Fortinet FortiGate FortiGate-5000, FortiGate-5140, FortiGate-5050, FortiGate-5020 Backplane Communications Manual

Backplane Communications Guide

FortiGate-5000 Series
Version 3.0 MR5

www.fortinet.com

FortiGate-5000 Series Backplane Communications Guide

29 August 2007
01-30005-0423-20070829

© Copyright 2007 Fortinet, Inc. All rights reserved. No part of this
publication including text, examples, diagrams or illustrations may be
reproduced, transmitted, or translated in any form or by any means,
electronic, mechanical, manual, optical or otherwise, for any purpose,
without prior written permission of Fortinet, Inc.

Trademarks

Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC,
FortiBIOS, FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat
Management System, FortiGuard, FortiGuard-Antispam, FortiGuard­Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer,
FortiManager, Fortinet, FortiOS, FortiPartner, FortiProtect, FortiReporter,
FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of
Fortinet, Inc. in the United States and/or other countries. The names of
actual companies and products mentione d herein may be the trade marks
of their respective owners.

Contents

Contents

Introduction........................................................................ 5

Warnings and cautions..................................................................................... 5

About this document......................................................................................... 7

Fortinet documentation..................................................................................... 7

Fortinet Tools and Documentation CD.......................................................... 7

Fortinet Knowledge Center ........................................................................... 7

Comments on Fortinet technical documentation........................................... 7

Customer service and technical support........................................................ 7

FortiGate-5140 base backplane communication ............ 9

HA configurations.......................... .... ................................................ ... ........... 10

Two FortiSwitch modules per chassis......................................................... 11

One FortiSwitch module per chassis........................................................... 15

Network configurations................................................................................... 21

Connecting FortiGate modules to each other ............................................. 22

Connecting FortiGate modules to the network............................................ 22

FortiGate-5050 base backplane communication .......... 23

HA configurations.......................... .... ................................................ ... ........... 24

Two FortiSwitch modules per chassis......................................................... 25

One FortiSwitch module per chassis........................................................... 29

Network configurations................................................................................... 35

Connecting FortiGate modules to each other ............................................. 36

Connecting FortiGate modules to the network............................................ 36

FortiGate-5020 base backplane communication .......... 37

HA configurations.......................... .... ................................................ ... ........... 37

Heartbeat failover between channels.......................................................... 38

Inter-chassis HA configurations .................................................................... 41

Network configurations................................................................................... 43

Index.................................................................................. 45

FortiGate-5000 Series Version 3.0 MR5 Backplane Communications Guide
01-30005-0423-20070829 3

Contents

FortiGate-5000 Series Version 3.0 MR5 Backplane Communications Guide

4 01-30005-0423-20070829

Introduction Warnings and cautions

Introduction

This FortiGate-5000 Series Backplane Communications Guide contains
information, instructions and example configurations involving the base backplane
network interfaces of FortiGate-5000 series systems.

FortiGate-5140, FortiGate-5050 and FortiGate-5020 chassis base backplanes
can provide a communications medium between blade modules. FortiGate-5140
and FortiGate-5050 chassis base backplanes can also p rovide a communication s
medium to other chassis’ base backplanes, or to the network. Supported base
backplane use varies by configuration and by chassis and module types, but can
include:

• high availability (HA) cluster connection

• multi-channel HA cluster connection failover

• inter-chassis HA cluster connection

• multi-channel inter-chassis HA cluster connection failover

• network connection between modules

• inter-chassis network connection between modules

• network connection to the Internet or other network
For specific instructions and examples of your model’s supported features, see

the chapter for your chassis model.

Note: This guide assumes basic familiarity with FortiGate-5000 series hardware. For
hardware and other available documentation, see “Fortinet documentation” on page7.

This guide does not discuss fabric backplane communications, or configurations
involving FortiController. For information on FortiController, see the

FortiController-5208 System Guide.

This section includes the following topics:

• Warnings and cautions

• About this document

• Fortinet documentation

• Customer service and technical support

Warnings and cautions

Only trained and qualified personnel should be allowed to install or maintain
FortiGate-5000 series equipment. Read and comply with all warnings, cautions
and notices in this document.

Caution: You should be aware of the following cautions and warnings before installing

!

FortiGate-5000 series hardware.

