Fortinet FortiGate-5001SX, FortiGate-5001, FortiGate-5001A, FortiGate-5001FA2, FortiGate-5050 Introduction Manual

...

Download

1311975312468101214

5140

FILTER

PSU A

PSU B

FortiGate-5000 Series

Introduction

5140SAP

SERIAL 1 SERIAL 2 ALARM

USB

5000SM

ETH1

ETH0

10/100

link/Act

ETH0 Service

RESET

STATUS

Hot Swap

5000SM

SMC

ETH1

ETH0

CONSOLE

ACC

PWR

CONSOLE

ACC

PWR

CONSOLE

ACC

PWR

ETH

MANAGEMENT

ETH

MANAGEMENT

10/100

ETH0

Service

link/Act

STATUS

10/100

RESET

link/Act

1 2 3 4 5 6 7 8

USB

1 2 3 4 5 6 7 8

USB

1 2 3 4 5 6 7 8

RS232ZRE0ZRE1ZRE2

SYSTEM

CONSOLE

RS232ZRE0ZRE1ZRE2

SYSTEM

CONSOLE

5050SAP

SERIAL

Hot Swap

ALARM

STA IPM

OKCLK

INTEXT

1110

9876543210

FLT

HOT SWAP

RESET

ZRE

LED MODE

FLT

OKCLK

INTEXT

FLT

HOT SWAP

RESET

ZRE

LED MODE

FLT

5000SM

10/100

ETH0

Service

link/Act

ETH1

SERIAL

10/100

ETH0

link/Act

POWER

SMC

STATUS

Hot Swap

RESET

1514

1312

1514

1312

5000SM

ETH1

ETH0

10/100

link/Act

ETH0 Service

RESET

STATUS

Hot Swap

USB

CONSOLE

ACC

PWR

ACT

LINK

BASE

ACT

FABRIC

LINK

CONSOLE

1 2 3 4 5 6 7 8

USB USB

OOS ACC STATUS

3 412 56

STA IPM

IPM

FAN TRAY FAN TRAYFAN TRAY

The most recent versions of this and all FortiGate-5000 series documents are available from the FortiGate-5000 page of the Fortinet Technical Documentation web site (http://docs.forticare.com).

Visit http://support.fortinet.com to register your FortiGate-5000 Series product. By registering you can receive

product updates, technical support, and FortiGuard services.

FortiGate-5000 Series Introduction

01-30000-83466-20090108

FortiGate-5000 Series Introduction

8 January 2009 01-30000-83466-20090108

© Copyright 2009 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.

Trademarks

Fortinet, FortiGate and FortiGuard are registered trademarks and Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat Management System, FortiGuard-Antispam, FortiGuard-Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, and FortiVoIP, are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Contents

Introduction .............................................................................................. 7

Revision history .............................................................................................................. 7

About the FortiGate-5000 series chassis...................................................................... 8

FortiGate-5140 chassis............................................................................................... 8

FortiGate-5050 chassis............................................................................................... 8

FortiGate-5020 chassis............................................................................................... 9

About the FortiGate-5000 series boards....................................................................... 9

FortiGate-5001A security system ............................................................................... 9

FortiGate-RTM-XB2 module ..................................................................................... 10

FortiGate-5005FA2 security system ......................................................................... 10

FortiGate-5001FA2 security system ......................................................................... 10

FortiGate-5001SX security system ........................................................................... 10

FortiSwitch-5003A system ........................................................................................ 10

FortiSwitch-5003 system .......................................................................................... 11

FortiGate-5005-DIST security system ...................................................................... 11

FortiController-5208 system ..................................................................................... 11

Warnings and cautions................................................................................................. 11

About Data Center DC power....................................................................................... 13

Fortinet documentation ................................................................................................ 13

Fortinet Tools and Documentation CD ..................................................................... 13

Fortinet Knowledge Center ....................................................................................... 13

Comments on Fortinet technical documentation ...................................................... 13

Customer service and technical support.................................................................... 13

FortiGate-5140-R chassis ...................................................................... 15

FortiGate-5140 chassis front panel ............................................................................. 16

FortiGate-5140 chassis back panel ............................................................................. 17

Physical description of the FortiGate-5140 chassis .................................................. 18

FortiGate-5140 chassis.......................................................................... 19

FortiGate-5140 chassis front panel ............................................................................. 19

FortiGate-5140 chassis back panel ............................................................................. 20

Physical description of the FortiGate-5140 chassis .................................................. 22

FortiGate-5050-R chassis ...................................................................... 23

FortiGate-5050 front panel ........................................................................................... 24

FortiGate-5050 back panel ........................................................................................... 25

Physical description of the FortiGate-5050 chassis .................................................. 26

FortiGate-5000 Series Introduction 01-30000-83466-20090108 3

http://docs.fortinet.com/ • Feedback

Contents

FortiGate-5050 chassis.......................................................................... 27

FortiGate-5050 front panel ........................................................................................... 28

FortiGate-5050 back panel ........................................................................................... 28

Physical description of the FortiGate-5050 chassis .................................................. 29

FortiGate-5020 chassis.......................................................................... 31

FortiGate-5020 front panel ........................................................................................... 31

FortiGate-5020 back panel ........................................................................................... 32

Physical description of the FortiGate-5020 chassis .................................................. 32

FortiGate-5001A security system ......................................................... 33

Front panel LEDs and connectors............................................................................... 34

LEDs ......................................................................................................................... 35

Connectors ............................................................................................................... 36

Base backplane communication ................................................................................. 36

Fabric backplane communication ............................................................................... 36

FortiGate-RTM-XB2.................................................................................................. 37

AMC modules ................................................................................................................ 37

FortiGate-RTM-XB2 system................................................................... 39

Front panel LED ............................................................................................................ 40

Fabric backplane 10-gigabit communication ............................................................. 40

FortiGate-5005FA2 security system ..................................................... 41

Front panel LEDs and connectors............................................................................... 42

LEDs ......................................................................................................................... 42

Connectors ............................................................................................................... 43

Accelerated packet forwarding and policy enforcement .......................................... 43

FA2 interfaces and active-active HA performance ................................................... 44

