10
8
14
12
10
8
ETH
0
Prim.
ShMC
6
7
6
7
Stat.
4
5
4
5
2
3
2
3
0
1
0
1
ZRE
ZRE
CLK
OK
CLK
OK
Link
Act
EXT
INT
EXT
INT
FLT
FLT
FLT
FLT
100
HOT SWAP
RESET
HOT SWAP
RESET
ETH
0
LED MODE
LED MODE
Sec.
ShMC
Stat.
Front cable
tray
3 hot-swappable
cooling fan trays
(numbered 0, 1, and
2 behind panel)
Also visible on the front of the FortiGate-5140:
•
Electrostatic discharge (ESD) socket, used for connecting an ESD wrist or ankle band
when working with the chassis.
•
•
Front cable tray, used for managing and securing ethernet and other cables.
Three hot swappable FortiGate-5140 cooling fan trays.
Caution: Do not operate the FortiGate-5140 chassis with open slots on the front panel. For
optimum cooling performance and safety, the slots must contain a FortiGate-5000 series
board or an air baffle slot filler. As well the removable terminal block cover must be installed
over the power connectors on the back of the chassis.
FortiGate-5140 chassis back panel
Figure 4 shows the back panel of the FortiGate-5140 chassis. The back panel includes
two hot-swappable redundant -48V/-60 VDC power entry modules (PEMs) labelled PEM A
and PEM B. Fortinet ships the FortiGate-5140 chassis with PEM A and PEM B installed.
The PEMs provide redundant DC power connections for the FortiGate-5140 chassis and
distribute DC power to the fan trays and to the FortiGate-5000 series boards installed in
the FortiGate-5140 chassis.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
20
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5140 chassis
FortiGate-5140 chassis back panel
Figure 4: FortiGate-5140 chassis back panel
RTM
slot filler
panels
Back cable
A
PEM
B
PEM
RTN
tray
RTN
3
-48V/-60 VDC nom
4
4
3
2
2
1
1
4
4
2
1
1
4
3
2
1
4
3
2
1
Chassis
ground
3
3
2
4
3
2
1
4
3
2
1
connector
(green)
-48V/-60 VDC RTN
nom (black) (red)
-48V/-60 VDC RTN
nom (black) (red)
Power
Power
Entry Module A
TERMINAL BLOCK COVER
Entry Module B
(terminal block
cover removed)
Remove terminal block cover and
decable before removing PEM.
If you require redundant power you should connect both PEMs to DC power. If redundant
power is not required, you should connect PEM A to DC power. Each PEM has four
-48V/-60 VDC connectors and 4 RTN connections. All eight of these connectors should be
connected to DC power. Figure 4 on page 21 shows the terminal block cover removed
from PEM A and the wiring required to connect PEM A to DC power. While operating the
FortiGate-5140 both terminal block covers should be installed.
The power entry modules are hot swappable, which means you can remove and replace a
defective PEM while the FortiGate-5140 is operating assuming that the FortiGate-5140
system has both PEMs connected to DC power for redundancy.
The back panel also includes the back cable tray, an ESD socket and the chassis ground
connector. The ground connector must be connected to Data Center ground. Use the back
cable tray for securing and managing DC power, RTN, and ground wires.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
21
Download from Www.Somanuals.com. All Manuals Search And Download.
Physical description of the FortiGate-5140 chassis
FortiGate-5140 chassis
Physical description of the FortiGate-5140 chassis
The FortiGate-5140 chassis is a 12U chassis that can be installed in a standard 19-inch
rack. Table 3 describes the physical characteristics of the FortiGate-5140 chassis.
Table 3: FortiGate-5140 chassis physical description
Dimensions
21 x 19 x 16.8 in. (53.3 x 48.3 x 42.7 cm)
(H x W x D)
Shipping weight
110 lb. (50 kg)
completely assembled
with packaging
Operating environment
Temperature: 32 to 104°F (0 to 40°C)
Relative humidity: 5 to 95% (Non-condensing)
Temperature: -13 to 158 °F (-25 to 70°C)
Relative humidity: 5 to 95% (Non-condensing)
Maximum: 2,980W DC
Storage environment
Power consumption
Power input
2x redundant -48VDC to -58VDC
FortiGate-5000 Series Introduction
22
01-30000-83466-20090108
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5050-R chassis
FortiGate-5050-R chassis
You can install up to five FortiGate-5000 series boards in the five slots of the
FortiGate-5050 ATCA chassis. The FortiGate-5050 is a 5U 19-inch rackmount ATCA
chassis that contains two redundant DC power connections that connect to -48 VDC Data
Center DC power. The FortiGate-5050 chassis also includes a hot swappable cooling fan
tray. If all five slots contain FortiGate-5005FA2, FortiGate-5001SX, or FortiGate-5001FA2
boards, the FortiGate-5050 chassis provides a total of 40 FortiGate gigabit ethernet
interfaces. If all 5 slots contain FortiGate-5001A boards the FortiGate-5050 chassis
supports ten 1-Gigabit ethernet FortiGate interfaces. If you add FortiGate-ADM-XB2
modules to the FortiGate-5001A boards the FortiGate-5050 chassis supports another ten
10-Gigabit interfaces.
You can also install a FortiSwitch-5003A or FortiSwitch-5003 board in the FortiGate-5050
chassis to provide base backplane communications. Base backplane communications can
be used for HA heartbeat communications and for data communications. You can add a
second FortiSwitch-5003A or FortiSwitch-5003 board for redundancy. FortiSwitch-5003A
boards can also provide fabric backplane communication using the FortiGate-5050 fabric
backplane channels.
You can mix and match any combination of FortiGate-5000 series boards in the
FortiGate-5050 chassis. For example, you could install two FortiGate-5005FA2 boards,
two FortiGate-5001SX boards, and one FortiGate-5001FA2 board. You can also install
FortiController-5208 and FortiGate-5005FA2 boards in a FortiGate-5050 chassis to create
a FortiGate-5005-DIST security system.
Some of the boards installed in a FortiGate-5050 chassis can be operating in a FortiGate
HA cluster and some can be operating as standalone FortiGate units. You can also
operate multiple HA clusters and standalone FortiGate units in a single FortiGate-5050
chassis. You can also use FortiSwitch-5003A or FortiSwitch-5003 boards to operate HA
clusters consisting of FortiGate-5000 series boards installed in multiple FortiGate-5000
chassis. You can also use FortiSwitch-5003A boards for fabric data communication
between chassis.
The FortiGate-5050 chassis requires -48VDC Data Center DC power. If DC power is not
available you can install a FortiGate-5053 power converter tray (purchased separately)
with FortiGate-5020/5050 power supplies.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
23
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5050 front panel
FortiGate-5050-R chassis
FortiGate-5050 front panel
Figure 5 shows the front of a FortiGate-5050 chassis. Two FortiSwitch-5003 boards are
installed in slots 1 and 2. Three FortiGate-5001SX boards are installed in slots 3, 4, and 5.
The FortiGate-5050 primary and secondary Shelf Managers and the Shelf Alarm Panel
(SAP) are also visible. The factory installed shelf alarm panel displays alarms, provides a
telco alarm interface, and also provides serial connections to the shelf managers. The
factory installed shelf managers provide power distribution, cooling, alarms, and shelf
status for the FortiGate-5050 chassis.
Figure 5: FortiGate-5050 front panel with FortiGate-5001SX and FortiSwitch-5003 boards
installed
USB
USB
USB
1
1
1
2
2
2
3
3
3
4
4
4
5
5
5
6
6
6
7
7
7
8
8
8
CONSOLE
CONSOLE
CONSOLE
5
4
STA IPM
STA IPM
STA IPM
PWR ACC
FortiGate-5001SX
boards
PWR
ACC
slots 3, 4,
and 5
Hot-swappable
cooling fan tray
PWR ACC
3
2
1
POWER
FortiSwitch-5003
boards
slots 1 and 2
Power LED
5000SM
10/100
5000SM
5050SAP
10/100
SMC
SMC
link/Act
10/100
link/Act
10/100
SERIAL
1
SERIAL
2
link/Act
link/Act
2
1
ESD socket
Secondary
Shelf Alarm
Primary
Shelf Manager Panel (SAP) Shelf Manager
(SMC 2) (SMC 1)
Also visible on the front of the FortiGate-5050:
•
•
•
The location of the hot swappable FortiGate-5050 cooling fan tray behind panel.
Power LED.
ESD socket, used for connecting an ESD wrist or ankle band when working with the
chassis.
Caution: Do not operate the FortiGate-5050 chassis with open slots on the front panel. For
optimum cooling performance and safety, the slots must contain a FortiGate-5000 series
board or an air baffle slot filler. As well the removable power supply panel must be installed
over the power connectors on the back of the chassis.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
24
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5050-R chassis
FortiGate-5050 back panel
FortiGate-5050 back panel
Figure 6 shows the back of a FortiGate-5050 chassis. The FortiGate-5050 chassis back
panel includes two redundant -48V to - 58V DC power input connectors labelled Input A
and Input B. The power input connectors provide redundant DC power connections for the
FortiGate-5050 chassis and distribute DC power to the fan tray and the FortiGate-5000
series boards installed in the FortiGate-5050 chassis. Each power input connector
includes a 24 Amp circuit breaker that also functions as an on/off switch for the power
input connector.
If you require redundant power you should connect both power input connectors to DC
power. If redundant power is not required, you should connect power input connector A to
DC power. When operating, the power input connectors are covered with clear protection
plates.
Figure 6: FortiGate-5050 chassis back panel
5
4
RTM
slot filler
3
panels
2
1
INPUT A
INPUT B
-48V
RTN (-DC IN)
-48V
RTN (-DC IN)
Ground
Connector
(green)
24
24
AMP
AMP
-48V
(-DC in)
(black)
-48V
(-DC in)
(black)
Positive
(RTN)
(red)
Positive
(RTN)
(red)
Power
wire
fixture
ESD socket
DC Power
Input A
DC Power
Input B
The back panel includes the FortiGate-5050 chassis ground connector which must be
connected to Data Center ground. Use the power wire fixtures for securing and managing
DC power wires. The FortiGate-5050 chassis also includes an ESD socket on the back
panel.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
25
Download from Www.Somanuals.com. All Manuals Search And Download.
Physical description of the FortiGate-5050 chassis
FortiGate-5050-R chassis
Physical description of the FortiGate-5050 chassis
The FortiGate-5050 chassis is a 5U chassis that can be installed in a standard 19-inch
rack. Table 4 describes the physical characteristics of the FortiGate-5050 chassis.
Table 4: FortiGate-5050 chassis physical description
Dimensions
8.75 x 17 x 15.5 in. (13.3 x 43.2 x 39.4 cm)
(H x W x D)
Shipping weight
26.75 lb. (12.1 kg)
completely assembled
with packaging
Operating environment Temperature: 32 to 104°F (0 to 45°C)
Relative humidity: 5 to 85% (Non-condensing)
Storage environment
Temperature: -13 to 158 °F (-25 to 70°C)
Relative humidity: 5 to 95% (Non-condensing)
Maximum: 1,135 W
Power consumption
Power input
2x redundant -48VDC to -58VDC
FortiGate-5000 Series Introduction
26
01-30000-83466-20090108
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5050 chassis
FortiGate-5050 chassis
You can install up to five FortiGate-5000 series boards in the five slots of the
FortiGate-5050 ATCA chassis. The FortiGate-5050 is a 5U 19-inch rackmount ATCA
chassis that contains two redundant DC power connections that connect to -48 VDC Data
Center DC power. The FortiGate-5050 chassis also includes a hot swappable cooling fan
tray. If all five slots contain FortiGate-5005FA2, FortiGate-5001SX, or FortiGate-5001FA2
boards, the FortiGate-5050 chassis provides a total of 40 1-Gigabit ethernet FortiGate
interfaces. If all 5 slots contain FortiGate-5001A boards the FortiGate-5050 chassis
supports 10 1-Gigabit ethernet FortiGate interfaces. If you add FortiGate-ADM-XB2
modules to the FortiGate-5001A boards the FortiGate-5050 chassis supports up to ten
10-Gigabit interfaces
You can also install FortiSwitch-5003A or FortiSwitch-5003 boards in the FortiGate-5050
chassis slots 1 and 2 to provide base backplane communications. Base backplane
communications can be used for HA heartbeat communications and data communications
using FortiGate-5050 base backplane channels. You can add a second FortiSwitch-5003A
or FortiSwitch-5003 board for redundancy. FortiSwitch-5003A boards can also provide
fabric backplane communication using the FortiGate-5050 fabric backplane channels.
You can mix and match any combination of FortiGate-5000 series boards in the
FortiGate-5050 chassis. For example, you could install two FortiGate-5005FA2 boards,
two FortiGate-5001SX boards, and one FortiGate-5001FA2 board. You can also install
FortiController-5208 and FortiGate-5005FA2 boards in a FortiGate-5050 chassis to create
a FortiGate-5005-DIST security system.
Some of the boards installed in a FortiGate-5050 chassis can be operating in a FortiGate
HA cluster and some can be operating as standalone FortiGate units. You can also
operate multiple HA clusters and standalone FortiGate units in a single FortiGate-5050
chassis. You can also use FortiSwitch-5003A or FortiSwitch-5003 boards to operate HA
clusters consisting of FortiGate-5000 series boards installed in multiple FortiGate-5000
chassis. You can also use FortiSwitch-5003A boards for fabric data communication
between chassis.
The FortiGate-5050 chassis requires -48VDC Data Center DC power. If DC power is not
available you can install a FortiGate-5053 power converter tray (purchased separately)
with FortiGate-5020/5050 power supplies.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
27
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5050 front panel
FortiGate-5050 chassis
FortiGate-5050 front panel
Figure 7 shows the front of a FortiGate-5050 chassis. Two FortiSwitch-5003 boards are
installed in slots 1 and 2. Three FortiGate-5001SX boards are installed in slots 3, 4, and 5.
