background image

FortiGate-5001A   Security System Guide

26

01-30000-0438-200800801

Planning the configuration

Quick Configuration Guide

Planning the configuration

Before beginning to configure your FortiGate-5001A security system, you need to 
plan how to integrate the system into your network. Your configuration plan 
depends on the operating mode that you select: NAT/Route mode (the default) or 
Transparent mode. 

NAT/Route mode

In NAT/Route mode, the FortiGate-5001A security system is visible to the 
networks that it is connected to. Each interface connected to a network must be 
configured with an IP address that is valid for that network. In many 
configurations, in NAT/Route mode all of the FortiGate interfaces are on different 
networks, and each network is on a separate subnet. 

You would typically use NAT/Route mode when the FortiGate-5001A security 
system is deployed as a gateway between private and public networks. In the 
default NAT/Route mode configuration, the FortiGate-5001A security system 
functions as a firewall. Firewall policies control communications through the 
FortiGate-5001A security system. No traffic can pass through the 
FortiGate-5001A security system until you add firewall policies.

In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. 
In NAT mode, the FortiGate firewall performs network address translation before 
IP packets are sent to the destination network. In Route mode, no translation 
takes place.

Figure 8: Example FortiGate-5001A board operating in NAT/Route mode

FortiGate-5001A board
in NAT/Route mode

port1 

192.168.1.99

NAT mode policies

controlling traffic between

internal and external

networks.

port2

204.23.1.2

Internet

 

Internal Network

Summary of Contents for FortiGate FortiGate-5001A

Page 1: ...5001A board in a FortiGate 5000 series chassis and how to configure the FortiGate 5001A security system for your network The most recent versions of this and all FortiGate 5000 series documents are a...

Page 2: ...assembly the operating ambient temperature of the rack environment may be greater than room ambient Make sure the operating ambient temperature does not exceed the manufacturer s maximum rated ambient...

Page 3: ...talling and removing AMC modules 19 Inserting AMC slot fillers 20 Inserting AMC modules 20 Removing AMC modules 21 Troubleshooting 22 FortiGate 5001A does not start up 22 FortiGate 5001A status LED is...

Page 4: ...ransparent mode 32 Upgrading FortiGate 5001A firmware 33 FortiGate 5001A base backplane data communication 34 Powering off the FortiGate 5001A board 36 For more information 37 Fortinet documentation 3...

Page 5: ...ADM FB8 in the AMC opening The FortiGate ADM XB2 adds two accelerated 10 gigabit interfaces to the FortiGate 5001A board and the FortiGate ADM FB8 adds 8 accelerated 1 gigabit interfaces You can also...

Page 6: ...10 100 1000 ethernet connectors The front panel also includes the RJ 45 console port for connecting to the FortiOS CLI and two USB ports The USB ports can be used with any USB key for backing up and r...

Page 7: ...also flash very briefly during normal startup Power Green The FortiGate 5001A board is powered on Status Green The FortiGate 5001A board is powered on Flashing Green The FortiGate 5001A is starting up...

Page 8: ...chassis see the FortiGate 5000 Base Backplane Communication Guide For information about the FortiSwitch 5003 board see the FortiSwitch 5003 Guide Fabric backplane gigabit communication The FortiGate...

Page 9: ...ch as the FortiGate ADM XB2 or the FortiGate ADM FB8 This section describes Changing FortiGate 5001A SW11 switch settings FortiGate 5001A mounting components Inserting a FortiGate 5001A board Removing...

Page 10: ...5020 chassis or a chassis that does not contain an operating shelf manager you must change the SW11 switch setting as shown in Figure 4 Figure 4 FortiGate 5020 setting for SW11 standalone mode In all...

Page 11: ...s under the copper heat sink SW11 is located on the printed circuit board and is accessible from the left side of the FortiGate 5001A board under the copper heat sink 4 If required change SW11 to the...

Page 12: ...nt panel Figure 6 FortiGate 5001A mounting components right handle Figure 7 FortiGate 5001A mounting components left handle Closed Open Alignment Pin Retention Screw Lock Handle Alignment Pin Retentio...

Page 13: ...d to make sure that the handles are properly locked Only then will the FortiGate 5001A board power on and start up correctly FortiGate 5001A boards are hot swappable The procedure for inserting a Fort...

Page 14: ...9 Turn both handles to their fully closed positions The handles should hook into the sides of the chassis slot Closing the handles draws the FortiGate 5001A board into place in the chassis slot and i...