Base backplane gigabit communication..................................................................... 44

FortiGate-5005-DIST security system ......................................................................... 44

FortiGate-5001FA2-LENC security system .......................................... 45

Front panel LEDs and connectors............................................................................... 46

LEDs ......................................................................................................................... 46

Connectors ............................................................................................................... 47

Accelerated packet forwarding and policy enforcement .......................................... 47

FA2 interfaces and active-active HA performance ................................................... 48

Base backplane gigabit communication..................................................................... 48

4 01-30000-83466-20090108

FortiGate-5000 Series Introduction

http://docs.fortinet.com/ • Feedback

Contents

FortiGate-5001SX security system ....................................................... 49

Front panel LEDs and connectors............................................................................... 50

LEDs ......................................................................................................................... 50

Connectors ............................................................................................................... 51

Base backplane gigabit interfaces .............................................................................. 51

FortiSwitch-5003A system .................................................................... 53

Front panel LEDs and connectors............................................................................... 54

LEDs ......................................................................................................................... 55

Base channel interfaces ........................................................................................... 56

Fabric channel interfaces.......................................................................................... 57

Front panel connectors ............................................................................................. 58

FortiSwitch-5003A configurations............................................................................... 58

Base and fabric gigabit switching within a chassis ................................................... 58

Fabric 10-gigabit switching within a chassis ............................................................. 59

Layer-2 link aggregation and redundancy configurations ......................................... 60

FortiSwitch-5003 system ....................................................................... 61

Front panel LEDs and connectors............................................................................... 61

LEDs ......................................................................................................................... 62

About the ZRE network activity LEDs....................................................................... 63

Connectors ............................................................................................................... 64

Base backplane communications ............................................................................... 64

The FortiGate-5005-DIST security system ........................................... 67

Basic FortiGate security system configuration ......................................................... 67

FortiController-5208 I/O boards ................................................................................... 68

FortiGate-5005FA2 worker boards .............................................................................. 69

FortiGate-5005-DIST security system chassis ........................................................... 70

FortiGate-5140 chassis............................................................................................. 70

FortiGate-5050 chassis............................................................................................. 71

FortiGate-5005-DIST interface names ......................................................................... 71

FortiController-5208 system ................................................................. 73

Front panel LEDs and connectors............................................................................... 74

LEDs ......................................................................................................................... 74

Connectors ............................................................................................................... 75

Backplane gigabit interfaces ....................................................................................... 76

FortiGate-5000 Series Introduction 01-30000-83466-20090108 5

http://docs.fortinet.com/ • Feedback

Contents

6 01-30000-83466-20090108

FortiGate-5000 Series Introduction

http://docs.fortinet.com/ • Feedback

Introduction Revision history

Introduction

This FortiGate-5000 Series Introduction is a high-level guide to all three FortiGate-5000 series chassis and the boards that you can install in them.

This chapter includes the following topics:

• Revision history

• About the FortiGate-5000 series chassis

• About the FortiGate-5000 series boards

• Warnings and cautions

• Fortinet documentation

• Customer service and technical support

• Register your Fortinet product

Revision history

Table 1: Revision History

Version Description of changes

01-30003-0378-20061207 New version.

01-30004-0378-20070201 Corrected “FortiGate-5020 chassis” on page 31 and

“FortiGate-5005FA2 security system” on page 41 to

document that FortiGate-5005FA2 boards can be installed in a FortiGate-5020 chassis. Added

“Register your Fortinet product” on page 14. Added “FA2 interfaces and active-active HA performance” on page 44 and “FA2 interfaces and active-active HA performance” on page 48. More minor changes and

fixes throughout the document.

01-30000-0378-20070615 Added the following sections:

• “FortiGate-5005-DIST security system” on

page 11

• “FortiController-5208 system” on page 11

• “The FortiGate-5005-DIST security system” on

page 67

• “FortiController-5208 system” on page 73

01-30000-378-20080603 Added “FortiGate-5001A security system” on

page 33.

Terminology change: “module” changed to “board” for all FortiGate-5000 series boards.

01-30000-83466-20081023 Updated “FortiGate-5001A security system” on

page 33 to include the FortiGate-5001A-SW board.

Added the following sections:

• “FortiGate-RTM-XB2 system” on page 39

• “FortiSwitch-5003A system” on page 53

FortiGate-5000 Series Introduction 01-30000-83466-20090108 7

About the FortiGate-5000 series chassis Introduction

Table 1: Revision History

Version Description of changes

01-30000-83466-20081023 Added information about both FortiGate-5140 and

both FortiGate-5050 chassis versions:

• “FortiGate-5140-R chassis” on page 15

• “FortiGate-5140 chassis” on page 19

• “FortiGate-5050-R chassis” on page 23

• “FortiGate-5050 chassis” on page 27

About the FortiGate-5000 series chassis

The FortiGate-5000 series Security Systems are chassis-based systems that MSSPs and large enterprises can use to provide subscriber security services such as firewall, VPN, antivirus protection, spam filtering, web filtering and intrusion prevention (IPS). The wide variety of system configurations available with FortiGate-5000 series provide flexibility to meet the changing needs of growing high performance networks. The FortiGate-5000 series chassis support multiple hot-swappable FortiGate-5000 series boards and power supplies. This modular approach provides a scalable, high-performance and failure-proof solution.

FortiGate-5140 chassis

You can install up to 14 FortiGate-5000 series boards in the 14 slots of the FortiGate-5140 ATCA chassis. The FortiGate-5140 is a 12U chassis that contains two redundant hot swappable DC power entry modules that connect to -48 VDC Data Center DC power. The FortiGate-5140 chassis also includes three hot swappable cooling fan trays.

Fortinet supplies two FortiGate-5140 chassis with very similar features. For details see:

• “FortiGate-5140-R chassis” on page 15

• “FortiGate-5140 chassis” on page 19

FortiGate-5050 chassis

You can install up to five FortiGate-5000 series boards in the five slots of the FortiGate-5050 ATCA chassis. The FortiGate-5050 is a 5U chassis that contains two redundant DC power connections that connect to -48 VDC Data Center DC power. The FortiGate-5050 chassis also includes a hot swappable cooling fan tray.

