Fortinet FortiGate-5001C User manual
This FortiGate-5001C Security System Guide describes FortiGate-5001C hardware features, how to install a
FortiGate-5001C board in a FortiGate-5000 series chassis, and how to configure the FortiGate-5001C security system for
your network.
The most recent versions of this and all FortiGate-5000 series documents are available from the FortiGate-5000 page of
the Fortinet Technical Documentation web site (http://docs.fortinet.com).
Visit https://support.fortinet.com to register your FortiGate-5001C security system. By registering you can receive product
updates, customer support, and FortiGuard services.
FortiGate-5001C
Security System Guide
FortiGate-5001C Security System Guide
01-400-181221-20121130
FortiGate-5001C Security System Guide
01-400-181221-20121130
http://docs.fortinet.com/
Warnings and cautions
Only trained and qualified personnel should be allowed to install or maintain
FortiGate-5000 series equipment. Read and comply with all warnings, cautions and
notices in this document.
• Risk of Explosion if Battery is replaced by an Incorrect Type. Dispose of Used
Batteries According to the Instructions.
• Turning off all power switches may not turn off all power to the FortiGate-5000 series
equipment. Some circuitry in the FortiGate-5000 series equipment may continue to
operate even though all power switches are off.
• FortiGate-5000 equipment must be protected by a readily accessible disconnect
device or circuit breaker that can be used for product power down emergencies.
• Many FortiGate-5000 components are hot swappable and can be installed or
removed while the power is on. But some of the procedures in this document may
require power to be turned off and completely disconnected. Follow all instructions in
the procedures in this document that describe disconnecting FortiGate-5000 series
equipment from power sources, telecommunications links and networks before
installing, or removing FortiGate-5000 series components, or performing other
maintenance tasks. Failure to follow the instructions in this document can result in
personal injury or equipment damage.
• Install FortiGate-5000 series chassis at the lower positions of a rack to avoid making
the rack top-heavy and unstable.
• Do not insert metal objects or tools into open chassis slots.
• Electrostatic discharge (ESD) can damage FortiGate-5000 series equipment. Only
perform the procedures described in this document from an ESD workstation. If no
such station is available, you can provide some ESD protection by wearing an
anti-static wrist strap and attaching it to an available ESD connector such as the ESD
sockets provided on FortiGate-5000 series chassis.
• Make sure all FortiGate-5000 series components have reliable grounding. Fortinet
recommends direct connections to the building ground.
• If you install a FortiGate-5000 series component in a closed or multi-unit rack
assembly, the operating ambient temperature of the rack environment may be greater
than room ambient. Make sure the operating ambient temperature does not exceed
Fortinet’s maximum rated ambient temperature.
• Installing FortiGate-5000 series equipment in a rack should be such that the amount
of airflow required for safe operation of the equipment is not compromised.
• FortiGate-5000 series chassis should be installed by a qualified electrician.
• FortiGate-5000 series equipment shall be installed and connected to an electrical
supply source in accordance with the applicable codes and regulations for the
location in which it is installed. Particular attention shall be paid to use of correct wire
type and size to comply with the applicable codes and regulations for the installation /
location. Connection of the supply wiring to the terminal block on the equipment may
be accomplished using Listed wire compression lugs, for example, Pressure Terminal
Connector made by Ideal Industries Inc. or equivalent which is suitable for AWG-10.
Particular attention shall be given to use of the appropriate compression tool specified
by the compression lug manufacturer, if one is specified.
• This product is only intended for use in a Restricted Access Location.
