How it Works
Fortinet
Loading...
F
Loading...
Loading...
FortiCarrier-5001A-DW
User Manual
42 pgs2.07 Mb0

Fortinet FortiCarrier-5001A-DW, FortiCarrier-5001A User Manual

FortiCarrier-5001A
Security System Guide
FortiCarrier-5001A-DW
A detailed guide to the FortiCarrier-5001A-DW Security System. This FortiCarrier-5001A Security System Guide describes FortiCarrier-5001A hardware features, how to install a FortiCarrier-5001A board in a FortiGate-5000 series chassis, and how to configure the FortiCarrier-5001A security system for your network.
The most recent versions of this and all FortiGate-5000 series documents are availa ble from the FortiGate-5000 page of the Fortinet Technical Documentation web site (http://docs.forticare.com).
Visit http://support.fortinet.com to register your FortiCarrier-5001A security system. By registering you can receive
product updates, technical support, and FortiGuard services.
FortiCarrier-5001A Security System Guide
01-400-91945 -20090223
Warnings and cautions
Warnings and cautions
Only trained and qualified personnel should be allowed to install or maintain FortiGate-5000 series equipment. Read and comply with all warnings, cautions and notices in this document.
CAUTION: Risk of Explosion if Battery is replaced by an Incorrect Type. Dispose of Used Batteries According to the Instructions.
Caution: You should be aware of the following cautions and warnings before installing FortiGate-5000 series hardware
Turning of f all power switches may not tur n off all po wer to the FortiGate-5000 seri es equipment. Some circuitry in the FortiGate-5000 series equipment may continue to operate even though all power switches are off.
Many FortiGate-5000 components are hot swappable and can be installed or removed while the power is on. But some of the procedures in this document may require power to be turn ed o ff and completely disconnected. Follow all instructions in the procedures in this document that describe disconnecting FortiGate-5000 series equipment from power sources, telecommunications links and networks before installing, or removing FortiGate-5000 series components, or performing other maintenance tasks. Failure to follow the instructions in this document can result in personal injury or equipment damage.
Install FortiGate-5000 series chassis at the lower positions of a rack to avoid making the rack top-heavy and unstable.
Do not insert metal objects or tools into open chassis slots.
Electrostatic discharge (ESD) can damage FortiGate-5000 series equipment. Only perform the procedures described in this document from an ESD workstation. If no such st ation is available, you can provide some ESD protection by wearing an anti-static wrist strap and attaching it to an available ESD connector such as the ESD sockets provided on FortiGate-5000 series chassis.
Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recommends direct connections to the building ground.
If you install a FortiGate-5000 series component in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient. Make sure the operating ambient temperature does not exceed Fortinet’s maximum rated ambient temperature.
Installing FortiGate-5000 series equipment in a rack should be such that the amount of airflow required for safe operation of the equipment is not compromised.
FortiGate-5000 series chassis should be installed by a qualified electrician.
FortiGate-5000 series equipment shall be installed and connected to an electrical supply source in accordance with the applicable codes and regulations for the location in which it is installed. Particular attention shall be paid to use of correct wire type and size to comply with the applicable codes and regulations for the installation / location. Connection of the supply wiring to the terminal block on the equipment may be accomplished using Listed wire compression lugs, for example, Pressure Terminal Connector made by Ideal Industries Inc. or equivalent which is suitable for AWG-10. Particular attention shall be given to use of the appropriate compression tool specified by the compression lug manufacturer, if one is specified.
