Fortinet FortiGate FortiGate-5005-DIST Getting Started

FortiGate-5005-DIST Security System

5140SAP

5140

T

SE

RE

1311975312468101214

D

C

1/2 3/4 D15/D16 C15/C16

X 1

234

678

101112

141516

234

678

101112

141516

MANAGEMENT

COM 1 COM 2

STATUS

X 1 X 2

PAYLOAD OPERATION

1

5

DATA CONTROL

9

13

1

5

9

13

123

IPM

X 2

X 1

X 1 X 2

10/100/1000 MBPS ETHERNET ACTIVITY

1

234

5

678

DATA CONTROL

101112

9

D

D

13

141516

1

234

5

678

101112

9

C

C

13

141516

1/2 3/4 D15/D16 C15/C16

123

4

MANAGEMENT

COM 1 COM 2

LINK

CONSOLE

OOS ACC STATUS

IPM

LINK

ACT

FABRIC

BASE

CONSOLE

OOS ACC STATUS

IPM

LINK

LINK

LINK

ACT

ACT

FABRIC

BASE

CONSOLE

OOS ACC STATUS

USB USB

3 412 56

3 412 56

IPM

78

LINK

LINK

ACT

ACT

ACT

FABRIC

BASE

CONSOLE

OOS ACC STATUS

USB USB

USB USB

3 412 56

IPM

78

78

X 2

STATUS

PAYLOAD OPERATION

10/100/1000 MBPS ETHERNET ACTIVITY

D

C

4

IPM

L

R

A

R

C

JO

INO

SER1

A

RITI

U

M

M

C

LINK

LINK

ACT

ACT

FABRIC

BASE

CONSOLE

OOS ACC STATUS

USB USB

3 412 56

IPM

78

SERIAL 1 SERIAL 2 ALARM

3

R2

SE

SER

U

U

LINK

LINK

ACT

ACT

FABRIC

BASE

CONSOLE

OOS ACC STATUS

USB USB

3 412 56

IPM

78

LINK

ACT

ACT

FABRIC

BASE

USB USB

3 412 56

78

Getting Started

ACT

LINK

ACT

5

LINK

ACT

LINK

5000SM

ETH1

ETH0

10/100

10/100

link/Act

link/Act

ETH0
Service

RESET

STATUS

Hot Swap

12

5000SM

ETH1

ETH0

10/100

10/100

link/Act

link/Act

ETH0
Service

RESET

STATUS

Hot Swap

ACT

4

LINK

ACT

LINK

ACT

LINK

3

ACT

LINK

ACT

2

LINK

1

5000SM

10/100

SMC

link/Act

ETH1

10/100

ETH0

link/Act

2

USB USB

BASE

FABRIC

CONSOLE

OOS ACC STATUS

USB USB

BASE

FABRIC

CONSOLE

OOS ACC STATUS

USB USB

BASE

FABRIC

CONSOLE

OOS ACC STATUS

USB USB

BASE

FABRIC

CONSOLE

OOS ACC STATUS

X 1 X 2

X 1

X 2

PAYLOAD OPERATION

STATUS

ETH0

Service

STATUS

Hot Swap

RESET

1
2
3
4

10/100/1000 MBPS ETHERNET ACTIVITY

SERIAL

1

DATA CONTROL

9

5

13

10

6

14

11

7

15

D

12

8

16

D

5050SAP

1
2
3
4

3 412 56

3 412 56

3 412 56

3 412 56

9

5

13

10

6

14

1/2 3/4 D15/D16 C15/C16

11

7

15

C

12

8

16

C

ALARM

78

IPM

78

IPM

78

IPM

78

IPM

1

MANAGEMENT

COM 1 COM 2

2
3
4

IPM

5000SM

10/100

ETH0

Service

link/Act

ETH1

SERIAL

10/100

2

ETH0

link/Act

POWER

SMC

STATUS

Hot Swap

RESET

1

FILTER

0

FAN TRAY FAN TRAYFAN TRAY

12

This FortiGate-5005-DIST Security System Getting Started describes how to install FortiGate-5005-DIST security
system hardware components and how to configu re a FortiGate-5005-DIST system onto your network.