FortiGate-5001C Security System Guide
01-400-181221-20121130 3
http://docs.fortinet.com/
FortiGate-5001C
Contents
Warnings and cautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
FortiGate-5001C security system 5
Front panel components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
NMI switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Base backplane communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Fabric backplane communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Accelerated packet forwarding and policy enforcement (NP4 network processors) . . 9
Accelerated IPS, SSL VPN, and IPsec VPN (CP8 content processors) . . . . . . . . 10
Hardware installation 11
Installing SFP+ transceivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Changing FortiGate-5001C SW2 switch settings . . . . . . . . . . . . . . . . . . . 12
FortiGate-5001C mounting components . . . . . . . . . . . . . . . . . . . . . . . . 14
Inserting a FortiGate-5001C board . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Shutting down and removing a FortiGate-5001C board . . . . . . . . . . . . . . . . 17
Power cycling a FortiGate-5001C board . . . . . . . . . . . . . . . . . . . . . . . . 19
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
FortiGate-5001C board does not start up . . . . . . . . . . . . . . . . . . . . . 20
FortiGate-5001C STA (status) LED is flashing during system operation. . . . . . 21
Quick Configuration Guide 23
Registering your Fortinet product . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Planning the configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
NAT/Route mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Transparent mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Choosing the configuration tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Web-based manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Command Line Interface (CLI) . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Factory default settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Configuring NAT/Route mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Using the web-based manager to configure NAT/Route mode . . . . . . . . . . 27
Using the CLI to configure NAT/Route mode . . . . . . . . . . . . . . . . . . . 28
Contents
FortiGate-5001C Security System Guide
401-400-181221-20121130
http://docs.fortinet.com/
Configuring Transparent mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Using the web-based manager to configure Transparent mode . . . . . . . . . 29
Using the CLI to configure Transparent mode . . . . . . . . . . . . . . . . . . . 30
Upgrading FortiGate-5001C firmware . . . . . . . . . . . . . . . . . . . . . . . . . 30
FortiGate-5001C base backplane data communication . . . . . . . . . . . . . . . . 32
FortiGate-5001C fabric backplane data communication. . . . . . . . . . . . . . . . 33
For more information 35
Training Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Technical Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Comments on Fortinet technical documentation . . . . . . . . . . . . . . . . . 35
Customer service and support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Fortinet products End User License Agreement . . . . . . . . . . . . . . . . . . . . 35
FortiGate-5001C Security System Guide
01-400-181221-20121130 5
http://docs.fortinet.com/
FortiGate-5001C
FortiGate-5001C security system
The FortiGate-5001C security system is a high-performance Advanced
Telecommunications Computing Architecture (ATCA) compliant FortiGate security system
that can be installed in any ATCA chassis that can provide sufficient power and cooling.
Table 1 lists the FortiGate-5000 series chassis that can support the FortiGate-5001C
board. For most up-to-date list of all chassis that can support the FortiGate-5001C board
see the FortiGate-5001C Release Notes.
For more information about FortiGate-5000 series chassis see the FortiGate-5000
Chassis Guides page of the Fortinet Technical Documentation web site.
The FortiGate-5001C security system contains two front panel 10-gigabit SPF+
interfaces, two base backplane 1-gigabit interfaces, and two fabric backplane 10-gigabit
interfaces. The front panel interfaces can also operate as 1-gigabit SPF interfaces. Use
the front panel interfaces for connections to your networks and the backplane interfaces
for communication across the ATCA chassis backplane. The FortiGate-5001C also
includes two front panel RJ45 10/100/1000 management Ethernet interfaces, one RJ45
front panel serial management port, and one front panel USB port.
Figure 1: FortiGate-5001C front panel
The FortiGate-5001C front panel 10-gigabit interfaces and fabric backplane interfaces
also provide NP4-accelerated network processing for eligible traffic passing through
these interfaces.
Table 1: FortiGate-5000 series chassis that support the FortiGate-5001C board
Chassis
Model Hardware ID System Part Number Serial Number
FG-5140B C4GL51-01BD-0000 P09297-01 FG514B3Y12000xxx
FG-5060 C4FN27-01AA-0000 P08588-01 FG50603S1XXXXXXX
MGMT 1 and MGMT 2
10/100/1000 Copper
Management Interfaces
1 and 2
10 Gig
SFP+
Interfaces
Fabric and Base
network activity
LEDs RJ-45
Console
Extraction
Lever
Retention
Screw
USB
Extraction
Lever
Retention
Screw
IPM
LED
(board
position)
OOS
LED
STA
LED
PWR
LED
ACC
LED
Factory Use
NMI Switch
Front panel components FortiGate-5001C security system
FortiGate-5001C Security System Guide
601-400-181221-20121130
http://docs.fortinet.com/
You can also configure two or more FortiGate-5001C boards to create a high availability
(HA) cluster using the base or fabric backplane interfaces for HA heartbeat
communication through the chassis backplane, leaving front panel interfaces available
for network connections.
The FortiGate-5001C board also supports high-end FortiGate features including 802.1Q
VLANs, multiple virtual domains, 802.3ad aggregate interfaces, and FortiOS Carrier.
The FortiGate-5001C board includes the following features:
• Two front panel SFP+ 10-gigabit interfaces (port1 and port2) accelerated by two
FortiASIC NP4 network processors. Can also be configured as SFP 1-gigabit
interfaces.
• Two front panel 10/100/1000Base-T copper 1-gigabit management ethernet
interfaces (mgmt1 and mgmt2).
• Two base backplane 1-gigabit interfaces (base1 and base2) for HA heartbeat
communications across the FortiGate-5000 chassis base backplane.
• Two fabric backplane 10-gigabit interfaces (fabric1 and fabric2) for data
communications across the FortiGate-5000 chassis fabric backplane.
• Two NP4 network processors that accelerate firewall and IPsec VPN.
• Two CP8 content processors that accelerate IPS, SSL VPN, and IPsec VPN.
• Internal 128 GByte SSD for storing log messages, DLP archives, SQL log message
database, historic reports, IPS packet archiving, file quarantine, WAN Optimization
byte caching and web caching.
• One RJ-45 RS-232 serial console connection.
• 1 USB connector.
• NMI switch (for troubleshooting boards with part number P10633-01 and up, as
recommended by Fortinet Support).
• Mounting hardware.
• LED status indicators.
Front panel components
From the FortiGate-5001C front panel you can view the status of the front panel LEDs to
verify that the board is functioning normally. You also connect the FortiGate-5001C board
to your 10-gigabit network using the front panel SFP+ or SFP connectors. The front panel
also includes two Ethernet management interfaces, an RJ-45 console port for connecting
to the FortiOS CLI and a USB port. The USB port can be used with any USB key for
backing up and restoring configuration files.
LEDs
In most cases the base backplane interfaces are used for HA heartbeat communication
and the fabric backplane interfaces are used for data communication.
Table 2: FortiGate-5001C LEDs
LED State Description
Fabric 1 and 2
Off Fabric backplane interface 1 or 2 (fabric1 or fabric2) is
connected at 10 Gbps.
Flashing
Green
Network activity at fabric backplane interface 1 or 2
(fabric1 or fabric2).
FortiGate-5001C security system Front panel components
FortiGate-5001C Security System Guide
01-400-181221-20121130 7
http://docs.fortinet.com/
Base 1 and 2
Green Base backplane interface 1 or 2 (base1 or base2) is
connected at 1 Gbps.
Flashing
Green
Network activity at base backplane interface 1 or 2
(base1 or base2).
OOS
(Out of Service)
Off Normal operation.
Amber A fault condition exists and the FortiGate-5001C blade
is out of service (OOS). This LED may also flash very
briefly during normal startup.
PWR (Power) Green The FortiGate-5001C board is powered on.
STA (Status)
Off The FortiGate-5001C board is powered on.
Flashing
Green
The FortiGate-5001C is starting up. If this LED is
flashing at any time other than system startup, a fault
condition may exist.
ACC (Disk
activity)
Off or
Flashing
green
The ACC LED flashes green when the FortiGate-5001C
board accesses the FortiOS flash disk. The FortiOS
flash disk stores the current FortiOS firmware build and
configuration files. The system accesses the flash disk
when starting up, during a firmware upgrade, or when
an administrator is using the CLI or GUI to change the
FortiOS configuration. Under normal operating
conditions this LED flashes occasionally, but is mostly
off.
1 and 2
Green The correct cable is connected to the port1 or port2
interface and the connected equipment has power.
Flashing
Green
Network activity at the interface.
Off No link is established.
MGMT 1
and
MGMT 2
Link/Act
(Left
LED)
Solid
Green
Indicates the management interface (mgmt1 or mgmt2)
is connected with the correct cable and the attached
network device has power.
Blinking
Green
Indicates network traffic on this interface.
Off No Link
Speed
(Right
LED)
Green Connection at 1 Gbps.
Amber Connection at 100 Mbps.
Off Connection at 10 Mbps.
Table 2: FortiGate-5001C LEDs (Continued)
LED State Description
Front panel components FortiGate-5001C security system
FortiGate-5001C Security System Guide
801-400-181221-20121130
http://docs.fortinet.com/
Connectors
NMI switch
When working with Fortinet Support to troubleshoot problems with FortiGate-5001C
boards with part number P10633-01 and up you can use the front panel non-maskable
interrupt (NMI) switch to assist with troubleshooting. Pressing this switch causes the
software to dump registers/backtraces to the console. After the data is dumped the
board reboots. While the board is rebooting, traffic is temporarily blocked. The board
should restart normally and traffic can resume once its up and running.
IPM
Blue The FortiGate-5001C board is ready to be hot-swapped
(removed from the chassis). If the IPM light is blue and
no other LEDs are lit the FortiGate-5001C board has lost
power
Flashing
Blue
The FortiGate-5001C board is changing from hot swap
to running mode or from running mode to hot swap. This
happens when the FortiGate-5001C board is starting up
or shutting down.
Off Normal operation. The FortiGate-5001C board is in
contact with the chassis backplane.
Table 2: FortiGate-5001C LEDs (Continued)
LED State Description
Table 3: FortiGate-5001C connectors
Connector Type Speed Protocol Description
CONSOLE RJ-45 9600 bps
8/N/1
RS-232
serial
Serial connection to the command
line interface.
1 and 2
SFP+ 10-gigabit/auto Ethernet 10-Gigabit SPF+ connection to
10-Gigabit networks (port1 and
port2). Small form-factor pluggable
transceiver.
1 and 2
SFP 1-gigabit/auto Ethernet 1-Gigabit SPF+ connection to
1-Gigabit networks (port1 and
port2). Small form-factor pluggable
transceiver.
