Fortinet FortiSwitch-5203B User manual
This FortiSwitch-5203B Security System Guide describes FortiSwitch-5203B hardware features, how to install a
FortiSwitch-5203B board in a FortiGate-5000 series chassis, and how to configure the FortiSwitch-5203B system for your
network.
The most recent versions of this and all FortiGate-5000 series documents are available from the FortiGate-5000 page of
the Fortinet Technical Documentation web site (http://docs.fortinet.com).
Access to Fortinet customer services, such as firmware updates, support, and FortiGuard services, requires product
registration. You can register your FortiSwitch-5203B at http://support.fortinet.com.
FortiSwitch-5203B
Security System Guide
FortiSwitch-5203B Security System Guide
01-520-145204-20151108
FortiSwitch-5203B Security System Guide
01-520-145204-20151108
http://docs.fortinet.com/
Warnings and cautions
Only trained and qualified personnel should be allowed to install or maintain
FortiGate-5000 series equipment. Read and comply with all warnings, cautions and
notices in this document.
• Risk of Explosion if Battery is replaced by an Incorrect Type. Dispose of Used
Batteries According to the Instructions.
• Turning off all power switches may not turn off all power to the FortiGate-5000 series
equipment. Some circuitry in the FortiGate-5000 series equipment may continue to
operate even though all power switches are off.
• FortiGate-5000 equipment must be protected by a readily accessible disconnect
device or circuit breaker that can be used for product power down emergencies.
• Many FortiGate-5000 components are hot swappable and can be installed or
removed while the power is on. But some of the procedures in this document may
require power to be turned off and completely disconnected. Follow all instructions in
the procedures in this document that describe disconnecting FortiGate-5000 series
equipment from power sources, telecommunications links and networks before
installing, or removing FortiGate-5000 series components, or performing other
maintenance tasks. Failure to follow the instructions in this document can result in
personal injury or equipment damage.
• Install FortiGate-5000 series chassis at the lower positions of a rack to avoid making
the rack top-heavy and unstable.
• Do not insert metal objects or tools into open chassis slots.
• Electrostatic discharge (ESD) can damage FortiGate-5000 series equipment. Only
perform the procedures described in this document from an ESD workstation. If no
such station is available, you can provide some ESD protection by wearing an
anti-static wrist strap and attaching it to an available ESD connector such as the ESD
sockets provided on FortiGate-5000 series chassis.
• Make sure all FortiGate-5000 series components have reliable grounding. Fortinet
recommends direct connections to the building ground.
• If you install a FortiGate-5000 series component in a closed or multi-unit rack
assembly, the operating ambient temperature of the rack environment may be greater
than room ambient. Make sure the operating ambient temperature does not exceed
Fortinet’s maximum rated ambient temperature.
• Installing FortiGate-5000 series equipment in a rack should be such that the amount
of airflow required for safe operation of the equipment is not compromised.
• FortiGate-5000 series chassis should be installed by a qualified electrician.
• FortiGate-5000 series equipment shall be installed and connected to an electrical
supply source in accordance with the applicable codes and regulations for the
location in which it is installed. Particular attention shall be paid to use of correct wire
type and size to comply with the applicable codes and regulations for the installation /
location. Connection of the supply wiring to the terminal block on the equipment may
be accomplished using Listed wire compression lugs, for example, Pressure Terminal
Connector made by Ideal Industries Inc. or equivalent which is suitable for AWG-10.
Particular attention shall be given to use of the appropriate compression tool specified
by the compression lug manufacturer, if one is specified.
• This product is only intended for use in a Restricted Access Location.
FortiSwitch-5203B Security System Guide
01-520-145204-20151108 3
http://docs.fortinet.com/
FortiSwitch-5203B
Contents
Warnings and cautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
FortiSwitch-5203B system 5
Physical description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Front panel components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
About the SH1 and SH2 LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Front panel connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
NMI switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
FortiSwitch-5203B and content cluster mode . . . . . . . . . . . . . . . . . . . . . . 9
Content cluster hardware configuration . . . . . . . . . . . . . . . . . . . . . . 10
Accelerated packet forwarding and policy enforcement (NP4 network processors) . 11
Hardware installation 13
Installing SFP+ transceivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Changing FortiSwitch-5203B SW2 switch settings . . . . . . . . . . . . . . . . . . 14
FortiSwitch-5203B mounting components . . . . . . . . . . . . . . . . . . . . . . . 16
Inserting a FortiSwitch-5203B board. . . . . . . . . . . . . . . . . . . . . . . . . . 17
Shutting down and Removing a FortiSwitch-5203B board . . . . . . . . . . . . . . 20
Power cycling a FortiSwitch-5203B board . . . . . . . . . . . . . . . . . . . . . . . 22
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
FortiSwitch-5203B does not startup . . . . . . . . . . . . . . . . . . . . . . . . 23
FortiSwitch-5203B status LED is flashing during system operation . . . . . . . . 23
Configuring Content Clustering 25
Registering your FortiSwitch-5203B . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Content cluster licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Planning the configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
NAT/Route mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Transparent mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Choosing the configuration tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Web-based manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Command Line Interface (CLI) . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Factory default settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Basic content cluster configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Adjusting weighted load balancing . . . . . . . . . . . . . . . . . . . . . . . . 32
Example content cluster configurations . . . . . . . . . . . . . . . . . . . . . . 32
Configuring NAT/Route mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Contents
FortiSwitch-5203B Security System Guide
401-520-145204-20151108
http://docs.fortinet.com/
Using the web-based manager to configure NAT/Route mode . . . . . . . . . . 35
Using the CLI to configure NAT/Route mode . . . . . . . . . . . . . . . . . . . 35
Configuring Transparent mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Using the web-based manager to configure Transparent mode . . . . . . . . . 36
Using the CLI to configure Transparent mode . . . . . . . . . . . . . . . . . . . 37
Backing up and resturing content cluster configurations and upgrading content cluster
firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Backing up the cluster configuration. . . . . . . . . . . . . . . . . . . . . . . . 38
Restoring the cluster configuration . . . . . . . . . . . . . . . . . . . . . . . . 38
Upgrading content cluster firmware . . . . . . . . . . . . . . . . . . . . . . . . 39
For more information 42
Training Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Technical Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Comments on Fortinet technical documentation . . . . . . . . . . . . . . . . . . . 42
Customer service and support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Fortinet products End User License Agreement . . . . . . . . . . . . . . . . . . . . 42
Regulatory Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Federal Communication Commission (FCC) – USA . . . . . . . . . . . . . . . . 44
Industry Canada Equipment Standard for Digital Equipment (ICES) – Canada . . 44
Voluntary Control Council for Interference (VCCI) – Japan . . . . . . . . . . . . 44
Bureau of Standards Metrology and Inspection (BSMI) – Taiwan . . . . . . . . . 44
China . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
European Conformity (CE) - EU . . . . . . . . . . . . . . . . . . . . . . . . . . 44
FortiSwitch-5203B Security System Guide
01-520-145204-20151108 5
http://docs.fortinet.com/
FortiSwitch-5203B
FortiSwitch-5203B system
The FortiSwitch-5203B board is an Advanced Telecommunications Computing
Architecture (ATCA) compliant hub/switch board that can operate in content cluster
mode as a FortiGate unit in conjunction with one or more FortiGate-5001Bs operating as
workers. When operating in content cluster mode, the FortiSwitch-5203B board is
session aware and can be configured with firewall policies and other FortiGate
configuration options. The FortiSwitch-5203B board itself performs firewalling, stateful
inspection, VPN routing and other FortiGate functions. The workers perform content
processing (proxy and flow-based UTM functions such as virus scanning, intrusion
protection, application control, web filtering, and so on). The FortiSwitch-5203B load
balances sessions to the workers using weighted load balancing.
The FortiSwitch-5203B board can be installed in any ATCA chassis that can provide
sufficient power and cooling. You can install FortiSwitch-5203B boards in the following
chassis:
• FortiGate-5144C
• FortiGate-5140B
• FortiGate-5060
In all ATCA chassis FortiSwitch-5203B boards are installed in the first and second
hub/switch slots (usually slot 1 and 2)
The FortiSwitch-5203B includes the following hardware features:
• One 1-gigabit base backplane channel for layer-2 base backplane switching between
workers installed in the same chassis as the FortiSwitch-5203B board. This base
backplane channel includes 13 1-gigabit connections to up to 13 other slots in the
chassis (slots 2 to 14).
• One 10-gigabit fabric backplane channel for layer-2 fabric backplane switching
between workers installed in the same chassis as the FortiSwitch-5203B board. This
fabric backplane channel includes 12 10-gigabit connections to up to 12 other slots in
the chassis (slots 2 to 13). In a 14-slot chassis such as the FortiGate-5140B, the
FortiSwitch-5203B board cannot connect to the 14th fabric channel slot because this
connection is used for front panel interface F8.
Figure 1: FortiSwitch-5203B front panel
Base Network
Activity LEDs
Fabric Network
Activity LEDs
Extraction
Lever
Retention
Screw
Extraction
Lever
Retention
Screw
OOS
LED
STA
LED
PWR
LED
ACC
LED
F1 to F8 10 Gig
SFP+ Network
Interfaces
B1 and B2
10 Gig Base Channel
SFP+ Interfaces
MGMT
10/100/1000 Copper
Management Interface
Factory Use
NMI Switch
RJ-45
Console
IPM
LED
(board
position)
Physical description FortiSwitch-5203B system
FortiSwitch-5203B Security System Guide
601-520-145204-20151108
http://docs.fortinet.com/
• Two front panel 10-gigabit SFP+ interfaces (B1 and B2) that are for future use.
• Eight front panel 10-gigabit SFP+ FortiGate interfaces (F1 to F8). These interfaces can
be connected to your 10-gigabit networks and can also be configured to operate as
1-gigabit SFP interfaces to be connected to 1-gigabit networks.
• One 1-gigabit dedicated management Ethernet interface (MGMT). This interface is for
management purposes only and cannot forward traffic.
• Internal 64 GByte SSD for storing log messages, DLP archives, SQL log message
database, historic reports, IPS packet archiving, file quarantine, WAN Optimization
byte caching and web caching.
• One RJ-45, RS-232 serial console connection (CONSOLE).
• NMI switch (for troubleshooting boards with part number P10636-01 and up, as
recommended by Fortinet Support).
• Mounting hardware.
• LED status indicators.
• NP4 processors to accelerate FortiGate functions.
Physical description
Front panel components
From the FortiSwitch-5203B font panel you can view the status of the board LEDs to
verify that the board is functioning normally. You also connect the FortiSwitch-5203B
board to your 10-gigabit network using the F1 to F8 front panel SFP+ connectors. The
front panel also includes an Ethernet management interface, an RJ-45 console port for
connecting to the FortiOS CLI and a USB port. The USB port can be used with any USB
key for backing up and restoring configuration files.
The front panel also contains connectors to the fabric and base channels, an out of band
management ethernet interface, and an RJ-45 RS-232 console port for connecting to the
FortiSwitch-5203B CLI.
Table 1: FortiSwitch-5203B board physical description
Dimensions 1.2 x 11.34 x 14 in. (3.1 x 28.8 x 35.1 cm) (Height x Width x
Depth)
Weight 7.2 lb. (3.23 kg)
Operating Temperature 32 to 104°F (0 to 40°C)
Storage Temperature -13 to 158°F (-35 to 70°C)
Relative Humidity 5 to 90% (Non-condensing)
Power consumption Maximum: 250WDC; Average: 210WDC
Max Current 5.2A
Heat Dissipation 853BTU/h
FortiSwitch-5203B system Front panel components
FortiSwitch-5203B Security System Guide
01-520-145204-20151108 7
http://docs.fortinet.com/
LEDs
Table 2: FortiSwitch-5203B LEDs
LED State Description
Fabric
(1/2 to 14)
Green Fabric backplane interface is connected at 10 Gbps or 1
Gbps. Backplane Fabric interface slot-14 is not
accessible.
Flashing
Green
Network activity at the fabric backplane interface.
Off No link is established.
Base (1/2 to 14)
Green Base backplane interface is connected at 1 Gbps.
Flashing
Green
Network activity at the base backplane interface.
Off No link is established.
OOS
(Out of Service)
Off Normal operation.
Amber A fault condition exists and the FortiSwitch-5203B blade
is out of service (OOS). This LED may also flash very
briefly during normal startup.
PWR (Power) Green The FortiSwitch-5203B board is powered on.
STA (Status)
Off The FortiSwitch-5203B board is powered on.
Flashing
Green
The FortiSwitch-5203B is starting up. If this LED is
flashing at any time other than system startup, a fault
condition may exist.
ACC (Disk
activity)
Off or
Flashing
green
The ACC LED flashes green when the FortiSwitch-5203B
board accesses the flash disk. The flash disk stores the
current firmware build and configuration files. The system
accesses the flash disk when starting up, during a
firmware upgrade, or when an administrator is using the
CLI or GUI to change the FortiSwitch-5203B
configuration. Under normal operating conditions this
LED flashes occasionally, but is mostly off.
SH1 Not used in the default configuration. See “About the SH1 and SH2
LEDs” on page 8.
SH2
Green or
Flashing
Green
Network activity between the FortiSwitch-5203B board
and one of the shelf managers across the chassis
backplane. If the FortiSwitch-5203B board is installed in
chassis slot 1, this LED indicates a connection to shelf
manager 2. If the FortiSwitch-5203B board is installed in
chassis slot 2, this LED indicates a connection to shelf
manager 1.
F1 to F8
Green The correct cable is connected to the interface and the
connected equipment has power.
Flashing
Green
Network activity at the interface.
Off No link is established.
Front panel components FortiSwitch-5203B system
FortiSwitch-5203B Security System Guide
801-520-145204-20151108
http://docs.fortinet.com/
About the SH1 and SH2 LEDs
SH1 and SH2 are base channel interfaces that can be used to connect the
FortiSwitch-5203B board to the chassis shelf managers over the chassis backplane. The
SH1 and SH2 LEDs indicate the status of the connections between the
FortiSwitch-5203B board and a shelf manager. Whether or not these LEDs are lit
depends on the configuration of the SH1 and SH2 interfaces on the FortiSwitch-5203B
board, the configuration of the chassis backplane, and if one or both shelf managers are
installed and configured to connect using the backplane or their front panel Ethernet
interfaces.