FortiGate-5000 Series Version 3.0 MR5 Backplane Communications Guide
01-30005-0423-20070829 5

Warnings and cautions Introduction

• Turning off all power switches may not turn off all power to the FortiGate
equipment. Except where noted, disconnect the FortiGate equipment from all
power sources, telecommunications links and networks before installing, or
removing FortiGate components, or perfo rm in g ot he r ma in te na nc e tasks.
Failure to do this can result in personal injury or equipment damage. Some
circuitry in the FortiGate equipment may continue to operate even though all
power switches are off.

• An easily accessible disconnect device, such as a circuit breaker, should be
incorporated into the data center wiring that connects power to the FortiGate
equipment.

• Install FortiGate chassis at the lower positions of a rack to avoid making the
rack top-heavy and unstable.

• Do not insert metal objects or tools into open chassis slots.

• Electrostatic discharge (ESD) can damage FortiGate equipme nt. Only perform
the procedures described in this document from an ESD workstation. If no
such station is available, you can provide some ESD protection by wearing an
anti-static wrist or ankle strap and attaching it to an ESD connector or to a
metal part of a FortiGate chassis.

• Some FortiGate components may overload your supply circuit and imp act your
overcurrent protection and supply wiring. Refer to nameplate ratings to
address this concern.

• Make sure all FortiGate components have reliable grounding. Fortinet
recommends direct connections to the branch circuit.

• If you install a FortiGate component in a closed or multi-unit rack assembly, the
operating ambient temperature of the rack environment may be greater than
room ambient. Make sure the operating ambient temperatur e does not exceed
the manufacturer's maximum rated ambient temperature.

• Installing FortiGate equipment in a rack should be such that the amount of
airflow required for safe operation of the equipment is not compromised.

• This equipment is for installation only in a Restricted Access Location
(dedicated equipment room, service closet or the like), in accordance with the
National Electrical Code.

• Per the National Electrical Code, sizing of a Listed circuit breaker or branch
circuit fuse and the supply conductors to the equipment is based on the
marked input current rating. A product with a marked input current rating of
25 A is required to be placed on a 40 A branch circuit. The supply conductors
will also be sized according to the input current rating and also derated for the
maximum rated operating ambient tem pera tu r e, T ma , of th e eq uip m en t.

• FortiGate equipment shall be installed and connected to an electrical supply
source in accordance with the applicable codes and regulations fo r the location
in which it is installed. Particular attention shall be paid to use of correct wire
type and size to comply with the applicable codes and regulations for the
installation / location. Connection of the supply wiring to the terminal block on
the equipment may be accomplished using Listed wire compression lugs, for
example, Pressure Terminal Connector made by Ideal Industries Inc. or
equivalent which is suitable for AWG 10. Particular attention shall be given to
use of the appropriate compression tool specified by the compression lug
manufacturer, if one is specified.

FortiGate-5000 Series Version 3.0 MR5 Backplane Communications Guide

6 01-30005-0423-20070829

Introduction About this document

About this document

This document includes the following chapters:

• FortiGate-5140 base backplane communication describes supported
configurations and features for FortiGate-5140 chassis backplane
communications.

• FortiGate-5050 base backplane communication describes supported
configurations and features for FortiGate-5050 chassis backplane
communications.

• FortiGate-5020 base backplane communication describes supported
configurations and features for FortiGate-5020 chassis backplane
communications.

Fortinet documentation

The most up-to-date publications and previous releases of Fortinet product
documentation are available from the Fortinet Technical Documentation web site
at http://docs.forticare.com. All FortiGate-5000 information is available from the

FortiGate-5000 page.

Fortinet Tools and Documentation CD

All Fortinet documentation is available from th e Fortinet Tools and Documentation
CD shipped with your Fortinet product. The documents on this CD are current at
shipping time. For up-to-date versions of Fortinet documentation see the Fortinet
Technical Doc um entation we b site at http://docs.forticare.com.

Fortinet Knowledge Center

Additional Fortinet technical documentation is available from the Fortinet
Knowledge Center. The knowledge center contains troubleshooting and how-to
articles, FAQs, technical notes, and more. Visit the Fortinet Knowledge Center at

http://kc.forticare.com.

The FortiGate Log Message Reference is available exclusively from the Fortinet

Knowledge Center , the FortiGate Log Messag e Reference describes the structure

of FortiGate log messages and provides information about the log messages that
are generated by FortiGate units.

Comments on Fortinet technical documentation

Please send information about any errors or omissions in this document, or any
Fortinet technical documentation, to techdoc@fortinet.com.

Customer service and technical support

Fortinet Technical Support provides services designed to make sure that your
Fortinet systems install quickly, configure easily, and operate reliably in your
network.

Please visit the Fortinet Technical Support web site at http://support.fortinet.com
to learn about the technical support services that Fortinet provides.

FortiGate-5000 Series Version 3.0 MR5 Backplane Communications Guide
01-30005-0423-20070829 7

Customer service and technical support Introduction

FortiGate-5000 Series Version 3.0 MR5 Backplane Communications Guide

8 01-30005-0423-20070829

FortiGate-5140 base backplane communication

FortiGate-5140 base backplane
communication

Both the FortiGate-5140 and the FortiGate-5050 chassis have two base
backplane Ethernet channels. Available connections to these channels vary by
slot number.

• Slot 1 can connect to the chassis’ first base backplane channel, and thereby all
other slots, except slot 2.

• Slot 2 can connect the to the chassis’ second base backplane channel, and
thereby all other slots, except slot 1.

• Other slots can connect to either or both channels, but only directly reach
slot 1 or slot 2. Connections to other slots through the base backplane
channels must pass through slot 1 or slot 2.

Note: For more information on chassis architecture, see ATCA (Advanced Telecom
Computing Architecture) specifications.

Because of the base backplane’s dual star topology, connecting to or through the
base backplane typically involves FortiSwitch modules installed in slot 1, slot 2, or
both slots. FortiSwitch-5003 modules switch base backplane traffic between
modules in other slots. FortiSwitch-5003 front panel ZRE interfaces can also
connect the chassis’ base backplane to external entities, such as a management
computer, the network, or the base backplane of another chassis.

Figure 1: FortiSwitch-5003 front panel, including ZRE interfaces

Power LED

LED Mode Switch

Reset

Switch

OKCLK

INTEXT

FLT

HOT SWAP

FLT

Hot

Swap

RESET

LED MODE

Extraction

ZRE

LED

Lever

Mounting

Knot

Mounting

Knot

Management

100Base-TX

Ethernet

MANAGEMENT

Extraction

Lever

Service LED

ETH

O

Out of

CONSOLE

RJ-45

Serial

RS232ZRE0ZRE1ZRE2

SYSTEM

CONSOLE

ZRE0 ZRE1 ZRE2

base backplane interfaces

10/100/1000Base-T

Ethernet

ZRE Network
Activity LEDs
(ZRE 0 to 15)

E1

9876543210

1514

1312

1110

E0

Note: FortiSwitch-5003 modules do not support VLAN tagging, so VLAN traffic cannot
occur through the FortiGate-5050 and FortiGate-5140 chassis base backplanes.

When viewing a FortiGate module’s web-based manager, names of base
backplane interfaces connecting through a FortiSwitch module vary by FortiGate
model.

FortiGate-5000 Series Version 3.0 MR5 Backplane Communications Guide
01-30005-0423-20070829 9

HA configurations FortiGate-5140 base backplane communication

Table 1: Names of base backplane interfaces by FortiGate model

Model Name of base backplane

FortiGate-5001SX port9 port10
FortiGate-5001FA2 port9 port10
FortiGate-5005FA2 base1 base2

This section contains example HA and network configurations for each hardware
combination. It also discusses how to choose an appropriate amount and slot
number of FortiSwitch modules for base backplane HA.

This section includes the following topics:

• HA configurations

• Network configurations

HA configurations

Valid HA hardware configurations can be formed from FortiGate modules located
in either the same or multiple FortiGate-5050 or FortiGate-5140 chassis, with
either one or two FortiSwitch modules per chassis.

Inter-chassis HA configuration requirements are identical to HA configuration
within the same chassis, except for these additional requirements.

• Link multiple chassis’ base backplanes by connecting ZRE interfaces of

• If each chassis contains only one FortiSwitch module, install each FortiSwitch

It makes no difference whether you use the ZRE0, ZRE1, or ZRE2 interface to link
the base backplanes. You can connect an Ethernet cable, either straight-through
or crossover , from an y of these inter faces on on e FortiSwitch-50 03 module to any
of these interfaces on another FortiSwitch-5003 module installed in the other
chassis. You can also use the ZRE interfaces to connect more than two chassis
together.