MGMT 1
and
MGMT 2
RJ-45 10/100/1000
Base-T
Ethernet Copper 1-gigabit connection to
10/100/1000Base-T copper
networks for management or
system administration.
USB USB USB key for firmware updates and
configuration backup.
FortiGate-5001C security system Base backplane communication
FortiGate-5001C Security System Guide
01-400-181221-20121130 9
http://docs.fortinet.com/
Base backplane communication
The FortiGate-5001C base backplane 1-gigabit interfaces (base1 and base2) are typically
used for HA heartbeat or other management communication between FortiGate-5001C
boards installed in the same or in different FortiGate-5000 series chassis. You can also
configure FortiGate-5001C boards to use the base backplane interfaces for data
communication between FortiGate boards. To support base backplane communications
your FortiGate-series chassis must include one or more FortiSwitch-5000 series or other
1-gigabit base backplane switches installed in the chassis in base slots 1 and 2.
For information about base backplane communication in FortiGate-5000 series chassis,
see the FortiSwitch Backplane Communication Guide. For information about
FortiSwitch-5000 series boards, see the FortiSwitch-5000 Series documents on the
FortiSwitch page of the Fortinet Technical Documentation website.
Fabric backplane communication
The FortiGate-5001C fabric backplane interfaces (fabric1 and fabric2) are typically used
for data communication between FortiGate-5001C boards installed in the same or in
different FortiGate-5000 series chassis. To support 10-gigabit fabric backplane
communications your FortiGate-5000 series chassis must include one or more
FortiSwitch-5003A or FortiSwitch-5003B boards or other 10-gigabit fabric backplane
switching boards installed in the chassis in fabric slots 1 and 2.
For information about base backplane communication in FortiGate-5000 series chassis,
see the FortiSwitch Backplane Communication Guide. For information about
FortiSwitch-5000 series boards, see the FortiSwitch-5000 Series documents on the
FortiSwitch page of the Fortinet Technical Documentation website.
Accelerated packet forwarding and policy enforcement (NP4
network processors)
The FortiGate-5001C board includes two NP4 processors that provide accelerated
packet forwarding and policy enforcement for the FortiGate-5001C front panel and
backplane interfaces. Accelerated packet forwarding and policy enforcement results in
accelerated small packet performance required for voice, video, and other multimedia
streaming applications.
The following traffic scenarios are recommended for the accelerated interfaces:
• Small packet applications, such as voice over IP (VoIP).
The FortiGate-5001C accelerated interfaces provide wire speed performance for small
packet applications.
• Latency sensitive applications, such as multimedia.
The FortiGate-5001C accelerated interfaces add much less latency than normal (non-
accelerated) interfaces.
• Session Oriented Traffic with long session lifetime, such as FTP sessions.
Packet size does not affect performance for traffic with long session lifetime. For long
sessions, processing that would otherwise be handled by the FortiGate-5001C CPUs
is off-loaded to the acceleration module.
• Firewall, intrusion protection (IPS), and antivirus, when there is a reasonable
percentage of P2P packets.
• Firewall and IPsec VPN applications.
Accelerated IPS, SSL VPN, and IPsec VPN (CP8 content processors) FortiGate-5001C security system
FortiGate-5001C Security System Guide
10 01-400-181221-20121130
http://docs.fortinet.com/
Figure 2: FortiGate-5001C NP4 to interface mapping
Traffic between interfaces that use the same NP4 processor experiences the highest
acceleration.
• The port1, fabric1 and base1 interfaces are connected to one NP4 processor.
• The port2, fabric2 and base2 interfaces are connected to the other NP4 processor.
For example, for maximum NP4 acceleration of traffic received on port1 the traffic must
exit the FortiGate-5001C board on fabric1. Also, for maximum acceleration of traffic
received on port2 the traffic must exit the FortiGate-5001C board on fabric2.
Accelerated IPS, SSL VPN, and IPsec VPN (CP8 content
processors)
The FortiGate-5001C board includes two CP8 processors that provide the following
performance enhancements:
• Over 10Gbps throughput IPS content processor for packet content matching with
signatures
• High performance VPN bulk data engine
• IPSEC and SSL/TLS protocol processor
• DES/3DES/AES in accordance with FIPS46-3/FIPS81/FIPS197
• ARC4 in compliance with RC4
• MD5/SHA-1/SHA256 with RFC1321 and FIPS180
• HMAC in accordance with RFC2104/2403/2404 and FIPS198
• Key Exchange Processor support high performance IKE and RSA computation
• Public key exponentiation engine with hardware CRT support
• Primarily checking for RSA key generation
• Handshake accelerator with automatic key material generation
• Random Number generator compliance with ANSI X9.31
• Sub public key engine (PKCE) to support up to 4094 bit operation directly
• Message authentication module offers high performance cryptographic engine for
calculating SHA256/SHA1/MD5 of data up to 4G bytes (used by any application like
WAN opt.)
FortiASIC
NP4
FortiASIC
NP4
Ethernet Switch
CPUCP8 CP8
System Bus
fabric1
base1
fabric2
base2
FortiGate-5001C Security System Guide
01-400-181221-20121130 11
http://docs.fortinet.com/
FortiGate-5001C
Hardware installation
Before use, the FortiGate-5001C board must be correctly inserted into an Advanced
Telecommunications Computing Architecture (ATCA) chassis that can provide sufficient
power and cooling (for example, the FortiGate-5060 chassis or the NEBS-compliant
FortiGate-5140-R chassis).
This section describes:
•Installing SFP+ transceivers
•Changing FortiGate-5001C SW2 switch settings
•FortiGate-5001C mounting components
•Inserting a FortiGate-5001C board
•Shutting down and removing a FortiGate-5001C board
•Power cycling a FortiGate-5001C board
•Installing SFP+ transceivers
•Troubleshooting
Installing SFP+ transceivers
The FortiGate-5001C board ships with two SR SFP+ transceivers that you must install for
normal operation of the FortiGate-5001C front panel interfaces (port1 and port2). You can
also configure front panel interfaces to operated at 1-gigabit and install SFP transceivers.
The SFP+ or SPF transceivers are inserted into cage sockets numbered 1 and 2 on the
FortiGate-5001C front panel. You can install the transceivers before or after inserting the
FortiGate-5001C board into a FortiGate-5000 series or other ATCA chassis.
You can install the following types of transceivers for connectors 1 and 2:
• SFP+ SR (10 gigabits)
• SFP+ LR (10 gigabits)
• SPF (1gigabit)
To install SFP+ or SPF transceivers
To complete this procedure, you need:
• A FortiGate-5001C board
• Two or more SFP+ or SFP transceivers
• An electrostatic discharge (ESD) preventive wrist or ankle strap with connection cord
1Attach the ESD wrist strap to your wrist and to an available ESD socket or wrist strap
terminal.
FortiGate-5001C boards must be protected from static discharge and physical shock.
Only handle or work with FortiGate-5001C boards at a static-free workstation. Always
wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling
FortiGate-5001C boards.
Changing FortiGate-5001C SW2 switch settings Hardware installation
FortiGate-5001C Security System Guide
12 01-400-181221-20121130
http://docs.fortinet.com/
2Remove the caps from SFP+ or SFP cage sockets on the FortiGate-5001C front
panel.
3Hold the sides of the SFP+ or SFP transceiver and slide the transceiver into the cage
socket until it clicks into place.
Changing FortiGate-5001C SW2 switch settings
The SW2 switch on the FortiGate-5001C board is factory set by Fortinet to detect a shelf
manager (Figure 3). This is the correct setting if you are installing the FortiGate-5001C
board in a chassis that contains an operating shelf manager (such as a FortiGate-5000
series chassis).
The top of the FortiGate-5001C board is covered with a metal panel. The printed circuit
board is under the metal panel. SW2 is located on the printed circuit board and is
accessible from the left side of the board under the metal panel as shown in Figure 3.
Figure 3: Location of SW2 on the FortiGate-5001C board
Handling the SFP+ and SFP transceivers by holding the release latch can damage the
connector. Do not force the SFP+ or SFP transceivers into the cage slots. If the
transceiver does not easily slide in and click into place, it may not be aligned correctly. If
this happens, remove the SFP+ or SFP transceiver, realign it and slide it in again.
You should only change the SW2 switch setting if are required to install the
FortiGate-5001C board in a chassis that does not contain a functioning shelf manager.
The default SW2 setting is required for most uses of the FortiGate-5001C including
ELBCv3.
FortiGate-5001C
Front Faceplate
Factory Default
(Requires Shelf
Manager)
ON
SW2
3421
ON
SW2
3421
ON
SW2
3421
Standalone Mode
(No Shelf Manager)
Location of SW2
Hardware installation Changing FortiGate-5001C SW2 switch settings
FortiGate-5001C Security System Guide
01-400-181221-20121130 13
http://docs.fortinet.com/
Figure 4: Factory default shelf manager mode setting for SW2
By default a FortiGate-5001C board will not start up if the board is installed in a chassis
that does not contain a shelf manager or that contains a shelf manager that is not
operating. Before installing a FortiGate-5001C in a chassis that does not contain an
operating shelf manager you must change the SW2 switch setting to that shown in
Figure 5.
Figure 5: Standalone mode setting for SW2
In all cases you should confirm that you have the correct SW2 setting before installing the
board in a chassis.
To change or verify the SW2 switch setting
To complete this procedure, you need:
• A FortiGate-5001C board
• A tool for changing the SW2 switch setting (optional)
Table 4: FortiGate-5001C SW2 settings
Chassis
Correct
SW2
Setting
Result of wrong jumper setting
FortiGate-5140B or 5060 or a
ATCA chassis with a compatible
operating shelf manager (factory
default shelf manager mode).
Shelf manager cannot find
FortiGate-5001C board. No shelf
manager information about the
FortiGate-5001C board available.
Any ATCA chassis without an
operating shelf manager
(standalone mode).
FortiGate-5001C board will not start
up.
Factory Default
(Requires Shelf
Manager)
ON
SW2
3421
ON
SW2
3421
Standalone Mode
(No Shelf Manager)
ON
SW2
3421
ON
SW2
3421
If the shelf manager in a FortiGate-5000 series chassis is missing or not functioning,
FortiGate-5001C boards with factory default SW2 settings will not start up.
FortiGate-5001C mounting components Hardware installation
FortiGate-5001C Security System Guide
14 01-400-181221-20121130
http://docs.fortinet.com/
• An electrostatic discharge (ESD) preventive wrist strap with connection cord
1Attach the ESD wrist strap to your wrist and to an available ESD socket or wrist strap
terminal.
2If you have installed the FortiGate-5001C board in a chassis, remove it.
For removal instructions, see “Shutting down and removing a FortiGate-5001C board”
on page 17.
3Use Figure 3 on page 12 to locate SW2 on the FortiGate-5001C board.
4If required, change SW2 to the correct setting.
5Insert the FortiGate-5001C board into a chassis and verify that the board starts up
and operates correctly.
For inserting instructions, see “Inserting a FortiGate-5001C board” on page 15.
FortiGate-5001C mounting components
To install a FortiGate-5001C board you slide the board into an open slot in the front of an
ATCA chassis and then use the mounting components to lock the board into place in the
slot. When locked into place and positioned correctly the board front panel is flush with
the chassis front panel. The board is also connected to the chassis backplane.
To position the board correctly you must use the mounting components shown in
Figure 6 for the right (bottom) side of the front panel. The mounting components on the
left (top) side of the FortiGate-5001C front panel are the same but reversed. The
FortiGate-5001C mounting components align the board in the chassis slot and are used
to insert and eject the board from the slot.
FortiGate-5001C boards must be protected from static discharge and physical shock.
Only handle or work with FortiGate-5001C boards at a static-free workstation. Always
wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling
FortiGate-5001C boards.
FortiGate-5001C boards are horizontal when inserted into a FortiGate-5060 chassis and
vertical when inserted into a FortiGate-5140 chassis. The inserting and removing
procedures are the same in either case. For clarity the descriptions in this document
refer to the left (top) and right (bottom) mounting components.
Hardware installation Inserting a FortiGate-5001C board
FortiGate-5001C Security System Guide
01-400-181221-20121130 15
http://docs.fortinet.com/
Figure 6: FortiGate-5001C right (bottom) mounting components
The FortiGate-5001C handles align the board in the chassis slot and are used to insert
and eject the board from the slot. The right (bottom) handle activates a microswitch that
turns on or turns off power to the board. When the right (bottom) handle is open the
microswitch is off and the board cannot receive power. When the right (bottom) handle is
fully closed the microswitch is on and if the board is fully inserted into a chassis slot the
board can receive power.
Inserting a FortiGate-5001C board
The FortiGate-5001C board must be fully installed in a chassis slot, with the handles
closed and locked and retention screws fully tightened for the FortiGate-5001C board to
receive power and operate normally. If the FortiGate-5001C board is not receiving power,
the IPM LED glows solid blue and all other LEDs remain off. See “Front panel
components” on page 6.
It is important to carefully seat the FortiGate-5001C board all the way into the chassis, to
avoid using excessive force on the handles, and to make sure that the handles are
properly locked. Only then will the FortiGate-5001C board power-on and start up
correctly.
FortiGate-5001C boards are hot swappable. The procedure for inserting
a FortiGate-5001C board into a chassis slot is the same whether or not the chassis is
powered on.
Closed
Open
Alignment
Pin
Retention
Screw
Lock Handle
Alignment Pin
Retention
Screw
Lock
Handle
Handle
Hook
Alignment Pin
Retention
Screw
Lock
Hook
Alignment
Pin
Retention
Screw
Lock
Handle
You can use front panel reset switch to cycle the power and reset the board without
removing the board from the chassis. See “Power cycling a FortiGate-5001C board” on
page 19.
