Fortinet 5003 User Manual

Because the FortiGate-5000 boards in a link aggregation configuration operate in 
transparent mode, any routing, VPN or NAT requirements should be handed by an 
external device (such as a router), before or after the traffic reaches the 
FortiSwitch-5003A board.

If the traffic that you are distributing contains VLAN-tagged packets, you must add 
the VLAN tags to the FortiSwitch-5003A interfaces and to the trunks that will 
handle the VLAN-tagged traffic.

 shows a basic link aggregation configuration using a single 

FortiSwitch-5003A board. In this configuration the external switch is connected to 
the FortiSwitch-5003A F7 front panel interface. The external switch adds VLAN 
tags to traffic from the internal and external networks. Packets from the internal 
network are tagged as 100 and packets from the external network are tagged as 
101.

Note: LInk aggregation does not require FortiGate-RTM-XB2 modules. If the example in 

 did not include FortiGate-RTM-XB2 modules the configuration steps would be the 

same and link aggregation would still function the same way. The only difference is without 
the FortiGate-RTM-XB2 modules communication on the fabric channel would be 1Gbps 
instead of 10 Gbps.

Distributed 10-gigabit
data communication
on fabric channel 1

Six FortiGate-RTM-XB2
modules installed in RTM 
slots 6, 8, 9, 10, 11, and
13 to provide 10-gigabit
fabric interfaces and
NP2 acceleration for each
FortiGate-5001A board

Internal and external

10-gigabit networks

connected to

FortiSwitch-5003A

front panel interface F7

and to fabric channel 1

External switch

VLAN
tagged
traffic

External
Network

Internal Network

FA N  T R AY

FA N  T R AY

FA N  T R AY

13

11

9

7

5

3

1

2

4

6

8

10

12

14

5140

5140SAP

FILTER

1 2

0

1

2

5000SM

5000SM