Name of base backplane

interface 1 (to slot 1)

interface 2 (to slot 2)

FortiSwitch modules which have the same slot number.

module in matching slot numbers. For example, you coul d link HA m embers in
separate FortiGate-5140 and FortiGate-5050 chassis. If one chassis has only
one FortiSwitch module installed in slot 2, the other chassis’ FortiSwitch
module must also be installed in slot 2. For details, see “Choosing the slot

position” on page 20.

If you do not install each chassis’ FortiSwitch module in matching slot
numbers, instead of forming a single cluster, this forms multiple clusters, some
using port9 (or base1) for HA heartbeat comm u nic ation, and some using
port10 (or base2).

The model of connected chassis does not necessarily have to be the same.
Because the base backplane architectures of the FortiGate-5050 and
FortiGate-5140 chassis are the same, and because their base backplanes can be
connected through FortiSwitch modules, you can connect FortiGate-5 140 and
FortiGate-5050 chassis together and form clusters between these different model
chassis.

FortiGate-5000 Series Version 3.0 MR5 Backplane Communications Guide

10 01-30005-0423-20070829

FortiGate-5140 base backplane communication HA configurations

Default heartbeat interfaces vary by the model of the FortiGate modules, and are
not always base backplane interfaces. For example, FortiGate-5005FA2 modules
use fabric1 and fabric2, the fabric backplane rather than the base backplane, as
the default heartbeat interfaces. If this is the case, to send heartbeat
communications through the base backplane, you must enable and adjust the
priority of the base backplane interfaces.

Two FortiSwitch modules per chassis

Installing two FortiSwitch-5003 modules provides two base backplane HA
heartbeat and synchronization channels, and two configuration options:

• Configure heartbeat interface failover to maintain communications thro ugh the
base backplane. For example, if you have FortiGate-5001SX clusters, you
could configure clusters to use port10 as the primary heartbeat interface, and
port9 as a backup if port10 fails or is disconnected, such as could occur if a
FortiSwitch module fails or is removed.

• Separate multiple sensitive or high volume communications, such as HA
communications for multiple clusters. For example, if you have two busy
FortiGate-5001SX clusters, you might configure one cluster to use port9 for
HA heartbeat traffic and the other to use port10.

Required steps vary by which way you want to use the two channels.

Note: More than one cluster can use the same base backplane channel for HA
communication. To separate HA communications of multiple clusters using the same
channel, configure a different HA Group Name and Password for each cluster.

Figure 2: HA cluster with two available base backplane heartbeat interfaces

(through FortiSwitch-5003 modules in slot 1 and slot 2)

