Page 1
Security System Guide
FortiGate-5005FA2
ACT
LINK
ACT
LINK
FABRIC
BASE
CONSOLE
USB USB
OOS ACC STATUS
3 412 56
78
IPM
A detailed guide to the features and capabilities FortiGate-5005FA2 Security System. This FortiGate-5005FA2
Security System Guide describes FortiGate-5005FA2 hardware features, how to install the FortiGate-50 05 FA2
module in a FortiGate-5000 series chas sis, ho w to configure the FortiGate-5005FA2 security system for your
network, and contains troubleshooting information to help you diagnose and fix problems.
The most recent versions of this and all FortiGate-5000 series documents are available from the FortiGate-5000
page of the Fortinet Technical Documentation web site (http://docs.forticare.com).
Visit http://support.fortinet.com to register your FortiGate-5005FA2 system. By registering you can receive product
updates, technical support, and FortiGuard services.
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201
www.fortinet.com
Page 2
Warnings and cautions
Only trained and qualified personnel should be allowed to install or maintain FortiGate-5000 series
equipment. Read and comply with all warnings, cautions and notices in this document.
CAUTION: Risk of Explosion if Battery is replaced by an Incorrect Type. Dispose of Used Batteries According
!
to the Instructions.
Caution: You should be aware of the following cautions and warnings before installing FortiGate-5000 series
!
hardware
• Turning off all power switches may not turn off all power to the FortiGate-5000 series equipment.
Except where noted, disconnect the FortiGate-5000 series equipment from all power sources,
telecommunications links and networks before installing, or removing FortiGate-5000 series
components, or performing other maintenance tasks. Failure to do this can result in personal injury or
equipment damage. Some circuitry in the Fort iGa te-5000 series equipment may continue to operate
even though all power switches are off.
• An easily accessible disconnect device, such as a circuit breaker, should be incorporated into the data
center wiring that connects power to the FortiGate-5000 series equipment.
• Install FortiGate-5000 series chassis at the lower positions of a rack to avoid making the rack top-heavy
and unstable.
• Do not insert metal objects or tools into open chassis slots.
• Electrostatic discharge (ESD) can damage FortiGate-5000 series equipment. Only perform the
procedures described in this document from an ESD workstation. If no such station is available, you
can provide some ESD protection by wearing an anti-static wrist or ankle strap and attaching it to an
ESD connector or to a metal part of a FortiGate chassis.
• Some FortiGate-5000 series components may overlo ad your supply circuit and imp act your over current
protection and supply wiring. Refer to nameplate ratings to address this concern.
• Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recomme nds direct
connections to the branch circuit.
• If you install a FortiGate-5000 series component in a closed or multi-unit rack assembly, the operating
ambient temperature of the rack environment may be greater than room ambient. Make sure the
operating ambient temperature does not exceed the manufacturer's maximum rated ambient
temperature.
• Installing FortiGate-5000 series equipment in a rack should be such that the amount of airflow required
for safe operation of the equipment is not compromised.
• This equipment is for installation only in a Restricted Access Location (dedicated equipment room,
service closet or the like), in accordance with the National Electrical Code.
• Per the National Electrical Code, sizing of a Listed circuit breaker or branch circuit fuse and the supply
conductors to the equipment is based on the marked inpu t current rating. A p roduct with a marked input
current rating of 25 A is required to be placed on a 40 A branch circuit. The supply conductors will also
be sized according to the input current rating and also derated for the maximum rated operating
ambient temperature, Tma, of the equipment.
• FortiGate-5000 series equipment shall be installed and connected to an electrical supply source in
accordance with the applicable codes and re gu la tio ns for the location in which it is installed. Particular
attention shall be paid to use of correct wire type and size to comply with the applicable codes and
regulations for the installation / location. Connection of the supply wiring to the terminal block on the
equipment may be accomplished using Listed wire compression lugs, for example, Pressure Terminal
Connector made by Ideal Industries Inc. or equivalent which is suitable for A WG 10. Par ticular attenti on
shall be given to use of the appropriate compre ss ion too l spe cifie d by the compression lug
manufacturer, if one is specified.
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201
Page 3
Contents
Contents
Warnings and cautions..................................................................................... 2
FortiGate-5005FA2 security system................................. 5
Front panel LEDs and connectors................................................................... 6
LEDs ............................................................................................................. 6
Connectors.................................................................................................... 7
Accelerated packet forwarding and policy enforcement............................... 7
FA2 interfaces and active-active HA performance........................................ 8
Base backplane gigabit communication......................................................... 8
FortiGate-5005-DIST security system........................... ... ... ... .... ... ... ... ... .... ... ... 8
Hardware installation......................................................... 9
Installing SFP transceivers............................................................................... 9
Installing FortiGate-5005FA2 modules .......................................................... 10
Insertion procedure ..................................................................................... 11
Removing a FortiGate-5005FA2 module................... .... ... ... ........................... 13
Troubleshooting .............................................................................................. 15
FortiGate-5005FA2 does not start up.......................................................... 15
Quick Configuration Guide ............................................. 17
Registering your Fortinet product ................................................................. 17
Planning the configuration ............................................................................. 17
NAT/Route mode ........................................................................................ 18
Transparent mode....................................................................................... 18
Choosing the configuration tool.................................................................... 19
Web-based manager................................................................................... 19
Command Line Interface (CLI).................................................................... 20
Factory default settings.................................................................................. 20
Configuring NAT/Route mode........................................................................ 21
Using the web-based manager to configure NAT/Route mode................... 21
Using the CLI to configure NAT/Route mode.............................................. 22
Configuring Transparent mode...................................................................... 23
Using the web-based manager to configure Transparent mode................. 23
Using the CLI to configure Transparent mode ............................................ 24
Upgrading FortiGate-5005FA2 firmware........................................................ 25
FortiGate-5005FA2 base backplane data communication........................... 26
Powering off the FortiGate-5005FA2 module................................................ 28
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201 3
Page 4
Contents
For more information ...................................................... 29
Fortinet documentation .................................................................................. 29
Fortinet Tools and Documentation CD........................................................ 29
Fortinet Knowledge Center ........................................................................ 29
Comments on Fortinet technical documentation ........................................ 29
Customer service and technical support...................................................... 29
Register your Fortinet product....................................................................... 29
FortiGate-5005FA2 Security System Guide
4 01-30000-0377-20070201
Page 5
FortiGate-5005FA2 security system
FortiGate-5005FA2 security system
The FortiGate-5005FA2 security system is a high-performance FortiGate security
system with a total of 8 front panel Gigabit ethernet interfaces, two base
backplane interfaces, and two fabric backplane interfaces. Use the front panel
interfaces for connections to your networks and the backplane interfaces for
communication between FortiGate-5000 series modules over the FortiGate-5000
chassis backplane.
