Fortinet 5003 User Manual
Page 58
FortiSwitch-5003A and 5003 Fabric and Base Backplane Communications Guide
58
01-30000-85717-20081205
Fabric channel layer-2 link aggregation
FortiGate-5050 fabric backplane communication
The FortiSwitch-5003A configuration consists of adding a trunk named
trunk_345 that aggregates backplane slots 3, 4, and 5:
config switch fabric-channel trunk
edit "trunk_345"
set members "slot-3" "slot-4" "slot-5"
end
Allow VLAN packets on the FortiSwitch-5003A F5 front panel interface and the
trunk:
config switch fabric-channel interface
edit "f5"
set allowed-vlans 1,100-101
next
edit "trunk_345"
set allowed-vlans 1,100-101
end
The traffic enters and exits the FortiGate-5001A boards using the fabric2
interface. You must add two VLAN interfaces to the fabric2 interface, one for traffic
from the Internal network and one for traffic from the external network. Then you
must add firewall policies for traffic between these VLAN interfaces.
For example, you could name the VLAN interfaces vlan_fab2_100 and
vlan_fab2-101. From the FortiGate-5001A CLI enter:
config system interface
edit vlan_fab2_100
set interface fabric2
set vlanid 100
set vdom root
etc...
next
edit vlan_fab2_101
set interface fabric2
set vlanid 101
set vdom root
etc...
end
Then you can add vlan_fab2_100 to vlan_fab2-101 firewall policies the data
traffic.
You should also configure the FortiGate-5001A boards to send heartbeat packets
over the fabric1 channel so that the FortiSwitch-5003A board can verify that the
FortiGate-5001A boards are functioning. Each FortiGate-5001A board sends 10
heartbeat packets per second from each fabric interface. The packets are type
255 bridge protocol data unit (BPDU) packets. From the FortiGate-5001A CLI
enter:
config system global
set fortiswitch-heartbeat enable
end
Note: On some versions of the FortiGate-5001A firmware, when a FortiGate-5001A board
includes a FortiGate-RTM-XB2 module, the fabric1 and fabric2 interfaces are replaced with
interfaces that are named RTM/1 and RTM/2 to indicate the presence of the
FortiGate-RTM-XB2 module. Configuration settings that include the fabric1 and fabric2
interface names will have to be changed to use the RTM/1 and RTM/2 interface names.