Example fortigate-5001a configuration – Fortinet 5003 User Manual
Page 65
FortiGate-5050 fabric backplane communication
Example active-passive redundant link configuration
FortiSwitch-5003A and 5003 Fabric and Base Backplane Communications Guide
01-30000-85717-20081205
65
Example FortiGate-5001A configuration
All of the FortiGate-5001A boards must be operating in transparent mode and all
must have the same configuration.
The spanning tree instances can send traffic to fabric channel 1 or fabric channel
2. As a result, traffic can enter and exit the FortiGate-5001A boards using the
fabric1 interface or the fabric2 interface. So you should create redundant
configurations for each fabric interface. For each fabric interface you must add
two VLAN interfaces, one for traffic from the Internal network and one for traffic
from the external network. Then for each fabric interface you must add firewall
policies for traffic between the VLAN interfaces.
For example, for the fabric1 interface you could name the VLAN interfaces
vlan_fab1_100 and vlan_fab1-101. From the FortiGate-5001A CLI enter:
config system interface
edit vlan_fab1_100
set interface fabric1
set vlanid 100
set vdom root
etc...
next
edit vlan_fab1_101
set interface fabric1
set vlanid 101
set vdom root
etc...
end
For the fabric2 interface you could name the VLAN interfaces vlan_fab2-100
and vlan_fab2-101. From the FortiGate-5001A CLI enter:
config system interface
edit vlan_fab2_100
set interface fabric2
set vlanid 100
set vdom root
etc...
next
edit vlan_fab2_101
set interface fabric2
set vlanid 104
set vdom root
etc...
end
You should also configure the FortiGate-5001A boards to send heartbeat packets
over the fabric1 and fabric2 channels so that the FortiSwitch-5003A board can
verify that the FortiGate-5001A boards are functioning. Each FortiGate-5001A
board sends 10 heartbeat packets per second from each fabric interface. The
packets are type 255 bridge protocol data unit (BPDU) packets. From the
FortiGate-5001A CLI enter:
config system global
set fortiswitch-heartbeat enable
end