You can also configure two or more FortiGate-5005FA2 modules to create a high
availability (HA) cluster using the base backplane interfaces for HA heartbeat
communication through the chassis backplane, leaving all eight fron t panel gigabit
interfaces available for network connections.
FortiGate-5005FA2 front panel interfaces 7 and 8 also include accelerated packet
forwarding and policy enforcement for faster small packet performance. Using
backplane base and fabric interfaces, the FortiGate-5005FA2 also functions as
the worker module in a FortiGate-5005-DIST security system.
The FortiGate-5005FA2 module also supports high-end FortiGate features
including 802.1Q VLANs, multiple virtual domains, 802.3ad aggregate interfaces,
and FortiGate-5000 chassis monitoring.
Figure 1: FortiGate-5005FA2 front panel
Fabric and Base
network activity
LEDs
ACT
LINK
ACT
LINK
Mounting
Knot
Extraction
Lever
FABRIC
BASE
CONSOLE
RJ-45
Serial
USB
USB USB
OOS ACC STATUS
Out
of
Service
Flash Disk
Access
1 2 3 4 5 6 SPF Gigabit
Fiber or Copper
3 412 56
Status
Link/Traffic
7 8 SPF Gigabit
Fiber or Copper
Accelerated
78
IPM
Module
Position
Extraction
Lever
Mounting
Knot
The FortiGate-5005FA2 module includes the following features:
• A total of eight front panel gigabit interfaces that can accept Small Formfactor
Pluggable (SFP) fiber or copper gigabit transceivers.
• Six standard gigabit interfaces (interfaces 1 to 6).
• Two accelerated packet forwarding and policy enforcement gigabit
interfaces (interfaces 7 and 8).
• Two fabric backplane gigabit interfaces (fabric1 and fabric2) for
FortiGate-5005-DIST security system management communications. The
fabric backplane gigabit interfaces can also be used for data communications
across the FortiGate-5000 chassis backplane if combined with a module that
supports backplane fabric switching.
• Two base backplane gigabit interfaces (base1 and base2) for HA heartbeat
and data communications across the FortiGate-5000 chassis backplane and
for FortiGate-5005-DIST security system data communication.
• RJ-45 RS-232 serial console connection.
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201 5
Page 6
Front panel LEDs and connectors FortiGate-5005FA2 security system
• 2 USB connectors.
• Mounting hardware.
• LED status indicators.
The FortiGate-5005FA2 module comes supplied with fiber and copper SFP
transceivers. You can order the SFP transceivers in any combination. Before you
can connect any FortiGate-5005FA2 front panel interfaces, you must insert the
SFP transceivers into the FortiGate-5005FA2 front panel cage slots.
Front panel LEDs and connectors
From the FortiGate-5005FA2 font panel you can view the status of the front panel
LEDs to verify that the module is functioning normally. You also connect the
FortiGate-5005FA2 module to your network through the front panel ethernet
connectors. The front panel also includes the RJ-45 console po rt for connecting to
the FortiOS CLI and two USB ports. The USB ports can be used with a Fortinet
USB key. For information about using the FortiUSB key, see the FortiGate-5000
Series Firmware and FortiUSB Guide.
LEDs
Table 1 lists and describes the FortiGate-50 05 FA2 module LEDs.
Table 1: FortiGate-5005FA2 module LEDs
LED State Description
Fabric ACT 2 Amber Network activity at backplane fabric interface 2.
LINK 2 Green Backplane fabric interface 2 is connected at 1000 Mbps.
ACT 1 Amber Network activity at backplane fabric interface 1.
LINK 1 Green Backplane fabric interface 1 is connected at 1000 Mbps.
Base ACT 2 Amber Network activity at backplane base interface 2 (backplane2).
LINK 2 Green Backplane base interface 2 (backplane2) is connected at
ACT 1 Amber Network activity at backplane base interface 1 (backplane1).
LINK 1 Green Backplane base interface 1 (backplane1) is connected at
OOS
(Out of
Service)
ACC Off or
STATUS Amber The FortiGate-5005FA2 module is powered on.
Off Normal operation.
Red A fault condition exists and the FortiGate-5005FA2 blade is
Flashing
green
1000 Mbps.
1000 Mbps.
out of service (OOS). This LED may also flash very briefly
during normal startup.
The ACC LED flashes green when the FortiGate-5005FA2
module accesses the FortiOS flash disk. The FortiOS flash
disk stores the current FortiOS firmware build and
configuration files. The system accesses the flash disk when
starting up, during a firmware upgrade, or when an
administrator is using the CLI or GUI to change the FortiOS
configuration. Under normal operating conditions this LED
flashes occasionally, but is mostly off.
FortiGate-5005FA2 Security System Guide
6 01-30000-0377-20070201
Page 7
FortiGate-5005FA2 security system Accelerated packet forwarding and policy enforcement
Table 1: FortiGate-5005FA2 module LEDs (Continued)
LED State Description
IPM Blue The FortiGate-5005FA2 is ready to be hot-swapped
Flashing
Blue
Off Normal operation. The FortiGate-5005FA2 module is in
1, 2, 3, 4,
5, 6, 7, 8
Green The correct cable is connected to the gigabit SFP interface.
Flashing Netwo r k activity at the gigabit SFP interface.
(removed from the chassis). If the IPM light is blue and no
other LEDs are lit the FortiGate-5005FA2 module has lost
power. See “Installing FortiGate-5005FA2 modules” on
page 10 for more information.
The FortiGate-5005FA2 is changing from hot swap to running
mode or from running mode to hot swap.
contact with the chassis backplane.
Connectors
Table 2 lists and describes the FortiGate-5005FA2 connectors.
Table 2: FortiGate-5005FA2 connectors
Connector Type Speed Protocol Description
1, 2, 3,
4, 5, 6
7, 8 LC SFP 1000Base-SX Ethernet Two accelerated gigabit SFP interfaces
CONSOLE RJ-45 9600 bps RS-232
USB USB FortiUSB key firmware updates and
LC SFP 1000Base-SX Ethernet Six gigabit SFP interfaces that can
serial
accept fiber or copper gigabit
transceivers. These interfaces only
operate at 1000Mbps. See “Installing
SFP transceivers” on page 9 for more
information.
that can accept fiber or copper gigabit
transceivers. These interfaces only
operate at 1000Mbps. The accelerated
interface connectors are inverted
compared to connectors 1 to 6. See
“Installing SFP transceivers” on page 9
for more information.