2 01-400-91945 -20090223
FortiCarrier-5001A Security System Guide
http://docs.fortinet.com/Feedback
Contents
Contents
Warnings and cautions.................. ... ... .... ... ... ... .............................................................. 2
FortiCarrier-5001A security system ....................................................... 5
Front panel LEDs and connectors................................................................................. 6
LEDs........................................................................................................................... 6
Connectors ....................................................... .......................................................... 7
Base backplane communication ................................................................................... 7
Fabric backplane communication .......................................................... ... ... .... ............. 8
FortiGate-RTM-XB2................................ ... ................................................................. 8
AMC modules .................................................................................................................. 9
Hardware installation............................................................................. 11
Changing FortiCarrier-5001A SW11 switch settings ................................................. 12
FortiCarrier-5001A mounting components................................................................. 14
Inserting a FortiCarrier-5001A board .................................. ...... ... .... ... ... ... ... .... ... ... ... .. 15
Removing a FortiCarrier-5001A board ........................................................................ 18
Resetting a FortiCarrier-5001A board ......................................................................... 20
Installing and removing AMC modules....................................................................... 21
Inserting AMC slot filler panels................................................................................. 22
Inserting AMC modules ............................................................................................ 23
Removing AMC modules.......................................................................................... 24
Troubleshooting............................................................................................................ 24
FortiCarrier-5001A does not start up........................................................................ 24
FortiCarrier-5001A status LED is flashing during system operation......................... 25
FortiGate AMC modules not detected by FortiCarrier-5001A board.... ... ... .... ... ... ... .. 25
Quick Configuration Guide ................................................................... 27
Registering your Fortinet product............................................................................... 27
Planning the configuration........................................................................................... 27
NAT/Route mode...................................................................................................... 28
Transparent mode .................................................................................................... 28
Choosing the configuration tool.................................................................................. 29
Web-based manager................................................................................................ 29
Command Line Interface (CLI) ................................................................................. 30
Factory default settings................................................................................................ 30
Configuring NAT/Route mode...................................................................................... 30
Using the web-based manager to configure NAT/Route mode................................ 31
Using the CLI to configure NAT/Route mode ........................................................... 32
FortiCarrier-5001A Security System Guide 01-400-91945 -20090223 3
http://docs.fortinet.com/Feedback
Contents
Configuring Transparent mode ................................................................................... 33
Using the web-based manager to configure Transparent mode............................... 33
Using the CLI to configure Transparent mode.......................................................... 34
Upgrading FortiCarrier-5001A firmware...................................................................... 35
FortiCarrier-5001A base backplane data communication....................... ... ....... ... ... .. 36
FortiCarrier-5001A fabric backplane data communication ............................ ... ... ... .. 38
Powering off the FortiCarrier-5001A board ................................................................ 39
For more information............................................................................. 41
Fortinet documentation................................................................................................ 41
Fortinet Tools and Documentation CD ..................................................................... 41
Fortinet Knowledge Center ...................................................................................... 41
Comments on Fortinet technical documentation ..................................................... 41
Customer service and technical support.................................................................... 41
Register your Fortinet product .................................................................................... 41
4 01-400-91945 -20090223
FortiCarrier-5001A Security System Guide
http://docs.fortinet.com/Feedback
FortiCarrier-5001A security system
FortiCarrier-5001A security system
The FortiCarrier-5001A security system is a high-performance Adva nced Telecommunications Computing Architecture (ACTA) compliant FortiOS Carrier security system that can be installed in any ACTA chassis including the FortiGate-5140, FortiGate-5050 , or For tiG at e- 50 2 0 chassis.
The FortiCarrier-5001A-DW (double-width) board includes a double-width Advanced Mezzanine Card (AMC) opening. Yo u can inst all a suppor ted FortiGate AMC Double width Module (ADM) such as the FortiGate-ADM-XB2 or the FortiGate-ADM-FB8 in the AMC opening. The FortiGate-ADM-XB2 adds two accelerated 10-gigabit interfaces to the FortiCarrier-5001A board and the FortiGate-ADM-FB8 adds 8 accelerated 1-gigabit interfaces.
The FortiCarrier-5001A security system contains two front panel 1-gigabit ethernet interfaces, two base backplane 1-gigabit interfaces, and two fabric backplane 1-gigabit interfaces. Use the front panel interfaces for connections to your networks and the backplane interfaces for communication across the ACTA chassis backplane.