Fortinet supplies two FortiGate-5050 chassis with very similar features. For details see:

5140SAP

1311975312468101214

CONSOLE

ACC

PWR

CONSOLE

ACC

PWR

CONSOLE

ACC

PWR

ETH

MANAGEMENT

ETH

MANAGEMENT

5000SM

10/100

SMC

ETH0 Service

link/Act

ETH1

STATUS

10/100

RESET

ETH0

link/Act

5140

FILTER

FAN TRAY FAN TRAYFAN TRAY

USB

1 2 3 4 5 6 7 8

USB

1 2 3 4 5 6 7 8

USB

1 2 3 4 5 6 7 8

RS232ZRE0ZRE1ZRE2

SYSTEM

CONSOLE

RS232ZRE0ZRE1ZRE2

SYSTEM

CONSOLE

5050SAP

SERIAL

Hot Swap

ALARM

SERIAL 1 SERIAL 2 ALARM

USER2

USER1

USER3

MINOR

MAJOR

CRITICAL

RESET

STAIPM

OKCLK

INTEXT

FLT

9876543210

1514

1312

1110

HOT SWAP

RESET

ZRE

LED MODE

FLT

OKCLK

INTEXT

FLT

9876543210

1514

1312

1110

HOT SWAP

RESET

ZRE

LED MODE

FLT

5000SM

10/100

SMC

ETH0 Service

link/Act

ETH1

SERIAL

STATUS

Hot Swap

10/100

RESET

ETH0

link/Act

5000SM

ETH1

ETH0

10/100

link/Act

ETH0 Service

RESET

STATUS

Hot Swap

5000SM

ETH1

ETH0

10/100

link/Act

ETH0 Service

RESET

STATUS

Hot Swap

POWER

• “FortiGate-5050-R chassis” on page 23

• “FortiGate-5050 chassis” on page 27

FortiGate-5000 Series Introduction

8 01-30000-83466-20090108

Introduction About the FortiGate-5000 series boards

PSU A

PSU B

FortiGate-5020 chassis

You can install one or two FortiGate-5000 series boards in the two slots of the FortiGate-5020

USB

1 2 3 4 5 6 7 8

ATCA chassis. The FortiGate-5020 is a 4U chassis that contains two redundant AC to DC

CONSOLE

ACC

PWR

ACT

USB USB

LINK

BASE

ACT

FABRIC

LINK

CONSOLE

OOS ACC STATUS

3 412 56

IPM

STAIPM

power supplies that connect to AC power. The FortiGate-5020 chassis also includes an internal cooling fan tray. For details about the FortiGate-5020 chassis, see “FortiGate-5020 chassis” on page 31.

About the FortiGate-5000 series boards

Each FortiGate-5000 series board is a standalone FortiGate security system that can also function as part of a FortiGate HA cluster. All FortiGate-5000 series boards are also hot swappable. All FortiGate-5000 series units are high capacity security systems with multiple gigabit interfaces, multiple virtual domain capacity, and other high end FortiGate features.

FortiGate-5001A security system

The FortiGate-5001A board is an independent high-performance FortiGate security system with two front panel gigabit ethernet interfaces, two base backplane gigabit interfaces, and two fabric backplane gigabit interfaces. Use the front panel interfaces for connections to your networks and the backplane interfaces for communication between FortiGate-5000 series boards over the ACTA chassis backplane. The fabric interfaces are reserved for future 10-gigabit operation but can be used now for board to board 1-gigabit operation. In FortiGate-5140 and FortiGate-5050 chassis you must install a FortiSwitch-5003 board or another backplane switching product to support backplane communication. For details about the FortiGate-5001A security system, see “FortiGate-5001A security system” on

page 33.

The FortiGate-5001A-DW front panel includes a double-width Advanced Mezzanine Card (AMC) opening. You can install a supported FortiGate AMC Double width Module (ADM) module such as the FortiGate-ADM-XB2 or the FortiGate-ADM-FB8 in the AMC opening. The FortiGate-ADM-XB2 adds two accelerated 10-gigabit interfaces to the FortiGate board and the FortiGateADM-FB8 adds 8 accelerated 1 gigabit interfaces.

The FortiGate-5001A-SW (single-width) includes a single-width AMC opening. You can install a supported FortiGate AMC Single width Module (ASM) such as the FortiGate-ASM-FB4 or the FortiGate-ASM-S08 in the AMC opening. The FortiGate-ASM-FB4 adds four accelerated 1-gigabit interfaces to the FortiGate board and the FortiGate-ADM-S08 adds a removable hard disk that you can use to store log files and content archives.

FortiGate-5000 Series Introduction 01-30000-83466-20090108 9

About the FortiGate-5000 series boards Introduction

FortiGate-RTM-XB2 module

The FortiGate-RTM-XB2 system is a rear transition module (RTM) that provides two 10-gigabit fabric backplane interfaces and NP2 processor acceleration for FortiGate-5001A boards installed in FortiGate-5140 and FortiGate-5050 chassis. For details about the FortiGate-RTM-XB2 system, see “FortiGate-RTM-XB2 system” on page 39

FortiGate-5005FA2 security system

The FortiGate-5005FA2 board is an independent high-performance

ACT

LINK

ACT

LINK

FortiGate security system with eight gigabit ethernet interfaces. The FortiGate features including 802.1Q VLANs and multiple virtual domains. Two of the FortiGate-5005FA2 interfaces (port7 and port8) include Fortinet technology to accelerate small packet performance. FortiGate-5005FA2 boards also function as worker boards in a FortiGate-5005-DIST security system. For details about the FortiGate-5005FA2 board, see “FortiGate-5005FA2 security system” on page 41.

USB USB

BASE

FABRIC

CONSOLE

OOS ACC STATUS

3 412 56

-5005FA2 board supports high-end

IPM

FortiGate-5001FA2 security system

The FortiGate-5001FA2 security system is an independent highperformance FortiGate security system with eight gigabit ethernet interfaces. The FortiGate-5001FA2 board is similar to the FortiGate-5001SX board except that two of the FortiGate-5001FA2 interfaces include Fortinet technology to accelerate small packet performance. For details about the FortiGate-5001FA2 board, see “FortiGate-5001FA2-LENC

security system” on page 45.