Inserting a FortiGate-5001C board Hardware installation
FortiGate-5001C Security System Guide
16 01-400-181221-20121130
http://docs.fortinet.com/
To insert a FortiGate-5001C board into a chassis slot
To complete this procedure, you need:
• A FortiGate-5001C board
• An ATCA chassis with an empty slot
• An electrostatic discharge (ESD) preventive wrist strap with connection cord
1Attach the ESD wrist strap to your wrist and to an available ESD socket or wrist strap
terminal.
2If required, remove the protective metal frame that the FortiGate-5001C board has
been shipped in.
3Insert the FortiGate-5001C board into the empty slot in the chassis.
4Unlock the handles by squeezing the handle locks.
5Open the handles to their fully open positions.
6Carefully guide the board into the chassis using the rails in the slot.
Insert the board by applying moderate force to the front faceplate (not the handles) to
slide the board into the slot. The board should glide smoothly into the chassis slot. If
you encounter any resistance while sliding the board in, the board could be aligned
incorrectly. Pull the board back out and try inserting it again.
7Slide the board in until the alignment pins are inserted half way into their sockets in
the chassis.
Do not carry the FortiGate-5001C board by holding the handles or retention screws.
When inserting or removing the FortiGate-5001C board from a chassis slot, handle the
board by the front panel. The handles are not designed for carrying the board. If the
handles become bent or damaged the FortiGate-5001C board may not align correctly in
the chassis slot.
FortiGate-5001C boards must be protected from static discharge and physical shock.
Only handle or work with FortiGate-5001C boards at a static-free workstation. Always
wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling
FortiGate-5001C boards.
To avoid damaging the lock, make sure you squeeze the handles fully to unlock them
before opening. The handles should pop easily out of the board front panel.
Handle
Alignment Pin
Open
Alignment Pin
Lock
Handle
Hardware installation Shutting down and removing a FortiGate-5001C board
FortiGate-5001C Security System Guide
01-400-181221-20121130 17
http://docs.fortinet.com/
8Turn both handles to their fully-closed positions.
The handles should hook into the sides of the chassis slot. Closing the handles draws
the FortiGate-5001C board into place in the chassis slot and into full contact with the
chassis backplane. The FortiGate-5001C front panel should be in contact with the
chassis front panel and both handles should lock into place.
As the handles closed power is supplied to the board. If the chassis is powered on the
IPM LED starts flashing blue. If the board is aligned correctly, inserted all the way into
the slot, and the handles are properly closed the IPM LED flashes blue for a few
seconds. At the same time the STATUS LED flashes green, the interface LEDs flash
amber, and the ACC LED starts flashing green. After a few seconds the IPM LED goes
out and the FortiGate-5001C firmware starts up. During start up the STATUS LED may
continue to flash green. Once the board has started up and is operating correctly, the
front panel LEDs are lit as described in Table 5.
If the board has not been inserted properly the IPM LED changes to solid blue and all
other LEDS turn off. If this occurs, open the handles, slide the board part way out, and
repeat the insertion process.
9Once the board is inserted correctly, fully tighten the retention screws to lock the
FortiGate-5001C board into position in the chassis slot.
Shutting down and removing a FortiGate-5001C board
The following procedure describes how to correctly use the FortiGate-5001C mounting
components described in “FortiGate-5001C mounting components” on page 14 to
remove a FortiGate-5001C board from an ATCA chassis slot.
Table 5: FortiGate-5001C normal operating LEDs
LED State
OOS Off
PWR Green
STA Off
ACC Off (Or flashing green when the system accesses the
FortiGate-5001C flash disk.)
IPM Off
Tighten
Retention
Screw
To avoid potential hardware problems, always shut down the FortiGate-5001C operating
system (FortiOS) properly before power cycling the FortiGate-5001C board.
Shutting down and removing a FortiGate-5001C board Hardware installation
FortiGate-5001C Security System Guide
18 01-400-181221-20121130
http://docs.fortinet.com/
FortiGate-5001C boards are hot swappable. The procedure for removing
a FortiGate-5001C board from a chassis slot is the same whether or not the chassis is
powered on.
To remove a FortiGate-5001C board from a chassis slot
To complete this procedure, you need:
• An ATCA chassis with a FortiGate-5001C board installed
• An electrostatic discharge (ESD) preventive wrist strap with connection cord
1Shut down the operating system running on the FortiGate-5001C board. For example:
• From the web-based manager, go to System > Status and from the Unit Operation
widget, select Shutdown and then select OK.
• From the CLI enter
execute shutdown
2Attach the ESD wrist strap to your wrist and to an available ESD socket or wrist strap
terminal.
3Disconnect all cables from the FortiGate-5001C board, including all network cables,
the console cable, and any USB cables or keys.
4Fully loosen the retention screws on the FortiGate-5001C front panel.
5Unlock the handles by squeezing the handle locks.
6Slowly open both handles a small amount (about 8 degrees) until the IPM LED flashes
blue.