The most recent versions of this and all FortiGate-5000 series documents are available from the FortiGate-5000
page of the Fortinet Technical Documentation web site (http://docs.forticare.com).

Visit http://support.fortinet.com to register your FortiGate-5005-DIST Security System. By r egistering you can receive

product updates, technical support, and FortiGuard services.

www.fortinet.com

FortiGate-5005-DIST Security System Getting Started

01-30000-0414-20070615

Warnings and cautions

Only trained and qualified personnel should be allowed to install or maintain FortiGate-5000 series
equipment. Read and comply with all warnings, cautions and notices in this document.

CAUTION: Risk of Explosion if Battery is replaced by an Incorrect Type. Dispose of Used Batteries According

!

to the Instructions.

Caution: You should be aware of the following cautions and warnings before installing FortiGate-5000 series

!

hardware

• Turning off all power switches may not turn off all power to the FortiGate-5000 series equipment.
Except where noted, disconnect the FortiGate-5000 series equipment from all power sources,
telecommunications links and networks before installing, or removing FortiGate-5000 series
components, or performing other maintenance tasks. Failure to do this can result in personal injury or
equipment damage. Some circuitry in the Fort iGa te-5000 series equipment may continue to operate
even though all power switches are off.

• An easily accessible disconnect device, such as a circuit breaker, should be incorporated into the data
center wiring that connects power to the FortiGate-5000 series equipment.

• Install FortiGate-5000 series chassis at the lower positions of a rack to avoid making the rack top-heavy
and unstable.

• Do not insert metal objects or tools into open chassis slots.

• Electrostatic discharge (ESD) can damage FortiGate-5000 series equipment. Only perform the
procedures described in this document from an ESD workstation. If no such station is available, you
can provide some ESD protection by wearing an anti-static wrist or ankle strap and attaching it to an
ESD connector or to a metal part of a FortiGate chassis.

• Some FortiGate-5000 series component s may overload your supply circuit and imp act your overcurrent
protection and supply wiring. Refer to nameplate ratings to address this concern.

• Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recommends direct
connections to the branch circuit.

• If you install a FortiGate-5000 series component in a closed or multi-unit rack assembly, the operating
ambient temperature of the rack environment may be greater than room ambient. Make sure the
operating ambient temperature does not exceed the manufacturer's maximum rated ambient
temperature.

• Installing FortiGate-5000 series equipment in a rack should be such that the amount of airflow required
for safe operation of the equipment is not compromised.

• This equipment is for installation only in a Restricted Access Location (dedicated equipment room,
service closet or the like), in accordance with the National Electrical Code.

• Per the National Electrical Code, sizing of a Listed circuit breaker or branch circuit fuse and the supply
conductors to the equipment is based on the marked inpu t current rating. A p roduct with a marked input
current rating of 25 A is required to be placed on a 40 A branch circuit. The supply conductors will also
be sized according to the input current rating and also derated for the maximum rated operating
ambient temperature, Tma, of the equipment.

• FortiGate-5000 series equipment shall be installed and connected to an electrical supply source in
accordance with the applicable codes and re gu la tio ns for the location in which it is installed. Particular
attention shall be paid to use of correct wire type and size to comply with the applicable codes and
regulations for the installation / location. Connection of the supply wiring to the terminal block on the
equipment may be accomplished using Listed wire compression lugs, for example, Pressure Terminal
Connector made by Ideal Industries Inc. or equivalent which is suitable for A WG 10. Par ticular attenti on
shall be given to use of the appropriate compre ss ion too l spe cifie d by the compression lug
manufacturer, if one is specified.

FortiGate-5005-DIST Security System Getting Started

01-30000-0414-20070615

Contents

Contents

Warnings and cautions..................................................................................... 2

The FortiGate-5005-DIST Security System...................... 5

Basic FortiGate security system configuration.............................................. 5

FortiController-5208 I/O modules..................................................................... 6

FortiGate-5005FA2 worker modules ................................................................ 7

FortiGate-5005-DIST security system chassis................................................ 7

FortiGate-5140 chassis................................................................................. 8

FortiGate-5050 chassis................................................................................. 8

FortiGate-5005-DIST interface names .... ... ....................................................... 9

Installing hardware components.................................... 11

Getting started................................................................................................. 11

Installing the chassis ...................................................................................... 12

Installing FortiController-5208 modules................................ .... ... ................. 12

Installing FortiController-5208 modules ...................................................... 13

Connecting to the FortiController-5208 CLI or web-based manager .......... 13

Configuring the primary I/O module ............................................................ 14

Installing FortiGate-5005FA2 worker modules ............................................. 15

Installing FortiGate-5005FA2 modules........................................................ 16

Verifying that FortiGate-5005FA2 modules can communicate with the primary

I/O module................................................................................................... 16

Installing DIST firmware on a FortiGate-5005FA2 module ......................... 19

Quick Configuration Guide ............................................. 23

Planning the configuration ............................................................................. 23

NAT/Route mode ........................................................................................ 23

Transparent mode....................................................................................... 24

Choosing the configuration tool.................................................................... 25

Web-based manager................................................................................... 25

Command Line Interface (CLI).................................................................... 25

Factory default settings.................................................................................. 26

Configuring NAT/Route mode........................................................................ 27

Using the web-based manager to configure NAT/Route mode................... 28

Using the CLI to configure NAT/Route mode.............................................. 28

Configuring Transparent mode...................................................................... 29

Using the web-based manager to configure Transparent mode... ... ... .... ... . 30

Using the CLI to configure Transparent mode ............................................ 31

Powering off the FortiGate-5005-DIST system.............................................. 31

FortiGate-5005-DIST Security System Version 3.0 MR2 Getting Started
01-30000-0414-20070615 3

Contents

Hardware procedures...................................................... 33

Starting a configured FortiGate-5005-DIST system ........... ... ... ... ... .... ... ... ... . 33

Installing FortiGate-5005-DIST firmware ....................................................... 33

Viewing the currently installed firmware versions....................................... 34

Upgrading I/O module firmware.................................................................. 34

Upgrading worker module firmware installed on the primary I/O module... 36

Upgrading FortiController-5208 NPU firmware............................................. 37

For more information ...................................................... 39

Fortinet documentation .................................................................................. 39

Fortinet Tools and Documentation CD........................................................ 39

Fortinet Knowledge Center ........................................................................ 39

Comments on Fortinet technical documentation ........................................ 39

Customer service and technical support............................... ....................... 39

Register your Fortinet product....................................................................... 39

FortiGate-5005-DIST Security System Version 3.0 MR2 Getting Started

4 01-30000-0414-20070615

The FortiGate-5005-DIST Security System Basic FortiGate security system configuration

The FortiGate-5005-DIST Security
System

The FortiGate-5005-DIST security system is very similar to a sing le FortiGate unit,
but with much higher capacity and with support for failover protection and
scalability . The FortiGate-5005-DIST security system consists of a FortiGate-5050
or FortiGate-5140 chassis with one or two Input/Output or I/O modules
(FortiController-5208 modules) and one or more worker modules
(FortiGate-5005FA2 modules running in DIST mode). The I/O modules provide
network connections and distribute traffic to the worker modules. The worker
modules provide FortiGate security system functions including firewall, VPN, IPS,
antivirus, antispam, and so on.

The following topics are included in this section:

• Basic FortiGate security system configuration

• FortiController-5208 I/O modules

• FortiGate-5005FA2 worker modules

• FortiGate-5005-DIST security system chassis

• FortiGate-5005-DIST interface names

Basic FortiGate security system configuration

A basic FortiGate security system consists of a single FortiController-5208
module and four FortiGate-5005 modules installed in a FortiGate-5050 or
FortiGate-5140 chassis (see Figure 1 on page 6 ). This system can be installed in
NAT/Route mode between the Int er ne t and a private network. In this
configuration, the FortiGate-5005-DIST security system can provide FortiGate
services to 10 gigabit traffic passing between the private network and the Internet.

FortiGate-5005-DIST Security System Getting Started
01-30000-0414-20070615 5

FortiController-5208 I/O modules The FortiGate-5005-DIST Security System

Figure 1: Example basic FortiGate-5005-DIST security system

Internet

X2 (port1_X2)

204.23.1.5

NAT mode policies

controlling 10G traffic

between internal and

external networks.