The FortiGate-5050 primary Shelf Manager is also visible. The factory-installed shelf
managers provide power distribution, cooling, alarms, shelf status, and a telco alarm
interface for the FortiGate-5050 chassis.
Figure 7: FortiGate-5050 front panel with FortiGate-5001SX and FortiSwitch-5003 boards
installed
USB
USB
USB
1
1
1
2
2
2
3
3
3
4
4
4
5
5
5
6
6
6
7
7
7
8
8
8
CONSOLE
CONSOLE
CONSOLE
STA IPM
STA IPM
STA IPM
PWR ACC
PWR ACC
PWR ACC
5
4
FortiGate-5001SX
boards
slots 3, 4,
and 5
3
2
1
Hot-swappable
cooling fan tray
POWER
FortiSwitch-5003
boards
slots 1 and 2
Power LED
ShMC
ShMC
Critical
Major
Hot Swap
Status
Minor
Alarm
Reset
Alarm
Console
Ethernet
2
1
FortiGate-5050
Shelf Manager
ESD socket
Also visible on the front of the FortiGate-5050:
•
Electrostatic discharge (ESD) socket, used for connecting an ESD wrist or ankle band
when working with the chassis.
•
•
The location of the hot swappable FortiGate-5050 cooling fan tray behind panel.
Power LED.
Caution: Do not operate the FortiGate-5050 chassis with open slots on the front panel. For
optimum cooling performance and safety, the slots must contain a FortiGate-5000 series
board or an air baffle slot filler. As well the removable power supply panel must be installed
over the power connectors on the back of the chassis.
FortiGate-5050 back panel
Figure 8 shows the back panel of a FortiGate-5050 chassis. The back panel includes two
redundant -48V to - 58V DC power input connectors labelled Input A and Input B. The
power input connectors provide redundant DC power connections for the FortiGate-5050
chassis and distribute DC power to the fan tray and the FortiGate-5000 series boards
installed in the FortiGate-5050 chassis. Each power input connector includes a 24 Amp
circuit breaker that also functions as an on/off switch for the power input connector.
If you require redundant power you should connect both power input connectors to DC
power. If redundant power is not required, you should connect power input connector A to
DC power. When operating, the power input connectors are covered with clear protection
plates.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
28
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5050 chassis
Physical description of the FortiGate-5050 chassis
Figure 8: FortiGate-5050 chassis back panel
5
4
RTM
slot filler
3
panels
2
RTN
RTN
1
INPUT A
INPUT B
DC VOLTAGE RANGE
-48V TO -58V
DC VOLTAGE RANGE
-48V TO -58V
Ground
Connector
(green)
-48V
-48V
RTN (-DC IN)
RTN (-DC IN)
25
25
AMP
AMP
-48V to -58V
(-DC in)
-48V to -58V
Positive
(RTN)
(red)
Positive
(RTN)
(red)
(-DC in)
(black)
(black)
Power
wire
The back panel includes the FortiGate-5050 chassis ground connector which must be
connected to Data Center ground. Use the power wire fixtures for securing and managing
DC power wires. The FortiGate-5050 chassis also includes an ESD socket on the back
panel.
The back panel also contains 5 RTM slots numbered to correspond to the front panel
slots. The RTM slots are available for FortiGate-5000 RTM modules such as the
FortiGate-RTM-XB2 module. When the FortiGate-5050 chassis is shipped, these slots are
covered by RTM slot filler panels.
Physical description of the FortiGate-5050 chassis
The FortiGate-5050 chassis is a 5U chassis that can be installed in a standard 19-inch
rack. Table 5 describes the physical characteristics of the FortiGate-5050 chassis.
Table 5: FortiGate-5050 chassis physical description
Dimensions
8.75 x 17 x 15.5 in. (13.3 x 43.2 x 39.4 cm)
(H x W x D)
Weight
26.75 lb. (12.1 kg)
Operating environment Temperature: 32 to 104°F (0 to 45°C)
Relative humidity: 5 to 85% (Non-condensing)
Storage environment
Temperature: -13 to 158 °F (-25 to 70°C)
Relative humidity: 5 to 95% (Non-condensing)
Maximum: 1,135 W
Power consumption
Power input
2x redundant -48VDC to -58VDC
FortiGate-5000 Series Introduction
01-30000-83466-20090108
29
Download from Www.Somanuals.com. All Manuals Search And Download.
Physical description of the FortiGate-5050 chassis
FortiGate-5050 chassis
FortiGate-5000 Series Introduction
01-30000-83466-20090108
30
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5020 chassis
FortiGate-5020 front panel
FortiGate-5020 chassis
You can install one or two FortiGate-5000 series boards in the two slots of the
FortiGate-5020 ATCA chassis. The FortiGate-5020 is a 4U chassis that contains
two redundant AC to DC power supplies that connect to AC power. The
FortiGate-5020 chassis also includes an internal cooling fan tray. If both slots
contain FortiGate-5000 boards, the FortiGate-5020 chassis provides up to 16
FortiGate gigabit ethernet interfaces.
If you install the same FortiGate-5000 series board in both slots, you can
configure the boards to operate as an HA cluster. HA heartbeat communications
between the boards uses the FortiGate-5020 base backplane communication
channel. No extra switching or other connections are required.
You can also use the base backplane channels for data communication between
the FortiGate-5000 series boards installed in the FortiGate-5020 chassis. You can
configure base backplane communication between two identical FortiGate-5000
series boards (for example between two FortiGate-5001SX boards) or between
different FortiGate-5000 series boards (for example, between a FortiGate-5001SX
and a FortiGate-5005FA2 board) as long as both boards use the same base
backplane channel.
The FortiGate-5020 chassis can only be connected to AC power. Two redundant
FortiGate-5020/5050 power supplies are factory installed in the FortiGate-5020
chassis.
FortiGate-5020 front panel
Figure 9 shows the front of a FortiGate-5020 chassis. A FortiGate-5001SX board
and a FortiGate-5005FA2 board are installed. The FortiGate-5020/5050 power
supplies are factory installed behind the panel at the top of the chassis. The power
LEDs for the power supplies are visible on the front panel as well.
Figure 9: FortiGate-5020 front panel with two FortiGate series boards
Hot-swappable FortiGate-5020/5050
power supplies (behind panel)
Power LEDs
PSU B
PSU A
PSU A
PSU B
USB
1
2
3
4
5
6
7
8
CONSOLE
PWR ACC
STA IPM
ACT
LINK
ACT
LINK
USB
USB
ACC
7
8
1
2
3
4
5
6
CONSOLE
OOS
STATUS
IPM
FortiGate-5001SX
board
FortiGate-5005FA2
board
Hot swappable cooling fan tray
(accessable from back panel)
FortiGate-5000 Series Introduction
01-30000-83466-20090108
31
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5020 back panel
FortiGate-5020 chassis
FortiGate-5020 back panel
Figure 10 shows the back of a FortiGate-5020 chassis. The chassis back panel
includes two redundant AC power connectors and provides access to the hot
swappable cooling fan tray. Each AC power connector includes a 25 Amp circuit
breaker that also functions as the on/off switch for the AC power connector. You
can use the power wire fixtures to secure AC power wires to prevent the power
wires from being accidently disconnected.
Figure 10: FortiGate-5020 chassis back panel
Circuit
breaker
Circuit
breaker
AC power
connector
AC power
connector
Hot swappable Power
cooling fan tray wire
fixture
Power
wire
fixture
Physical description of the FortiGate-5020 chassis
The FortiGate-5020 chassis is a 4U chassis that can be installed in a standard
19-inch rack. Table 6 describes the physical characteristics of the FortiGate-5020
chassis.
Table 6: FortiGate-5020 physical description
Dimensions
5.25 x 17 x 15.5 in. (13.3 x 43.2 x 39.4 cm)
(H x W x D)
Weight
35.5 lb. (16.1 kg)
Operating environment Temperature: -13 to 158 °F (-25 to 70°C)
Relative humidity: 5 to 95% (Non-condensing)
Storage environment
Temperature: -20 to 80°C
Relative humidity: 5 to 95% (Non-condensing)
Maximum: 800 watts
Power dissipation
Power input
2x redundant 110 to 250 VAC
FortiGate-5000 Series Introduction
01-30000-83466-20090108
32
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5001A security system
FortiGate-5001A security system
The FortiGate-5001A security system is a high-performance Advanced
Telecommunications Computing Architecture (ACTA) compliant FortiGate security
system that can be installed in any ACTA chassis including the FortiGate-5140,
FortiGate-5050, or FortiGate-5020 chassis.
Two FortiGate-5001A models are available:
•
The FortiGate-5001A-DW (double-width) board includes a double-width
Advanced Mezzanine Card (AMC) opening. You can install a supported
FortiGate AMC Double width Module (ADM) such as the FortiGate-ADM-XB2
or the FortiGate-ADM-FB8 in the AMC opening. The FortiGate-ADM-XB2 adds
two accelerated 10-gigabit interfaces to the FortiGate-5001A board and the
FortiGate-ADM-FB8 adds 8 accelerated 1-gigabit interfaces.
•
The FortiGate-5001A-SW (single-width) includes a single-width AMC opening.
You can install a supported FortiGate AMC Single width Module (ASM) such
as the FortiGate-ASM-FB4 or the FortiGate-ASM-S08 in the AMC opening.
The FortiGate-ASM-FB4 adds four accelerated 1-gigabit interfaces to the
FortiGate-5001A board and the FortiGate-ADM-S08 adds a removable hard
disk that you can use to store log files and content archives.
Other than the double-width and single-width AMC openings, the
FortiGate-5001A-DW and SW models have the same functionality and
performance.
The FortiGate-5001A security system contains two front panel 1-gigabit ethernet
interfaces, two base backplane 1-gigabit interfaces, and two fabric backplane
1-gigabit interfaces. Use the front panel interfaces for connections to your
networks and the backplane interfaces for communication across the ACTA
chassis backplane.
If you install a FortiGate-RTM-XB2 module for each FortiGate-5001A board, the
FortiGate-5001A fabric interfaces can operate at 10 Gbps. The
FortiGate-RTM-XB2 also provides NP2-accelerated network processing for
eligible traffic passing through the FortiGate-RTM-XB2 interfaces.
You can also configure two or more FortiGate-5001A boards to create a high
availability (HA) cluster using the base or fabric backplane interfaces for HA
heartbeat communication through the chassis backplane, leaving front panel
interfaces available for network connections.
Note: In most cases the base backplane interfaces are used for HA heartbeat
communication and the fabric backplane interfaces are used for data communication.
The FortiGate-5001A board also supports high-end FortiGate features including
802.1Q VLANs, multiple virtual domains, 802.3ad aggregate interfaces, and
FortiOS Carrier.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
33
Download from Www.Somanuals.com. All Manuals Search And Download.
Front panel LEDs and connectors
FortiGate-5001A security system
Figure 11: FortiGate-5001A-DW front panel
RJ-45
Console
Fabric and Base
network activity
LEDs
Double-width AMC
opening
USB
Retention
Screw
Retention
Screw
IPM
ACC
Extraction
port1 and port2
Extraction
LED
OOS
Lever
10/100/1000
Lever
(board
Power
Status
LEDs
Copper Interfaces
position)
Figure 12: FortiGate-5001A-SW front panel
RJ-45
Console
Fabric and Base
network activity
LEDs
Single-width AMC
opening
USB
5001A-SW
Retention
Screw
Retention
Screw
IPM
ACC
Extraction
port1 and port2
Extraction
LED
OOS
Lever
10/100/1000
Lever
(board
Power
Status
LEDs
Copper Interfaces
position)
The FortiGate-5001A board includes the following features:
•
•
Two front panel 10/100/1000Base-T copper 1-gigabit ethernet interfaces.
Two base backplane 1-gigabit interfaces (base CH0 and Base CH1 on the
front panel and base1 and base2 in the firmware) for HA heartbeat and data
communications across the FortiGate-5000 chassis backplane.
•
Two fabric backplane interfaces (Fabric CH0 and Fabric CH1 on the front
panel and fabric1 and fabric2 in the firmware) for HA heartbeat and data
communications across the FortiGate-5000 chassis backplane. The fabric
backplane interfaces operate at 1 Gbps. If you install a FortiGate-RTM-XB2
module the fabric backplane interfaces operate at 10 Gbps.
•
•
•
•
•
•
One double-width AMC opening (FortiGate-5001A-DW board).
One single-width AMC opening (FortiGate-5001A-SW board).
RJ-45 RS-232 serial console connection.
2 USB connectors.
Mounting hardware.
LED status indicators.
Front panel LEDs and connectors
From the FortiGate-5001A font panel you can view the status of the front panel
LEDs to verify that the board is functioning normally. You also connect the
FortiGate-5001A board to your network through the front panel 10/100/1000
ethernet connectors. The front panel also includes the RJ-45 console port for
connecting to the FortiOS CLI and two USB ports. The USB ports can be used
with any USB key for backing up and restoring configuration files. For information
about using the using a USB key with a FortiGate unit, see the FortiGate-5000
FortiGate-5000 Series Introduction
01-30000-83466-20090108
34
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5001A security system
Front panel LEDs and connectors
LEDs
Table 7 lists and describes the FortiGate-5001A LEDs.
Table 7: FortiGate-5001A LEDs
LED
State
Description
1, 2
(Left LED)
Green
The correct cable is connected to the interface and the
connected equipment has power.
Flashing Network activity at the interface.
Green
Off
No link is established.
1, 2
(Right LED)
Green
Amber
Off
Connection at 1 Gbps.
Connection at 100 Mbps.
Connection at 10 Mbps.
Base CH0
Base CH1
Fabric CH0
Green
Base backplane interface 0 (base1) is connected at 1 Gbps.
Flashing Network activity at base backplane interface 0.
Green
Green
Base backplane interface 1 (base2) is connected at 1 Gbps.
