FortiGate-7000 v5.4.3 special features and limitations
IP Multicast
IP Multicast
IPv4 and IPv6 Multicast traffic is only sent to the primary FPM module (usually the FPM in slot 3). This is
controlled by the following configuration:
config load-balance flow-rule
edit 18
set status enable
set vlan 0
set ether-type ipv4
set src-addr-ipv4 0.0.0.0 0.0.0.0
set dst-addr-ipv4 224.0.0.0 240.0.0.0
set protocol any
set action forward
set forward-slot master
set priority 5
set comment "ipv4 multicast"
next
edit 19
set status enable
set vlan 0
set ether-type ipv6
set src-addr-ipv6 ::/0
set dst-addr-ipv6 ff00::/8
set protocol any
set action forward
set forward-slot master
set priority 5
set comment "ipv6 multicast"
end
High Availability
Only the M1 and M2 interfaces are used for the HA heartbeat communication.
When using both M1 and M2 for the heartbeat, FortiGate-7000 v5.4.3 requires two switches. The first switch to
connect all M1 ports together. The second second switch to connect all M2 ports together. This is because the
same VLAN is used for both M1 and M2 and the interface groups should remain in different broadcast domains.
Using a single switch for both M1 and M2 heartbeat traffic is possible if the switch supports q-in-q tunneling. In
this case use different VLANs for M1 traffic and M2 traffic to keep two separated broadcast domains in the switch.
The following FortiOS HA features are not supported or are supported differently by FortiGate-7000 v5.4.3:
l
Remote IP monitoring (configured with the option
pingserver-monitor-interface
and related settings) is
not supported
l
Active-active HA is not supported
l
The range for the HA
group-id
is 0 to 14.
l
Failover logic for FortiGate-7000 v5.4.3 HA is not the same as FGSP for other FortiGate clusters.
l
HA heartbeat configuration is specific to FortiGate-7000 systems and differs from standard HA.
FortiGate-7000
Fortinet Technologies Inc.
78