Home
/
Fortinet
/
FortiGate-7000E Series
/
System Manual

Fortinet FortiGate-7000E Series, System Manual

Share

Page: 31 / 68

Fortinet FortiGate-7000E Series System Manual Download Page 31

Getting started with FortiGate-7000

Begin by installing your FortiGate-7000 chassis in a rack and installing FIM interface modules and FPM processing
modules in it. Then you can power on the chassis and all modules in the chassis will power up.

Whenever a chassis is first powered on, it takes about 5 minutes for all modules to start up and become completely
initialized and synchronized. During this time the chassis will not allow traffic to pass through and you may not be able to
log into the GUI, or if you manage to log in, the session could time out as the FortiGate-7000 continues negotiating.

Review the PSU, fan tray, System Management Module (SMM), FIM, and FPM LEDs to verify that everything is
operating normally. Wait until the chassis has completely started up and synchronized before making configuration
changes.

When the system has initialized, you have a few options for connecting to the FortiGate-7000 GUI or CLI:

l

Log in to the GUI by connecting the MGMT1 interface of the FIM in slot 1 to your network. Then browse to
https://192.168.1.99.

l

Log in to the CLI by connecting the MGMT1 interface of the FIM in slot 1 to your network. Then use an SSH client
to connect to 192.168.1.99 and use the same admin account to log in.

l

Log in to the primary FIM CLI by connecting to the RJ-45 RS-232 Console 1 serial port on the FortiGate-7000 SMM
with settings: BPS: 9600, data bits: 8, parity: none, stop bits: 1, flow control: none.

The FortiGate-7000 ships with the following factory default configuration.

Option

Default Configuration

Administrator Account User
Name

admin

Password

(none) For security reasons you should add a password to the admin
account before connecting the FortiGate-7000 to your network.

MGMT1 IP/Netmask

192.168.1.99/24 (the MGMT1 interface is part of the mgmt redundant
interface that also includes MGMT2, MGMT3, and MGMT4).

All configuration changes must be made from the primary FIM GUI or CLI and not from the secondary FIM or the FPMs.

All other management communication (for example, SNMP queries, remote logging, and so on) use the management
aggregate interface and are handled by the primary FIM.

Multi VDOM mode

By default, when you first start up a FortiGate-7000 it is operating in Multi VDOM mode. The default Multi VDOM
configuration includes the

root

VDOM and a management VDOM named

mgmt-vdom

. The management interface

(mgmt) and the HA heartbeat interfaces (M1, M2) are in mgmt-vdom and all of the data interfaces are in the root
VDOM.

FortiGate-7060E 6.4.2 System Guide

31

Fortinet Technologies Inc.

«
...
29
30
31
32
33
...
»

Summary of Contents for FortiGate-7000E Series

Page 1: ...FortiGate 7060E System Guide FortiGate 7000E Series...

Page 2: ...t fortinet com FORTINET TRAINING CERTIFICATION PROGRAM https www fortinet com support and training training html NSE INSTITUTE https training fortinet com FORTIGUARD CENTER https fortiguard com END US...

Page 3: ...required minimum air flow clearance 17 Optional air filter 18 AC PSUs and supplying AC power to the chassis 18 Hot Swapping an AC PSU 19 DC PSUs and supplying DC power to the chassis 19 Crimping guide...

Page 4: ...M firmware 41 Upgrading FPM firmware 42 Installing FIM firmware from the BIOS after a reboot 43 Installing FPM firmware from the BIOS after a reboot 45 Synchronizing FIMs and FPMs after upgrading the...

Page 5: ...l Equipment ICES Canada 66 European Conformity CE EU 66 Voluntary Control Council for Interference VCCI Japan 67 Product Safety Electrical Appliance Material PSE Japan 67 Bureau of Standards Metrology...

Page 6: ...formation in Physical description of the FortiGate 7060E chassis on page 15 April 13 2020 Updated console cable descriptions to reflect that the FortiGate 7060 is now shipped with USB to RJ 45 RS 232...

Page 7: ...s well as two switchable console ports that provide console connections to the modules in the chassis slots The active SMM controls chassis cooling and power management and provides an interface for m...

Page 8: ...faces using SFP transceivers l The FIM 7904E includes eight front panel 40GigE QSFP fabric channel interfaces B1 to B8 These interfaces can be connected to 40Gbps networks Using 40GBASE SR4 multimode...

Page 9: ...rate traffic The FPM 7630E processor module is an update of the FPM 7620E processor module with the same architecture but a newer CPU configuration You can mix FPM 7630Es and FPM 7620Es in the same Fo...

Page 10: ...nt FortiGate 7060E configurations The tables in this section provide information about how to calculate average and maximum power consumption for a FortiGate 7060E system with four and with two FPMs t...