FortiController-5208 I/O modules

Data flows into and out of the FortiGate-5005-DIST system thro ugh the I/O
modules. The I/O modules are FortiController-5208 modules installed in chassis
slots 1 and 2 in a FortiGate-5050 or FortiGate-5140 chassis. The I/O module
installed in slot 1 is configured as the primar y I/O module. The optional I/O module
installed in slot 2 becomes the secondary I/O module. A FortiGate-5005-DIST
system can include one or two I/O modules.

As the I/O module, the FortiController-5208 provides all FortiGate-5005-DIST
network connections. The FortiController-5208 module provides two 10 gigabit
interfaces and four 1 gigabit interfaces for network traffic. The FortiController-5208
front panel also contains four 1 g igab it interfa ces. Two of these interfaces sup port
inter-chassis HA and two are for future use. Adding a second FortiController-5208
module doubles the number of FortiGate-5005-DIST network interfaces.

ACT
LINK
ACT

FABRIC

5

LINK

ACT
LINK
ACT

FABRIC

4

LINK

ACT
LINK
ACT

FABRIC

LINK

3

ACT
LINK
ACT

FABRIC

2

LINK

1

5000SM

10/100

SMC

link/Act

ETH1

10/100

ETH0

link/Act

2

Internal
network

BASE

CONSOLE

BASE

CONSOLE

BASE

CONSOLE

BASE

CONSOLE

X 1

X 2

ETH0
Service

RESET

FortiGate-5005-DIST
security system in
NAT/Route mode

USB USB

OOS ACC STATUS

USB USB

OOS ACC STATUS

USB USB

OOS ACC STATUS

USB USB

OOS ACC STATUS

DATA CONTROL

9

5

9

1

5

1

13

X 1 X 2

10

6

10

2

6

2

14

11

7

11

3

7

3

15

D

12

8

12

4

8

4

16

D

10/100/1000 MBPS ETHERNET ACTIVITY

PAYLOAD OPERATION

STATUS

5050SAP

SERIAL

STATUS

Hot Swap

1

3 412 56

3 412 56

3 412 56

3 412 56

13
14

1/2 3/4 D15/D16 C15/C16

15

C

16

C

ALARM

78

IPM

78

IPM

78

IPM

78

IPM

1

MANAGEMENT

2
3
4

IPM

5000SM

10/100
link/Act

ETH1

SERIAL

10/100

2

ETH0

link/Act

X1 (port1_X1)

192.168.1.99

POWER

COM 1 COM 2

ETH0
Service

STATUS

Hot Swap

RESET

SMC

1

Management
interface (mng)

Figure 2: FortiController-5208 front panel

SFP Gigabit

Fiber or Copper

Mounting

Knot

Extraction

X1 X2 XFP 10 Gigabit

Fiber or Copper

X 1 X 2

X 1

X 2

STATUS

Status

Lever

Link/

Traffic

Payload

Operation

PAYLOAD OPERATION

DATA CONTROL

5

9

1

5

1

13

10

6

10

2

6

2

14

11

7

11

3

7

3

15

D

12

8

12

4

8

4

16

D

10/100/1000 MBPS ETHERNET ACTIVITY

Link/Traffic

1

9

13
14

1/2 3/4 D15/D16 C15/C16

15

C

16

C

D15

3

C15

C16

42

D16

Management

RJ-45 Ethernet

1

MANAGEMENT

2
3
4

Management

RJ-45 Serial

COM 1 COM 2

IPM

Extraction

IPM

Lever

FortiGate-5005-DIST Security System Getting Started

6 01-30000-0414-20070615

Mounting

Knot

The FortiGate-5005-DIST Security System FortiGate-5005FA2 worker modules

FortiGate-5005FA2 worker modules

The FortiGate-5005FA2 security system serves as the worker module for the
FortiGate-5005-DIST security system. Worker modules are identically configured
and administered as a single unit from the primary I/O module. Workers are
typically installed in slots 3 and above, though Fort iGate-5005FA2 security
systems with only one I/O module can also have a worker installed in slot 2.