Flashing Network activity at base backplane interface 1.
Green
Off
Fabric backplane interface 0 (fabric1) is connected at 10
Gbps.
Flashing Network activity at fabric backplane interface 0.
Green
Fabric CH1
ACC
Off
Fabric backplane interface 1 (fabric2) is connected at 10
Gbps.
Flashing Network activity at fabric backplane interface 1.
Green
Off or
The ACC LED flashes green when the FortiGate-5001A
Flashing board accesses the FortiOS flash disk. The FortiOS flash
green
disk stores the current FortiOS firmware build and
configuration files. The system accesses the flash disk when
starting up, during a firmware upgrade, or when an
administrator is using the CLI or GUI to change the FortiOS
configuration. Under normal operating conditions this LED
flashes occasionally, but is mostly off.
Off
Normal operation.
OOS
(Out of
Service)
Green
A fault condition exists and the FortiGate-5001A blade is out
of service (OOS). This LED may also flash very briefly during
normal startup.
Green
Off
The FortiGate-5001A board is powered on.
Power
Status
The FortiGate-5001A board is powered on.
Flashing The FortiGate-5001A is starting up. If this LED is flashing at
Green
Blue
any time other than system startup, a fault condition may
exist.
The FortiGate-5001A is ready to be hot-swapped (removed
from the chassis). If the IPM light is blue and no other LEDs
are lit the FortiGate-5001A board has lost power
IPM
Flashing The FortiGate-5001A is changing from hot swap to running
Blue
mode or from running mode to hot swap. This happens when
the FortiGate-5001A board is starting up or shutting down.
Off
Normal operation. The FortiGate-5001A board is in contact
with the chassis backplane.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
35
Download from Www.Somanuals.com. All Manuals Search And Download.
Base backplane communication
FortiGate-5001A security system
Connectors
Table 8 lists and describes the FortiGate-5001A connectors.
Table 8: FortiGate-5001A connectors
Connector Type
1, 2 RJ-45
Speed
Protocol Description
10/100/1000
Base-T
Ethernet Copper 1-gigabit connection to
10/100/1000Base-T copper networks.
CONSOLE RJ-45
USB USB
9600 bps
8/N/1
RS-232
serial
Serial connection to the command line
interface.
FortiUSB key firmware updates and
configuration backup.
Base backplane communication
The FortiGate-5001A base backplane 1-gigabit interfaces can be used for HA
heartbeat communication between FortiGate-5001A boards installed in the same
or in different FortiGate-5000 chassis. You can also configure FortiGate-5001A
boards to use the base backplane interfaces for data communication between
FortiGate boards. To support base backplane communications your
FortiGate-5140 or FortiGate-5050 chassis must include one or more
FortiSwitch-5003 boards, FortiSwitch-5003A boards, or other 1-gigabit base
backplane switching boards installed in the chassis in base slots 1 and 2. The
FortiGate-5020 chassis supports base backplane communication with no
additions or changes to the chassis.
For information about base backplane communication in FortiGate-5140 and
FortiGate-5050 chassis, see the FortiGate-5000 Backplane Communication
Guide. For information about the FortiSwitch-5003 board, see the
FortiSwitch-5003 System Guide. For information about the FortiSwitch-5003A
Fabric backplane communication
The FortiGate-5001A fabric backplane interfaces can be used for data
communication or HA heartbeat communication between FortiGate-5001A boards
installed in the same or in different FortiGate-5000 chassis. To support 1-gigabit
fabric backplane communications your FortiGate-5140 or FortiGate-5050 chassis
must include one or more FortiSwitch-5003A boards or other 1-gigabit fabric
backplane switching boards installed in the chassis in fabric slots 1 and 2. The
FortiGate-5020 chassis does not support fabric backplane communications.
For information about fabric backplane communication in FortiGate-5140 and
FortiGate-5050 chassis, see the FortiGate-5000 Backplane Communication
Guide. For information about the FortiSwitch-5003A board, see the
FortiGate-5000 Series Introduction
01-30000-83466-20090108
36
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5001A security system
AMC modules
FortiGate-RTM-XB2
The FortiGate-RTM-XB2 module provides two 10-gigabit fabric backplane
interfaces and NP2 processor acceleration for FortiGate-5001A fabric interfaces.
For 10-gigabit fabric backplane communications, each FortiGate-5001A board
requires one FortiGate-RTM-XB2 module. The FortiGate-RTM-XB2 module is an
ATCA rear transition module (RTM) that installs into an RTM slot at the back of a
FortiGate-5140 and FortiGate-5050 chassis.
To support 10-gigabit fabric backplane communications your FortiGate-5140 or
FortiGate-5050 chassis must also include one or more FortiSwitch-5003A boards
or other 10-gigabit fabric backplane switching boards installed in the chassis in
fabric slots 1 and 2.
Note: On some versions of the FortiGate-5001A firmware, when a FortiGate-5001A board
starts up with a FortiGate-RTM-XB2 module installed, the fabric1 and fabric2 interfaces are
replaced with interfaces that are named RTM/1 and RTM/2 to indicate the presence of the
FortiGate-RTM-XB2 module. Configuration settings that include the fabric1 and fabric2
interface names will have to be changed to use the RTM/1 and RTM/2 interface names.
Figure 13: FortiGate-RTM-XB2 front panel
Power Retention
LED Screw
Handle
Retention
Screw
Handle
The FortiGate-RTM-XB2 NP2 processors provide hardware accelerated network
processing for eligible traffic passing through the FortiGate-RTM-XB2 interfaces.
For information about Fortinet NP2 processor acceleration, see the Fortinet
FortiGate-RTM-XB2 module.
AMC modules
You can install one FortiGate AMC Double width Module (ADM) in the
FortiGate-5001A-DW front panel AMC double-width opening. For example:
•
The FortiGate-ADM-XB2, provides 2 NP2 accelerated XFP 10-gigabit
interfaces.
•
The FortiGate-ADM-FB8, provides 8 NP2 accelerated SFP 1-gigabit
interfaces.
Figure 14: FortiGate-ADM-XB2
HS
OOS
LINK
PWR
LINK
ACT
OT
ACT
1
2
ADM-XB2
You can install one FortiGate AMC Single width Module (ASM) in the
FortiGate-5001A-SW front panel AMC single-width opening. For example:
FortiGate-5000 Series Introduction
01-30000-83466-20090108
37
Download from Www.Somanuals.com. All Manuals Search And Download.
AMC modules
FortiGate-5001A security system
•
•
The FortiGate-ASM-FB4, provides 4 NP2 accelerated SFP 1-gigabit
interfaces.
The FortiGate-ASM-S08, provides adds a removable hard disk that you can
use to store log files and content archives.
Figure 15: FortiGate-ASM-FB4
HS
OOS
PWR
OT
1
2
3
4
LINK
ACT
LINK
ACT
LINK
ACT
LINK
ACT
ASM-FB4
Note: You can operate a FortiGate-5001A board with both a FortiGate-RTM-XB2 module
and a supported FortiGate AMC module installed at the same time.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
38
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-RTM-XB2 system
FortiGate-RTM-XB2 system
The FortiGate-RTM-XB2 system provides two 10-gigabit fabric backplane
interfaces and NP2 processor acceleration for FortiGate-5001A boards installed
in FortiGate-5140 and FortiGate-5050 chassis.
The FortiGate-RTM-XB2 is an ATCA rear transition module (RTM) that installs
into an RTM slot at the back of a FortiGate-5140 and FortiGate-5050 chassis. You
must install one FortiGate-RTM-XB2 module for each FortiGate-5001A board.
Each chassis front panel slot has a corresponding RTM slot. The
FortiGate-RTM-XB2 module must be installed in the RTM slot that corresponds to
the front panel slot in which you will install a FortiGate-5001A board. For example,
if the FortiGate-5001A board will be installed in front panel slot 3, install the
FortiGate-RTM-XB2 module for this board in RTM slot 3.
Caution: To avoid damaging components, you should install the FortiGate-RTM-XB2
module first before you install the corresponding FortiGate-5001A board. If you have
already installed the FortiGate-5001A board, you should remove it before installing the
FortiGate-RTM-XB2 module. Except for this limitation, FortiGate-RTM-XB2 modules are
hot swappable.
!
The FortiGate-RTM-XB2 NP2 processors provide hardware accelerated network
processing for eligible traffic passing through the FortiGate-RTM-XB2 interfaces.
Each FortiGate-RTM-XB2 interface is connected to an NP2 processor and the
NP2 processors are connected by an Enhanced Extension Interface (EEI). The
FortiGate-RTM-XB2 can accelerate eligible traffic that enters and exits the same
FortiGate-RTM-XB2 interface or that enters one FortiGate-RTM-XB2 interface
and exits the other. For more information about Fortinet NP2 processor
Figure 16: FortiGate-RTM-XB2 front panel
Power Retention
LED Screw
Handle
Retention
Screw
Handle
The FortiGate-RTM-XB2 module includes the following features:
•
Two fabric backplane 10-gigabit interfaces for 10-gigabit data communications
across a FortiGate-5000 chassis backplane.
•
Two NP2 processors connected by an Enhanced Extension Interface (EEI)
that provide hardware accelerated network processing.
•
•
Mounting hardware.
Power LED.
Note: On some versions of the FortiGate-5001A firmware, when a FortiGate-5001A board
starts up with a FortiGate-RTM-XB2 module installed, the fabric1 and fabric2 interfaces are
replaced with interfaces that are named RTM/1 and RTM/2 to indicate the presence of the
FortiGate-RTM-XB2 module. Configuration settings that include the fabric1 and fabric2
interface names will have to be changed to use the RTM/1 and RTM/2 interface names.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
39
Download from Www.Somanuals.com. All Manuals Search And Download.
Front panel LED
FortiGate-RTM-XB2 system
Front panel LED
From the FortiGate-RTM-XB2 font panel includes a power LED.
Table 9: FortiGate-RTM-XB2 power LED
LED
State
Description
Power
Green
The FortiGate-RTM-XB2 module is powered on and properly
connected to a FortiGate-5001A board.
Fabric backplane 10-gigabit communication
The FortiGate-RTM-XB2 module is used for fabric backplane 10-gigabit data
communication. To support fabric backplane communications your FortiGate-5140
or FortiGate-5050 chassis must include one or more 10-gigabit switch modules
(such as the FortiSwitch-5003A) installed in chassis slots 1 and 2. The
FortiGate-5020 chassis does not support fabric backplane communications.
Figure 17: Example FortiGate-RTM-XB2 configuration
FortiGate-RTM-XB2
module installed in RTM
slot 3 provides two
Internal Network
10-gigabit fabric channels
and NP2 acceleration for
the FortiGate-5001A board
Internal 10-gigabit
Network Connected
to Fabric Channel 2
FortiGate-5001A Board
Installed in FortiGate-5050
front panel slot 3
5
4
3
Fabric Channel 2
10-gigabit Data
Communication
Fabric Channel 1
10 Gigabit Data
Communication
2
1
POWER
5000SM
10/100
5000SM
10/100
5050SAP
SMC
SMC
link/Act
10/100
link/Act
10/100
SERIAL
1
SERIAL
2
link/Act
link/Act
2
1
External 10-gigabit
Network Connected
to Fabric Channel 1
External
Network
FortiGate-5000 Series Introduction
01-30000-83466-20090108
40
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5005FA2 security system
FortiGate-5005FA2 security system
The FortiGate-5005FA2 security system is a high-performance FortiGate security
system with a total of 8 front panel gigabit ethernet interfaces, two base backplane
interfaces, and two fabric backplane interfaces. Use the front panel interfaces for
connections to your networks and the backplane interfaces for communication
between FortiGate-5000 series boards over the FortiGate-5000 chassis
backplane.
You can also configure two or more FortiGate-5005FA2 boards to create a high
availability (HA) cluster using the base backplane interfaces for HA heartbeat
communication through the chassis backplane, leaving all eight front panel gigabit
interfaces available for network connections.
FortiGate-5005FA2 front panel interfaces 7 and 8 also include accelerated packet
forwarding and policy enforcement for faster small packet performance. Using
backplane base and fabric interfaces, the FortiGate-5005FA2 also functions as
the worker board in a FortiGate-5005-DIST security system.
The FortiGate-5005FA2 board also supports high-end FortiGate features
including 802.1Q VLANs, multiple virtual domains, 802.3ad aggregate interfaces,
and FortiGate-5000 chassis monitoring.
Figure 18: FortiGate-5005FA2 front panel
Fabric and Base
network activity
LEDs
7 8 SPF Gigabit
Fiber or Copper
Accelerated
1 2 3 4 5 6 SPF Gigabit
Fiber or Copper
USB
ACT
LINK
ACT
USB
USB
ACC
7
8
1
2
3
4
5
6
LINK
CONSOLE
OOS
STATUS
IPM
Out
of
Service
Mounting
Knot
Extraction
Lever
Mounting
Knot
Module Extraction
Position Lever
Status
Link/Traffic
RJ-45 Flash Disk
Serial Access
The FortiGate-5005FA2 board includes the following features:
•
•
A total of eight front panel gigabit interfaces that can accept Small Formfactor
Pluggable (SFP) fiber or copper gigabit transceivers.
•
•
Six standard gigabit interfaces (interfaces 1 to 6).
Two accelerated packet forwarding and policy enforcement gigabit
interfaces (interfaces 7 and 8).
Two fabric backplane gigabit interfaces (fabric1 and fabric2) for
FortiGate-5005-DIST security system management communications. The
fabric backplane gigabit interfaces can also be used for data communications
across the FortiGate-5000 chassis backplane if combined with a board that
supports backplane fabric switching.
•
•
Two base backplane gigabit interfaces (base1 and base2) for HA heartbeat
and data communications across the FortiGate-5000 chassis backplane and
for FortiGate-5005-DIST security system data communication.
RJ-45 RS-232 serial console connection.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
41
Download from Www.Somanuals.com. All Manuals Search And Download.