Serial connection to the command line
interface.
configuration backup.
Accelerated packet forwarding and policy enforcement
FortiGate-5005F A2 Accelerated packet forwar ding and policy enforcement result s
in accelerated small packet performance required for voice, video, and other
multimedia streaming applications. The following traffic scenarios are
recommended for the accelerated interfaces:
• Small packet applications, such as voice over IP (VoIP).
The FortiGate-5005FA2 accelerated interfaces provide wire speed
performance for small packet applications.
• Latency sensitive applications, such as multimedia.
The FortiGate-5005FA2 accelerated interfaces add much less latency than
normal (non-accelerated) interfaces.
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201 7
Page 8
Base backplane gigabit communication FortiGate-5005FA2 security system
• Session Oriented Traffic with long session lifetime, such as FTP sessions.
Packet size does not affect performance for traffic with long session lifetime.
For long sessions, processing that would otherwise be handled by the
FortiGate-5005FA2 CPUs is off-loaded to the acceleration module.
• Firewall and intrusion protection (IPS), when there is a reasonable percentage
of P2P packets.
• Firewall, intrusion protection (IPS), and antivirus, when there is a reasonable
percentage of P2P packets.
• Firewall and IPSec VPN applications.
The following traffic scenarios should be handled by the no rma l (or no n accelerated) FortiGate-5005FA2 interfaces:
• Session oriented traffic when the session lifetime is very short.
• Firewall and antivirus only applications.
Traffic wil l not be off-loaded to th e FortiGate-5005FA2 accelerator module. The
result will be high CPU usage because of the high CPU requirement for
antivirus scanning.
FA2 interfaces and active-active HA performance
FortiOS v3.0 MR4 firmware can also use FA2 acceleration to improve
active-active HA load balancing performance. See the FortiGate HA Overview or
the FortiGate HA Guide for more information.
Base backplane gigabit communication
The FortiGate-5005FA2 base1 and base2 backplane gigabit interfaces can be
used for HA heartbeat communication between FortiGate-5005FA2 modules
installed in the same or in different FortiGate-5000 chassis. You can also
configure FortiGate-5005FA2 modules to use the base backplane inte r fa ces for
data communication between FortiGate modules. To support base backplane
communications your FortiGate-5140 or FortiGate-5050 chassis m ust include one
or more FortiSwitch-5003 modules. FortiSwitch-5003 modules are installed in
chassis slots 1 and 2. The FortiGate-5020 chassis supports base backplane
communication with no additions or changes to the chassis.
For information about base backplane communication in FortiGate-5140 and
FortiGate-5050 chassis, see the FortiGate-5000 Base Backplane Communication
Guide. For information about the FortiSwitch-5003 module, see the
FortiSwitch-5003 Guide.
FortiGate-5005-DIST security system
You can install FortiGate-5005FA2 modules as worker modules in a
FortiGate-5005-DIST security system. Worker modules apply FortiGate security
system functionality such as applying firewall policies, virus scanning, IPS and
routing to distributed traffic.
For complete information about the FortiGate-5005-DIST security system and the
role of worker modules, see the FortiGate-5005- DIST Security System
Administration Guide.
FortiGate-5005FA2 Security System Guide
8 01-30000-0377-20070201
Page 9
Hardware installation Installing SFP transceivers
Hardware installation
Before use, the FortiGate-5005FA2 module must be correctly inserted into a
FortiGate-5140, FortiGate-50 50 , or FortiG ate-5020 chassis.
SFP transceivers must also be installed before the FortiGate-5005FA2 module
can be connected to network devices.
This section describes:
• Installing SFP transceivers
• Installing FortiGate-5005FA2 modules
• Removing a FortiGate-5005FA2 module
• Troubleshooting
Installing SFP transceivers
The FortiGate-5005FA2 module ships with eight SFP transceivers that you must
install for normal operation of the FortiGate-5005FA2 module. The SFP
transceivers are inserted into cage sockets numbered 1 to 8 on the
FortiGate-5005FA2 front panel. You can install the SFP transceivers before or
after inserting the FortiGate-5005FA2 module into a FortiGate chassis.
Note: Cage slots 7 and 8 are rotated 180 degrees. Install the SFP transceivers in slots 7
and 8 inverted compared to the orientation of the transceivers in slots 1 to 6.
You can install the following types of SFP transceivers for connectors 1 to 8:
• SFP fiber transceivers
• SFP 1000Base-LX, SM module
• SFP 1000Base-SX, MM module (multimode)
• SFP copper transceivers
• SFP 1000Base-T, SERDES version only (SGMII version not supported)
To install SFP transceivers
To complete this procedure, you need:
• A FortiGate-5005FA2 module
• Eight SFP transceivers
• An electrostatic discharge (ESD) preventive wrist or ankle strap with
connection cord
Caution: FortiGate-5005FA2 modules must be protected from static discharge and
physical shock. Only handle or work with FortiGate-5005FA2 modules at a static-free
!
workstation. Always wear a grounded electrostatic discharge (ESD) preventive wrist or
ankle strap when handling FortiGate-5005FA2 modules.
1 Attach the ESD wrist or ankle strap to your wrist or ankle and to an ESD socket or
to a bare metal surface on the chassis or frame.
2 Remove the caps from SFP cage sockets on the FortiGate-5005FA2 front panel.
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201 9
Page 10
Installing FortiGate-5005FA2 modules Hardware installation
Caution: Handling the SFP transceivers by holding the release latch can damage the
connector. Do not force the SFP transceivers into the cage slots. If the transceiver does not
!
easily slide in and click into place, it may not be aligned correctly. If this happens, remove
the SFP transceiver, realign it and slide it in again.
3 For cage slots 1 to 6, hold the sides of the SFP transceiver and slide SFP
transceiver into the cage socket until it clicks into place.
4 For cage slots 7 and 8, turn each SFP transceiver over before sliding it into the
cage slot until it locks into place.
Installing FortiGate-5005FA2 modules
The FortiGate-5005FA2 module must be fully installed in a chassis slot, with
extraction levers closed and locked, and mounting knots fully tightened for the
FortiGate-5005FA2 module to receive power and operate normally. If the
FortiGate-5005FA2 module is not receiving power, the IPM LED glows solid blue
and all other LEDs remain off.
