The FortiSwitch-5003A configuration consists of adding a trunk named trunk_345 that aggregates backplane slots 3, 4, and 5:
config switch fabric-channel trunk edit "trunk_345"
set members "slot-3" "slot-4" "slot-5" end
Allow VLAN packets on the FortiSwitch-5003A F5 front panel interface and the trunk:
config switch fabric-channel interface edit "f5"
set allowed-vlans 1,100-101 next
edit "trunk_345"
set allowed-vlans 1,100-101 end
The traffic enters and exits the FortiGate-5001A boards using the fabric2 interface. You must add two VLAN interfaces to the fabric2 interface, one for traffic from the Internal network and one for traffic from the external network. Then you must add firewall policies for traffic between these VLAN interfaces.
For example, you could name the VLAN interfaces vlan_fab2_100 and vlan_fab2-101. From the FortiGate-5001A CLI enter:
config system interface edit vlan_fab2_100
set interface fabric2 set vlanid 100
set vdom root etc...
next
edit vlan_fab2_101
set interface fabric2 set vlanid 101
set vdom root etc...
end
Then you can add vlan_fab2_100 to vlan_fab2-101firewall policies the data traffic.
Note: On some versions of the FortiGate-5001A firmware, when a FortiGate-5001A board includes a FortiGate-RTM-XB2 module, the fabric1 and fabric2 interfaces are replaced with interfaces that are named RTM/1 and RTM/2 to indicate the presence of the FortiGate-RTM-XB2 module. Configuration settings that include the fabric1 and fabric2 interface names will have to be changed to use the RTM/1 and RTM/2 interface names.
You should also configure the FortiGate-5001A boards to send heartbeat packets over the fabric1 channel so that the FortiSwitch-5003A board can verify that the FortiGate-5001A boards are functioning. Each FortiGate-5001A board sends 10 heartbeat packets per second from each fabric interface. The packets are type 255 bridge protocol data unit (BPDU) packets. From the FortiGate-5001A CLI enter:
config system global
set fortiswitch-heartbeat enable end