The worker modules apply all of the FortiGate security system functionality to
traffic passing through the FortiGate-5005-DIST security system. Traffic is
distributed to the worker modules by the I/O modu les . Th e wo rke r mod ule s
perform FortiGate functions such as applying firewall policies, virus scanning, IPS
and routing to distributed traffic.

Figure 3: FortiGate-5005FA2 front panel

Fabric and Base

network activity

LEDs

USB

1 2 3 4 5 6 SPF Gigabit

Fiber or Copper

7 8 SPF Gigabit

Fiber or Copper

Accelerated

ACT
LINK
ACT
LINK

Mounting

Knot

Extraction

FABRIC

Lever

BASE

CONSOLE

RJ-45
Serial

USB USB

OOS ACC STATUS

Out

of

Service

Flash Disk

Access

Status

3 412 56

Link/Traffic

78

IPM

Module
Position

Mounting

Extraction

Lever

Knot

FortiGate-5005-DIST Security System Getting Started
01-30000-0414-20070615 7

FortiGate-5005-DIST security system chassis The FortiGate-5005-DIST Security System

FortiGate-5005-DIST security system chassis

FortiGate-5005-DIST security systems can be installed in FortiGate-5050
or FortiGate-5140 chassis.

FortiGate-5140 chassis

You can install one or two I/O modules in slo t 1 and 2 of the FortiGate-51 40 ATCA
chassis. You can also install up to 12 worker modules in slots 3 to 14 if two I/O
modules are used, or up to 13 worker modules in slots 2 to 14 if one I/O module is
used. The FortiGate-5140 is a 12U chassis that contains two redu ndant hot
swappable DC power entry modules that connect to -48 VDC Data Center DC
power. The FortiGate -5140 cha ssis also in cludes th ree hot swapp able cooling fan
trays. For details about the FortiGate-5140 chassis see to the FortiGate-5140

Chassis Guide.