It is important to carefully seat the FortiGate-5005FA2 module all the way into the
chassis, to not use too much force on the extraction levers, and to make sure that
the extraction levers are properly locked. Only then will the FortiGate-5005FA2
module power-on and start up correctly.
Figure 2: FortiGate-5005FA2 module mounting components
Closed
Alignment Pin
Alignment Pin
Mounting
Knot
Extraction
Lever
Lock
Mounting
Knot
Extraction
Lever
Lock
Open
Alignment Pin
Alignment Pin
Extraction
Mounting
Knot
Extraction
Lever
Lock
Mounting
Knot
Lever
Lock
You can install SFP transceivers into the FortiGate-5005FA2 front cage slots
either before or after installing the module into a chassis. See “Installing SFP
transceivers” on page 9.
FortiGate-5005FA2 Security System Guide
10 01-30000-0377-20070201
Page 11
Hardware installation Installing FortiGate-5005FA2 modules
Insertion procedure
FortiGate-5005FA2 modules are hot swappable. The procedure for inserting
the FortiGate-5005FA2 module into a FortiGate-5000 series chassis slot is the
same whether or not the FortiGate-5000 series chassis is powered on or not.
To insert a FortiGate-5005FA2 module into a FortiGate-5000 series chassis
Caution: Do not carry the FortiGate-5005FA2 module by holding the extraction levers.
When inserting or removing the FortiGate-5005FA2 module from a chassis slot, handle the
!
module by the front panel. The extraction levers are designed for positioning and locking
the FortiGate-5005FA2 module into a slot in a chassis only and should not be used for
handling the module. If the extraction levers become bent or damaged the
FortiGate-5005FA2 module may not align correctly in the chassis slot.
To complete this procedure, you need:
• A FortiGate-5005FA2 module
• A FortiGate-5000 series chassis with an empty slot
• An electrostatic discharge (ESD) preventive wrist or ankle strap with
connection cord
Caution: FortiGate-5005FA2 modules must be protected from static discharge and
physical shock. Only handle or work with FortiGate-5005FA2 modules at a static-free
!
workstation. Always wear a grounded electrostatic discharge (ESD) preventive wrist or
ankle strap when handling FortiGate-5005FA2 modules.
1 Attach the ESD wrist or ankle strap to your wrist or ankle and to an ESD socket or
to a bare metal surface on the chassis or frame.
2 Unlock the left and right extraction levers by squeezing the extraction lever locks.
Extraction
Lever
Unlock
3 Open the left and right extraction levers to their fully open positions.
Alignment Pin
Alignment Pin
4 Insert the FortiGate-5005FA2 module into the empty slot in the chassis.
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201 11
Extraction
Lever
Lock
Open
Extraction
Lever
Page 12
Installing FortiGate-5005FA2 modules Hardware installation
A
5 Carefully guide the module into the chassis using the rails in the slot.
Insert the module by applying moderate force to the front faceplate (not the
extraction levers) to slide the module into the slot. The module should glide
smoothly into the chassis. If you encounter any resistance while sliding the
module in, the module could be aligned incorrectly. Pull the module back out and
try inserting it again.
6 Slide the module in until the alignment pins are inserted half way into their sockets
in the chassis.
7 Turn both extraction levers to their fully-closed positions.
The extraction levers should hook into the sides of the chassis slot. Closing the
extraction levers draws the FortiGate-5005FA2 module into place in the chassis
slot and into full contact with the chassis backplane. The FortiGate-5005FA2 front
panel should be in contact with the chassis front panel. When the extraction levers
are fully-closed they lock into place.
lignment Pin
Alignment Pin
Close
Extraction
Lever
Extraction
Lever
Fully Closed
and Locked
If the chassis is powered on, as the module slides into place the IPM LED starts
flashing blue. If the module is aligned correctly, inserted all the way into the slot,
and the extraction levers are properly locked the IPM LED flashes blue for a few
seconds. At the same time the STATUS LED turn s am be r, the interface LEDs
flash amber, a nd the ACC LED starts flashing green. After a few seconds the IPM
LED goes out and the FortiGate-5005FA2 firmware starts up. If the module is
operating correctly, the front panel LEDs are lit as described in Table 3.
Table 3: FortiGate-5005FA2 normal operating LEDs
LED State
OOS Of f
ACC Off (Or flashing green when the system accesses the
STATUS Amber
IPM Off
FortiGate-5005FA2 flash disk.)
If the module has not been inserted properly the IPM LED changes to solid blue
and all other LEDS turn off. If this occurs, squeeze a nd open the extra ction levers,
slide the module part way out, and repeat the insertion process.
FortiGate-5005FA2 Security System Guide
12 01-30000-0377-20070201
Page 13
Hardware installation Removing a FortiGate-5005FA2 module
8 Fully tighten the left and right mounting knots to lock the FortiGate-5 005FA2
module into position in the chassis slot.
Mounting
Knot
Tighten
Removing a FortiGate-5005FA2 module
The following procedure describes how to correctly use the FortiGate-5005FA2
mounting components shown in Figure 2 to remove a FortiGate-5005FA2 module
from a FortiGate-5000 series chassis slot.
To remove a FortiGate-5005FA2 module from a FortiGate-5000 series
chassis
FortiGate-5005FA2 modules are hot swappable. The procedure for removing the
FortiGate-5005F A2 module fro m a FortiGate-500 0 series chassis slot is th e same
whether or not the FortiGate-5000 series chassis is powered on or not.
Caution: Do not carry the FortiGate-5005FA2 module by holding the extraction levers.
When inserting or removing the FortiGate-5005FA2 module from a chassis slot, handle the
!
module by the front panel. The extraction levers are designed for positioning and locking
the FortiGate-5005FA2 module into a slot in a chassis only and should not be used for
handling the module. If the extraction levers become bent or damaged the
FortiGate-5005FA2 module may not align correctly in the chassis slot.
To complete this procedure, you need:
• A FortiGate-5000 series chassis with a FortiGate-5005FA2 module installed
• An electrostatic discharge (ESD) preventive wrist or ankle strap with
connection cord
Caution: FortiGate-5005FA2 modules must be protected from static discharge and
physical shock. Only handle or work with FortiGate-5005FA2 modules at a static-free
!
workstation. Always wear a grounded electrostatic discharge (ESD) preventive wrist or
ankle strap when handling FortiGate-5005FA2 modules.
1 Attach the ESD wrist or ankle strap to your wrist or ankle and to an ESD socket or
to a bare metal surface on the chassis or frame.