If you install a FortiGate-RTM-XB2 mod ule for each FortiCarrie r-5001A board, the FortiCarrier-5001A fabric interfaces can operate at 10 Gbps. The FortiGate-RTM-XB2 also provides NP2-accelerated network processing for eligible traffic passing throug h the FortiGate-RTM-XB2 interfaces.
You can also configure two or more FortiCarrier-5001A boards to create a high availability (HA) cluster using the base or fabric backplane interfaces for HA heartbeat communication through the chassis backplane, leavin g front panel interfaces available for network connections.
Note: In most cases the base backplane interfaces are used for HA heartbeat communication and the fabric backplane interfaces are used for data communication.
The FortiCarrier-5001A board also supports all FortiOS Car rier features including GTP and MMS content filtering, SIP load balancing, 802.1Q VLANs, multiple virtual domains, and 802.3ad aggregate interfaces.
Figure 1: FortiCarrier-5001A-DW front panel
Fabric and Base
network activity
LEDs
USB
IPM LED
(board
position)
ACC OOS Power Status LEDs
Retention
Screw
Extraction
Lever
Retention
Screw
Extraction
Lever
Double-width AMC
opening
Console
port1 and port2
10/100/1000
Copper Interfaces
RJ-45
The FortiCarrier-5001A board includes the following features:
Two front p anel 10/100/1000Base-T copper 1-gigabit ethernet interfaces.
Two base backplane 1-gigabit interfaces (base CH0 and Base CH1 on the front panel and base1 and base2 in the firmware) for HA he artbeat and data communications across the FortiGate-5000 chassis backplane.
FortiCarrier-5001A Security System Guide 01-400-91945 -20090223 5
Front panel LEDs and connectors FortiCarrier-5001A security system
Two fabric b ackplane interfaces (Fabric CH0 and Fabric CH1 on the front panel and fabric1 and fabric2 in the firmware) for HA heartbeat and data communications across the FortiGate-5000 chassis backplane. Th e fabric backplane interfaces operate at 1 Gbps. If you install a FortiGate-RTM-XB2 module the fabric backplane interfaces operate at 10 Gbps.
One double-width AMC opening (FortiCarrier-5001A-DW board).
One single-width AMC opening (FortiCarrier-5001A-SW board).
RJ-45 RS-232 serial console connection.
2 USB connectors.
Mounting hardware.
LED status indicators.
Front panel LEDs and connectors
From the FortiCarrier-5001A font panel you can view the status of the front panel LEDs to verify that the board is functioning normally. You also connect the FortiCarrier-5001A board to your network through the front panel 10/100/1000 ethernet connectors. The front panel also includes the RJ-45 console port for connecting to the FortiOS CLI and two USB ports. The USB ports can be used with any USB key for backing up and restoring configuration files. For information about using the using a USB key with a FortiGate or FortiOS Carrier unit, see the
FortiGate-5000 Series Firmware and FortiUSB Guide.
LEDs
Table 1 lists and describes the FortiCarrier-5001A LEDs.
Table 1: FortiCarrier-5001A LEDs
LED State Description 1, 2
(Left LED)
1, 2 (Right LED)
Base CH0 Green Base backplane interface 0 (base1) is connected at 1 Gbps.
Base CH1 Green Base backplane interface 1 (base2) is connected at 1 Gbps.
Fabric CH0 Off Fabric backplane interface 0 (fabric1) is connected at 10
Green The correct cable is connected to the interface and the
Flashing Green
Off No link is established. Green Connection at 1 Gbps. Amber Connection at 100 Mbps. Off Connection at 10 Mbps.
Flashing Green
Flashing Green
Flashing Green
connected equipment has power. Network activity at the interface.
Network activity at base backplane interface 0.
Network activity at base backplane interface 1.
Gbps. Network activity at fabric backplane interface 0.