Page 15: ...s open the handles slide the board part way out and repeat the insertion process 10 Once the board is inserted correctly fully tighten the left and right retention screws to lock the FortiGate 5001A b...

Page 16: ...ESD socket or to a bare metal surface on the chassis or frame 2 Disconnect all cables from the FortiGate 5001A board including all network cables the console cable and any USB cables or keys 3 Fully...

Page 17: ...outside of a chassis Resetting a FortiGate 5001A board You can use the handle on the right side of the FortiGate 5001A board to cycle the power and reset the board without ejecting the board from its...

Page 18: ...he right handle turns off the microswitch which powers down the board turning off all LEDs except the IPM LED which turns on 4 After 10 seconds snap the right handle back into place The board powers u...

Page 19: ...t handle blocks the AMC opening You must eject the FortiGate 5001A board from its chassis slot and completely open the left handle before inserting or removing AMC modules or slot fillers Caution Beca...

Page 20: ...try inserting it again 6 Press the latch in the slot filler front panel to lock in the slot filler Inserting AMC modules The following steps describe how to install an AMC module into your FortiGate 5...

Page 21: ...moothly into the opening If you encounter any resistance while sliding the module in the module could be aligned incorrectly Pull the module back out and try inserting it again 9 Press the latch on th...

Page 22: ...FortiGate 5001A board for starting up correctly All chassis handles not fully closed If the handles are damaged or positioned incorrectly the FortiGate 5001A board will not start up Make sure the hand...

Page 23: ...r assistance FortiGate AMC modules not detected by FortiGate 5001A board If the FortiGate 5001A board cannot detect the FortiGate AMC module installed in the FortiGate 5001A front panel AMC opening th...

Page 24: ...board into the chassis slot Both the AMC module and the FortiGate 5001A board should start up If both the FortiGate 5001A board and the AMC module are functioning normally the front panel LEDs will ap...

Page 25: ...oduct Register your Fortinet product to receive Fortinet customer services such as product updates and technical support You must also register your product for FortiGuard services such as FortiGuard...

Page 26: ...on a separate subnet You would typically use NAT Route mode when the FortiGate 5001A security system is deployed as a gateway between private and public networks In the default NAT Route mode configu...

Page 27: ...to external services such as the FortiGuard Distribution Network FDN Figure 9 Example FortiGate 5001A board operating in Transparent mode You would typically deploy a FortiGate 5001A security system...

Page 28: ...pplication for example HyperTerminal for Windows on the management computer Factory default settings The FortiGate 5001A unit ships with a factory default configuration The default configuration allow...

Page 29: ...in the Name field and select Login To change the admin administrator password 1 Go to System Admin Administrators 2 Select Change Password for the admin administrator and enter a new password To conf...

Page 30: ...vice that you recorded above 3 Set Gateway to the Default Gateway IP address that you added to Table 8 on page 29 4 Select OK Using the CLI to configure NAT Route mode 1 Use the serial cable supplied...

Page 31: ...on the same subnet as the port1 interface of the FortiGate 5001A board To do this change the IP address of the management computer to 192 168 1 2 and the netmask to 255 255 255 0 3 To access the Forti...

Page 32: ...er IP addresses 1 Go to System Network Options 2 Enter the Primary and Secondary DNS IP addresses that you added to Table 9 on page 31 as required and select Apply Using the CLI to configure Transpare...

Page 33: ...the web based manager as the admin administrator 3 Go to System Status 4 Under System Information Firmware Version select Update 5 Type the path and filename of the firmware image file or select Brows...

Page 34: ...n configure the FortiGate 5001A boards for data communications using the two FortiGate 5140 FortiGate 5050 or FortiGate 5020 chassis base backplane interfaces By default the base backplane interfaces...

Page 35: ...itch 5003 board see the FortiGate 5000 Backplane Guide To enable base backplane data communication from the FortiGate 5001A web based manager From the FortiGate 5001A web based manager use the followi...

Page 36: ...iGate 5001A board from a chassis slot or before powering down the chassis To power off a FortiGate 5001A board 1 Shut down the FortiGate 5001A operating system From the web based manager go to System...

Page 37: ...able from the Fortinet Knowledge Center The knowledge center contains troubleshooting and how to articles FAQs technical notes and more Visit the Fortinet Knowledge Center at http kc forticare com Com...

Page 38: ...and FortiGuard are registered trademarks and Dynamic Threat Prevention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard...

Reviews: