Fortinet 5003 Benutzerhandbuch

All of the FortiGate-5001A boards must be operating in transparent mode and all 
must have the same configuration.

The spanning tree instances can send traffic to fabric channel 1 or fabric channel 
2. As a result, traffic can enter and exit the FortiGate-5001A boards using the 
fabric1 interface or the fabric2 interface. So you should create redundant 
configurations for each fabric interface. For each fabric interface you must add 
two VLAN interfaces, one for traffic from the Internal network and one for traffic 
from the external network. Then for each fabric interface you must add firewall 
policies for traffic between the VLAN interfaces.

For example, for the fabric1 interface you could name the VLAN interfaces 
vlan_fab1_100 and vlan_fab1-101. From the FortiGate-5001A CLI enter:

config system interface

edit vlan_fab1_100

set interface fabric1
set vlanid 100
set vdom root
etc...

next
edit vlan_fab1_101

set interface fabric1
set vlanid 101
set vdom root
etc...

end

For the fabric2 interface you could name the VLAN interfaces vlan_fab2-100 

and vlan_fab2-101. From the FortiGate-5001A CLI enter:

config system interface

edit vlan_fab2_100

set interface fabric2
set vlanid 100
set vdom root
etc...

next
edit vlan_fab2_101

set interface fabric2
set vlanid 104
set vdom root
etc...

end

You should also configure the FortiGate-5001A boards to send heartbeat packets 
over the fabric1 and fabric2 channels so that the FortiSwitch-5003A board can 
verify that the FortiGate-5001A boards are functioning. Each FortiGate-5001A 
board sends 10 heartbeat packets per second from each fabric interface. The 
packets are type 255 bridge protocol data unit (BPDU) packets. From the 
FortiGate-5001A CLI enter:

config system global

set fortiswitch-heartbeat enable

end