FortiCarrier-5001A Security System Guide
6 01-400-91945 -20090223
FortiCarrier-5001A security system Base backplane communication
Table 1: FortiCarrier-5001A LEDs (Continued)
LED State Description Fabric CH1 Off Fabric backplane interface 1 (fabric2) is connected at 10
Flashing Green
ACC
OOS (Out of Service)
Power
Off or Flashing green
Off Normal operation. Green A fault condition exists and the FortiCarrier-5001A blade is
Green The FortiCarrier-5001A board is powered on.
Gbps. Network activity at fabric backplane interface 1.
The ACC LED flashes green when the FortiCarrier-5001A board accesses the FortiOS flash disk. The FortiOS flash disk stores the current FortiOS firmware build and configuration files. The system accesses the flash disk when starting up, during a firmware upgrade, or when an administrator is using the CLI or GUI to change the FortiOS configuration. Under normal operating conditions this LED flashes occasionally, but is mostly off.
out of service (OOS). This LED may also flash very briefly during normal startup.
Connectors
Status
IPM
Off The FortiCarrier-5001A board is powered on. Flashing
Green
Blue The FortiCarrier-5001A is ready to be hot-swapped (removed
Flashing Blue
Off Normal operation. The FortiCarrier-5001A board is in contact
The FortiCarrier-5001A is starting up. If this LED is flashing at any time other than system startup, a fault condition may exist.
from the chassis). If the IPM light is blue and no other LEDs are lit the FortiCarrier-5001A board has lost power.
The FortiCarrier-5001A is changing from hot swap to running mode or from running mode to hot swap. This happens when the FortiCarrier-5001A board is starting up or shutting down.
with the chassis backplane.
Table 2 lists and describes the FortiCarrier-5001A connectors.
Table 2: FortiCarrier-5001A connectors
Connector Type Speed Protocol Description 1, 2 RJ-45 10/100/1000
Base-T
CONSOLE RJ-45 9600 bps
8/N/1
USB USB FortiUSB key firmware updates and
Ethernet Copper 1-gigabit connection to RS-232
serial
10/100/1000Base-T copper networks. Serial connection to the command line
interface. configuration backup.
Base backplane communication
The FortiCarrier-5001A base backplane 1-gigabit in terfaces can be used for HA heartbeat communication between FortiCarrier-5001A boards installed in the same or in different FortiGate-5000 chassis. You can also configure FortiCarrier-5001A boards to use the base backplane interfaces for da ta communication among FortiGate and FortiCarrier boards. To support base
FortiCarrier-5001A Security System Guide 01-400-91945 -20090223 7
Fabric backplane communication FortiCarrier-5001A security system
backplane communications your FortiGate-5140 or FortiGate-5050 chassis must include one or more FortiSwitch-5003 boards, FortiSwitch- 5003A boards, or other 1-gigabit base backplane switching boards installed in the chassis in base slots 1 and 2. The FortiGate-5020 chassis supports base backplan e communication with no additions or changes to the chassis.
For information about base backplane communication in FortiGate-5140 and FortiGate-5050 chassis, see the FortiGate-5000 Backplane Communication
Guide. For information about the FortiSwitch-5003 board, see the FortiSwitch-5003 System Guide. For information about the FortiSwitc h-5003A
board, see the FortiSwitch-5003A System Guide.
Fabric backplane communication
The FortiCarrier-5001A fabric backplane interfaces can be used for data communication or HA heartbeat communication between FortiCarrier-5001A boards installed in the same or in different FortiGate-5000 chassis. To support 1-gigabit fabric backplane communications your FortiGate-5140 or FortiGate-5050 chassis must include one or more FortiSwitch-5003A boards or other 1-gigabit fabric backplane switching boards installed in the chassis in fabric slots 1 and 2. The FortiGate-5020 chassis does not support fabric backplane communications.
For information about fabric backplane communication in FortiGate-5140 and FortiGate-5050 chassis, see the FortiGate-5000 Backplane Communication
Guide. For information about the FortiSwitch-5003A board, see the FortiSwitch-5003A System Guide.