7Keep the handles in this position until the IPM LED stops flashing and becomes solid
blue.
Do not carry the FortiGate-5001C board by holding the handles or retention screws.
When inserting or removing the FortiGate-5001C board from a chassis slot, handle the
board by the front panel. The handles are not designed for carrying the board. If the
handles become bent or damaged the FortiGate-5001C board may not align correctly in
the chassis slot.
FortiGate-5001C boards must be protected from static discharge and physical shock.
Only handle or work with FortiGate-5001C boards at a static-free workstation. Always
wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling
FortiGate-5001C boards.
Loosen
Retention
Screw
Waiting for the IPM LED to change to solid blue makes sure that the board software
shutdowns completely before disconnecting it from backplane power.
Hardware installation Power cycling a FortiGate-5001C board
FortiGate-5001C Security System Guide
01-400-181221-20121130 19
http://docs.fortinet.com/
8Open the handles to their fully open positions.
You need to open the handles with moderate pressure to eject the board from the
chassis. Pivoting the handles turns off the microswitch, turns off all LEDs, and ejects
the board from the chassis slot.
9Pull the board about half way out.
10 Turn both handles to their fully-closed positions.
11 Carefully slide the board completely out of the slot.
12 Re-attach the protective metal frame before shipping or storing the FortiGate-5001C
board.
Power cycling a FortiGate-5001C board
This section describes how to cycle the power on a FortiGate-5001C board by opening
the right handle (the lower handle when the board is installed vertically in a
FortiGate-5140 chassis) to activate a switch that cycles the power without removing the
board from the chassis. The steps recommend loosening the retention screws before
opening the handle to allow the handle to toggle the switch. During this process the
board may move out a small amount (less than 1 mm).
To power cycle a FortiGate-5001C board without fully removing the board from the
chassis
To complete this procedure, you need:
To avoid damaging the lock, make sure you squeeze the handles fully to unlock them
before opening. The handles should pop easily out of the board front panel.
Handle
Alignment Pin
Open
Alignment Pin
Lock
Handle
Fully Closed
and Locked
Alignment Pin
Handle
Close
Alignment Pin
Handle
To avoid potential hardware problems, always shut down the FortiGate-5001C operating
system properly before power cycling the FortiGate-5001C board.
Troubleshooting Hardware installation
FortiGate-5001C Security System Guide
20 01-400-181221-20121130
http://docs.fortinet.com/
• An ATCA chassis with a FortiGate-5001C board installed
• An electrostatic discharge (ESD) preventive wrist strap with connection cord
1Shut down the operating system running on the FortiGate-5001C board. For example:
• From the web-based manager, go to the Unit Operation dashboard widget, select
Shutdown and then select OK.
• From the CLI enter
execute shutdown
2Attach the ESD wrist strap to your wrist and to an available ESD socket or wrist strap
terminal.
3Fully loosen the retention screws on the FortiGate-5001C front panel.
4Unlock both handles by squeezing the handle locks.
5Slowly open both handles a small amount (about 8 degrees) until the IPM LED flashes
blue.
6Keep the handles in this position until the IPM LED stops flashing and becomes solid
blue.
7After 10 seconds snap both handles back into place.
The board powers up, the LEDs light and in a few minutes the FortiGate-5001C board
operates normally.
8Fully tighten the retention screws to lock the FortiGate-5001C board into position in
the chassis slot.
Troubleshooting
This section describes some common troubleshooting topics.
FortiGate-5001C board does not start up
Shelf manager or firmware problems may prevent a FortiGate-5001C board from starting
up correctly.
Chassis with a shelf manager: no communication with shelf manager
If the FortiGate-5001C board is receiving power and the handles are fully closed and the
FortiGate-5001C still does not start up, the problem could be that the FortiGate-5001C
cannot communicate with the chassis shelf manager. This problem can only occur in an
ATCA chassis that contains a shelf manager.
FortiGate-5001C boards must be protected from static discharge and physical shock.
Only handle or work with FortiGate-5001C boards at a static-free workstation. Always
wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling
FortiGate-5001C boards.
Unlock Handle
Table of contents
Other Fortinet Security System manuals
Fortinet
Fortinet FortiGate-5001D User manual
Fortinet
Fortinet FortiAnalyzer-800B User manual
Fortinet
Fortinet FortiGate-5000 Use and care manual
Fortinet
Fortinet FortiGate-5001B User manual
Fortinet
Fortinet FortiWLC 3000D User manual
Fortinet
Fortinet FortiAnalyzer-800 User manual
Fortinet
Fortinet FortiManager-400A User manual
Fortinet
Fortinet FortiSwitch-5203B User manual
Fortinet
Fortinet FortiCarrier-5001A-DW User manual
Fortinet
Fortinet FortiManager-400 User manual