Front panel LEDs and connectors
FortiGate-5005FA2 security system
•
•
•
2 USB connectors.
Mounting hardware.
LED status indicators.
The FortiGate-5005FA2 board comes supplied with fiber and copper SFP
transceivers. You can order the SFP transceivers in any combination. Before you
can connect any FortiGate-5005FA2 front panel interfaces, you must insert the
SFP transceivers into the FortiGate-5005FA2 front panel cage slots.
Front panel LEDs and connectors
From the FortiGate-5005FA2 font panel you can view the status of the front panel
LEDs to verify that the board is functioning normally. You also connect the
FortiGate-5005FA2 board to your network through the front panel ethernet
connectors. The front panel also includes the RJ-45 console port for connecting to
the FortiOS CLI and two USB ports. The USB ports can be used with a Fortinet
USB key. For information about using the FortiUSB key, see the FortiGate-5000
LEDs
Table 10 lists and describes the FortiGate-5005FA2 board LEDs.
Table 10: FortiGate-5005FA2 board LEDs
LED
State
Description
Fabric ACT 2 Amber
LINK 2 Green
Network activity at backplane fabric interface 2.
Backplane fabric interface 2 is connected at 1000 Mbps.
Network activity at backplane fabric interface 1.
Backplane fabric interface 1 is connected at 1000 Mbps.
Network activity at backplane base interface 2 (backplane2).
ACT 1 Amber
LINK 1 Green
Base ACT 2 Amber
LINK 2 Green
Backplane base interface 2 (backplane2) is connected at
1000 Mbps.
ACT 1 Amber
LINK 1 Green
Network activity at backplane base interface 1 (backplane1).
Backplane base interface 1 (backplane1) is connected at
1000 Mbps.
OOS
Off
Normal operation.
(Out of
Service)
Red
A fault condition exists and the FortiGate-5005FA2 blade is
out of service (OOS). This LED may also flash very briefly
during normal startup.
ACC
Off or
The ACC LED flashes green when the FortiGate-5005FA2
Flashing board accesses the FortiOS flash disk. The FortiOS flash
green
disk stores the current FortiOS firmware build and
configuration files. The system accesses the flash disk when
starting up, during a firmware upgrade, or when an
administrator is using the CLI or GUI to change the FortiOS
configuration. Under normal operating conditions this LED
flashes occasionally, but is mostly off.
STATUS
Amber
The FortiGate-5005FA2 board is powered on.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
42
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5005FA2 security system
Accelerated packet forwarding and policy enforcement
Table 10: FortiGate-5005FA2 board LEDs (Continued)
LED
State
Description
IPM
Blue
The FortiGate-5005FA2 is ready to be hot-swapped
(removed from the chassis). If the IPM light is blue and no
other LEDs are lit the FortiGate-5005FA2 board has lost
power
Flashing The FortiGate-5005FA2 is changing from hot swap to running
Blue
mode or from running mode to hot swap.
Off
Normal operation. The FortiGate-5005FA2 board is in contact
with the chassis backplane.
1, 2, 3, 4,
5, 6, 7, 8
Green
The correct cable is connected to the gigabit SFP interface.
Flashing Network activity at the gigabit SFP interface.
Connectors
Table 11 lists and describes the FortiGate-5005FA2 connectors.
Table 11: FortiGate-5005FA2 connectors
Connector Type
Speed
Protocol Description
1, 2, 3,
4, 5, 6
LC SFP 1000Base-SX Ethernet Six gigabit SFP interfaces that can
accept fiber or copper gigabit
transceivers. These interfaces only
operate at 1000Mbps.
7, 8
LC SFP 1000Base-SX Ethernet Two accelerated gigabit SFP interfaces
that can accept fiber or copper gigabit
transceivers. These interfaces only
operate at 1000Mbps. The accelerated
interface connectors are inverted
compared to connectors 1 to 6.
CONSOLE RJ-45
USB USB
9600 bps
8/N/1
RS-232
serial
Serial connection to the command line
interface.
FortiUSB key firmware updates and
configuration backup.
Accelerated packet forwarding and policy enforcement
FortiGate-5005FA2 Accelerated packet forwarding and policy enforcement results
in accelerated small packet performance required for voice, video, and other
multimedia streaming applications. The following traffic scenarios are
recommended for the accelerated interfaces:
•
•
•
Small packet applications, such as voice over IP (VoIP).
The FortiGate-5005FA2 accelerated interfaces provide wire speed
performance for small packet applications.
Latency sensitive applications, such as multimedia.
The FortiGate-5005FA2 accelerated interfaces add much less latency than
normal (non-accelerated) interfaces.
Session Oriented Traffic with long session lifetime, such as FTP sessions.
Packet size does not affect performance for traffic with long session lifetime.
For long sessions, processing that would otherwise be handled by the
FortiGate-5005FA2 CPUs is off-loaded to the acceleration module.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
43
Download from Www.Somanuals.com. All Manuals Search And Download.
Base backplane gigabit communication
FortiGate-5005FA2 security system
•
•
•
Firewall and intrusion protection (IPS), when there is a reasonable percentage
of P2P packets.
Firewall, intrusion protection (IPS), and antivirus, when there is a reasonable
percentage of P2P packets.
Firewall and IPSec VPN applications.
The following traffic scenarios should be handled by the normal (or non-
accelerated) FortiGate-5005FA2 interfaces:
•
•
Session oriented traffic when the session lifetime is very short.
Firewall and antivirus only applications.
Traffic will not be off-loaded to the FortiGate-5005FA2 accelerator module. The
result will be high CPU usage because of the high CPU requirement for
antivirus scanning.
FA2 interfaces and active-active HA performance
FortiOS v3.0 MR4 firmware can also use FA2 acceleration to improve
Base backplane gigabit communication
The FortiGate-5005FA2 base1 and base2 backplane gigabit interfaces can be
used for HA heartbeat communication between FortiGate-5005FA2 boards
installed in the same or in different FortiGate-5000 chassis. You can also
configure FortiGate-5005FA2 boards to use the base backplane interfaces for
data communication between FortiGate boards. To support base backplane
communications your FortiGate-5140 or FortiGate-5050 chassis must include one
or more FortiSwitch-5003 boards. FortiSwitch-5003 boards are installed in chassis
slots 1 and 2. The FortiGate-5020 chassis supports base backplane
communication with no additions or changes to the chassis.
For information about base backplane communication in FortiGate-5140 and
FortiGate-5050 chassis, see the FortiGate-5000 Base Backplane Communication
Guide. For information about the FortiSwitch-5003 board, see the
FortiGate-5005-DIST security system
You can install FortiGate-5005FA2 boards as worker boards in a
FortiGate-5005-DIST security system. Worker boards apply FortiGate security
system functionality such as applying firewall policies, virus scanning, IPS and
routing to distributed traffic.
For complete information about the FortiGate-5005-DIST security system and the
role of worker boards, see the FortiGate-5005-DIST Security System
FortiGate-5000 Series Introduction
01-30000-83466-20090108
44
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5001FA2-LENC security system
FortiGate-5001FA2-LENC security
system
The FortiGate-5001FA2-LENC security system is a high-performance FortiGate
security system with a total of 8 front panel gigabit ethernet interfaces and two
base backplane interfaces. Use the front panel interfaces for connections to your
networks and the backplane interfaces for communication between
FortiGate-5000 series boards over the FortiGate-5000 chassis backplane.
You can also configure two or more FortiGate-5001FA2-LENC boards to create a
high availability (HA) cluster using the base backplane interfaces for HA heartbeat
communication through chassis backplane, leaving all eight front panel gigabit
interfaces available for network connections.
FortiGate-5001FA2-LENC front panel interfaces 1 and 2 also include accelerated
packet forwarding and policy enforcement for faster small packet performance.
The FortiGate-5001FA2-LENC board also supports high-end FortiGate features
including 802.1Q VLANs, multiple virtual domains, 802.3ad aggregate interfaces,
and FortiGate-5000 chassis monitoring.
Figure 19: FortiGate-5001FA2-LENC front panel
Flash Disk
Access
Link/Traffic
Module
Position
USB
Power
Status
Retention Handle
Screw
3 4 Optical or Copper
SFP Gigabit
Handle Retention
Screw
RS-232 1 2 Optical or Copper
5 6 7 8
Gigabit Copper
Serial
SFP Gigabit
Accelerated
The FortiGate-5001FA2-LENC board includes the following features:
• A total of eight front panel gigabit interfaces
•
Two accelerated packet forwarding and policy enforcement gigabit
interfaces that can accept optical Small Formfactor Pluggable (SFP) or
copper SFP gigabit transceivers (interfaces 1 and 2)
Two gigabit interfaces that can accept optical or copper SFP gigabit
transceivers (interfaces 3 and 4)
•
•
Four 10/100/1000Base-T gigabit copper network interfaces (interfaces 5, 6,
7, 8)
•
Two base backplane gigabit interfaces (port9 and port10) for HA heartbeat and
data communications across the FortiGate-5000 chassis backplane.
•
•
DB-9 RS-232 serial console connection
One USB connector
FortiGate-5000 Series Introduction
01-30000-83466-20090108
45
Download from Www.Somanuals.com. All Manuals Search And Download.
Front panel LEDs and connectors
FortiGate-5001FA2-LENC security system
•
•
Mounting hardware
LED status indicators
The FortiGate-5001FA2-LENC board comes supplied with four optical or four
copper SFP transceivers. Before you can connect FortiGate-5001FA2-LENC
interfaces 1 to 4, you must insert the SFP transceivers into the
FortiGate-5001FA2-LENC front panel cage slots numbered 1 to 4.
The FortiGate-5001FA2-LENC board ships with two RAM DIMMs installed on the
FortiGate-5001FA2-LENC circuit board. You should confirm that the RAM DIMMs
are installed correctly before inserting the FortiGate-5001FA2-LENC board into a
chassis.
Front panel LEDs and connectors
From the FortiGate-5001FA2-LENC font panel you can view the status of the front
panel LEDs to verify that the board is functioning normally. You also connect the
FortiGate-5001FA2-LENC board to your network through the front panel ethernet
connectors. The front panel also includes the RS-232 console port for connecting
to the FortiOS CLI and a USB port. The USB port can be used with a Fortinet USB
key. For information about using the FortiUSB key, see the FortiGate-5000 Series
LEDs
Table 12: FortiGate-5001FA2-LENC board LEDs
LED
PWR
ACC
State
Description
Green
The FortiGate-50012FA2 board is powered on.
Off or
Flashing
red
The ACC LED flashes red when the
FortiGate-5001FA2-LENC board accesses the FortiOS flash
disk. The FortiOS flash disk stores the current FortiOS
firmware build and configuration files. The system accesses
the flash disk when starting up, during a firmware upgrade, or
when an administrator is using the CLI or GUI to change the
FortiOS configuration. Under normal operating conditions this
LED flashes occasionally, but is mostly off.
STA
IPM
Green
Red
Normal operation.
The FortiGate-5001FA2-LENC is booting or a fault condition
exists.
Blue
The FortiGate-5001FA2-LENC is ready to be hot-swapped
(removed from the chassis). If the IPM light is blue and no
other LEDs are lit the FortiGate-5001FA2-LENC board has
lost power, possibly because of a loose or incorrectly aligned
left handle.
Flashing
Blue
The FortiGate-5001FA2-LENC is changing from hot swap to
running mode or from running mode to hot swap.
Off
Normal operation. The FortiGate-5001FA2-LENC board is in
contact with the chassis backplane.
1, 2, 3, 4
Green
The correct cable is connected to the gigabit SFP interface.
Network activity at the gigabit SFP interface.
Flashing
FortiGate-5000 Series Introduction
01-30000-83466-20090108
46
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5001FA2-LENC security system
Accelerated packet forwarding and policy enforcement
Table 12: FortiGate-5001FA2-LENC board LEDs (Continued)
LED
State
Description
5, 6, Link
7, 8 LED
Green
The correct cable is inserted into this interface and the
connected equipment has power.
Flashing
Network activity at this interface.
Speed Green
The interface is connected at 1000 Mbps.
The interface is connected at 100 Mbps.
The interface is connected at 10 Mbps.
LED
Amber
Unlit
Connectors
Table 13: FortiGate-5001FA2-LENC connectors
Connector Type
Speed
Protocol Description
1 and 2
LC SFP 1000Base-SX Ethernet Two accelerated gigabit SFP interfaces
that can accept optical or copper gigabit
transceivers. These interfaces only
operate at 1000Mbps. The accelerated
interface connectors are inverted
compared to connectors 3 and 4.
3 and 4
LC SFP 1000Base-SX Ethernet Two gigabit SFP interfaces that can
accept optical or copper gigabit
transceivers. These interfaces only
operate at 1000Mbps.
5, 6, 7, 8
RJ-45
10/100/1000
Base-T
Ethernet Copper gigabit connection to
10/100/1000Base-T copper networks.
CONSOLE DB-9
USB USB
9600 bps
8/N/1
RS-232
serial
Serial connection to the command line
interface.
FortiUSB key firmware updates and
configuration backup.
Accelerated packet forwarding and policy enforcement
FortiGate-5001FA2-LENC Accelerated packet forwarding and policy enforcement
results in accelerated small packet performance required for voice, video, and
other multimedia streaming applications. The following traffic scenarios are
recommended for the accelerated interfaces:
•
•
•
Small packet applications, such as voice over IP (VoIP).
The FortiGate-5001FA2-LENC accelerated interfaces provide wire speed
performance for small packet applications.
Latency sensitive applications, such as multimedia.
The FortiGate-5001FA2-LENC accelerated interfaces add much less latency
than normal (non-accelerated) interfaces.
Session Oriented Traffic with long session lifetime, such as FTP sessions.
Packet size does not affect performance for traffic with long session lifetime.
For long sessions, processing that would otherwise be handled by the
FortiGate-5001FA2-LENC CPUs is off-loaded to the acceleration module.