Figure 4: FortiGate-5005-DIST components installed in a FortiGate-5140 chassis

5140

5140SAP

CRITICAL

RESET

MINOR

MAJOR

USER2

USER3

USER1

SERIAL 1 SERIAL 2 ALARM

1311975312468101214

LINK

LINK

LINK

LINK

LINK

LINK

LINK

ACT

FABRIC

BASE

CONSOLE

OOS ACC STATUS

3 412 56

IPM

LINK

LINK

ACT

ACT

ACT

FABRIC

BASE

CONSOLE

OOS ACC STATUS

USB USB

USB USB

3 412 56

IPM

78

78

LINK

LINK

ACT

FABRIC

BASE

CONSOLE

OOS ACC STATUS

3 412 56

IPM

ACT

X 2

X 1

STATUS

X 1 X 2

USB USB

PAYLOAD OPERATION

10/100/1000 MBPS ETHERNET ACTIVITY

1

234

5

678

DATA CONTROL

101112

9

D

D

13

141516

1

234

5

678

101112

9

C

C

13

141516

1/2 3/4 D15/D16 C15/C16

123

4

MANAGEMENT

78

IPM

COM 1 COM 2

X 2

X 1

STATUS

X 1 X 2

PAYLOAD OPERATION

10/100/1000 MBPS ETHERNET ACTIVITY

1

234

5

678

101112

9

D

D

13

141516

1

234

5

678

101112

9

C

C

13

141516

1/2 3/4 D15/D16 C15/C16

123

4

MANAGEMENT

IPM

COM 1 COM 2

ACT

FABRIC

BASE

CONSOLE

OOS ACC STATUS

DATA CONTROL

3 412 56

IPM

ACT

ACT

ACT

FABRIC

BASE

CONSOLE

OOS ACC STATUS

USB USB

USB USB

3 412 56

IPM

78

78

LINK

ACT

FABRIC

BASE

CONSOLE

OOS ACC STATUS

3 412 56

IPM

ACT

USB USB

12

78

FILTER

5000SM

ETH1

ETH0

10/100

10/100

link/Act

link/Act

ETH0
Service

RESET

STATUS

Hot Swap

5000SM

ETH1

ETH0

10/100

10/100

link/Act

link/Act

ETH0
Service

RESET

STATUS

Hot Swap

0

FAN TRAY FAN TRAYFAN TR AY

12

FortiGate-5005-DIST Security System Getting Started

8 01-30000-0414-20070615

The FortiGate-5005-DIST Security System FortiGate-5005-DIST interface names

FortiGate-5050 chassis

Y o u can inst all one or two I/O module s in slot 1 and 2 of the F ortiGate-5050 ATCA
chassis. You can also install up to three worker modules in slots 3 to 5 if two I/O
modules are being used, or four worker modules in slots 2 to 5 if one I/O module
is used. The FortiGate-5050 is a 5U chassis that contains two redundant DC
power connections that connect to -48 VDC Data Center DC power. The
FortiGate-5050 chassis also includes a hot swappable cooling fan tray. For details
about the FortiGate-5050 chassis, see the FortiGate-5050 Chassis Guide.

Figure 5: FortiGate-5005-DIST components installed in a FortiGate-5050 chassis

ACT

LINK

ACT

5

LINK

ACT

LINK

ACT

4

LINK

ACT

LINK

ACT

LINK

3

ACT

LINK

ACT

2

LINK

1

5000SM

10/100

SMC

link/Act

ETH1

10/100

ETH0

link/Act

2

USB USB

BASE

FABRIC

CONSOLE

OOS ACC STATUS

USB USB

BASE

FABRIC

CONSOLE

OOS ACC STATUS

USB USB

BASE

FABRIC

CONSOLE

OOS ACC STATUS

USB USB

BASE

FABRIC

CONSOLE

OOS ACC STATUS

X 1 X 2

X 1

X 2

PAYLOAD OPERATION

STATUS

ETH0

Service

RESET

SERIAL

STATUS

Hot Swap

1

DATA CONTROL

5

9

1

5

1

13

6

10

2

6

2

14

7

11

3

7

3

15

D

8

12

4

8

4

16

D

10/100/1000 MBPS ETHERNET ACTIVITY

5050SAP

3 412 56

3 412 56

3 412 56

3 412 56

9

13

10

14

1/2 3/4 D15/D16 C15/C16

11

15

C

12

16

C

ALARM

FortiGate-5005-DIST interface names

The FortiGate-5005-DIST worker web-based manager and CLI use an intern al
naming convention to name FortiGate-5005-DIST interfaces. The interface names
indicate the I/O module containing the interface and also include the I/O module
front panel interface name. The naming convention is:

port<I/O_module_number>_<I/O_module_interface_name>

where:
<I/O_module_number> is 1 for the interfaces of the primary I/O module

installed in chassis slot 1 and 2 for the interfaces of the secondary I/O module
installed in chassis slot 2. The interfaces for the secondary I/O module only
appear in the web-based manager and CLI when a secondary I/O module is
installed.

<I/O_module_interface_name> is the name of the interface as shown on the
FortiController-5208 front panel.

SERIAL

1
2
3
4

2

MANAGEMENT

78

IPM

78

IPM

78

IPM

78

IPM

COM 1 COM 2

IPM

5000SM

10/100

ETH0

Service

link/Act

ETH1

10/100

ETH0

link/Act

POWER

SMC

STATUS

Hot Swap

RESET

1

Table 1 on page 10 shows the relationship between the names of the pr imary and

secondary module front panel interfaces and the interface names that appear on
the FortiGate-5005-DIST worker web-based manager and CLI.

FortiGate-5005-DIST Security System Getting Started
01-30000-0414-20070615 9

FortiGate-5005-DIST interface names The FortiGate-5005-DIST Security System

Table 1: FortiGate-5005-DIST interface naming

FortiController-5208
location

Primary
FortiController-5208
module installed in
chassis slot 1

Secondary
FortiController-5208
module installed in
chassis slot 2

FortiController-5208 front
panel interface names

Web-based manager and
CLI interface names

X1 port1_X1
X2 port1_X2
1 port1_1
2 port1_2
3 port1_3
4 port1_4
Management mng
X1 port2_X1
X2 port2_X2
1 port2_1
2 port2_2
3 port2_3
4 port2_4
Management Not used.