base backplane channel 2

5140SAP

5140

1311975312468101214

PWR

PWR

PWR

PWR

PWR

ACC

ACC

ACC

CONSOLE

CONSOLE

CONSOLE

USB

USB

USB

1 2 3 4 5 6 7 8

1 2 3 4 5 6 7 8

1 2 3 4 5 6 7 8

STA IPM

STA IPM

STA IPM

PWR

ACC

ACC

ACC

MANAGEMENT

MANAGEMENT

E

E

T

T

H

H

O

CONSOLE

USB

1 2 3 4 5 6 7 8

STA IPM

STA IPM

O

CONSOLE

CONSOLE

USB

USB

SYSTEM

SYSTEM

CONSOLE

CONSOLE

R

R

S

S

2

2

3

3

2

2

1 2 3 4 5 6 7 8

1 2 3 4 5 6 7 8

Z

Z

R

R

E

E

0

0

Z

Z

R

R

E

E

1

1

Z

Z

R

R

E

E

2

2

E1

E1

E0

E0

1514

1514

1312

1312

1110

1110

98

98

76

76

54

54

32

32

10

10

ZRE

ZRE

OKCLK

OKCLK

INTEXT

INTEXT

FLT

FLT

FLT

FLT

HOT SWAP

HOT SWAP

RESET

RESET

LED MODE

LED MODE

STA IPM

FILTER

SERIAL 1 SERIAL 2 ALARM

USER2

USER1

USER3

MINOR

MAJOR

CRITICAL

RESET

PWR

PWR

PWR

PWR

PWR

ACC

ACC

ACC

CONSOLE

CONSOLE

CONSOLE

USB

USB

USB

1 2 3 4 5 6 7 8

1 2 3 4 5 6 7 8

1 2 3 4 5 6 7 8

PWR

ACC

ACC

ACC

CONSOLE

CONSOLE

CONSOLE

USB

USB

USB

1 2 3 4 5 6 7 8

1 2 3 4 5 6 7 8

1 2 3 4 5 6 7 8

5000SM

ETH1

ETH0

10/100

10/100

link/Act

link/Act

ETH0
Service

RESET

STATUS

Hot Swap

12

5000SM

ETH1

ETH0

10/100

10/100

link/Act

link/Act

ETH0

STA IPM

STA IPM

STA IPM

STA IPM

Service

STA IPM

STA IPM

RESET

STATUS

Hot Swap

0

base backplane channel 1

FortiGate-5000 Series Version 3.0 MR5 Backplane Communications Guide
01-30005-0423-20070829 11

FAN TRAY FAN TRAYFAN TRAY

12

HA configurations FortiGate-5140 base backplane communication

Figure 3: Inter-chassis HA cluster with two available base backplane heartbeat

interfaces (through FortiSwitch-5003 modules in slot 1 and slot 2)

Internal Network

internal network

switch

5140SAP

1311975312468101214

5140

PWR

PWR

ACC

ACC

MANAGEMENT

MANAGEMENT

E
T
H
O

CONSOLE

CONSOLE

USB

USB

SYSTEM
CONSOLE

R
S
2
3
2

1 2 3 4 5 6 7 8

1 2 3 4 5 6 7 8

Z
R
E
0

Z
R
E
1

Z
R
E
2

E0

E0

E1

1514
1312
1110
98
76
54
32
10

ZRE

OKCLK
INTEXT
FLT

FLT

FLT
HOT SWAP

RESET

LED MODE

STA IPM

LED MODE

STA IPM

SERIAL 1 SERIAL 2 ALARM

L

2

1

3

A

R

R

R

OR

C

T

OR

I

E

E

E

E

N

T

I

I

S

S

AJ

S

R

U

US

U

M

M

C

RE

E
T
H
O

SYSTEM

CONSOLE

R
S
2
3
2

Z
R
E
0

Z
R
E
1

Z
R
E
2

E1

1514
1312
1110
98
76
54
32
10

ZRE

OKCLK
INTEXT
FLT

HOT SWAP

RESET

FILTER

0

FAN TRAY FAN TRAYFAN TRAY

12

slot 1 inter-chassis heartbeat

slot 2 inter-chassis heartbeat

Internet

5000SM

ETH1

ETH0

10/100

10/100

link/Act

link/Act

ETH0
Service

RESET

STATUS

Hot Swap

12

5000SM

ETH0ETH1

10/100

10/100

link/Act

link/Act

ETH0
Service

RESET

STATUS

Hot Swap

Internet

5140SAP

1311975312468101214

5140

MANAGEMENT

MANAGEMENT

E
T
H
O

SYSTEM
CONSOLE

R
S
2
3
2

Z
R
E
0

Z
R
E
1

Z
R
E
2

OKCLK
INTEXT
FLT

FLT

FLT

HOT SWAP

RESET

LED MODE

LED MODE

SERIAL 1 SERIAL 2 ALARM

L

2

1

3

R

A

R

R

R

R

O

C

T

O

I

E

E

E

E

N

T

I

I

S

S

S

AJ

S

R

U

U

U

M

M

C

RE

PWR

PWR

ACC

ACC

E
T
H
O

CONSOLE

CONSOLE

USB

SYSTEM
CONSOLE

R
S
2
3
2

OKCLK
INTEXT
FLT

HOT SWAP

RESET

USB

1 2 3 4 5 678

1 2 3 4 5 6 7 8

FILTER

0

FAN TRAY FAN TRAYFAN TRAY

12

switch

5000SM

ETH1

ETH0

10/100

10/100

link/Act

link/Act

ETH0
Service

RESET

STATUS

Hot Swap

12

5000SM

ETH0ETH1

10/100

10/100

link/Act

link/Act

ETH0
Service

RESET

STATUS

Hot Swap

Separating HA clusters by channel

Configuring HA clusters to use separate channe ls essentially causes each cluster
to behave as if it has only one available FortiSwitch module. For instructions on
configuring each cluster to use a separate base backplane interface, see “One

FortiSwitch module per chassis” on page 15.