By default the SH1 interface is disabled so the SH1 LED will not light.
By default, the SH2 interface is enabled so the SH2 LED will be lit if it can connect to a
shelf manager over the chassis blackplane. If the FortiSwitch-5203B board is installed in
chassis slot 1, the SH2 LED indicates a connection to shelf manager 2. If the
FortiSwitch-5203B board is installed in chassis slot 2, the SH2 LED indicates a
connection to shelf manager 1.
B1 and B2
Green The correct cable is connected to the interface and the
connected equipment has power.
Flashing
Green
Network activity at the interface.
Off No link is established.
MGMT
Link/Act
(Left
LED)
Solid
Green
Indicates this interface is connected with the correct
cable and the attached network device has power.
Blinking
Green
Indicates network traffic on this interface.
Off No Link
Speed
(Right
LED)
Green Connection at 1 Gbps.
Amber Connection at 100 Mbps.
Off Connection at 10 Mbps.
The unlabeled interface beside the MGMT interface is not used.
IPM
Blue The FortiSwitch-5203B is ready to be hot-swapped
(removed from the chassis). If the IPM light is blue and no
other LEDs are lit the FortiSwitch-5203B board has lost
power
Flashing
Blue
The FortiSwitch-5203B is changing from hot swap to
running mode or from running mode to hot swap. This
happens when the FortiSwitch-5203B board is starting up
or shutting down.
Off Normal operation. The FortiSwitch-5203B board is in
contact with the chassis backplane.
Table 2: FortiSwitch-5203B LEDs (Continued)
LED State Description
FortiSwitch-5203B system FortiSwitch-5203B and content cluster mode
FortiSwitch-5203B Security System Guide
01-520-145204-20151108 9
http://docs.fortinet.com/
Front panel connectors
NMI switch
When working with Fortinet Support to troubleshoot problems with FortiSwitch-5203B
boards with part number P10636-01 and up you can use the front panel non-maskable
interrupt (NMI) switch to assist with troubleshooting. Pressing this switch causes the
software to dump registers/backtraces to the console. After the data is dumped the
board reboots. While the board is rebooting, traffic is temporarily blocked. The board
should restart normally and traffic can resume once its up and running.
FortiSwitch-5203B and content cluster mode
Operating as a FortiGate unit in content cluster mode the FortiSwitch-5203B board
performs routing, firewalling, stateful inspection, IPsec and SSL VPN
encryption/decryption, and other FortiGate functions. The FortiSwitch-5203B board
includes two FortiASIC NP4 processors that offload and accelerate firewall and VPN
processing.
Using content cluster weighted load balancing, the FortiSwitch-5203B board distributes
sessions that require content processing (proxy and flow-based UTM functions such as
virus scanning, intrusion protection, application control, web filtering, and so on) to one
or more workers installed in chassis slots 3 and up.
Table 3: FortiSwitch-5203B connectors
Connector Type Speed Protocol Description
CONSOLE RJ-45 9600 bps
8/N/1
RS-232
serial
Serial connection to the
command line interface.
USB USB Not used.
F1 to F8
SFP+ (10
gigabit) or
SFP (1
gigabit)
10-gigabit full
1-gigabit
auto
1-gigabit full
Ethernet 10-gigabit SFP+ connection to
10-gigabit networks or 1-
gigabit SFP connection to
1-gigabit networks. Small
form-factor pluggable
transceiver.
B1 and B2
SFP+ (10
gigabit) or
SFP (1
gigabit)
10-gigabit full
1-gigabit
auto
1-gigabit full
Ethernet 10-gigabit SFP+ connection to
10-gigabit networks or 1-
gigabit SFP connection to
1-gigabit networks. Small
form-factor pluggable
transceiver. For future use.
MGMT
RJ-45 10/100/1000
Base-T
Ethernet Copper 1-gigabit connection
to 10/100/1000Base-T copper
networks for management or
system administration. The
unlabeled interface beside the
MGMT interface is not used.
Its LEDs may be lit in some
cases but the stat of these
LEDs can be ignored.
FortiSwitch-5203B and content cluster mode FortiSwitch-5203B system
FortiSwitch-5203B Security System Guide
10 01-520-145204-20151108
http://docs.fortinet.com/
To operate the FortiSwitch-5203B board you must switch it to content cluster mode and
configure content cluster settings. Then you install one or more FortiGate-5000-series
boards in chassis slots 3 and up. These FortiGate boards, called workers, must all be
running the same FortiOS firmware version as the FortiSwitch-5203B board and they
must be configured to operate in content cluster mode. When you configure a worker’s
HA settings to match the FortiSwitch-5203B content cluster configuration, the worker
automatically finds and joins the content cluster. Content clustering is only supported for
boards in the same chassis.
Content cluster mode is similar to active-active HA where the FortiSwitch-5203B board
operates as the primary unit and load balances UTM sessions to the workers installed in
the chassis using weighted load balancing. In this configuration, the HA mode is active-
active, the schedule is weight-round-robin and load-balance-all is disabled. You can
adjust the HA weighted load balancing weights to change how sessions are load
balanced. Normally you would set the weight of the primary unit to 0 so that all UTM
sessions are load balanced to the workers. This allows the FortiSwitch-5203B board to
be dedicated to session setup and redirecting traffic to the workers. The
FortiSwitch-5203B board also processes all IPsec sessions, all sessions that use a
session helper, and all VoIP sessions. This also allows the workers to be dedicated to
UTM content processing since all other functions are performed by the
FortiSwitch-5203B board.
A content cluster configuration can include one or two FortiSwitch-5203B boards. Only
the FortiSwitch-5203B boards can become primary units. If the cluster includes two
FortiSwitch-5203B boards, when the cluster forms, one becomes the primary unit and
the other becomes a backup unit along with the workers. The primary FortiSwitch-5203B
board can load balance sessions to the backup FortiSwitch-5203B board as well as the
workers. You can control how many sessions are processed by the backup
FortiSwitch-5203B board by configuring the HA load balancing weights. You can also
configure the content cluster to operate the backup FortiSwitch-5203B board in standby
mode. In this mode the backup FortiSwitch-5203B board does not process any sessions
For information about configuring content clustering, including load balancing weights,
see “Basic content cluster configuration” on page 29.
Once the content cluster has been established and all boards have joined the cluster you
can configure the cluster from the FortiSwitch-5203B board web-based manager or CLI.
All configuration changes made to the primary unit are automatically synchronized to all
of the cluster units. FortiSwitch-5203B firmware upgrades are done from the
FortiSwitch-5203B web-based manager or CLI. Worker firmware upgrades are done from
the FortiSwitch-5203B CLI where a single firmware image is uploaded once and
synchronized to all of the workers.
Content cluster hardware configuration
Figure 2 shows a FortiSwitch-5203B board installed in slot 1 load balancing UTM
sessions to FortiGate-5001B workers installed in chassis slots 3, 4, and 5 (for clarity the
chassis is not shown).
FortiSwitch-5203B system Accelerated packet forwarding and policy enforcement (NP4 network processors)
FortiSwitch-5203B Security System Guide
01-520-145204-20151108 11
http://docs.fortinet.com/
Figure 2: Example content cluster configuration
Accelerated packet forwarding and policy enforcement (NP4
network processors)
The FortiSwitch-5203B board includes two NP4 processors that provide accelerated
packet forwarding and policy enforcement for FortiSwitch-5203B front panel F1 to F8
interfaces and fabric backplane interfaces. Accelerated packet forwarding and policy
enforcement results in accelerated small packet performance required for voice, video,
and other multimedia streaming applications. The following traffic scenarios are
recommended for the accelerated interfaces:
• Small packet applications, such as voice over IP (VoIP).
The FortiSwitch-5203B accelerated interfaces provide wire speed performance for
small packet applications.
• Latency sensitive applications, such as multimedia.
The FortiSwitch-5203B accelerated interfaces add much less latency than normal
(non-accelerated) interfaces.
• Session Oriented Traffic with long session lifetime, such as FTP sessions.
Packet size does not affect performance for traffic with long session lifetime. For long
sessions, processing that would otherwise be handled by the FortiSwitch-5203B
CPUs is off-loaded to the acceleration module.
• Firewall, intrusion protection (IPS), and flow-based content processing when there is a
reasonable percentage of P2P packets.
• Firewall and IPsec VPN applications.
Internal 10-gigabit
network
Fabric channel
10 Gigabit Data
Communication
External 10-gigabit
network
Slot 1
Slot 3
Slot 4
Slot 5
FortiSwitch-5203B
board
FortiGate-5001B
Boards
Accelerated packet forwarding and policy enforcement (NP4 network processors) FortiSwitch-5203B system
FortiSwitch-5203B Security System Guide
12 01-520-145204-20151108
http://docs.fortinet.com/
Figure 3: FortiSwitch-5203B NP4 mapping
l
Traffic between interfaces that use the same NP4 processor experiences the highest
acceleration.
• Front panel interfaces F1, F2, F3 and F4 and fabric backplane interfaces F1/2, F3, F4,
F5, F6, and F7 are connected to one NP4 processor.
• Front panel interfaces F5, F6, F7 and F8 and fabric backplane interfaces F8, F9, F10,
F11, F12, and F13 are connected to the other NP4 processor.
For example, for maximum NP4 acceleration of traffic received on F1 the traffic must exit
the FortiSwitch-5203B board on F2, F3, or F4. Also, for maximum acceleration of traffic
received on F7 the traffic must exit the FortiSwitch-5203B board on F5, F6, or F8.
FortiASIC
NP4
FortiASIC
NP4
CPUCP7
System Bus
Fabric Backplane
F1/2 to F7
Fabric Backplane
F8 to F13
Ethernet Switch
When the FortiSwitch-5203B board is operating in content cluster mode the fabric
backplane interfaces are not accelerated.