FortiGate-5005-DIST Security System Getting Started

10 01-30000-0414-20070615

Installing hardware components Getting started

Installing hardware components

This section provides the information you need to install FortiGate-5005-DIST
hardware components and to make sure that they are all functioning properly.
Once you have completed the procedures in this chapter, you can configure the
FortiGate-5005-DIST system onto your network using the procedures in “Quick

Configuration Guide” on page 21.

FortiGate-5005-DIST hardware components include a FortiGate-5140 or
FortiGate-5050 chassis, one or two FortiController-5208 I/O modules, and one or
more FortiGate-5005FA2 modules. The chassis must be installed and connected
to power and the modules must be inserted into the proper chassis slots and be
operating in the correct modes before you can begin configuring your
FortiGate-5005-DIST security system.

You can install and power up the FortiGate-5005-DIST hardware components in
any order. If all of the components are installed in the correct slots, power is
connected correctly, and all components are operating in the correct mode, the
primary I/O module will connect with all components, and after a few minutes the
system will be operational.

However, the first time you install a FortiGate-5005-DIST system you should
follow the procedures in this chapter in order. The procedures in this chapter
describe a systematic process for making sure that all hardware components are
installed and functioning properly.

When all FortiGate-5005-DIST hardwa re com p on en ts are installed and
functioning correctly, you can establish a management connection to the primary
I/O module CLI using the Com 2 console port. You can also establish a
management connection to the primary I/O module web-ba sed manager using the
Management ethernet interface. No other management conne ctions are possible.
You cannot connect to the FortiGate-5005FA2 console port or any interface. All
management is done through the primary I/O module.

The following topics are included in this section:

• Getting started

• Installing the chassis

• Installing FortiController-5208 modules

• Installing FortiGate-5005FA2 worker modules

Getting started

To complete the procedures in this chapter, you need:

• A FortiGate-5140 or 5050 chassis

• A rack to install the chassis in with enough space for the chassis

• DC power for the chassis

• One or two FortiController-5208 I/O modules

• SFP and XFP connectors for the interfaces you will be using

FortiGate-5005-DIST Security System Getting Started
01-30000-0414-20070615 11

Installing the chassis Installing hardware components

• One or more FortiGate-5005-DIST worker modules

• An electrostatic discharge (ESD) preventive wrist or ankle strap with
connection cord

The procedures in this chapter reference detailed hardware install information
available in the following documents. You should have these documents availab le
before installing your FortiGate-5005-DIST security system.

• FortiGate-5140 Chassis Guide

• FortiGate-5050 Chassis Guide

• FortiController-5208 System Guide

• FortiGate-5005FA2 Security System Guide

Caution: FortiGate-5000 hardware components must be protected from static discharge
and physical shock. Only handle or work with FortiGate-5000 components at a static-free

!

workstation. Always wear a grounded electrostatic discharge (ESD) preventive wrist or
ankle strap when handling FortiGate-5000 components.

Installing the chassis

Begin by installing your FortiGate-5140 or FortiGate-5050 chassis using the
information in the FortiGate-5140 Chassis Guide or the FortiGate-5050 Chassis

Guide.

To install the chassis

1 Install the chassis in an equipment rack.
2 Connect the chassis to DC power.
3 Turn on the power to the chassis.
4 Verify that the chassis is operating normally.

Installing FortiController-5208 modules

If your FortiGate-5005-DIST security system includes one FortiController-5208
module it must be installed in slot 1 of your chassis. The FortiController-5208
module installed in slot 1 becomes the primary I/O module.

If your system includes two FortiController-5208 modules the second one is
installed in slot 2. Use the following steps to install each FortiController-5208
module. The FortiController-5208 module installed in slot 2 becomes the
secondary I/O module.

See the FortiController-5208 System Guide for complete information about h ow to
insert the FortiController-5208 module into a chassis slot.

• Installing FortiController-5208 modules

• Connecting to the FortiController-5208 CLI or web-based manager

• Configuring the primary I/O module

FortiGate-5005-DIST Security System Getting Started

12 01-30000-0414-20070615