Heartbeat failover between channels

To configure your HA cluster with a heartbeat that fails over between the two base
backplane interfaces, both base backpla ne interf ace s must be enabled and:

• if priorities are not equal, must have the highest priorities of all heartbeat
interfaces

• if priorities are equal, be the first interfaces on the inde xe d Hear tb eat In te rface
list

FortiGate-5000 Series Version 3.0 MR5 Backplane Communications Guide

12 01-30005-0423-20070829

FortiGate-5140 base backplane communication HA configurations

If you also want to specify which FortiSwitch module is used as the primary or
failover, its priority must be greater than the failover interface, or it must have a
higher position in the Heartbeat Interface list. Position in the Heartbeat Interface
list varies by the model of the FortiGate modules.

You can satisfy these requirements in multiple ways by adjusting interface priority
or by disabling heartbeats over oth er interfaces. Required step s vary by the model
of your FortiGate modules, and the number and He artbeat Interface list position of
other interfaces enabled as HA heartbeat interfaces.

Figure 4: FortiGate-5001SX/FortiGate-5001FA2 heartbeat failover from slot 2

(port10) to slot 1 (port9)

FortiGate-5000 Series Version 3.0 MR5 Backplane Communications Guide
01-30005-0423-20070829 13

HA configurations FortiGate-5140 base backplane communication

Figure 5: FortiGate-5005FA2 heartbeat failover from slot 1 (base1) to slot 2 (base2)

To configure HA interface failover to use two FortiSwitch modules

1 Insert FortiSwitch modules into slot 1 and slot 2 of each chassis.

If you want to form HA clusters between FortiGate modules in separate chassis,
link the base backplanes of each chassis by connecting FortiSwitch modules’ front
panel ZRE interfaces with an Ethernet cable.

For example hardware installations, see Figure 2 on page 11 and Figure 3 on

page 12. For details on hardware installation and related warnings and cautions,

see the FortiGate-5000 Series Introduction.

2 Insert FortiGate modules into any remaining chassis slot.
3 Power on each chassis.
4 On each FortiGate module to be included in the HA cluster, go to System >

Config > HA.

5 Select the Mode, then enter the Group Name, and Password.

You may also want to set other options, such as the Device Priority or session
pick-up. For detailed instructions, see the FortiGate HA Guide.

6 If the base backplane interfaces do not have heartbeat interface precedence,

increase the precedence of the base backplane interfaces so that they are
selected as the primary and first failover heartbeat interface.

FortiGate-5000 Series Version 3.0 MR5 Backplane Communications Guide

14 01-30005-0423-20070829

FortiGate-5140 base backplane communication HA configurations

Note: Heartbeat interface precedence can be determined by multiple factors, including
Priority and position in the Heartbeat Interface list. For details, see “Slot position and HA

heartbeat interface precedence” on page 20.

• If interface priorities are not all equal, set the base backplane interfaces’
priority to a higher value than all other interfaces.

• If interface priorities are all equal, set the ba se backp lane inte rfaces’ pr iority to
a higher value than all other interfaces, or disable interfaces listed above the
base backplane interfaces in the Heartbeat Interface list. For some FortiGate
models, FortiSwitch slot positions, or configurations of other HA interfaces, this
may mean that no change is required. The table below describes where
changes are required, and if so, what kind.

T able 2: Changes to configure base backplane HA, assuming initially equal interface
priorities

Model FortiSwitch

slot

FortiGate-5001SX 1 No

2No

FortiGate-5001FA2 1 No

2No

FortiGate-5005FA2 1 No

2No

Other HA
interfaces
enabled?

Yes Increase priority of port9, or

Yes If port1 is an HA interface,

Yes Increase priority of port9, or

Yes If port1 is an HA interface,

Yes

Yes

HA interface config change

disable other HA interfaces.

increase priority of port10 or
disable port1.

disable other HA interfaces.

increase priority of port10 or
disable port1.

7 If you want to select a different base back plane inte rface as the prima ry heartbeat

interface, increase its priority.

8 Select OK.

One FortiSwitch module per chassis

Installing a single FortiSwitch-5003 module provides a single base backplane HA
heartbeat and synchronization channel.

Note: More than one cluster can use the same base backplane channel for HA
communication. To separate HA communications of multiple clusters using the same
channel, configure a different HA Group Name and Password for each cluster.

FortiGate-5000 Series Version 3.0 MR5 Backplane Communications Guide
01-30005-0423-20070829 15