•
Firewall and intrusion protection (IPS), when there is a reasonable percentage
of P2P packets.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
47
Download from Www.Somanuals.com. All Manuals Search And Download.
Base backplane gigabit communication
FortiGate-5001FA2-LENC security system
•
•
Firewall, intrusion protection (IPS), and antivirus, when there is a reasonable
percentage of P2P packets.
Firewall and IPSec VPN applications.
The following traffic scenarios should be handled by the normal (or non-
accelerated) FortiGate-5001FA2-LENC interfaces:
•
•
Session oriented traffic when the session lifetime is very short.
Firewall and antivirus only applications.
Traffic will not be off-loaded to the FortiGate-5001FA2-LENC accelerator
module. The result will be high CPU usage because of the high CPU
requirement for antivirus scanning.
FA2 interfaces and active-active HA performance
FortiOS v3.0 MR4 firmware can also use FA2 acceleration to improve
Base backplane gigabit communication
The FortiGate-5001FA2-LENC port9 and port10 base backplane gigabit interfaces
can be used for HA heartbeat communication between FortiGate-5001FA2-LENC
boards installed in the same or in different FortiGate-5000 chassis. You can also
configure FortiGate-5001FA2-LENC boards to use the base backplane interfaces
for data communication between FortiGate boards. To support base backplane
communications your FortiGate-5140 or 5050 chassis must include one or more
FortiSwitch-5003 boards. FortiSwitch-5003 boards are installed in chassis slots 1
and 2. The FortiGate-5020 chassis supports base backplane communication with
no additions or changes to the chassis.
For information about base backplane communication in FortiGate-5140 and
FortiGate-5050 chassis, see the FortiGate-5000 Base Backplane Communication
Guide. For information about the FortiSwitch-5003 board, see the
FortiGate-5000 Series Introduction
01-30000-83466-20090108
48
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5001SX security system
FortiGate-5001SX security system
The FortiGate-5001SX security system is a high-performance FortiGate security
system with a total of 8 front panel gigabit ethernet interfaces and two base
backplane interfaces. Use the front panel interfaces for connections to your
networks and the backplane interfaces for communication between
FortiGate-5000 series boards over the FortiGate-5000 chassis backplane.
You can also configure two or more FortiGate-5001SX boards to create a high
availability (HA) cluster using the base backplane interfaces for HA heartbeat
communication through chassis backplane, leaving all eight front panel gigabit
interfaces available for network connections.
The FortiGate-5001SX board also supports high-end FortiGate features including
802.1Q VLANs, multiple virtual domains, 802.3ad aggregate interfaces, and
FortiGate-5000 chassis monitoring.
Figure 20: FortiGate-5001SX front panel
Module
Position
Flash Disk
Access
Link/Traffic
Power
Status
USB
USB
1
2
3
4
5
6
7
8
CONSOLE
STA IPM
ACC
PWR
Mounting
Knot
Mounting
Knot
Extraction
Lever
Extraction
Lever
RS-232
Serial
1 2 3 4
SFP Gigabit fiber
or copper
5 6 7 8
Locking
Screw
Gigabit Copper
The FortiGate-5001SX board includes the following features:
•
A total of eight front panel gigabit interfaces
•
Four gigabit interfaces that can accept Small Formfactor Pluggable (SFP)
fiber or copper transceivers (interfaces 1, 2, 3, and 4)
Four 10/100/1000Base-T gigabit copper network interfaces (interfaces 5, 6,
7, and 8)
•
•
Two base backplane gigabit interfaces (port9 and port10) for HA heartbeat and
data communications across the FortiGate-5000 chassis backplane.
•
•
•
•
DB-9 RS-232 serial console connection
One USB connector
Mounting hardware
LED status indicators
The FortiGate-5001SX board comes supplied with four fiber or four copper SFP
transceivers. Before you can connect FortiGate-5001SX interfaces 1 to 4, you
must insert the SFP transceivers into the FortiGate-5001SX front panel cage slots
numbered 1 to 4.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
49
Download from Www.Somanuals.com. All Manuals Search And Download.
Front panel LEDs and connectors
FortiGate-5001SX security system
The FortiGate-5001SX board ships with two RAM DIMMs installed on the
FortiGate-5001SX circuit board. You should confirm that the RAM DIMMs are
installed correctly before inserting the FortiGate-5001SX board into a chassis.
Front panel LEDs and connectors
From the FortiGate-5001SX font panel you can view the status of the front panel
LEDs to verify that the board is functioning normally. You also connect the
FortiGate-5001SX board to your network through the front panel ethernet
connections. The front panel also includes the RS-232 console port for connecting
to the FortiOS CLI and a USB port. The USB port can be used with a Fortinet USB
key. For information about using the FortiUSB key, see the FortiGate-5000 Series
LEDs
Table 14 lists and describes the FortiGate-5001SX board LEDs.
Table 14: FortiGate-5001SX LEDs
LED
PWR
ACC
State
Description
Green
The FortiGate-5001SX board is powered on.
Off or
Flashing
red
The ACC LED flashes red when the FortiGate-5001SX
board accesses the FortiOS flash disk. The FortiOS
flash disk stores the current FortiOS firmware build and
configuration files. The system accesses the flash disk
when starting up, during a firmware upgrade, or when
an administrator is using the CLI or GUI to change the
FortiOS configuration. Under normal operating
conditions this LED flashes occasionally, but is mostly
off.
STA
IPM
Green
Red
Normal operation.
The FortiGate-5001SX is starting or a fault condition
exists.
Blue
The FortiGate-5001SX is ready to be hot-swapped
(removed from the chassis). If the IPM light is blue and
no other LEDs are lit the FortiGate-5001SX board has
lost power, possibly because of a loose or incorrectly
aligned left extraction lever.
Flashing
Blue
The FortiGate-5001SX is changing from hot swap to
running mode or from running mode to hot swap.
Off
Normal operation. The FortiGate-5001SX board is in
contact with the chassis backplane.
1, 2, 3, 4
Green
The correct cable is connected to the gigabit SFP
interface.
Flashing
Green
Network activity at the gigabit SFP interface.
5, 6, Link
7, 8 LED
The correct cable is inserted into this interface and the
connected equipment has power.
Flashing
Network activity at this interface.
Speed Green
The interface is connected at 1000 Mbps.
The interface is connected at 100 Mbps.
The interface is connected at 10 Mbps.
LED
Amber
Unlit
FortiGate-5000 Series Introduction
01-30000-83466-20090108
50
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5001SX security system
Base backplane gigabit interfaces
Connectors
Table 15 lists and describes the FortiGate-5001SX connectors.
Table 15: FortiGate-5001SX connectors
Connector Type Speed
Protocol
Description
1, 2, 3, 4
LC
SFP
1000Base-SX Ethernet
Four gigabit SFP interfaces that can
accept fiber or copper gigabit
transceivers. These interfaces only
operate at 1000Mbps.
5, 6, 7, 8
RJ-45 10/100/1000 Ethernet
Base-T
Copper gigabit connection to
10/100/1000Base-T copper networks.
CONSOLE DB-9 9600 bps
RS-232 serial Serial connection to the command line
interface.
8/N/1
USB
USB
FortiUSB key firmware updates and
configuration backup (FortiOS v3.0).
Base backplane gigabit interfaces
The FortiGate-5001SX port9 and port10 base backplane gigabit interfaces can be
used for HA heartbeat communication between FortiGate-5001SX boards
installed in the same or in different FortiGate-5000 chassis. You can also
configure FortiGate-5001SX boards to use the base backplane interfaces for data
communication between FortiGate boards. To support base backplane
communications your FortiGate-5140 or 5050 chassis must include one or more
FortiSwitch-5003 boards. FortiSwitch-5003 boards are installed in chassis slots 1
and 2. The FortiGate-5020 chassis supports base backplane communication with
no additions or changes to the chassis.
For information about base backplane communication in FortiGate-5140 and
FortiGate-5050 chassis, see the FortiGate-5000 Base Backplane Communication
Guide. For information about the FortiSwitch-5003 board, see the
FortiGate-5000 Series Introduction
01-30000-83466-20090108
51
Download from Www.Somanuals.com. All Manuals Search And Download.
Base backplane gigabit interfaces
FortiGate-5001SX security system
FortiGate-5000 Series Introduction
01-30000-83466-20090108
52
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiSwitch-5003A system
FortiSwitch-5003A system
The FortiSwitch-5003A board provides 10/1-gigabit fabric backplane channel
layer-2 switching and 1-gigabit base backplane channel layer-2 switching in a
dual star architecture for the FortiGate-5140 and FortiGate-5050 chassis. The
FortiSwitch-5003A board provides a total capacity of 200 Gigabits per second
(Gbps) throughput.
The FortiGate-5140 chassis is a 14-slot ATCA chassis and the FortiGate-5050
chassis is a 5-slot ATCA chassis. In both chassis the FortiSwitch-5003A board is
installed in the first and second hub/switch fabric slots. For most versions of the
FortiGate-5140 and 5050 chassis the hub/switch fabric slots are slots 1 and 2. For
You can use the FortiSwitch-5003A board for fabric and base backplane layer-2
switching for FortiGate-5000 boards installed in slots 3 and up in FortiGate-5140
and FortiGate-5050 chassis. Usually you would use the base channel for
management traffic (for example, HA heartbeat traffic) and the fabric channel for
data traffic. FortiSwitch-5003A boards can be used for fabric and base backplane
layer-2 switching within a single chassis and between multiple chassis.
The FortiSwitch-5003A system also supports 802.3ad static mode layer-2 link
aggregation, 802.1q VLANs, and 802.1s Multi-Spanning Tree Protocol (MSTP) for
the fabric channels. You can use these features to configure link aggregation and
support redundant FortiSwitch-5003A switch configurations to distribute traffic to
multiple FortiGate-5000 boards. The FortiGate-5000 boards must operate in
Transparent mode, all are managed separately and all must have the same
configuration.
A FortiSwitch-5003A board in hub/switch fabric slot 1 provides communications
on fabric channel 1 and base channel 1. A FortiSwitch-5003A board in hub/switch
fabric slot 2 provides communications on fabric channel 2 and base channel 2. If
your chassis includes one FortiSwitch-5003A board you can install it in hub/switch
fabric slot 1 or 2 and configure the FortiGate-5000 boards installed in the chassis
to use the correct fabric and base backplane interfaces.
For a complete 10-gigabit fabric backplane solution you must install
FortiGate-5000 hardware that supports 10-gigabit connections. For example, a
FortiGate-5001A board combined with a FortiGate-RTM-XB2 module provides
two 10-gigabit fabric interfaces. You can install the FortiGate-5001A boards in
chassis slots 3 and up and FortiGate-RTM-XB2 modules in the corresponding
RTM slots on the back of the chassis.
The FortiSwitch-5003A board includes the following features:
•
•
•
One 1-gigabit base backplane channel for layer-2 base backplane switching
between FortiGate-5000 boards installed in the same chassis as the
FortiSwitch-5003A
One 10/1-gigabit fabric backplane channel for layer-2 fabric backplane
switching between FortiGate-5000 boards installed in the same chassis as the
FortiSwitch-5003A
Two front panel base backplane one-gigabit copper gigabit interfaces (B1 and
B2) that connect to the base backplane channel
FortiGate-5000 Series Introduction
01-30000-83466-20090108
53
Download from Www.Somanuals.com. All Manuals Search And Download.
Front panel LEDs and connectors
FortiSwitch-5003A system
Figure 21: FortiSwitch-5003A front panel
Base Network
Activity LEDs
Fabric Network
Activity LEDs
B1 B2
RJ-45 COM
Port
Base 1G
Copper
14/F8 F7 F6 F5 F4 F3 F2 F1
Fabric 10G Optical or Copper SFP
Retention
Screw
Retention
Screw
OOS
LED
MGMT 1G Active
Copper LED
Interface
Healthy
LED
Fault
LED
Hot Swap
Extraction
Extraction
LED
Lever
Lever
Reset
Switch
BASE 10G Optical
or Copper SFP
•
•
One front panel base backplane 10-gigabit optical or copper SFP+ interface
(BASE 10G) that connects to the base backplane channel
Eight front panel fabric backplane 10-gigabit optical or copper SFP+ interfaces
(14/F8, F7, F6, F5, F4, F3, F2, and F1)
•
•
•
•
•
•
•
One gigabit out of band management ethernet interface (MGMT)
One RJ-45, RS-232 serial console connection (COM)
Mounting hardware
LED status indicators
IEEE 802.1q VLANs
IEEE 802.3ad static mode layer-2 link aggregation
Link aggregation using a hash algorithm based on source and destination IP
addresses
•
•
Multi-Spanning Tree Protocol (MSTP) (IEEE 802.1s) to support redundant
FortiSwitch-5003A boards and external MSTP-compatible switches
Heartbeat between FortiGate-5001A and FortiGate-5005FA2 boards and the
FortiSwitch-5003A over the fabric channel to support MSTP (configurable from
the FortiGate-5001A and FortiGate-5005FA2 systems)
•
Standard FortiOS command line interface (CLI) for configuring fabric switch
settings (VLANs, MSTP, trunks, and so on)
Front panel LEDs and connectors
From the FortiSwitch-5003A font panel you can view the status of the board LEDs
to verify that the board is functioning normally. The front panel includes a reset
switch for restarting the FortiSwitch-5003A board.
The front panel also contains connectors to the fabric and base channels, an out
of band management ethernet interface, and an RJ-45 RS-232 console port for
connecting to the FortiSwitch-5003A CLI.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
54
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiSwitch-5003A system
Front panel LEDs and connectors
LEDs
Table 16 lists and describes the FortiSwitch-5003A front panel LEDs.
Table 16: FortiSwitch-5003A front panel LEDs and switches
LED
State
Off
Description
OOS (Out of Service)
Normal operation.