2 Disconnect all cables from the FortiGate-5005FA2 module, including all network
cables, the console cable, and any USB cables or keys.
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201 13
Page 14
Removing a FortiGate-5005FA2 module Hardware installation
A
A
3 Fully loosen the mounting knots on the left and right sides of the
FortiGate-5005FA2 front panel.
Mounting
Knot
Loosen
4 Unlock the left and right extraction levers by squeezing the extraction lever locks.
5 Open the left and right extraction levers to their fully open positions.
Opening the extraction levers slides the module a short distance out of the slot,
disconnecting the module from the chassis backplane.
The IPM LED turns solid blue. All other LEDs turn off.
Alignment Pin
lignment Pin
Extraction
Extraction
Lever
Open
Lock
Lever
6 Pull the module about half way out.
All LEDs turn off.
7 Turn both extraction levers to their fully-closed positions.
When the extraction levers are fully-closed they lock into place.
lignment Pin
Alignment Pin
Close
Extraction
Lever
Extraction
Lever
8 Carefully slide the module completely out of the slot.
Fully Closed
and Locked
FortiGate-5005FA2 Security System Guide
14 01-30000-0377-20070201
Page 15
Hardware installation Troubleshooting
Troubleshooting
This section describes the following troubleshooting topics:
• FortiGate-5005FA2 does not start up
FortiGate-5005FA2 does not start up
Positioning of FortiGate-5005FA2 extraction levers may all prevent a
FortiGate-5005F A2 module for st arting up correctly. This section describes how to
fix this problem.
All chassis: extraction levers not fully closed
If the extractions lever are damaged or positi on e d incorr e ctly th e
FortiGate-5005FA2 module will not start up. Make sure the extraction levers are
correctly aligned, fully inserted and locked.
All chassis: Firmware problem
If the FortiGate-5005FA2 module is receiving power and the extraction levers are
fully closed and the FortiGate-5005FA2 still does not start up, the problem could
be with FortiOS. Connect to the FortiGate-5005FA2 console and try cycling the
power to the module. If the BIOS start s up, inte rrupt the BIOS st artup and install a
new firmware image. For details about installing a new firmware image in this way,
see the FortiGate-5000 Series Firmware and FortiUSB Guide.
If this does not solve the problem, contact Fortinet Technical Support.
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201 15
Page 16
T roubleshooting Hardware installation
FortiGate-5005FA2 Security System Guide
16 01-30000-0377-20070201
Page 17
Quick Configuration Guide Registering your Fortinet product
Quick Configuration Guide
This section is a quick start guide to connecting and configuring a
FortiGate-5005FA2 security system for your network.
Before using this chapter, your FortiGate-5000 series chassis should be mounted
and connected to your power system. In addition, your FortiGate-5005FA2
modules should have SFP transceivers installed, jumper s set (if required), and the
module should be inserted into your FortiGate-5000 series chassis. The modules
should also be powered up and the front panel LEDs should indicate that the
modules are functioning normally.
This chapter includes the following topics:
• Registering your Fortinet product
• Planning the configuration
• Choosing the configuration tool
• Factory default settings
• Configuring NAT/Route mode
• Configuring Transparent mode
• Upgrading FortiGate-5005FA2 firmware
• FortiGate-5005FA2 base backplane data communication
• Powering off the FortiGate-5005FA2 module
Registering your Fortinet product
Register your Fortinet product to receive Fortinet customer services such as
product updates and technical support. You must also register your product for
FortiGuard services such as FortiGuard Antivirus and Intrusion Prevention
updates and for FortiGuard Web Filtering and AntiSpam.
Register your product by visiting http://support.fortinet.com and selecting Product
Registration.
To register, enter your contact information and the serial numbers of the Fortinet
products that you or your organization have purchased. You can register multiple
Fortinet products in a single session without re-entering your contact information.
Planning the configuration
Before beginning to configure your FortiGate-5005FA2 security system, you need
to plan how to integrate the system into your network. Your configuration plan
depends on the operating mode that you select: NAT/Route mode (the default) or
Transparent mode.
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201 17
Page 18
Planning the configuration Quick Configuration Guide
NAT/Route mode
In NAT/Route mode, the FortiGate-5005FA2 security system is visible to the
networks that it is connected to. Each interface connected to a network must be
configured with an IP address that is valid for that network. In many
configurations, in NAT/Route mode all of the FortiGate interfaces are on different
networks, and each network is on a separate subnet.
You would typically use NAT/Route mode when the FortiGate-5005FA2 security
system is deployed as a gateway between private and public networks. In the
default NAT/Route mode configuration, the FortiGate-5005FA2 security system
functions as a firewall. Firewall policies control communications through the
FortiGate-5005FA2 security system. No traffic can pass through the
FortiGate-5005FA2 security system until you add firewall policies.
In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode.
In NAT mode, the FortiGate firewall performs network address translation before
IP packets are sent to the destination network. In Route mode, no translation
takes place.
Figure 3: Example FortiGate-5005FA2 module operating in NAT/Route mode
controlling traffic between
internal and external
Transparent mode
In Transparent mode, the FortiGate-5005FA2 security system is invisible to the
network. All of the FortiGate-5005FA2 interfaces are connected to different
segments of the same network. In T ransparent mode you only have to configure a
management IP address so that you can connect to the FortiGate-5005FA2
security system to make configuration changes and so the FortiGate-5005FA2
security system can connect to external services such as the FortiGuard
Distribution Network (FDN).
NAT mode policies
networks.
Internal
network
Internet
port2
FortiGate-5005FA2 module
in NAT/Route mode
ACT
LINK
BASE
ACT
FABRIC
LINK
CONSOLE
204.23.1.2
USB USB
OOS ACC STATUS
port1
192.168.1.99
Route mode policies
controlling traffic between
Internal networks.
3 412 56
port3
10.10.10.1
78
IPM
NAT mode policies
controlling traffic between
internal and external
networks.
Internal
network
FortiGate-5005FA2 Security System Guide
18 01-30000-0377-20070201
Page 19
Quick Configuration Guide Choosing the configuration tool
Figure 4: Example FortiGate-5005FA2 module operating in Transparent mode
Internet
Transparent mode policies
controlling traffic between
internal and external
networks.
Internal
network
204.23.1.2
192.168.1.1
ACT
LINK
ACT
LINK
port2
USB USB
BASE
FABRIC
CONSOLE
OOS ACC STATUS
port1
Transparent mode policies
controlling traffic between
internal network segments.
