beautypg.com

Fortinet 5003 User Manual

Page 58

background image

FortiSwitch-5003A and 5003 Fabric and Base Backplane Communications Guide

58

01-30000-85717-20081205

Fabric channel layer-2 link aggregation

FortiGate-5050 fabric backplane communication

The FortiSwitch-5003A configuration consists of adding a trunk named
trunk_345 that aggregates backplane slots 3, 4, and 5:

config switch fabric-channel trunk

edit "trunk_345"

set members "slot-3" "slot-4" "slot-5"

end

Allow VLAN packets on the FortiSwitch-5003A F5 front panel interface and the
trunk:

config switch fabric-channel interface

edit "f5"

set allowed-vlans 1,100-101

next
edit "trunk_345"

set allowed-vlans 1,100-101

end

The traffic enters and exits the FortiGate-5001A boards using the fabric2
interface. You must add two VLAN interfaces to the fabric2 interface, one for traffic
from the Internal network and one for traffic from the external network. Then you
must add firewall policies for traffic between these VLAN interfaces.

For example, you could name the VLAN interfaces vlan_fab2_100 and
vlan_fab2-101. From the FortiGate-5001A CLI enter:

config system interface

edit vlan_fab2_100

set interface fabric2
set vlanid 100
set vdom root
etc...

next
edit vlan_fab2_101

set interface fabric2
set vlanid 101
set vdom root
etc...

end

Then you can add vlan_fab2_100 to vlan_fab2-101 firewall policies the data

traffic.

You should also configure the FortiGate-5001A boards to send heartbeat packets
over the fabric1 channel so that the FortiSwitch-5003A board can verify that the
FortiGate-5001A boards are functioning. Each FortiGate-5001A board sends 10
heartbeat packets per second from each fabric interface. The packets are type
255 bridge protocol data unit (BPDU) packets. From the FortiGate-5001A CLI
enter:

config system global

set fortiswitch-heartbeat enable

end

Note: On some versions of the FortiGate-5001A firmware, when a FortiGate-5001A board
includes a FortiGate-RTM-XB2 module, the fabric1 and fabric2 interfaces are replaced with
interfaces that are named RTM/1 and RTM/2 to indicate the presence of the
FortiGate-RTM-XB2 module. Configuration settings that include the fabric1 and fabric2
interface names will have to be changed to use the RTM/1 and RTM/2 interface names.