FortiGate-RTM-XB2
The FortiGate-RTM-XB2 module provides two 10-gigabit fabric backplane interfaces and NP2 processor acceleration for FortiCarrier-5001A fabric interfaces. For 10-gigabit fabric backplane communications, each FortiCarrier-5001A board requires one FortiGate-RTM-XB2 module. The FortiGate-RTM-XB2 module is an ATCA rear transition module (RTM) that installs into an RTM slot at the back of a FortiGate-5140 and FortiGate-5050 chassis.
To support 10-gigabit fabric backplane communications your FortiGate-5140 or FortiGate-5050 chassis must also include one or more FortiSwitch-5003A boards or other 10-gigabit fabric backplane switching boards installed in the chassis in fabric slots 1 and 2.
Note: On some versions of the FortiCarrier-5001A firmware, when a FortiGate-5001A board starts up with a FortiGate-RTM-XB2 module installed, the fabric1 and fabric2 interfaces are replaced with interfaces that are named RTM/1 and RTM/2 to indicate the presence of the FortiGate-RTM-XB2 module. Configuration settings that include the fabric1 and fabric2 interface names will have to be changed to use the RTM/1 and RTM/2 interface names.
FortiCarrier-5001A Security System Guide
8 01-400-91945 -20090223
FortiCarrier-5001A security system AMC modules
ADM-XB2
LINK
ACT
1 2
HS OOS PWR
OT
LINK
ACT
Figure 2: FortiGate- RTM-XB2 front panel
Retention
Retention
Screw
Handle
Power LED
Screw
Handle
The FortiGate-RTM-XB2 NP2 processors provide hardware accelerated network processing for eligible traffic passing through the FortiGate-RTM-XB2 interfaces. For information about Fortinet NP2 processor acceleration, see the Fortinet
Hardware Acceleration Technical Note.
Follow the instructions in the FortiGate-RTM-XB2 System Guide to install the FortiGate-RTM-XB2 module.
AMC modules
You can install one FortiGate AMC Double width Module (ADM) in the FortiCarrier-5001A-DW front panel AMC double-width opening. For example:
The FortiGate-ADM-XB2, provides 2 NP2 accelerated XFP 10-gigabit interfaces.
The FortiGate-ADM-FB8, provides 8 NP2 accelerated SFP 1-gigabit interfaces.
Figure 3: FortiGate-ADM-XB2
Note: You can operate a FortiCarrier-5001A board with both a FortiGate-RTM-XB2 module
and a supported FortiGate AMC module installed at the same time.
FortiCarrier-5001A Security System Guide 01-400-91945 -20090223 9
AMC modules FortiCarrier-5001A security system
FortiCarrier-5001A Security System Guide
10 01-400-91945 -20090223
Hardware installation
!
!
!
Hardware installation
Before use, the FortiCarrier-5001A board must be correctly inserted into an Advanced Telecommunications Comp uting Architecture (ACTA) chassis such as the FortiGate-5140, FortiGate-5050, or FortiGate-5020 chassis.
Before inserting the board into a chassis you should make sure the SW-11 switch is set correctly.
In the available Advanced Mezzanine Card (AMC) double-width module (ADM) opening on the FortiCarrier-5001A-DW front panel you can install a supported FortiGate ADM module such as the FortiGate-ADM-XB2 or the FortiGate-ADM-FB8.
Caution: If you are installing a FortiGate-RTM-XB2 module you should install the FortiGate-RTM-XB2 module in the chassis RTM slot first, before you install the FortiCarrier-5001A board to avoid possible damage. Follow the instructions in the
FortiGate-RTM-XB2 System Guide to install the FortiGate-RTM-XB2 module.
Caution: Because FortiCarrier-5001A boards do not support hot swapping AMC modules, the FortiCarrier-5001A board must be disconnected from power before you install a FortiGate AMC module. Also, the FortiCarrier-5001A-DW left (top) handle must be opened to install a FortiGate AMC module. See “Installing and removing AMC modules” on
page 21.
Caution: Do not operate the FortiCarrier-5001A board with an open AMC opening. For optimum cooling performance and safety, the AMC opening must contain an AMC slot filler panel or a FortiGate AMC module.