Gateway to
public
network
FortiGate-5005FA2 module
in Transparent mode
3 412 56
port3
192.168.1.99
Management IP
78
IPM
Internal
network
Transparent mode policies
controlling traffic between
internal and external
networks.
You would typically deploy a FortiGate-5005FA2 security system in Transparent
mode on a private network behind an existing firewall or behind a router. In the
default Transparent mode configuration, the FortiGate-5005FA2 security system
functions as a firewall. No traffic can pass through the FortiGate-5005 F A2 secu rity
system until you add firewall policies.
Choosing the configuration tool
You can use either the web-based manager or the Comm and Lin e In te rface (CLI)
to configure the FortiGate module.
Web-based manager
The FortiGate-5005FA2 web-based manager is an easy to use management tool.
Use the web-based manager to configure the FortiGate-5005FA2 administrator
password, the interface addresses, the default gateway, and the DNS server
addresses.
Requirements:
• An Ethernet connection between the FortiGate-5005FA2 module and
management computer.
• Internet Explorer 6.0 or higher on the management computer.
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201 19
Page 20
Factory default settings Quick Configuration Guide
Command Line Interface (CLI)
The CLI is a full-featured management tool. Use it to configure the administrator
password, the interface addresses, the default gateway, and the DNS server
addresses.
Requirements:
• The serial connector that came packaged with your FortiGate-5005FA2
module.
• Terminal emulation application (for example, HyperTerminal for Windows) on
the management computer.
Factory default settings
The FortiGate-5005FA2 unit ships with a factory default configuration. The default
configuration allows you to connect to and use the FortiGate-5005FA2 web-based
manager to configure the FortiGate-5005FA2 module onto the network. To
configure the FortiGate-5005FA2 module onto the network you add an
administrator password, change the network interface IP addresses, add DNS
server IP addresses, and, if required, configure basic routing.
Table 4: FortiGate-5005FA2 factory default settings
Operation Mode NAT/Route
Administrator Account User Name: admin
Password: (none)
port1 IP/Netmask 192.168.1.99/24
port2 IP/Netmask 192.168.100.99/24
port3 to port8 IP/Netmask 0.0.0.0/0.0.0.0
Default route Gateway: 192.168.100.1
Device: port2
Primary DNS Server: 65.39.139.53
Secondary DNS Server: 65.39.139.53
Note: At any time during the configuration process, if you run into problems, you can reset
the FortiGate-5005FA2 module to the factory defaults and start over. From the web-based
manager go to System > Status find System Operation at the bottom of the page and
select Reset to Factory Default. From the CLI enter execute factory reset.
FortiGate-5005FA2 Security System Guide
20 01-30000-0377-20070201
Page 21
Quick Configuration Guide Configuring NAT/Route mode
Configuring NAT/Route mode
Use Table 5 to gather the information you need to customize NAT/Route mode
settings for the FortiGate-5005FA2 security system. You can use one table for
each module to configure.
Table 5: FortiGate-5005FA2 module NAT/Route mode settings
Admin Administrator Password:
port1
port2
port3
port4
port5
port6
port7
port8
Default Route
DNS Servers
IP: _____._____._____._____
Netmask: _____._____._____._____
IP: _____._____._____._____
Netmask: _____._____._____._____
IP: _____._____._____._____
Netmask: _____._____._____._____
IP: _____._____._____._____
Netmask: _____._____._____._____
IP: _____._____._____._____
Netmask: _____._____._____._____
IP: _____._____._____._____
Netmask: _____._____._____._____
IP: _____._____._____._____
Netmask: _____._____._____._____
IP: _____._____._____._____
Netmask: _____._____._____._____
Device (Name of the Interface
connected to the external
network):
Default Gateway IP address: _____._____._____._____
The default route consists of the name of the interface connected
to an external network (usually the Internet) and the defaul t
gateway IP address. The default route directs all non-local traffic to
this interface and to the external network.
Primary DNS Server: _____._____._____._____
Secondary DNS Server: _____._____._____._____
Using the web-based manager to configure NAT/Route mode
1 Connect port1 of the FortiGate-5005FA2 module to the same hub or switch as the
computer you will use to configure the FortiGate module.
Note: If you cannot connect to port1, see “Using the CLI to configure NAT/Route mode” on
page 22.
2 Configure the management computer to be on the same subnet as the port1
interface of the FortiGate-5005FA2 module. To do this, change the IP address of
the management computer to 192.168.1.2 and the netmask to 255.255 .255.0.
3 To access the FortiGate web-based manager, start Internet Explorer and browse
to https://192.168.1.99 (remember to include the “s” in https://).
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201 21
Page 22
Configuring NAT/Route mode Quick Configuration Guide
4 Type admin in the Name field and select Login.
To change the admin administrator password
1 Go to System > Admin > Administrators.
2 Select Change Password for the admin administrator and enter a new password.
To configure interfaces
1 Go to System > Network > Interface.
2 Select the edit icon for each interface to configure.
3 Set the addressing mode for the interface. (See the online help for information.)
• For manual addressing, enter the IP address and netmask for the interface that
you added to Table 5 on page 21.
• For DHCP addressing, select DHCP and any required settings.
• For PPPoE addressing, select PPPoE and enter the username and password
and any other required settings.
To configure the Primary and Secondary DNS server IP addresses
1 Go to System > Network > Options.
2 Enter the Primary and Secondary DNS IP addresses that you added to Table 5 on
page 21 as required and select Apply.
To configure the Default Gateway
1 Go to Router > Static and select Edit icon for the static route.
2 Select the Device that you recorded above.
3 Set Gateway to the Default Gateway IP address that you added to Table 5 on
page 21.
4 Select OK.
Using the CLI to configure NAT/Route mode
1 Use the serial cable supplied with your FortiGate-5005F A2 mo dule to connect the
FortiGate Console port to the management computer serial port.
2 Start a terminal emulation program (HyperTerminal) on the management
computer. Use these settings:
Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and Flow Control
None.
3 At the Login: prompt, type admin and press Enter twice (no password required) .
4 Change the administrator password.
config system admin
edit admin
set password <password>
end
FortiGate-5005FA2 Security System Guide
22 01-30000-0377-20070201
Page 23
Quick Configuration Guide Configuring Transparent mode
5 Configure the port1 internal interface to the setting that you added to Table 5 on
page 21.
config system interface
edit port1
set ip <intf_ip>/<netmask_ip>
end
6 Repeat to configure each interface as required, for example, to configure the port2
interface to the setting that you added to Table 5 on page 21.
config system interface
edit port2
...