FortiGate-5001SX security system

The FortiGate-5001SX security system is an independent highperformance FortiGate security system with eight gigabit ethernet interfaces. The FortiGate supports high-end features including 802.1Q VLANs and multiple virtual domains. For details about the FortiGate-5001SX security system, see “FortiGate-5001SX

security system” on page 49.

FortiSwitch-5003A system

The FortiSwitch-5003A system provides 10/1-gigabit fabric backplane channel layer-2 switching and 1-gigabit base backplane channel layer-2 switching in a dual star architecture for the FortiGate-5140 and FortiGate-5050 chassis. The FortiGate board provides a total capacity of 200 Gigabits per second (Gbps) throughput.For details about the FortiSwitch-5003A system, see “FortiGate-5001SX security

system” on page 49.

USB

CONSOLE

1 2

USB

CONSOLE

ACC

PWR

ACC

PWR

3 4

5 6 7 8

1 2 3 4 5 6 7 8

STA IPM

-5001SX board

FortiGate-5000 Series Introduction

10 01-30000-83466-20090108

Introduction Warnings and cautions

MANAGEMENT

SYSTEM

ZRE

LED MODE

1514

1312

1110

9876543210

OKCLK

INTEXT

FLT

HOT SWAP

RESET

FLT

CONSOLE

ETH

RS232ZRE0ZRE1ZRE2

SMC

POWER

PAYLOAD OPERATION

STATUS

IPM

X 1

X 2

1/2 3/4 D15/D16 C15/C16

10/100/1000 MBPS ETHERNET ACTIVITY

DATA CONTROL

MANAGEMENT

COM 1 COM 2

X 1 X 2

FortiSwitch-5003 system

The FortiSwitch-5003 system provides base backplane communication between FortiGate security boards installed in FortiGate-5140 or FortiGate-5050 chassis. Base backplane communication can be used for HA heartbeat communication and for data communication. The FortiSwitch-5003 board can also provide HA heartbeat and data communication between chassis. The FortiSwitch-5003 board is only used in FortiGate-5140 and FortiGate-5050 chassis. For details about the FortiSwitch-5003 board, see “FortiSwitch-5003 system” on page 61.

FortiGate-5005-DIST security system

The FortiGate-5005-DIST security system is very similar to a single FortiGate unit, but with much higher capacity and with support for failover protection and scalability. The FortiGate-5005-DIST security system consists of a FortiGate-5050 or FortiGate-5140 chassis with one or two Input/Output or I/O boards (FortiController-5208 boards) and one or more worker boards (FortiGate-5005FA2 boards running in DIST mode). The I/O boards provide 10 gigabit and 1gigabit network connections and distribute traffic to the worker boards. The worker boards provide FortiGate security system functions including firewall, VPN, IPS, antivirus, antispam, and so on. For details about the FortiGate-5005-DIST security system, see “The FortiGate-5005-DIST security system” on page 67.

FortiController-5208 system

An integral part of a FortiGate-5005-DIST Security System, the FortiController-5208 board provides all Fortigate-5005-DIST 10gigabit and 1 gigabit network interfaces. The FortiContro0ller-5208 board also provides the management interface to the FortiGate-5005-DIST system and controls backplane communication between all FortiGate-5005-DIST components.

You can create a FortiGate-5005-DIST high-throughput multi-threat network security system using one or two FortiGate boards and multiple FortiGate-5005 boards in a FortiGate-5050 or FortiGate-5140 chassis. A FortiGate-5020 chassis cannot be used to create a FortiGate-5005-DIST system. Functionally, one or two FortiGate boards using the processing power of multiple FortiGate-5005 boards function much like a single FortiGate unit, but with far greater capacity. For details about the FortiController-55208 board, see “FortiController-5208 system” on

page 73.

ACT

USB USB

LINK

BASE

ACT

FABRIC

LINK

CONSOLE

ACT

LINK

BASE

ACT

FABRIC

LINK

CONSOLE

ACT

LINK

BASE

ACT

FABRIC

LINK

CONSOLE

ACT

LINK

BASE

ACT

FABRIC

LINK

CONSOLE

X 1

X 2

5000SM

10/100

ETH0 Service

link/Act

ETH1

10/100

RESET

ETH0

link/Act

3 412 56

OOS ACC STATUS

USB USB

3 412 56

OOS ACC STATUS

USB USB

3 412 56

OOS ACC STATUS

USB USB

3 412 56

OOS ACC STATUS

DATA CONTROL

X 1 X 2

10/100/1000 MBPS ETHERNET ACTIVITY

PAYLOAD OPERATION

STATUS

5050SAP

SERIAL

STATUS

Hot Swap

ALARM

1/2 3/4 D15/D16 C15/C16

IPM

MANAGEMENT

COM 1 COM 2

IPM

5000SM

10/100

ETH0

Service

link/Act

ETH1

SERIAL

STATUS

Hot Swap

10/100

RESET

ETH0

link/Act

Warnings and cautions

Only trained and qualified personnel should be allowed to install or maintain FortiGate-5000 series equipment. Read and comply with all warnings, cautions and notices in this document.

FortiGate-5000 Series Introduction 01-30000-83466-20090108 11

Warnings and cautions Introduction

CAUTION: Risk of Explosion if Battery is replaced by an Incorrect Type. Dispose of Used Batteries According to the Instructions.

Caution: You should be aware of the following cautions and warnings before installing FortiGate-5000 series hardware

• Turning off all power switches may not turn off all power to the FortiGate-5000 series equipment. Some circuitry in the FortiGate-5000 series equipment may continue to operate even though all power switches are off.

• Many FortiGate-5000 components are hot swappable and can be installed or removed while the power is on. But some of the procedures in this document may require power to be turned off and completely disconnected. Follow all instructions in the procedures in this document that describe disconnecting FortiGate-5000 series equipment from power sources, telecommunications links and networks before installing, or removing FortiGate-5000 series components, or performing other maintenance tasks. Failure to follow the instructions in this document can result in personal injury or equipment damage.