Note: FortiCarrier-5001A boards are hot swappable even if the FortiCarrier-5001A board contains an AMC module and you have installed a FortiGate-RTM-XB2 module for the FortiCarrier-5001A board.
This section describes:
Changing FortiCarrier-5001A SW11 switch settings
FortiCarrier-5001A mounting components
Inserting a FortiCarrier-5001A board
Removing a FortiCarrier-5001A board
Resetting a FortiCarrier-5001A board
Installing and removing AMC modules
Troubleshooting
FortiCarrier-5001A Security System Guide 01-400-91945 -20090223 11
Changing FortiCarrier-5001A SW11 switch settings Hardware installation
Changing FortiCarrier-5001A SW11 switch settings
The SW11 switch on the FortiCarrier-5001A board is factory set by Fortinet to detect a shelf manager (Figure 4). This is the correct setting if you are installing the FortiCarrier-5001A board in a chassis that contains an operating shelf manager (such as the FortiGate-5140 or FortiGate-5050 chassis).
Figure 4: FortiGate-5140 and 5050 setting for SW11 (factory default shelf manager
mode)
Factory Default (Shelf Manager Required)
ON
SW11
3421
1 Off 2 On 3 Off 4 Off
By default a FortiCarrier-5001A board will not start up if the board is installed in a chassis, such as a FortiGate-5020, that does not contain a shelf manager or that contains a shelf manager that is not operating. Before installing a FortiCarrier-5001A board in a FortiGate-5020 chassis or a chassis that does not contain an operating shelf manager you must change the SW11 switch setting as shown in Figure 5.
Figure 5: FortiGate-5020 setting for SW11 (standalone mode)
Standalone Mode for FortiGate-5020 (no Shelf Manager)
ON
SW11
3421
1 Off 2 On 3 On 4 Off
In all cases you should confirm that you have the correct SW11 setting before installing the board in a chassis.
FortiCarrier-5001A Security System Guide
12 01-400-91945 -20090223
Hardware installation Changing FortiCarrier-5001A SW11 switch settings
!
Table 3: FortiCarrier-5001A SW11 settings for different chassis
Chassis Correct SW11
Setting
FortiGate-5140 or 5050 or
any ACTA chassis with an operating shelf manager (factory default shelf manager mode).
FortiGate-5020 or any ACTA
chassis without an operating shelf manager (standalone mode).
Note: If the shelf manager in a FortiGate-5140 or FortiGate-5050 chassis is missing or not functioning, FortiCarrier-5001A boards with factory default SW11 settings will not start up.
1OffShelf manager cannot find 2On 3Off 4Off 1OffFortiCarrier-5001A board will not start 2On 3On 4Off
Result of wrong jumper setting
FortiCarrier-5001A board. No shelf manager information about the FortiCarrier-5001A board available.
up.
To change or verify the SW11 switch setting
To complete this procedure, you need:
A FortiCarrier-5001A board
A tool for changing the SW11 switch setting (optional)
An electrostatic discharge (ESD) preventive wrist strap with connection cord
Caution: FortiCarrier-5001A boards must be protected from static discharge and physical shock. Only handle or work with FortiCarrier-5001A boards at a static-free workstation. Always wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling FortiCarrier-5001A boards.
1 Attach the ESD wrist strap to your wrist and to an available ESD socket or wrist
strap terminal.
2 If you have installed the FortiCarrier-5001A board in a chassis, remove it.
For removal instructions, see “Removing a FortiCarrier-5001A board” on page 18.
3 Use Figure 6 to locate SW11 on the FortiCarrier-5001A board.
The top of the FortiCarrier-5001A board is covered with a copper heat sink. The printed circuit board is under the copper heat sink. SW11 is located on the printed circuit board and is accessible from the left side of the FortiCarrier-5001A board under the copper heat sink (see Figure 6).
FortiCarrier-5001A Security System Guide 01-400-91945 -20090223 13
Loading...
+ 29 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use