FortiSwitch-5203B Security System Guide
01-520-145204-20151108 13
http://docs.fortinet.com/
FortiSwitch-5203B
Hardware installation
Before use, the FortiSwitch-5203B module must be correctly inserted into the first or
second hub/switch slot of an Advanced Telecommunications Computing Architecture
(ATCA) chassis such as the FortiGate-5144C, FortiGate-5140B, or FortiGate-5060
chassis.
This chapter describes:
•Installing SFP+ transceivers
•Changing FortiSwitch-5203B SW2 switch settings
•FortiSwitch-5203B mounting components
•Inserting a FortiSwitch-5203B board
•Shutting down and Removing a FortiSwitch-5203B board
•Power cycling a FortiSwitch-5203B board
•Troubleshooting
Installing SFP+ transceivers
The FortiSwitch-5203B board ships with two SR SFP+ transceivers that you must install
to connect the FortiSwitch-5203B front panel fabric or base channel interfaces to a
network. The SFP+ transceivers are inserted into cage sockets numbered F1 to F8 for the
fabric channel or B1 and B2 for the base channel on the FortiSwitch-5203B front panel.
You can install the SFP+ transceivers before or after inserting the FortiSwitch-5203B
board into a FortiGate or other ATCA chassis.
You can install the following types of SFP+ transceivers for connectors F1 to F8:
•SFP+SR
•SFP+LR
To install SFP+ transceivers
To complete this procedure, you need:
• A FortiSwitch-5203B board
• Two or more SFP+ transceivers
• An electrostatic discharge (ESD) preventive wrist or ankle strap with connection cord
1Attach the ESD wrist strap to your wrist and to an available ESD socket or wrist strap
terminal.
FortiSwitch-5203B boards must be protected from static discharge and physical shock.
Only handle or work with FortiSwitch-5203B boards at a static-free workstation. Always
wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling
FortiSwitch-5203B boards.
Changing FortiSwitch-5203B SW2 switch settings Hardware installation
FortiSwitch-5203B Security System Guide
14 01-520-145204-20151108
http://docs.fortinet.com/
2Remove the caps from SFP+ cage sockets on the FortiSwitch-5203B front panel.
3Hold the sides of the SFP+ transceiver and slide SFP+ transceiver into the cage
socket until it clicks into place.
Changing FortiSwitch-5203B SW2 switch settings
The SW2 switch on the FortiSwitch-5203B board is factory set by Fortinet to detect a
shelf manager (Figure 4). This is the correct setting if you are installing the
FortiSwitch-5203B board in a chassis that contains an operating shelf manager (such as
a FortiGate-5000 series chassis).
The top of the FortiSwitch-5203B board is covered with a metal panel. The printed circuit
board is under the metal panel. SW2 is located on the printed circuit board and is
accessible through the small opening the metal panel as shown in Figure 4.
Figure 4: Location of SW2 on the FortiSwitch-5203B board
Handling the SFP+ transceivers by holding the release latch can damage the connector.
Do not force the SFP+ transceivers into the cage slots. If the transceiver does not easily
slide in and click into place, it may not be aligned correctly. If this happens, remove the
SFP+ transceiver, realign it and slide it in again.
You should only change the SW2 switch setting if are required to install the
FortiSwitch-5203B board in a chassis that does not contain a functioning shelf manager.
The default SW2 setting is required for most uses of the FortiSwitch-5203B including
content clustering.
FortiSwitch-5203B
Front Faceplate
Location of SW2
Factory Default
(RequiresShelf
Manager)
ON
SW2
3421
ON
SW2
3421
ON
SW2
3421
Standalone Mode
(No Shelf Manager)
Hardware installation Changing FortiSwitch-5203B SW2 switch settings
FortiSwitch-5203B Security System Guide
01-520-145204-20151108 15
http://docs.fortinet.com/
Figure 5: Factory default shelf manager mode setting for SW2
By default a FortiSwitch-5203B board will not start up if the board is installed in a chassis
that does not contain a shelf manager or that contains a shelf manager that is not
operating. Before installing a FortiSwitch-5203B in a chassis that does not contain an
operating shelf manager you must change the SW2 switch setting to that shown in
Figure 6.
Figure 6: Standalone mode setting for SW2
In all cases you should confirm that you have the correct SW2 setting before installing the
board in a chassis.
To change or verify the SW2 switch setting
To complete this procedure, you need:
• A FortiSwitch-5203B board
• A tool for changing the SW2 switch setting (optional)
Table 4: FortiSwitch-5203B SW2 settings
Chassis
Correct
SW2
Setting
Result of wrong jumper setting
FortiGate-5144C, 5140B or 5060
or a ATCA chassis with a
compatible operating shelf
manager (factory default shelf
manager mode).