Red
Out of service. The LED turns on if the
FortiSwitch-5003A board fails. The LED may also
flash briefly when the board is powering on.
ACT (Active)
Green
Yellow
The FortiSwitch-5003A board is powered on and
operating normally.
Caution status. Caution status is indicated by the
fault condition of the HTY and FLT LEDs.
Off
The board is not connected to power.
HTY (Healthy)
FLT (Fault)
Green
The FortiSwitch-5003A board is powered on and
operating normally.
Off
The board health system has detected a fault.
Normal operation.
Off
Yellow
Cannot establish a link to a configured interface or
another connection problem external to the
FortiSwitch-5003A board. This LED may indicate
issues that do not affect normal operation.
RST (Reset switch)
Press and hold Reset for three seconds to restart the
FortiSwitch-5003A board.
Solid
Green
Indicates this interface is connected to the 1-gigabit
base channel interface of a FortiGate-5000 board.
LEDs and the interface that each represents.
Base Network Activity
LEDs
Blinking Indicates 1-gigabit network traffic on this interface.
Green
Off
No link.
Solid
Green
Indicates this interface is connected to the
10/1-gigabit fabric channel interface of a
each represents.
Fabric Network
Activity LEDs
Blinking Indicates 10/1-gigabit network traffic on this interface.
Green
LEDs and the interface that each represents.
Off
No link.
MGMT, B1,
B2
(Management
and base
1-gigabit
LEDs)
Link/Act Solid
Indicates this interface is connected with the correct
cable and the attached network device has power.
(Left
Green
LED)
Blinking Indicates network traffic on this interface.
Green
Off
No Link
Speed Green
(Right
Connection at 1 Gbps.
Connection at 100 Mbps.
Connection at 10 Mbps.
Amber
LED)
Off
FortiGate-5000 Series Introduction
01-30000-83466-20090108
55
Download from Www.Somanuals.com. All Manuals Search And Download.
Front panel LEDs and connectors
FortiSwitch-5003A system
Table 16: FortiSwitch-5003A front panel LEDs and switches (Continued)
LED
State
Description
Solid
Green
Indicates this interface is connected to a 10-gigabit
network device with the correct cable and the
attached network device has power.
BASE 10G, 14/F8, F7,
F6, F5, F4, F3, F2, F1
(Base and Fabric 10
gigabit LEDs)
Blinking Indicates 10-gigabit network traffic on this interface.
Green
Off
No link.
HS (Hot Swap)
Blue
The FortiSwitch-5003A is ready to be hot-swapped
(removed from the chassis). If the HS light is blue
and no other LEDs are lit the FortiSwitch-5003A
board has lost power
Flashing The FortiSwitch-5003A is changing from hot swap to
Blue
running mode or from running mode to hot swap.
This happens when the FortiSwitch-5003A board is
starting up or shutting down.
Off
Normal operation. The FortiSwitch-5003A board is in
contact with the chassis backplane.
Base channel interfaces
interfaces. The base backplane interfaces are not configurable or visible from the
FortiSwitch-5003A CLI.
Figure 22: FortiSwitch-5003A base network activity LEDs
Table 17: Base channel interfaces and network activity LEDs
Interface
Name
Description
SH1
If the FortiSwitch-5003A board is in the first hub/switch fabric slot, this
LED indicates a backplane connection to shelf manager 1. If the
FortiSwitch-5003A board is in second hub/switch fabric slot this LED
indicates a backplane connection to shelf manager 2.
This LED may not be lit even if a shelf manager is present if the shelf
manager is configured to use its front panel interface.
15 and SH2
2/1
Not used.
Base channel connection between base channels 1 and 2.
The 2/1 LED is lit if there is any board capable of connecting to the base
channel in the other slot. For example, if the FortiSwitch-5003A board is
installed in the first hub/switch fabric slot, this LED will be lit if any board
is installed in the second hub/switch fabric slot, including a
FortiSwitch-5003A board or any FortiGate-5000 board.
3 to 14
Base channel connection to FortiGate-5000 boards in chassis slots 3 to
14.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
56
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiSwitch-5003A system
Front panel LEDs and connectors
Table 17: Base channel interfaces and network activity LEDs
Interface
Name
Description
B1 and B2
BASE 10G
Front panel gigabit base channel interfaces B1 and B2.
Use these interfaces to connect your network to the base channel, to
connect base channel 1 to base channel 2, or to connect a base channel
on one chassis to a base channel on another chassis.
Front panel 10-gigabit base channel interface.
Use this interface to connect a 10-gigabit network to the base channel.
10-gigabit communication is not supported across the base channels but
this interface is still available if you need to connect the base channel to
a 10-gigabit network.
Fabric channel interfaces
Table 18 lists and describes the FortiSwitch-5003A fabric channel interfaces. You
can configure fabric interface settings, group fabric interfaces into trunks, and
configure MSTP spanning tree settings for fabric interfaces from the
FortiSwitch-5003A CLI.
Table 18: Fabric channel interfaces
Interface Name
Description
Front Panel CLI*
2/1
slot-2/1
Interface between fabric channel 1 and fabric channel 2.
If there are two FortiSwitch-5003A boards installed in a
chassis this interface can be used to communicate between
them. In some configurations you may have to disable this
communication.
3 to 13
14/F8
slot-3 to
slot-13
Fabric backplane slots 3 to 13.
The 3 to 13 fabric network activity LEDs are lit if there are
FortiGate boards in chassis slots 3 to 13.
slot-14/f8
Front panel interface 14/F8.
Fabric backplane slot 14 and front panel interface 14/F8
share the same FortiSwitch-5003A switch port. By default the
the front panel interface 14/F8 is enabled and fabric
backplane slot 14 is disabled. You can change this setting
using a switch on the FortiSwitch-5003A board.
F1 to F7
f1 to f7
Front panel 10-gigabit fabric interfaces F1 to F7.
Use these interfaces to connect your network to the fabric
channel, to connect fabric channel 1 to fabric channel 2, or to
connect a fabric channel on one chassis to a fabric channel
on another chassis.
* You can configure settings for FortiSwitch-5003A fabric interfaces from the
FortiSwitch-5003A CLI. The CLI columns show the names of the interfaces as they appear
on the FortiSwitch-5003A CLI.
The fabric network activity LEDs show links and network activity for the interfaces
Figure 23: FortiSwitch-5003A fabric network activity LEDs
FortiGate-5000 Series Introduction
01-30000-83466-20090108
57
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiSwitch-5003A configurations
FortiSwitch-5003A system
Table 19: Fabric network activity LEDs
Fabric network Interface or connection
activity LED
2/1
Fabric channel connection between fabric channel 1 and fabric
channel 2. This LED is lit if there are two FortiSwitch-5003A boards
installed in the chassis to indicate fabric backplane communication
between them.
3 to 13
Fabric backplane connection to FortiGate-5000 boards in chassis slots
3 to 13.
Front panel connectors
Table 20 lists and describes the FortiSwitch-5003A front panel connectors.
Table 20: FortiSwitch-5003A connectors
Connector Type Speed
Protocol
Description
MGMT
RJ-45 10/100/1000 Ethernet
Base-T
Copper gigabit connection to out of band
management interface.
COM
RJ-45 9600 bps
8/N/1
RS-232
serial
Serial connection to the command line
interface.
B1, B2
RJ-45 10/100/1000 Ethernet
Base-T
Copper gigabit connection to the base
backplane channel.
BASE 10G SFP+ 10 Gbps
Ethernet
SFP+ 10 gigabit connection to the base
backplane channel.
FABRIC
10G, 14/F8,
F7, F6, F5,
F4, F3, F2,
F1
SFP+ 10 Gbps
Ethernet
SFP+ 10 gigabit connection to the fabric
backplane channel.
FortiSwitch-5003A configurations
You can operate the FortiSwitch-5003A board as a fabric and base channel
layer-2 switch for any FortiGate-5000 board. The FortiSwitch-5003A board is
compatible with all FortiGate-5000 boards.
Base and fabric gigabit switching within a chassis
Figure 24 shows a FortiGate-5050 chassis with a FortiSwitch-5003A board in
slot 1 and two FortiGate-5001A boards in slots 3 and 4. In this configuration the
FortiGate-5001A boards are using base channel 1 for HA heartbeat
communication. The FortiGate-5001A boards use base1 as the HA heartbeat
interface.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
58
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiSwitch-5003A system
FortiSwitch-5003A configurations
Figure 24: FortiSwitch-5003A base channel 1 HA heartbeat communication
5
4
3
Base channel 1
HA Heartbeat
Communication
2
1
POWER
5000SM
10/100
5000SM
10/100
5050SAP
SMC
SMC
link/Act
10/100
link/Act
10/100
SERIAL
1
SERIAL
2
link/Act
link/Act
2
1
Fabric 10-gigabit switching within a chassis
One FortiGate-RTM-XB2 provides 10-gigabit connections to both
FortiGate-5001A fabric channels. The FortiGate-RTM-XB2 also provides NP2
packet acceleration for each fabric channel. To effectively use NP2 acceleration,
packets must be received by the FortiGate-5001A board on one fabric channel
and exit from the FortiGate-5001A board on the same fabric channel or on the
information.
Figure 25 shows a FortiGate-5050 chassis containing two FortiSwitch-5003A
boards and one FortiGate-5001A board. Using these components this chassis
supplies 10-gigabit connectivity between the external and internal network.
Figure 25: Example 10-gigabit connection between internal and external networks
FortiGate-RTM-XB2
module installed in RTM
slot 3 provides two
Internal Network
10-gigabit fabric channels
and NP2 acceleration for
the FortiGate-5001A board
Internal 10-gigabit
Network Connected
to Fabric Channel 2
FortiGate-5001A Board
Installed in FortiGate-5050
front panel slot 3
5
4
3
Fabric Channel 2
10-gigabit Data
Communication
Fabric Channel 1
10 Gigabit Data
Communication
2
1
POWER
5000SM
10/100
5000SM
10/100
5050SAP
SMC
SMC
link/Act
10/100
link/Act
10/100
SERIAL
1
SERIAL
2
link/Act
link/Act
2
1
External 10-gigabit
Network Connected
to Fabric Channel 1
External
Network
FortiGate-5000 Series Introduction
01-30000-83466-20090108
59
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiSwitch-5003A configurations
FortiSwitch-5003A system
Layer-2 link aggregation and redundancy configurations
The FortiSwitch-5003A board supports 802.3ad static mode layer-2 link
aggregation, 802.1q VLANs, and 802.1s Multi-Spanning Tree Protocol (MSTP) for
the fabric channels. You can use these features to configure link aggregation and
support redundant FortiSwitch-5003A configurations to distribute traffic to multiple
FortiGate-5001A or 5005FA2 boards.
Figure 26 shows a basic link aggregation configuration using a single
FortiSwitch-5003A board. In this configuration the external switch is connected to
FortiSwitch-5003A front panel f5 interface. The switch adds VLAN tags to traffic
from the internal and external networks.
Figure 26: Basic link aggregation configuration
Internal Network
External
Network
Internal and external
10-gigabit networks
connected to
FortiSwitch-5003A
front panel interface F7
and to fabric channel 1
External switch
VLAN
tagged
traffic
5140SAP
SERIAL
1
SERIAL
2
ALARM
5140
13
11
9
7
5
3
1
2
4
6
8
10
12
14
Six FortiGate-RTM-XB2
modules installed in RTM
slots 6, 8, 9, 10, 11, and
13 to provide 10-gigabit
fabric interfaces and
NP2 acceleration for each
FortiGate-5001A board
ETH0 ETH1
ETH0
Service
RESET
STATUS
Hot Swap
1
2
ETH0 ETH1
EH0
Service
RESET
STATUS
Hot Swap
FILTER
FAN TRAY
FAN TRAY
FAN TRAY
2
0
1
Distributed 10-gigabit
data communication
on fabric channel 1
FortiGate-5000 Series Introduction
01-30000-83466-20090108
60
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiSwitch-5003 system
Front panel LEDs and connectors
FortiSwitch-5003 system
The FortiSwitch-5003 board provides base backplane interface switching for the
FortiGate-5140 chassis and the FortiGate-5050 chassis. You can use this
switching for data communication or HA heartbeat communication between the
base backplane interfaces of FortiGate-5000 series boards installed in slots 3 and
up in these chassis. FortiSwitch-5003 boards can be used for base backplane
communication in a single chassis or between multiple chassis.
Install FortiSwitch-5003 boards in chassis slots 1 and 2. A FortiSwitch-5003 board
in slot 1 provides communications on base backplane interface 1. A
FortiSwitch-5003 board in slot 2 provides communications on base backplane
interface 2.
If your configuration includes only one FortiSwitch-5003 board you can install it in
slot 1 or slot 2 and configure the FortiGate-5000 boards installed in the chassis to
use the correct base backplane interface.
The FortiSwitch-5003 board includes the following features:
•
A total of 16 10/100/1000Base-T gigabit ethernet interfaces:
•
13 backplane 10/100/1000Base-T gigabit interfaces for base backplane
switching between FortiGate-5000 series boards installed in the same
chassis as the FortiSwitch-5003
•
Three front panel 10/100/1000Base-T gigabit interfaces (ZRE0, ZRE1,
ZRE2) for base backplane switching between two or more FortiGate-5000
series chassis
•
•
•
•
One 100Base-TX out of band management ethernet interface (ETH0)
RJ-45 RS-232 serial console connection (CONSOLE)
Mounting hardware
LED status indicators
Front panel LEDs and connectors
From the FortiSwitch-5003 font panel you can view the status of the board LEDs
to verify that the board is functioning normally. You can also connect the
FortiSwitch-5003 board in one chassis to a FortiSwitch-5003 board in another
chassis through the front panel ethernet connections. The front panel also
includes and out of band management ethernet interface and the RJ-45 console
port for connecting to the FortiSwitch-5003 CLI.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
61
Download from Www.Somanuals.com. All Manuals Search And Download.