• Install FortiGate-5000 series chassis at the lower positions of a rack to avoid making the rack top-heavy and unstable.

• Do not insert metal objects or tools into open chassis slots.

• Electrostatic discharge (ESD) can damage FortiGate-5000 series equipment. Only perform the procedures described in this document from an ESD workstation. If no such station is available, you can provide some ESD protection by wearing an anti-static wrist strap and attaching it to an available ESD connector such as the ESD sockets provided on FortiGate-5000 series chassis.

• Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recommends direct connections to the building ground.

• If you install a FortiGate-5000 series component in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient. Make sure the operating ambient temperature does not exceed Fortinet’s maximum rated ambient temperature.

• Installing FortiGate-5000 series equipment in a rack should be such that the amount of airflow required for safe operation of the equipment is not compromised.

• FortiGate-5000 series chassis should be installed by a qualified electrician.

• FortiGate-5000 series equipment shall be installed and connected to an electrical supply source in accordance with the applicable codes and regulations for the location in which it is installed. Particular attention shall be paid to use of correct wire type and size to comply with the applicable codes and regulations for the installation / location. Connection of the supply wiring to the terminal block on the equipment may be accomplished using Listed wire compression lugs, for example, Pressure Terminal Connector made by Ideal Industries Inc. or equivalent which is suitable for AWG 10. Particular attention shall be given to use of the appropriate compression tool specified by the compression lug manufacturer, if one is specified.

FortiGate-5000 Series Introduction

12 01-30000-83466-20090108

Introduction About Data Center DC power

About Data Center DC power

The FortiGate-5140 and FortiGate-5050 chassis are designed to be installed in a Data Center or similar location that has available -48VDC power. Fortinet expects that most FortiGate-5140 or FortiGate-5050 customers will be installing their FortiGate equipment in a data center or similar location that is already equipped with a -48VDC power system that provides power to existing networking or telecom equipment. The FortiGate-5140 and FortiGate-5050 chassis are designed to be connected directly to this DC power system.

In this document, Data Center DC power refers to a -48VDC power system that is already available at the location at which the FortiGate-5140 or FortiGate-5050 chassis is being installed.

Fortinet documentation

The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com.

Fortinet Tools and Documentation CD

All Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current at shipping time. For up-to-date versions of Fortinet documentation see the Fortinet Technical Documentation web site at http://docs.forticare.com.

Fortinet Knowledge Center

Additional Fortinet technical documentation is available from the Fortinet Knowledge Center. The knowledge center contains troubleshooting and how-to articles, FAQs, technical notes, and more. Visit the Fortinet Knowledge Center at

http://kc.forticare.com.

Comments on Fortinet technical documentation

Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com.

Customer service and technical support

Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and operate reliably in your network.

Please visit the Fortinet Technical Support web site at http://support.fortinet.com to learn about the technical support services that Fortinet provides.

FortiGate-5000 Series Introduction 01-30000-83466-20090108 13

Register your Fortinet product to receive Fortinet customer services such as product updates and technical support. You must also register your product for FortiGuard services such as FortiGuard Antivirus and Intrusion Prevention updates and for FortiGuard Web Filtering and AntiSpam.

To register, enter your contact information and the serial numbers of the Fortinet products that you or your organization have purchased. You can register multiple Fortinet products in a single session without re-entering your contact information.

FortiGate-5000 Series Introduction

14 01-30000-83466-20090108

FortiGate-5140-R chassis

You can install up to 14 FortiGate-5000 series boards in the 14 front panel slots of the FortiGate-5140 ATCA chassis. The FortiGate-5140 is a 12U chassis that contains two redundant hot swappable DC power entry modules that connect to -48 VDC Data Center DC power. The FortiGate-5140 chassis also includes three hot swappable cooling fan trays and a front accessible air filter. If all 14 front panel slots contain FortiGate-5005A2, FortiGate-5001SX, or FortiGate-5001FA2 boards the FortiGate-5140 chassis provides a total of 112 FortiGate gigabit ethernet interfaces. If all 14 slots contain FortiGate-5001A boards the FortiGate-5140 chassis supports 28 1-Gigabit ethernet FortiGate interfaces. If you add FortiGate-ADM-XB2 modules to the FortiGate-5001A boards the FortiGate-5140 chassis supports another 28 10-Gigabit interfaces.

You can also install a FortiSwitch-5003A or FortiSwitch-5003 board in the FortiGate-5140 chassis to provide base backplane communications. Base backplane communications can be used for HA heartbeat communications and for data communications. You can add a second FortiSwitch-5003A or FortiSwitch-5003 board for redundancy. FortiSwitch-5003A boards can also provide fabric backplane communication using the FortiGate-5140 fabric backplane channels.

You can mix and match any combination of FortiGate-5000 series boards in the FortiGate-5140 chassis. For example, you could install four FortiGate-5005FA2 boards, four FortiGate-5001SX boards, and four FortiGate-5001FA2 boards. You can also install FortiController-5208 and FortiGate-5005FA2 boards in a FortiGate-5140 chassis to create a FortiGate-5005-DIST security system.

Some of the boards installed in a FortiGate-5140 chassis can be operating in a FortiGate HA cluster and some can be operating as standalone FortiGate units. You can also operate multiple HA clusters and standalone FortiGate units in a single FortiGate-5140 chassis. You can also use FortiSwitch-5003A or FortiSwitch-5003 boards to operate HA clusters consisting of FortiGate-5000 series boards installed in multiple FortiGate-5000 chassis. You can also use FortiSwitch-5003A boards for fabric data communication between chassis.

The FortiGate-5140 chassis requires -48VDC Data Center DC power. If DC power is not available you can install a FortiGate-5053 power converter tray (purchased separately) with FortiGate-5140 power supplies.