Shelf manager cannot find
FortiSwitch-5203B board. No shelf
manager information about the
FortiSwitch-5203B board available.
Any ATCA chassis without an
operating shelf manager
(standalone mode).
FortiSwitch-5203B board will not
start up.
Factory Default
(RequiresShelf
Manager)
ON
SW2
3421
ON
SW2
3421
Standalone Mode
(No Shelf Manager)
ON
SW2
3421
ON
SW2
3421
If the shelf manager in a FortiGate chassis is missing or not functioning,
FortiSwitch-5203B boards with factory default SW2 settings will not start up.
FortiSwitch-5203B mounting components Hardware installation
FortiSwitch-5203B Security System Guide
16 01-520-145204-20151108
http://docs.fortinet.com/
• An electrostatic discharge (ESD) preventive wrist strap with connection cord
1Attach the ESD wrist strap to your wrist and to an available ESD socket or wrist strap
terminal.
2If you have installed the FortiSwitch-5203B board in a chassis, remove it.
For removal instructions, see “Shutting down and Removing a FortiSwitch-5203B
board” on page 20.
3Use Figure 4 on page 14 to locate SW2 on the FortiSwitch-5203B board.
4If required, change SW2 to the correct setting.
5Insert the FortiSwitch-5203B board into a chassis and verify that the board starts up
and operates correctly.
For inserting instructions, see “Inserting a FortiSwitch-5203B board” on page 17.
FortiSwitch-5203B mounting components
To install a FortiSwitch-5203B board you slide the board into a hub/switch slot in the front
of an ATCA chassis (usually slot 1 or 2) and then use the mounting components to lock
the board into place in the slot. When locked into place and positioned correctly the
board front panel is flush with the chassis front panel. The board is also connected to the
chassis backplane.
To position the board correctly you must use the mounting components shown in
Figure 7 for the right (bottom) of the FortiSwitch-5203B front panel. The mounting
components on the left (top) of the front panel are the same but reversed. The
FortiSwitch-5203B mounting components align the board in the chassis slot and are
used to insert and eject the board from the slot.
FortiSwitch-5203B boards must be protected from static discharge and physical shock.
Only handle or work with FortiSwitch-5203B boards at a static-free workstation. Always
wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling
FortiSwitch-5203B boards.
FortiSwitch-5203B boards are horizontal when inserted into a FortiGate-5060 chassis
and vertical when inserted into a FortiGate-5140-series chassis. The inserting and
removing procedures are the same in either case. For clarity the descriptions in this
document refer to the left (top) and right (bottom) mounting components.\
Hardware installation Inserting a FortiSwitch-5203B board
FortiSwitch-5203B Security System Guide
01-520-145204-20151108 17
http://docs.fortinet.com/
Figure 7: FortiSwitch-5203B right (bottom) mounting components
The FortiSwitch-5203B handles align the board in the chassis slot and are used to insert
and eject the board from the slot. The right (bottom) handle activates a microswitch that
turns on or turns off power to the board. When the right (bottom) handle is open the
microswitch is off and the board cannot receive power. When the right (bottom) handle is
fully closed the microswitch is on and if the board is fully inserted into a chassis slot the
board can receive power.
Inserting a FortiSwitch-5203B board
The FortiSwitch-5203B board must be fully installed in a chassis hub/switch slot (usually
slot 1 or 2), with the handles closed and locked and retention screws fully tightened for
the FortiSwitch-5203B board to receive power and operate normally. If the
FortiSwitch-5203B board is not receiving power, the HS LED glows solid blue and all
other LEDs remain off. See “Front panel components” on page 6.
It is important to carefully seat the FortiSwitch-5203B board all the way into the chassis,
to not use too much force on the handles, and to make sure that the handles are properly
locked. Only then will the FortiSwitch-5203B board power-on and start up correctly.
FortiSwitch-5203B boards are hot swappable. The procedure for inserting
a FortiSwitch-5203B board into a chassis slot is the same whether or not the chassis is
powered on.
Closed
Open
Alignment
Pin
Retention
Screw
Lock Handle
Alignment Pin
Retention
Screw
Lock
Handle
Handle
Hook
Alignment Pin
Retention
Screw
Lock
Hook
Alignment
Pin
Retention
Screw
Lock
Handle
You can reset the board without removing it from the chassis. See “Power cycling a
FortiSwitch-5203B board” on page 22.
Inserting a FortiSwitch-5203B board Hardware installation
FortiSwitch-5203B Security System Guide
18 01-520-145204-20151108
http://docs.fortinet.com/
To insert a FortiSwitch-5203B board into a chassis slot
To complete this procedure, you need:
• A FortiSwitch-5203B board
• An ATCA chassis with an empty hub/switch slot
• An electrostatic discharge (ESD) preventive wrist strap with connection cord
1Attach the ESD wrist strap to your wrist and to an ESD socket or to a bare metal
surface on the chassis or frame.