Front panel LEDs and connectors
FortiSwitch-5003 system
Figure 27: FortiSwitch-5003 front panel
Power LED
LED Mode Switch
Management CONSOLE
ZRE Network
Activity LEDs
(ZRE 0 to 15)
100Base-TX
Ethernet
RJ-45
Serial
Reset
Switch
Hot
Swap
LED
Extraction
Extraction
Lever
ZRE0 ZRE1 ZRE2
Out of
Service LED
Lever
base backplane interfaces
Mounting
Knot
Mounting
Knot
10/100/1000Base-T
Ethernet
LEDs
Table 21 lists and describes the FortiSwitch-5003 board front panel LEDs.
Table 21: FortiSwitch-5003 board front panel LEDs and switches
LED
State
Off
Description
Normal operation.
Red
Out of service. The LED turns on if the FortiSwitch-5003 board
fails. The LED may also flash briefly when the board is
powering on.
Green
Yellow
The FortiSwitch-5003 board is powered on and operating
normally.
Caution status. Caution status is indicated by the fault condition
of the CLOCK, OK or INT FLT LEDs.
Off
Off
The board is not connected to power.
Normal operation.
System
E0, E1
Yellow or Link status of out of band management interfaces (not used).
Green
ZRE 0-15
(ZRE
network
activity
Green
Link/Activity mode: Blinking to indicate network traffic on this
Link/Speed mode: 100 Mbps connection.
LEDs, LED Yellow
Mode
switch
Link/Activity mode: The interface is disabled and cannot
forward packets. (not used)
Link/Speed mode: 1000 Mbps connection.
changes
mode)
Off
Link/Activity mode: No link.
Link/Speed mode: 10 Mbps connection.
LED Mode Change the ZRE network activity LED display mode. Normally the ZRE
network activity LEDs operate in Link/Activity mode. In this mode the LEDs
flash green to indicate a link and to indicate network traffic.
switch
Press this button to switch the ZRE LEDs to Link/Speed mode. In
Link/Speed mode the ZRE LEDs use a solid color to indicate a link. The
color of the LED indicates the speed of the link.
CLK
OK
Flashing
Green
Initialization completed successfully.
Green
Initialization completed successfully.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
62
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiSwitch-5003 system
Front panel LEDs and connectors
Table 21: FortiSwitch-5003 board front panel LEDs and switches (Continued)
LED
State
Off
Description
EXT FLT
Normal operation.
Yellow
Cannot establish a link to a configured interface or another
connection problem external to the FortiSwitch-5003 board.
This LED may indicate issues that do not affect normal
operation.
INT FLT
Off
Normal operation.
Yellow
Failure of internal tests. Indicates a hardware or software
problem with the FortiSwitch-5003 board.
Hot Swap
Blue
Indicates the FortiSwitch-5003 board is ready to be hot
swapped. During a hot swap, the LED is on. The LED turns off
when the FortiSwitch-5003 board is correctly installed.
Reset
switch
Press and hold Reset for three seconds to restart the FortiSwitch-5003
board.
About the ZRE network activity LEDs
The ZRE network activity LEDs show links and network activity for the interfaces
Figure 28: FortiSwitch-5003 ZRE network activity LEDs
Table 22: ZRE network activity LEDs FortiSwitch-5003 interfaces and connections
ZRE network Interface or connection
activity LED
0
ZRE0 front panel interface.
ZRE1 front panel interface.
ZRE2 front panel interface.
1
2
3 to 14
Base backplane connection to FortiGate-5000 series boards in chassis
slots 3 to 14.
15
Base backplane link. Indicates that the FortiSwitch-5003 board can
connect to the base backplane interface.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
63
Download from Www.Somanuals.com. All Manuals Search And Download.
Base backplane communications
FortiSwitch-5003 system
Connectors
Table 23 lists and describes the FortiSwitch-5003 front panel connectors.
Table 23: FortiSwitch-5003 connectors
Connector Type Speed Protocol
RJ-45 100Base-T Ethernet
Description
ETH0
Front panel out of band management
interface. A second out of band
management interface, ETH1, connects to
the shelf managers. Neither of the out of
band management interfaces are used.
CONSOLE RJ-45 9600 bps
RS-232
serial
Serial connection to the command line
interface.
ZRE0,
ZRE1,
ZRE2
RJ-45 10/100/1000 Ethernet
Base-T
Redundant connections to another
FortiSwitch-5003 board in an different
FortiGate-5140 or FortiGate-5050 chassis.
Use these interfaces for base backplane
interface connections between
FortiGate-5000 series chassis.
Base backplane communications
This section provides a brief introduction to using FortiSwitch-5003 boards for
base backplane communication.
FortiSwitch-5003 boards installed in a FortiGate-5140 or FortiGate-5050 chassis
in slot 1 or slot 2 provide base backplane switching for all of the FortiGate-5000
series boards installed in chassis slots 3 and above. Base backplane switching
can be used for HA heartbeat communication and for data communication
between FortiGate-5000 series boards.
The FortiGate-5000 series boards can all be installed in the same chassis, or you
can use the FortiSwitch-5003 front panel ZRE interfaces for base backplane
communication among multiple FortiGate-5140 and FortiGate-5050 chassis. The
communication can be among a collection of the same chassis (for example,
multiple FortiGate-5050 chassis) or among a mixture of FortiGate-5140 and
FortiGate-5050 chassis. In most cases you would connect the same base
backplane interfaces together, but you can also use the FortiSwitch-5003 front
panel ZRE interfaces for connections between base backplane interface 1 and
base backplane interface 2. Again these connections can be within the same
chassis or among multiple chassis.
A FortiSwitch-5003 board in slot 1 provides communications on base backplane
interface 1. The FortiGate-5001SX and the FortiGate-5001FA2 boards
communicate with base backplane interface 1 using the interface named port9.
The FortiGate-5005FA2 board communicates with base backplane interface 1
using the interface named base1.
A FortiSwitch-5003 board in slot 2 provides communications on base backplane
interface 2. The FortiGate-5001SX and the FortiGate-5001FA2 boards
communicate with base backplane interface 2 using the interface named port10.
The FortiGate-5005FA2 board communicates with base backplane interface 2
using the interface named base2.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
64
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiSwitch-5003 system
Base backplane communications
In a single chassis, more than one cluster can use the same base backplane
interface for HA heartbeat communication. To separate heartbeat communication
for multiple clusters on the same base backplane interface, configure a different
HA group name and password for each cluster.
In a single chassis, you can also use the same base backplane interface for data
and HA heartbeat communication. If you are operating multiple clusters and
multiple data paths on the same base backplane interface you may experience
some bandwidth limitations. To increase the amount of bandwidth available you
can add a second FortiSwitch-5003 board and use both backplane interfaces for
HA heartbeat and data communication.
If you have two FortiSwitch-5003 boards and two backplane interfaces available
you can balance the traffic between the base backplane interfaces by how you
configure your FortiGate-5000 board data interfaces and HA heartbeat interfaces.
For example, if you have two busy FortiGate-5001SX clusters you might configure
one cluster to use port9 for HA heartbeat traffic and the other to use port10. If you
have a number of data paths that use the same base backplane interfaces you
can change the configuration to distribute traffic between both base backplane
interfaces.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
65
Download from Www.Somanuals.com. All Manuals Search And Download.
Base backplane communications
FortiSwitch-5003 system
FortiGate-5000 Series Introduction
01-30000-83466-20090108
66
Download from Www.Somanuals.com. All Manuals Search And Download.
The FortiGate-5005-DIST security system
Basic FortiGate security system configuration
The FortiGate-5005-DIST security
system
The FortiGate-5005-DIST security system is very similar to a single FortiGate unit,
but with much higher capacity and with support for failover protection and
scalability. The FortiGate-5005-DIST security system consists of a FortiGate-5050
or FortiGate-5140 chassis with one or two Input/Output or I/O boards
(FortiController-5208 boards) and one or more worker boards (FortiGate-5005FA2
boards running in DIST mode). The I/O boards provide 10-gigabit and 1-gigabit
network connections and distribute traffic to the worker boards. The worker
boards provide FortiGate security system functions including firewall, VPN, IPS,
antivirus, antispam, and so on.
The following topics are included in this section:
•
•
•
•
•
Basic FortiGate security system configuration
A basic FortiGate security system consists of a single FortiController-5208 board
and four FortiGate-5005 boards installed in a FortiGate-5050 or FortiGate-5140
chassis (see Figure 29 on page 68). This system can be installed in NAT/Route
mode between the Internet and a private network. In this configuration, the
FortiGate-5005-DIST security system can provide FortiGate services to 10 gigabit
traffic passing between the private network and the Internet.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
67
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiController-5208 I/O boards
The FortiGate-5005-DIST security system
Figure 29: Example basic FortiGate-5005-DIST security system
Internet
FortiGate-5005-DIST
security system in
NAT/Route mode
X2 (port1_X2)
204.23.1.5
ACT
LINK
ACT
USB
USB
7
7
7
7
8
8
8
8
1
2
2
2
2
3
3
3
3
4
4
4
4
5
5
5
5
6
6
6
6
5
4
LINK
CONSOE
CONSOLE
CONSOLE
CONSOLE
OOS
ACC
USB
STATUS
IPM
IPM
IPM
IPM
ACT
LINK
ACT
LINK
USB
1
NAT mode policies
controlling 10G traffic
between internal and
external networks.
OOS
ACC
USB
STATUS
ACT
LINK
ACT
LINK
USB
1
3
OOS
ACC
USB
STATUS
ACT
LINK
ACT
LINK
USB
1
2
1
POWER
OOS
ACC
STATUS
DATA
CONTROL
X
1
X
2
1
2
3
4
5
9
13
14
15
16
1
2
3
4
5
6
7
8
9
13
1
2
3
4
MANAGEMENT
COM
1
COM
2
6
7
8
10
11
12
10
11
12
14
15
16
X
X
1
2
1/2
3/4
D15/D16
C15/C16
D
D
C
C
10/100/1000 MBPS ETHERNET ACTIVITY
STATUS
PAYLOAD OPERATION
IPM
Management
interface (mng)
5000SM
5000SM
5050SAP
SMC
10/100
link/Act
10/100
link/Act
10/100
link/Act
10/100
link/Act
SMC
SERIAL
1
SERIAL
2
2
1
X1 (port1_X1)
192.168.1.99
Internal
network
FortiController-5208 I/O boards
Data flows into and out of the FortiGate-5005-DIST system through the I/O
boards. The I/O boards are FortiController-5208 boards installed in chassis slots 1
and 2 in a FortiGate-5050 or FortiGate-5140 chassis. The I/O board installed in
slot 1 is configured as the primary I/O board. The optional I/O board installed in
slot 2 becomes the secondary I/O board. A FortiGate-5005-DIST system can
include one or two I/O boards.
As the I/O board, the FortiController-5208 provides all FortiGate-5005-DIST
network connections. The FortiController-5208 board provides two 10 gigabit
interfaces and four 1 gigabit interfaces for network traffic. The FortiController-5208
front panel also contains four 1 gigabit interfaces. Two of these interfaces support
inter-chassis HA and two are for future use. Adding a second FortiController-5208
board doubles the number of FortiGate-5005-DIST network interfaces.
Figure 30: FortiController-5208 front panel
SFP Gigabit
Fiber or Copper
D15
X1 X2 XFP 10 Gigabit
Fiber or Copper
Management
RJ-45 Serial
3
1
C15
DATA
CONTROL
X
1
X
2
1
2
3
4
5
6
7
8
9
13
14
15
16
1
2
3
4
5
6
7
8
9
13
14
15
16
1
2
3
4
MANAGEMENT
COM
1
COM
2
10
11
12
10
11
12
X
X
1
2
1/2
3/4
D15/D16
C15/C16
D
D
C
C
10/100/1000 MBPS ETHERNET ACTIVITY
PAYLOAD OPERATION
STATUS
IPM
2
4
C16
D16
Mounting
Knot
Mounting
Knot
Extraction
Lever
Status
Link/Traffic
Extraction
Lever
IPM
Management
RJ-45 Ethernet
Link/
Traffic
Payload
Operation
FortiGate-5000 Series Introduction
01-30000-83466-20090108
68
Download from Www.Somanuals.com. All Manuals Search And Download.
The FortiGate-5005-DIST security system
FortiGate-5005FA2 worker boards
FortiGate-5005FA2 worker boards
The FortiGate-5005FA2 security system serves as the worker board for the
FortiGate-5005-DIST security system. Worker boards are identically configured
and administered as a single unit from the primary I/O board. Workers are
typically installed in slots 3 and above, though FortiGate-5005FA2 security
systems with only one I/O board can also have a worker installed in slot 2.
The worker boards apply all of the FortiGate security system functionality to traffic
passing through the FortiGate-5005-DIST security system. Traffic is distributed to
the worker boards by the I/O boards. The worker boards perform FortiGate
functions such as applying firewall policies, virus scanning, IPS and routing to
distributed traffic.
Figure 31: FortiGate-5005FA2 front panel
Fabric and Base
network activity
LEDs
7 8 SPF Gigabit
Fiber or Copper
Accelerated
1 2 3 4 5 6 SPF Gigabit
Fiber or Copper
USB
ACT
LINK
ACT
USB
USB
ACC
7
8
1
2
3
4
5
6
LINK
CONSOLE
OOS
STATUS
IPM
Out
of
Service
Mounting
Knot
Extraction
Lever
Mounting
Knot
Module Extraction
Position Lever
Status
Link/Traffic
RJ-45 Flash Disk
Serial Access
FortiGate-5000 Series Introduction
01-30000-83466-20090108
69
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5005-DIST security system chassis
The FortiGate-5005-DIST security system
FortiGate-5005-DIST security system chassis
FortiGate-5005-DIST security systems can be installed in FortiGate-5050
or FortiGate-5140 chassis.