FortiGate-5000 Series Introduction 01-30000-83466-20090108 15

http://docs.fortinet.com/ • Feedback

FortiGate-5140 chassis front panel FortiGate-5140-R chassis

FortiGate-5001A-DW

boards

slots 4, 6, 8, 10,

12, and 14

Primary

shelf manager

Secondary

shelf manager

Cooling fan

trays 0, 1, 2

FortiGate-5001A-DW

boards

slots 3, 5, 7, 9,

11, and 13

FortiSwitch-5003A

boards

slots 1 and 2

Front cable

tray

ESD socket

Slot

numbers

Shelf alarm panel (SAP)

Front accessible

air filter

FortiGate-5140 chassis front panel

Figure 1 shows the front panel of a FortiGate-5140 chassis. Two FortiSwitch-5003A

boards are installed in slots 1 and 2. Twelve FortiGate-5001A-DW boards installed in slots 3 to 14.

Figure 1: FortiGate-5140 chassis front panel with FortiGate-5001A-DW and FortiSwitch-5003A

boards installed

5140SAP

5140

1311975312468101214

CRITICAL

RESET

MAJOR

USER1

MINOR

SERIAL 1 SERIAL 2 ALARM

USER2

USER3

The FortiGate-5140 shelf alarm panel (SAP) and primary and secondary FortiGate-5140 Shelf Managers are also visible. The factory installed shelf alarm panel displays alarms, provides a telco alarm interface, and also provides serial connections to the shelf managers. The factory installed shelf managers provide power distribution, cooling, alarms, and shelf status for the FortiGate-5140 chassis.

5000SM

ETH1

ETH0

10/100

link/Act

ETH0

Service

RESET

STATUS

Hot Swap

5000SM

ETH1

ETH0

10/100

link/Act

ETH0

FILTER

Service

RESET

STATUS

Hot Swap

Caution: Do not operate the FortiGate-5140 chassis with open slots on the front panel. For optimum cooling performance and safety, the slots must contain a FortiGate-5000 series

FAN TRAY FAN TRAYFAN TRAY

board or an air baffle slot filler. As well the removable terminal block cover must be installed over the power connectors on the back of the chassis.

16 01-30000-83466-20090108

FortiGate-5000 Series Introduction

http://docs.fortinet.com/ • Feedback

FortiGate-5140-R chassis FortiGate-5140 chassis back panel

Also visible on the front of the FortiGate-5140 chassis:

• Electrostatic discharge (ESD) socket, used for connecting an ESD wrist or ankle band when working with the chassis.

• Front cable tray, used for managing and securing ethernet and other cables.

• Front accessible air filter.

• Three hot swappable FortiGate-5140 cooling fan trays.

FortiGate-5140 chassis back panel

Figure 2 on page 17 shows the back panel of the FortiGate-5140 chassis. The back panel

includes two hot-swappable redundant -48V/-60 VDC power entry modules (PEMs) labelled A and B. Fortinet ships the FortiGate-5140 chassis with PEM A and B installed. The PEMs provide redundant DC power connections for the FortiGate-5140 chassis and distribute DC power to the chassis slots and to the fan trays.

Figure 2: FortiGate-5140 chassis back panel

RTM

slot filler

panels

Back cable

tray

ESD

socket

Chassis

ground

connector

(green)

1412108642135791113

BPEM PEM

-48V/-60 VDC nom RETURN

PEM

-48V/-60 VDC nom (black)

Power

Entry Module B

TERMINAL BLOCK COVER

Remove terminal block cover and

decable before removing PEM.

12341234

RTN (red)

Entry Module A

-48V/-60 VDC nom RETURN

PEM

-48V/-60 VDC nom (black)

Power

12341234

RTN (red)

TERMINAL BLOCK COVER

Remove terminal block cover and

decable before removing PEM.

RTM

slot numbers

(terminal block

cover removed)

If you require redundant power you should connect both PEMs to DC power. If redundant power is not required, you should connect PEM A to DC power. Each PEM has four

-48V/-60 VDC connectors and 4 RTN connections. All eight of these connectors should be connected to DC power. Figure 2 on page 17 shows the terminal block cover removed from PEM A and the wiring required to connect PEM A to DC power. While operating the FortiGate-5140 both terminal block covers should be installed.

FortiGate-5000 Series Introduction 01-30000-83466-20090108 17

http://docs.fortinet.com/ • Feedback

Physical description of the FortiGate-5140 chassis FortiGate-5140-R chassis

The power entry modules are hot swappable, which means you can remove and replace a defective PEM while the FortiGate-5140 is operating assuming that the FortiGate-5140 system has both PEMs connected to DC power for redundancy.

The back panel also includes the back cable tray, an ESD socket and the chassis ground connector. The ground connector must be connected to Data Center ground. Use the back cable tray for securing and managing DC power, RTN, and ground wires.

Physical description of the FortiGate-5140 chassis

The FortiGate-5140 chassis is a 12U chassis that can be installed in a standard 19-inch rack. Table 2 describes the physical characteristics of the FortiGate-5140 chassis.

Table 2: FortiGate-5140 chassis physical description

Dimensions 21 x 19 x 20.6 in. (53.3 x 48.3 x 52.4 cm)

(Height x Width x Depth)

Shipping weight completely assembled with packaging

Operating environment Temperature: 32 to 104°F (5 to 45°C)

Storage environment Temperature: -13 to 158°F (-25 to 70°C)

Power consumption Maximum: 2,980W DC

Power input 2x redundant -37VDC to -72VDC, 30A per power feed (total 4 + 4

110 lb. (50 kg)

Relative humidity: 5 to 85% (Non-condensing)

power feeds)

18 01-30000-83466-20090108

FortiGate-5000 Series Introduction

http://docs.fortinet.com/ • Feedback

FortiGate-5140 chassis FortiGate-5140 chassis front panel

FortiGate-5140 chassis

You can install up to 14 FortiGate-5000 series boards in the 14 front panel slots of the FortiGate-5140 ATCA chassis. The FortiGate-5140 is a 12U chassis that contains two redundant hot swappable DC power entry modules that connect to -48 VDC Data Center DC power. The FortiGate-5140 chassis also includes three hot swappable cooling fan trays. If all 14 front panel slots contain FortiGate-5005A2, FortiGate-5001SX, or FortiGate-5001FA2 boards the FortiGate-5140 chassis provides a total of 112 1-Gigabit ethernet FortiGate interfaces. If all 14 slots contain FortiGate-5001A boards the FortiGate-5140 chassis supports 28 1-Gigabit ethernet FortiGate interfaces. If you add FortiGate-ADM-XB2 modules to the FortiGate-5001A boards the FortiGate-5140 chassis supports another 28 10-Gigabit interfaces.