2If required, remove the protective metal frame that the FortiSwitch-5203B board has
been shipped in.
3Insert the FortiSwitch-5203B board into the empty hub/switch slot in the chassis.
Do not carry the FortiSwitch-5203B board by holding the handles or retention screws.
When inserting or removing the FortiSwitch-5203B board from a chassis slot, handle the
board by the front panel. The handles are not designed for carrying the board. If the
handles become bent or damaged the FortiSwitch-5203B board may not align correctly
in the chassis slot.
FortiSwitch-5203B boards must be protected from static discharge and physical shock.
Only handle or work with FortiSwitch-5203B boards at a static-free workstation. Always
wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling
FortiSwitch-5203B boards.
Hardware installation Inserting a FortiSwitch-5203B board
FortiSwitch-5203B Security System Guide
01-520-145204-20151108 19
http://docs.fortinet.com/
4Unlock the handles by squeezing the handle locks.
5Open the handles to their fully open positions.
6Carefully guide the board into the chassis using the rails in the slot.
Insert the board by applying moderate force to the front faceplate (not the handles) to
slide the board into the slot. The board should glide smoothly into the chassis slot. If
you encounter any resistance while sliding the board in, the board could be aligned
incorrectly. Pull the board back out and try inserting it again.
7Slide the board in until the alignment pins are inserted half way into their sockets in
the chassis.
8Turn both handles to their fully-closed positions.
The handles should hook into the sides of the chassis slot. Closing the handles draws
the FortiSwitch-5203B board into place in the chassis slot and into full contact with
the chassis backplane. The FortiSwitch-5203B front panel should be in contact with
the chassis front panel. When the handles are fully-closed they lock into place.
As the right (bottom) handle closes the microswitch is turned on, supplying power to
the board. If the chassis is powered on the HS LED starts flashing blue. If the board is
aligned correctly, inserted all the way into the slot, and the right (bottom) handle is
properly closed the HS LED flashes blue for a few seconds. At the same time the ACT
and HTY LEDs turn green. After a few seconds the HS LED goes out and the
FortiSwitch-5203B firmware starts up. If the board is operating correctly, the front
panel LEDs are lit as described in Table 5 .
Unlock Handle
To avoid damaging the lock, make sure you squeeze the handles fully to unlock them
before opening. The handles should pop easily out of the board front panel.
Handle
Alignment Pin
Open
Alignment Pin
Lock
Handle
Shutting down and Removing a FortiSwitch-5203B board Hardware installation
FortiSwitch-5203B Security System Guide
20 01-520-145204-20151108
http://docs.fortinet.com/
If the board has not been inserted properly the HS LED changes to solid blue and all
other LEDS turn off. If this occurs, open the handles, slide the board part way out, and
repeat the insertion process.
9Once the board is inserted correctly, fully tighten the retention screws to lock the
FortiSwitch-5203B board into position in the chassis slot.
Shutting down and Removing a FortiSwitch-5203B board
To avoid potential hardware problems, always shut down the FortiSwitch-5203B
operating system properly before removing the FortiSwitch-5203B board from a chassis
slot or before powering down the chassis.
The following procedure describes how to correctly use the FortiSwitch-5203B mounting
components described in “FortiSwitch-5203B mounting components” on page 16 to
remove a FortiSwitch-5203B board from an ATCA chassis slot.
FortiSwitch-5203B boards are hot swappable. The procedure for removing
a FortiSwitch-5203B board from a chassis slot is the same whether or not the chassis is
powered on.
To remove a FortiSwitch-5203B board from a chassis slot
To complete this procedure, you need:
• An ATCA chassis with a FortiSwitch-5203B board installed
Table 5: FortiSwitch-5203B normal operating LEDs
LED State
OOS Off
Power Green
Status Off
ACC Off (Or flashing green when the system accesses the
FortiSwitch-5203B flash disk.)
IPM Off
Tighten
Retention
Screw
Do not carry the FortiSwitch-5203B board by holding the handles or retention screws.
When inserting or removing the FortiSwitch-5203B board from a chassis slot, handle the
board by the front panel. The handles are not designed for carrying the board. If the
handles become bent or damaged the FortiSwitch-5203B board may not align correctly
in the chassis slot.
Table of contents
Other Fortinet Security System manuals
Fortinet
Fortinet FortiGate-5001B User manual
Fortinet
Fortinet FortiWLC 3000D User manual
Fortinet
Fortinet FortiAnalyzer-800 User manual
Fortinet
Fortinet FortiCarrier-5001A-DW User manual
Fortinet
Fortinet FortiDB Series User manual
Fortinet
Fortinet FortiGate-5001C User manual
Fortinet
Fortinet FortiManager-400A User manual
Fortinet
Fortinet FortiManager-400 User manual
Fortinet
Fortinet FortiGate-5000 Use and care manual
Fortinet
Fortinet FortiAnalyzer-800B User manual