7 Configure the primary and secondary DNS server IP addresses to the settings
that you added to Table 5 on page 21.
config system dns
set primary <dns-server_ip>
set secondary <dns-server_ip>
end
8 Configure the default gateway to the setting that you added to Table 5 on page 21.
config router static
edit 1
set device <interface_name>
set gateway <gateway_ip>
end
Configuring Transparent mode
Use Table 6 to gather the information you need to customize Transparent mode
settings.
Table 6: Transparent mode settings
Admin Administrator Password:
IP: _____._____._____._____
Management IP
Default Route
DNS Servers
Using the web-based manager to configure Transparent mode
1 Connect port1 of the FortiGate-5005FA2 module to the same hub or switch as the
computer you will use to configure the FortiGate module.
Note: If you cannot connect to port1, see “Using the CLI to configure Transparent mode” on
page 24.
Netmask: _____._____._____._____
The management IP address and netmask must be valid for the
network where you will manage the FortiGate-5005FA2 unit.
Default Gateway IP address: _____._____._____._____
In Transparent mode the default route requires the default gateway IP
address. The default route directs all non-local traffic to the external
network.
Primary DNS Server: _____._____._____._____
Secondary DNS Server: _____._____._____._____
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201 23
Page 24
Configuring Transparent mode Quick Configuration Guide
2 Configure the management computer to be on the same subnet as the port1
interface of the FortiGate-5005FA2 module. To do this, change the IP address of
the management computer to 192.168.1.2 and the netmask to 255.255.255.0.
3 To access the FortiGate web-based manager, start Internet Explorer and browse
to https://192.168.1.99 (remember to include the “s” in https://).
4 Type admin in the Name field and select Login.
To switch from NAT/Route mode to transparent mode
1 Go to System > Status and select the Change link beside Operation Mode: NAT.
2 Set Operation Mode to Transparent.
3 Set the Management IP/Netmask to the settings that you added to Table 6 on
page 23.
4 Set the default Gateway to the setting that you added to Table 6 on page 23.
To change the admin administrator password
1 Go to System > Admin > Administrators.
2 Select Change Password for the admin administrator and enter the password that
you added to Table 6 on page 23.
To change the management interface
1 Go to System > Config > Operation.
2 Enter the Management IP address and netmask hat you added to Table 6 on
page 23 and select Apply.
To configure the Primary and Secondary DNS server IP addresses
1 Go to System > Network > Options.
2 Enter the Primary and Secondary DNS IP addresses that you added to Table 6 on
page 23 as required and select Apply.
Using the CLI to configure Transparent mode
1 Use the serial cable supplied with your FortiGate-5005F A2 mo dule to connect the
FortiGate Console port to the management computer serial port.
2 Start a terminal emulation program (HyperTerminal) on the management
computer. Use these settings:
Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and Flow Control
None.
3 At the Login: prompt, type admin and press Enter twice (no password required) .
4 Change from NAT/Route m ode to Transparent mode. Configure the Manageme nt
IP address and default gateway to the settings that you added to Table 6 on
page 23.
config system settings
set opmode transparent
set manageip <mng_ip>/<netmask>
set gateway <gateway_ip>
end
FortiGate-5005FA2 Security System Guide
24 01-30000-0377-20070201
Page 25
Quick Configuration Guide Upgrading FortiGate-5005FA2 firmware
5 Configure the primary and secondary DNS server IP addresses to the settings
that you added to Table 6 on page 23.
config system dns
set primary <dns-server_ip>
set secondary <dns-server_ip>
end
Upgrading FortiGate-5005FA2 firmware
Fortinet periodically updates the FortiGate-5005FA2 FortiOS firmware to include
enhancements and address issues. After you have registered your
FortiGate-5005FA2 security system (see “Registering your Fortinet product” on
page 17) you can download FortiGate-5005FA2 firmware from the support web
site http://support.fortinet.com.
Only FortiGate-5005FA2 administrators (whose access profiles contain system
read and write privileges) and the FortiGate-5005FA2 admin user can change the
FortiGate-5005FA2 firmware.
For complete details about upgrading and downgrading FortiGate-5005FA2
firmware using the web-based manager or CLI; and using the FortiUSB key, see
the FortiGate-5000 Series Firmware and FortiUSB Guide.
To upgrade the firmware using the web-based manager
1 Copy the firmware image file to your management computer.
2 Log into the web-based manager as the admin administrator.
3 Go to System > Status.
4 Under System Information > Firmware Version, select Update.
5 Type the path and filename of the firmware image file, or select Browse and locate
the file.
6 Select OK.
The FortiGate-5005FA2 module uploads the firmware image file, upgrades to the
new firmware version, restarts, and displays the FortiGate login. This process
takes a few minutes.
7 Log into the web-based manager.
8 Go to System > Status and check the Firmware Version to confirm the firmware
upgrade is successfully installed.
9 Update the FortiGate-5005F A2 antivirus and attack definitions. See the
FortiGate-5005FA2 online help for details.
To upgrade the firmware using the CLI
To use the following procedure, you must have a TFTP server the
FortiGate-5005FA2 module can connect to.
1 Make sure the TFTP server is running.
2 Copy the new firmware image file to the root directory of the TFTP server.
3 Log into the CLI.
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201 25
Page 26
FortiGate-5005FA2 base backplane data communication Quick Configuration Guide
4 Make sure the FortiGate module can connect to the TFTP server.
You can use the following command to ping the computer running the TFTP
server. For example, if the IP address of the TFTP server is 192.168.1.168:
execute ping 192.168.1.168
5 Enter the following command to copy the firmware image from the TFTP server to
the FortiGate-5005FA2 module:
execute restore image <name_str> <tftp_ipv4>
Where <name_str> is the name of the firmware image file and <tftp_ipv4> is
the IP address of the TFTP server . For examp le, if the firmware image file nam e is
image.out and the IP address of the TFTP server is 192.168.1.168, enter:
execute restore image image.out 192.168.1.168
The FortiGate-5005FA2 module responds with the message:
This operation will replace the current firmware version!
Do you want to continue? (y/n)
6 Type y.
The FortiGate-5005FA2 module uploads the firmware image file, upgrades to the
new firmware version, and restarts. This process takes a few minutes.