FortiGate-5140 chassis front panel

Figure 3 shows the front panel of a FortiGate-5140 chassis. Two FortiSwitch-5003 boards

are installed in slots 1 and 2. Six FortiGate-5001SX boards are installed in slots 3, 5, 7, 9, 11, and 13 and six FortiGate-5001FA2 boards are installed in slots 4, 6, 8, 10, 12, and 14.

The primary and secondary FortiGate-5140 Shelf Managers are also visible. The factory installed shelf managers provide power distribution, cooling, alarms, shelf status, and a telco alarm interface for the FortiGate-5140 chassis.

FortiGate-5000 Series Introduction 01-30000-83466-20090108 19

http://docs.fortinet.com/ • Feedback

FortiGate-5140 chassis back panel FortiGate-5140 chassis

Figure 3: FortiGate-5140 chassis front panel with FortiGate-5001SX, FortiGate-5001FA2, and

FortiSwitch-5003 boards installed

FortiGate-5001SX

boards

slots 3, 5, 7, 9,

11, and 13

FortiSwitch-5003

boards

FortiGate-5001FA2

boards

slots 4, 6, 8, 10,

12, and 14

slots 1 and 2

13 11 9 7 5 3 1 2 4 6 8 10 12 14

PWR

ACC

CONSOLE

USB

1 2 3 4 5 6 7 8

STA IPM

PWR

ACC

CONSOLE

USB

1 2 3 4 5 6 7 8

MANAGEMENT

CONSOLE

USB

SYSTEM

CONSOLE

1 2 3 4 5 6 7 8

1514

1312

1110

ZRE

OKCLK

INTEXT

FLT

HOT SWAP

RESET

LED MODE

STA IPM

ACC

MANAGEMENT

E T H O

R S 2 3 2

Z R E 0

Z R E 1

Z R E 2

CONSOLE

E T H O

SYSTEM

CONSOLE

R S 2 3 2

Z R E 0

Z R E 1

Z R E 2

1514

1312

1110

ZRE

OKCLK

INTEXT

FLT

HOT SWAP

RESET

LED MODE

STA IPM

ACC

CONSOLE

USB

1 2

3 4

5 6 7 8

STA IPM

PWR

ACC

CONSOLE

USB

1 2

3 4

5 6 7 8

STA IPM

5140

ESD socket

Slot

Crit.

PWR

Maj.

Min.

ACC

CONSOLE

Alarms

Rst

USB

1 2

Serial 1 Serial 2

Link Act

3 4

100

ETH 0

Prim.

ShMC

5 6 7 8

Stat.

Link

Act

100

ETH 0

Sec.

STA IPM

ShMC

Stat.

numbers

FortiGate-5140

Shelf Manager

Front cable

tray

Also visible on the front of the FortiGate-5140:

• Electrostatic discharge (ESD) socket, used for connecting an ESD wrist or ankle band when working with the chassis.

• Front cable tray, used for managing and securing ethernet and other cables.

• Three hot swappable FortiGate-5140 cooling fan trays.

Caution: Do not operate the FortiGate-5140 chassis with open slots on the front panel. For optimum cooling performance and safety, the slots must contain a FortiGate-5000 series board or an air baffle slot filler. As well the removable terminal block cover must be installed over the power connectors on the back of the chassis.

FortiGate-5140 chassis back panel

Figure 4 shows the back panel of the FortiGate-5140 chassis. The back panel includes

two hot-swappable redundant -48V/-60 VDC power entry modules (PEMs) labelled PEM A and PEM B. Fortinet ships the FortiGate-5140 chassis with PEM A and PEM B installed. The PEMs provide redundant DC power connections for the FortiGate-5140 chassis and distribute DC power to the fan trays and to the FortiGate-5000 series boards installed in the FortiGate-5140 chassis.

3 hot-swappable

cooling fan trays

(numbered 0, 1, and

2 behind panel)

20 01-30000-83466-20090108

FortiGate-5000 Series Introduction

http://docs.fortinet.com/ • Feedback

FortiGate-5140 chassis FortiGate-5140 chassis back panel

Figure 4: FortiGate-5140 chassis back panel

RTM

slot filler

panels

Back cable

tray

B PEM

PEM

RTN

1 2 3 4 1 2 3 4

-48V/-60 VDC nom RTN

1 2 3 4 1 2 3 4

Chassis

ground

connector

(green)

Entry Module B

(terminal block

Alarm

operate

-48V/-60 VDC nom (black)

Power

1 2 3 4 1 2 3 4

RTN

(red)

Alarm

operate

-48V/-60 VDC nom (black)

Power

Entry Module A

1 2 3 4 1 2 3 4

RTN (red)

TERMINAL BLOCK COVER

Remove terminal block cover and

decable before removing PEM.

cover removed)

If you require redundant power you should connect both PEMs to DC power. If redundant power is not required, you should connect PEM A to DC power. Each PEM has four

-48V/-60 VDC connectors and 4 RTN connections. All eight of these connectors should be connected to DC power. Figure 4 on page 21 shows the terminal block cover removed from PEM A and the wiring required to connect PEM A to DC power. While operating the FortiGate-5140 both terminal block covers should be installed.

FortiGate-5000 Series Introduction 01-30000-83466-20090108 21

http://docs.fortinet.com/ • Feedback

Physical description of the FortiGate-5140 chassis FortiGate-5140 chassis

Physical description of the FortiGate-5140 chassis

The FortiGate-5140 chassis is a 12U chassis that can be installed in a standard 19-inch rack. Table 3 describes the physical characteristics of the FortiGate-5140 chassis.