FortiGate-5140 chassis
You can install one or two I/O boards in slot 1 and 2 of the FortiGate-5140 ATCA
chassis. You can also install up to 12 worker boards in slots 3 to 14 if two I/O
boards are used, or up to 13 worker boards in slots 2 to 14 if one I/O board is
used. The FortiGate-5140 is a 12U chassis that contains two redundant hot
swappable DC power entry boards that connect to -48 VDC Data Center DC
power. The FortiGate-5140 chassis also includes three hot swappable cooling fan
Chassis Guide.
Figure 32: FortiGate-5005-DIST components installed in a FortiGate-5140 chassis
5140SAP
SERIAL
1
SERIAL
2
ALARM
5140
13
11
9
7
5
3
1
2
4
6
8
10
12
14
FABRIC
BASE
FABRIC
BASE
FABRIC
BASE
FABRIC
BASE
FABRIC
BASE
FABRIC
BASE
ETH0 ETH1
ETH0
Service
RESET
STATUS
Hot Swap
1 2
ETH0 ETH1
ETH0
Service
RESET
STATUS
Hot Swap
FILTER
FAN TRAY
FAN TRAY
FAN TRAY
0
1
2
FortiGate-5000 Series Introduction
01-30000-83466-20090108
70
Download from Www.Somanuals.com. All Manuals Search And Download.
The FortiGate-5005-DIST security system
FortiGate-5005-DIST interface names
FortiGate-5050 chassis
You can install one or two I/O boards in slot 1 and 2 of the FortiGate-5050 ATCA
chassis. You can also install up to three worker boards in slots 3 to 5 if two I/O
boards are being used, or four worker boards in slots 2 to 5 if one I/O board is
used. The FortiGate-5050 is a 5U chassis that contains two redundant DC power
connections that connect to -48 VDC Data Center DC power. The FortiGate-5050
chassis also includes a hot swappable cooling fan tray. For details about the
Figure 33: FortiGate-5005-DIST components installed in a FortiGate-5050 chassis
ACT
LINK
ACT
LINK
USB
USB
7
7
7
7
8
8
8
8
1
2
2
2
2
3
3
3
3
4
4
4
4
5
5
5
5
6
6
6
6
5
4
CONSOLE
CONSOLE
CONSOLE
CONSOLE
OOS
ACC
USB
STATUS
IPM
IPM
IPM
IPM
ACT
LINK
ACT
LINK
USB
1
OOS
ACC
USB
STATUS
ACT
LINK
ACT
LINK
USB
1
3
OOS
ACC
USB
STATUS
ACT
LINK
ACT
LINK
USB
1
2
1
POWER
OOS
ACC
STATUS
DATA
CONTROL
X
1
X
2
1
2
3
4
5
9
13
14
15
16
1
2
3
4
5
6
7
8
9
13
1
2
3
4
MANAGEMENT
COM
1
COM
2
6
7
8
10
11
12
10
11
12
14
15
16
X
X
1
2
1/2
3/4
D15/D16
C15/C16
D
D
C
C
10/100/1000 MBPS ETHERNET ACTIVITY
STATUS
PAYLOAD OPERATION
IPM
5000SM
5000SM
5050SAP
10/100
link/Act
10/100
link/Act
10/100
link/Act
10/100
link/Act
SMC
SMC
SERIAL
1
SERIAL
2
2
1
FortiGate-5005-DIST interface names
The FortiGate-5005-DIST worker web-based manager and CLI use an internal
naming convention to name FortiGate-5005-DIST interfaces. The interface names
indicate the I/O board containing the interface and also include the I/O board front
panel interface name. The naming convention is:
port<I/O_board_number>_<I/O_board_interface_name>
where:
<I/O_board_number> is 1 for the interfaces of the primary I/O board installed in
chassis slot 1 and 2 for the interfaces of the secondary I/O board installed in
chassis slot 2. The interfaces for the secondary I/O board only appear in the
web-based manager and CLI when a secondary I/O board is installed.
<I/O_board_interface_name> is the name of the interface as shown on the
FortiController-5208 front panel.
Table 24 on page 72 shows the relationship between the names of the primary
and secondary board front panel interfaces and the interface names that appear
on the FortiGate-5005-DIST worker web-based manager and CLI.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
71
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiGate-5005-DIST interface names
The FortiGate-5005-DIST security system
Table 24: FortiGate-5005-DIST interface naming
FortiController-5208 FortiController-5208 front
Web-based manager and
CLI interface names
location
panel interface names
Primary
X1
port1_X1
port1_X2
port1_1
port1_2
port1_3
port1_4
mng
FortiController-5208
board installed in
chassis slot 1
X2
1
2
3
4
Management
Secondary
X1
port2_X1
port2_X2
port2_1
port2_2
port2_3
port2_4
Not used.
FortiController-5208
board installed in
chassis slot 2
X2
1
2
3
4
Management
FortiGate-5000 Series Introduction
01-30000-83466-20090108
72
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiController-5208 system
FortiController-5208 system
You can create a FortiGate-5005-DIST high-throughput multi-threat network
security system using one or two FortiController-5208 boards and multiple
FortiGate-5005 boards in a FortiGate-5050 or FortiGate-5140 chassis.
A FortiGate-5020 chassis cannot be used to create a FortiGate-5005-DIST
system. Functionally, one or two FortiController-5208 boards using the processing
power of multiple FortiGate-5005 boards function much like a single FortiGate
unit, but with far greater capacity.
In a FortiGate-5005-DIST configuration, the FortiGate-5005FA2 boards are used
only for their processing power. The FortiController-5208 assigns tasks to each
FortiGate-5005FA2 board and provides all external connections to the network.
Given this division of labor, the FortiController-5208 board is also called the
I/O board and the FortiGate-5005FA2 boards are also called the worker boards.
The FortiController-5208 board provides two 10 gigabit interfaces and four
1 gigabit interfaces for network traffic. The FortiController-5208 front panel also
contains an additional four 1-gigabit interfaces for inter-chassis HA and future
use. Optionally, you can double the number of available of network interfaces by
adding a second FortiController-5208.
Once initial set-up is complete, all subsequent administration and configuration of
the FortiController-5208 boards and FortiGate-5005 boards is done through the
primary FortiController-5208 board.
The FortiGate-5005 boards are administered as a single unit, and therefore
configured identically. All traffic is distributed to the FortiGate boards using the
backplane interfaces so no front panel connections are required for the FortiGate
boards.
The FortiController-5208 board includes the following features:
•
Two 10 gigabit interfaces that can accept fiber or copper 10 gigabit Small Form
factor Pluggable (XFP) fiber or copper transceivers.
•
Eight 1 gigabit front panel network interfaces that can accept Small Form
factor Pluggable (SFP) fiber or copper transceivers. Four of these interfaces
are for data, two for inter-chassis high-availability (HA) connections, and two
for future use.
•
•
•
•
•
One fabric and two base backplane gigabit interfaces.
Two RJ-45 RS-232 serial console management connections.
An RJ-45 Ethernet management connection.
Mounting hardware
LED status indicators
Before you can connect any FortiController-5208 front panel interfaces, you must
insert the XFP or SFP transceivers into the FortiController-5208 front panel cage
slots.
This chapter includes the following information about the FortiController-5208
board:
•
•
•
Installing XFP and SFP transceivers
FortiGate-5000 Series Introduction
01-30000-83466-20090108
73
Download from Www.Somanuals.com. All Manuals Search And Download.
Front panel LEDs and connectors
FortiController-5208 system
•
•
•
Inserting a FortiController-5208 module into a chassis
Removing a FortiController-5208 module from a chassis
Troubleshooting
Front panel LEDs and connectors
From the FortiController-5208 front panel you can view the status of the board
LEDs to verify that the board is functioning normally. LEDs also indicate
connections and traffic for the front panel and backplane interfaces. You also
connect the FortiController-5208 board to your network through the front panel
XFP and SFP connections. The front panel also includes two RJ-45 serial console
ports for connecting to the FortiController-5208 CLI and an Ethernet RJ-45 port for
connecting to the CLI and GUI management interfaces over a network.
Figure 34: FortiController-5208 front panel
SFP Gigabit
Fiber or Copper
D15
X1 X2 XFP 10 Gigabit
Fiber or Copper
Management
RJ-45 Serial
3
1
C15
DATA
CONTROL
X
1
X
2
1
2
3
4
5
6
7
8
9
13
14
15
16
1
2
3
4
5
6
7
8
9
13
14
15
16
1
2
3
4
MANAGEMENT
COM
1
COM
2
10
11
12
10
11
12
X
X
1
2
1/2
3/4
D15/D16
C15/C16
D
D
C
C
10/100/1000 MBPS ETHERNET ACTIVITY
PAYLOAD OPERATION
STATUS
IPM
2
4
C16
D16
Mounting
Knot
Mounting
Knot
Extraction
Lever
Status
Link/Traffic
Extraction
Lever
IPM
Management
RJ-45 Ethernet
Link/
Traffic
Payload
Operation
LEDs
Table 25: FortiController-5208 board LEDs
LED
State
Description
X1, X2
Green
The correct cable is connected to the 10 gigabit
XFP interface.
STATUS
Off
The STATUS LED is always off, even when the
FortiController-5208 board is starting or operating
normally.
PAYLOAD OPERATION Green
DATA 1-16 Green
The data LEDs display base backplane connections
of the FortiController-5208 board and the 5005
boards, over which the load-balanced traffic is sent.
LED 1 corresponds to the FortiController-5208
board’s connection, LEDs 3 through 14 are for
connections to the corresponding slots in a 5050 or
5140 chassis. LEDs 15 and 16 are for the HA ports
D15/D16 on the front panel. Due to the organization
of the backplane, LED 2 will always be off, even if
an operating FortiController-5208 is in slot 2.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
74
Download from Www.Somanuals.com. All Manuals Search And Download.
FortiController-5208 system
Front panel LEDs and connectors
Table 25: FortiController-5208 board LEDs (Continued)
LED
State
Description
CONTROL
1-16
Green
The control LEDs display the fabric backplane
connections of the FortiController-5208 board,
an optional secondary FortiController-5208 board,
and all the 5005 boards, over which management
communication is sent. LED 1 is for the
FortiController-5208 board’s connection. LEDs 2
through 14 are for connections to the corresponding
slots in a 5050 or 5140. LEDs 15 and 16 are for
future use.
Flashing Management communication activity on the fabric
backplane connection.
1, 2, 3, 4
IPM
Green
The correct cable is connected to the gigabit SFP
interface.
Flashing Network activity at the gigabit SFP interface.
Blue
The FortiController-5208 is ready to be hot-
swapped (removed from the chassis). If the IPM
light is blue and no other LEDs are lit the
FortiController-5208 board has lost power. See
“Inserting a FortiController-5208 module into a
chassis” on page 10 for more information.
Flashing The FortiController-5208 is changing from hot swap
Blue
to running mode or from running mode to hot swap.
Off
Normal operation. The FortiController-5208 board is
in contact with the chassis backplane.
MANAGEMENT Link
LED
Amber
The correct cable is inserted into this interface and
the connected equipment has power.
Flashing Network activity at this interface.
Speed Green
The interface is connected at 1000 Mbps.
The interface is connected at 100 Mbps.
The interface is connected at 10 Mbps.
LED
Amber
Unlit
The control LEDs of a secondary FortiController-5208 board will be synchronized
to the control LEDs of the primary because all the installed boards use the same
fabric backplane network to communicate. Each FortiController-5208 board has
its own base backplane network with which to exchange data traffic with the
worker boards so the data LEDs of each FortiController-5208 board will indicate
only its own communication.
Connectors
Table 26 lists and describes the FortiController-5208 board connectors.
Table 26: FortiController-5208 connectors
Connector
X1, X2
Type
Speed
Protocol Description
XFP
10 Gbps
Ethernet Two 10 gigabit XFP interfaces that
can accept fiber or copper
transceivers. These interfaces
operate only at 10 Gbps. See
“Installing XFP and SFP transceivers”
on page 9 for more information.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
75
Download from Www.Somanuals.com. All Manuals Search And Download.
Backplane gigabit interfaces
FortiController-5208 system
Table 26: FortiController-5208 connectors (Continued)
Connector
1, 2, 3, 4
Type
Speed
Protocol Description
LC SFP 1000 Mbps Ethernet Four 1 gigabit SFP interfaces that can
accept fiber or copper transceivers.
These interfaces operate only at
1000Mbps. See “Installing XFP and
SFP transceivers” on page 9 for more
information.
D15, D16
C15, C16
LC SFP 1000 Mbps Ethernet Two 1 gigabit SFP interfaces used for
inter-chassis high-availability (HA)
connections.
LC SFP
For future use.
COM1, COM2 RJ-45
9600 bps
RS-232
serial
Serial connection to the command line
interface.
MANAGEMENT RJ-45
1000 Mbps Ethernet Ethernet management connection to
the FortiController-5208 web-based
manager and command line interface.
Backplane gigabit interfaces
The FortiController-5208 board uses the chassis backplane gigabit interfaces for
all communication with boards installed in the chassis. This communication
includes:
•
Management communication between the primary FortiController-5208, the
optional secondary FortiController-5208, and the FortiGate-5005FA2 boards.
•
•
•
Delivery of traffic data to the FortiGate-5005FA2 boards for processing.
Receiving processed traffic from the FortiGate-5005FA2 boards.
If installed, the secondary FortiController-5208 board also delivers data traffic
to the FortiGate-5005FA2 boards and receives the processed traffic from them.
No front panel cables are required for connections between the installed boards.
Once the FortiController-5208 board is configured as the primary, and the
FortiGate-5005FA2 boards are configured to use the LDB firmware, all
communication between the installed boards is automatic and requires no
configuration.
FortiGate-5000 Series Introduction
01-30000-83466-20090108
76
Download from Www.Somanuals.com. All Manuals Search And Download.
Download from Www.Somanuals.com. All Manuals Search And Download.
|