7 Reconnect to the CLI.
8 To confirm the firmware image is successfully installed, enter:
get system status
9 Update antivirus and attack definitions. You can use the command
execute update-now
FortiGate-5005FA2 base backplane data communication
Y ou can configure the FortiGate-5005FA2 modules for data communications using
the two FortiGate-5140, FortiGate-5050, or FortiGate-5020 chassis base
backplane interfaces.
Note: Different FortiGate-5000 series modules may use different names for the base
backplane interfaces. For example, on the FortiGate-5001SX and FortiGate-5001FA2
modules the base backplane interfaces are called port9 and port10. On the
FortiGate-5005FA2 module the base backplane interfaces are called base1 and base2.
By default the base backplane interfaces ar e not enabled for dat a communication.
Using the information in this section, you can configure the FortiGate-5005FA2 to
use the base backplane interfaces for data communication. Once the base
backplane interfaces are configured for data communication you can op er ate an d
configure them in the same way as any FortiGate-5005FA2 interface.
Note: VLAN communication over the backplane is only available for FortiGate-5005FA2
modules installed in a FortiGate-5020 chassis. The FortiSwitch-5003 does not support
VLAN-tagged packets so VLAN communication is not available over the FortiGate-5050
and FortiGate-5140 chassis backplanes.
Although not recommended, you can use base backplane interfaces for data
communication and HA heartbeat communication at the same time.
FortiGate-5005FA2 Security System Guide
26 01-30000-0377-20070201
Page 27
Quick Configuration Guide FortiGate-5005FA2 base backplane data communication
In a FortiGate-5140 or FortiGate-5050 chassis, FortiGate-5005FA2 base
backplane communication requires one or two FortiSwitch-5003 modules.
A FortiSwitch-5003 module installed in chassis slot 1 provides communication on
the base1 interface. A FortiSwitch-5003 module installed in chassis slot 2
provides communication on the base2 interface. The FortiGate-5020 chassis
supports base backplane data communication for both interfaces with no
additions or changes to the chassis.
For details and configuration examples of FortiGate-5005FA2 base backplane
communication using the FortiSwitch-5003 module, see the FortiGate-5000 Base
Backplane Communication Guide.
To enable base backplane data communication from the FortiGate-5005FA2
web-based manager
From the FortiGate-5005FA2 web-based manager use the following steps to
enable base backplane data communication.
1 Go to System > Network > Interface.
2 Select Show backplane interfaces.
The base1, base2, fabric1, and fabric2 backplane interfaces now appear in the
Interface list.
Figure 5: FortiGate-5005FA2 interface list with backplane interfaces enabled
To enable base backplane data communication from the FortiGate-5005FA2
CLI
From the FortiGate-5005FA2 module CLI you can use the following steps to
enable base backplane data communication.
1 Enter the following command to show the backplane interfaces:
config system global
set show-backplane-intf enable
end
The base1, base2, fabric1, and fabric2 backplane interfaces now appear in all
Interface lists.
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201 27
Page 28
Powering off the FortiGate-5005FA2 module Quick Configuration Guide
Powering off the FortiGate-5005FA2 module
To avoid potential hardware problems, always shut down the FortiGate-5005FA2
operating system properly before removing the FortiGate-5005FA2 module from a
chassis slot or before powering down the chassis.
To power off a FortiGate-5005FA2 module
1 Shut down the FortiGate-5005FA2 operating system:
• From the web-based manager, go to System > Status > System Operation,
select Shutdown and then select Go.
• From the CLI enter execute shutdown
2 Remove the FortiGate- 50 05 FA2 module from the chassis slot.
Note: Once a shutdown operation is completed, the only way to restart the
FortiGate-5005FA2 module is to remove and reinsert it.
FortiGate-5005FA2 Security System Guide
28 01-30000-0377-20070201
Page 29
For more information Fortinet documentation
For more information
Support for your Fortinet product is availab le as onlin e he lp fr om within the
web-based manager, from the Tools and Documentation CD included with the
product, on the Fortinet Technical Documentation web site, from the Fortinet
Knowledge Center web site, as well as from Fortinet Technical Support.
Fortinet documentation
The most up-to-date publications and previous releases of Fortinet product
documentation are available from the Fortinet Technical Documentation web site
at http://docs.forticare.com. FortiGate-5000 series documentation is located in its
own section of the site at http://docs.forticare.com/fgt5k.html.
Fortinet Tools and Documentation CD
All Fortinet documentation is available from th e Fortinet Tools and Documentation
CD shipped with your Fortinet product. The documents on this CD are current for
your product at shipping time. For the latest versions of all Fortinet documentation
see the Fortinet Technical Documentation web site at http://docs.forticare.com.
Fortinet Knowledge Center
Additional Fortinet technical documentation is available from the Fortinet
Knowledge Center. The knowledge center contains troubleshooting and how-to
articles, FAQs, technical notes, and more. Visit the Fortinet Knowledge Center at
http://kc.forticare.com.
Comments on Fortinet technical documentation
Please send information about any errors or omissions in this document, or any
Fortinet technical documentation, to techdoc@fortinet.com.
Customer service and technical support
Fortinet Technical Support provides services designed to make sure that your
Fortinet systems install quickly, configure easily, and operate reliably in your
network.
Please visit the Fortinet Technical Support web site at http://support.fortinet.com
to learn about the technical support services that Fortinet provides.
Register your Fortinet product
Register your Fortinet product to receive Fortinet customer services such as
product updates and technical support. You must also register your product for
FortiGuard services such as FortiGuard Antivirus and Intrusion Prevention
updates and for FortiGuard Web Filtering and AntiSpam.
Register your product by visiting http://support.fortinet.com and selecting Product
Registration.
To register, enter your contact information and the serial numbers of the Fortinet
products that you or your organization have purchased. You can register multiple
Fortinet products in a single session without re-entering your contact information.
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201 29
Page 30
© Copyright 2007 Fortinet, Inc. All rights reserved. No part of this publication
including text, examples, diagrams or illustrations may be reproduced,
transmitted, or translated in any form or by any means, electronic, mechanical,
manual, optical or otherwise, for any purpose, without prior written permission of
Fortinet, Inc.
Trademarks
Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS,
FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat Management System,
FortiGuard, FortiGuard-Antispam, FortiGuard-Antivirus, FortiGuard-Intrusion,
FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager, Fortinet, FortiOS,
FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP,
and FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other
countries. The names of actual comp anies and products mentio ned herein may be
the trademarks of their respective owners.
Regulatory compliance
FCC Class A Part 15 CSA/CUS
www.fortinet.com
FortiGate-5005FA2 Security System Guide
01-30000-0377-20070201
Loading...