Table 3: FortiGate-5140 chassis physical description

Dimensions 21 x 19 x 16.8 in. (53.3 x 48.3 x 42.7 cm)

(H x W x D)

Shipping weight completely assembled with packaging

Operating environment Temperature: 32 to 104°F (0 to 40°C)

Storage environment Temperature: -13 to 158 °F (-25 to 70°C)

Power consumption Maximum: 2,980W DC Power input 2x redundant -48VDC to -58VDC

110 lb. (50 kg)

Relative humidity: 5 to 95% (Non-condensing)

22 01-30000-83466-20090108

FortiGate-5000 Series Introduction

http://docs.fortinet.com/ • Feedback

FortiGate-5050-R chassis

You can install up to five FortiGate-5000 series boards in the five slots of the FortiGate-5050 ATCA chassis. The FortiGate-5050 is a 5U 19-inch rackmount ATCA chassis that contains two redundant DC power connections that connect to -48 VDC Data Center DC power. The FortiGate-5050 chassis also includes a hot swappable cooling fan tray. If all five slots contain FortiGate-5005FA2, FortiGate-5001SX, or FortiGate-5001FA2 boards, the FortiGate-5050 chassis provides a total of 40 FortiGate gigabit ethernet interfaces. If all 5 slots contain FortiGate-5001A boards the FortiGate-5050 chassis supports ten 1-Gigabit ethernet FortiGate interfaces. If you add FortiGate-ADM-XB2 modules to the FortiGate-5001A boards the FortiGate-5050 chassis supports another ten 10-Gigabit interfaces.

You can also install a FortiSwitch-5003A or FortiSwitch-5003 board in the FortiGate-5050 chassis to provide base backplane communications. Base backplane communications can be used for HA heartbeat communications and for data communications. You can add a second FortiSwitch-5003A or FortiSwitch-5003 board for redundancy. FortiSwitch-5003A boards can also provide fabric backplane communication using the FortiGate-5050 fabric backplane channels.

You can mix and match any combination of FortiGate-5000 series boards in the FortiGate-5050 chassis. For example, you could install two FortiGate-5005FA2 boards, two FortiGate-5001SX boards, and one FortiGate-5001FA2 board. You can also install FortiController-5208 and FortiGate-5005FA2 boards in a FortiGate-5050 chassis to create a FortiGate-5005-DIST security system.

Some of the boards installed in a FortiGate-5050 chassis can be operating in a FortiGate HA cluster and some can be operating as standalone FortiGate units. You can also operate multiple HA clusters and standalone FortiGate units in a single FortiGate-5050 chassis. You can also use FortiSwitch-5003A or FortiSwitch-5003 boards to operate HA clusters consisting of FortiGate-5000 series boards installed in multiple FortiGate-5000 chassis. You can also use FortiSwitch-5003A boards for fabric data communication between chassis.

The FortiGate-5050 chassis requires -48VDC Data Center DC power. If DC power is not available you can install a FortiGate-5053 power converter tray (purchased separately) with FortiGate-5020/5050 power supplies.

FortiGate-5000 Series Introduction 01-30000-83466-20090108 23

http://docs.fortinet.com/ • Feedback

FortiGate-5050 front panel FortiGate-5050-R chassis

FortiGate-5050 front panel

Figure 5 shows the front of a FortiGate-5050 chassis. Two FortiSwitch-5003 boards are

installed in slots 1 and 2. Three FortiGate-5001SX boards are installed in slots 3, 4, and 5.

The FortiGate-5050 primary and secondary Shelf Managers and the Shelf Alarm Panel (SAP) are also visible. The factory installed shelf alarm panel displays alarms, provides a telco alarm interface, and also provides serial connections to the shelf managers. The factory installed shelf managers provide power distribution, cooling, alarms, and shelf status for the FortiGate-5050 chassis.

Figure 5: FortiGate-5050 front panel with FortiGate-5001SX and FortiSwitch-5003 boards

installed

USB

1 2 3 4 5 6 7 8

FortiGate-5001SX

boards

slots 3, 4,

and 5

FortiSwitch-5003

boards

slots 1 and 2

SMC

CONSOLE

ACC

PWR

USB

1 2 3 4 5 6 7 8

CONSOLE

ACC

PWR

USB

1 2 3 4 5 6 7 8

CONSOLE

ACC

PWR

ETH

RS232ZRE0ZRE1ZRE2

SYSTEM

CONSOLE

MANAGEMENT

ETH

RS232ZRE0ZRE1ZRE2

SYSTEM

CONSOLE

MANAGEMENT

5000SM

10/100

ETH0

Service

link/Act

ETH1

STATUS

10/100

RESET

ETH0

link/Act

5050SAP

SERIAL

Hot Swap

9876543210

1514

1312

1110

9876543210

1514

1312

1110

SERIAL

ALARM

STA IPM

OKCLK

INTEXT

FLT

HOT SWAP

RESET

ZRE

LED MODE

FLT

OKCLK

INTEXT

FLT

HOT SWAP

RESET

ZRE

LED MODE

FLT

5000SM

10/100

ETH0

Service

link/Act

ETH1

10/100

ETH0

link/Act

POWER

SMC

STATUS

Hot Swap

RESET

Hot-swappable

cooling fan tray

Power LED

Secondary

Shelf Manager

(SMC 2)

Shelf Alarm

Panel (SAP)

Primary

Shelf Manager

(SMC 1)

Also visible on the front of the FortiGate-5050:

• The location of the hot swappable FortiGate-5050 cooling fan tray behind panel.

• Power LED.

• ESD socket, used for connecting an ESD wrist or ankle band when working with the chassis.

Caution: Do not operate the FortiGate-5050 chassis with open slots on the front panel. For optimum cooling performance and safety, the slots must contain a FortiGate-5000 series board or an air baffle slot filler. As well the removable power supply panel must be installed over the power connectors on the back of the chassis.

ESD socket

24 01-30000-83466-20090108

FortiGate-5000 Series Introduction

http://docs.fortinet.com/ • Feedback

+ 53 hidden pages

Fortinet FortiGate-5001SX, FortiGate-5001, FortiGate-5001A, FortiGate-5001FA2, FortiGate-5050 Introduction Manual

Specifications and Main Features

Frequently Asked Questions

User Manual