Page 11: ...with four FPM 7630Es Module Average power consumption W Max power consumption W Number of modules Total average power W Max power W FPM 7630E 340 440 4 1360 1760 FIM 7901E 260 450 2 520 900 Fan trays...

Page 12: ...Gate 7060E FortiGate 7000 series products are registered according to the chassis serial number You need to register your chassis to receive Fortinet customer services such as product updates and cust...

Page 13: ...M and FPMs for storing and sharing sensor data that the SMM uses to control chassis cooling and power distribution The base backplane also supports serial communications to allow console access from t...

Page 14: ...wer connectors l Six power cord management clamps l One set of 4 post rack mounting components l One set of 2 post rack mounting components l One pair of cable management side brackets l Two front mou...

Page 15: ...x 17 3 x 25 6 in 352 7 x 440 x 650 mm Chassis weight completely assembled with FIM and FPM modules installed 207 2 lbs 94 1 kg Operating Temperature 32 to 104 F 0 to 40 C Storage Temperature 31 to 158...

Page 16: ...e for overheating Fan trays are hot swappable You can replace a failed fan tray while the chassis is operating To replace a fan tray unscrew the four retention screws and use the handles to pull the f...

Page 17: ...ng the chassis make sure there is enough clearance for effective cooling air flow The following diagram shows the cooling air flow through the chassis and the locations of fan trays Make sure the cool...

Page 18: ...s available Optional air filter You can purchase an optional NEBS compliant air filter kit that includes a front filter that fits over the front of the chassis and two filters for the side cool air in...

Page 19: ...to a bare metal surface on the chassis or frame 2 Turn off the power being supplied to the power supply and disconnect the power cord 3 Press the latch towards the handle until the PSU is detached the...

Page 20: ...ened to the PSU terminals DC PSU power connector cover removed Latch LED Red Power Connector Black Power Connector DC terminals accept UL approved ring terminals for 8 M4 stud with ext ring diameter 9...

Page 21: ...nds breaking l Cable end should be clean wire brush or clean with emery cloth if necessary Insert cable into connector until it stops The insertion length must approximate the stripped length of cable...

Page 22: ...ed using tie wraps if required 10 If required label the black wire 48V 11 If required label the red wire RTN 12 Turn on power to the PSU 13 Verify that the PSU status LED is solid green meaning that t...

Page 23: ...ground system Chassis Ground Connector 1 Attach the ESD wrist strap to your wrist and to an ESD socket or to a bare metal surface on the chassis or frame 2 Make sure that the chassis and ground wire...

Page 24: ...ntially falling over If you are going to mount the chassis higher make sure the rack is well anchored Since the chassis is over 100 lbs use a lift to raise the chassis into position before mounting it...

Page 25: ...head screws M4x8 large head pan head screws M4x8 flat head screws M4x8 flat head screws Front mounting bracket Power cord clamps Front cable management brackets FIM 7910E FIM 7920E only Front cable ma...

Page 26: ...ts to create a 4 post rack mount tray that the chassis will slide on to Attach each side of the tray to the 4 post rack using the front and back brackets as shown below Make sure you install the tray...

Page 27: ...the mid mount ears and the chassis to the rack Mounting the chassis in a 2 post rack Left Mid Mount Tray Attach to the Rack First M4x8 flat head screws M4x8 flat head screws Right Mid Mount Tray Atta...

Page 28: ...through the chassis front panel and warm air exhausts out the back For optimal cooling allow 100 mm of clearance at the front and back of the chassis Inserting FIMs and FPMs All FortiGate 7060E chass...

Page 29: ...nterface Status Alarm HA and Power LEDS USB Power Button NMI Button You must carefully slide the FIM or FPM all the way into the chassis slot close the module levers to seat the module into the slot a...

Page 30: ...and a FIM 7904E install the FIM 7901E in chassis slot 1 and the FIM 7904E in chassis slot 2 l If your chassis includes a FIM 7904E and a FIM 7920E install the FIM 7904E in chassis slot 1 and the FIM...

Page 31: ...client to connect to 192 168 1 99 and use the same admin account to log in l Log in to the primary FIM CLI by connecting to the RJ 45 RS 232 Console 1 serial port on the FortiGate 7000 SMM with settin...

Page 32: ...op of the GUI you can click on the host name and pull down a list of the FIMs and FPMs in the FortiGate 7000 From the list you can see the status of each FIM or FPM change the host name or log into th...

Page 33: ...should add a password to the admin account before connecting the chassis to your network Setting up a single management connection You can configure and manage your FortiGate 7060E by connecting an E...

Page 34: ...nections between the MGMT1 interfaces of each FIM to a switch The switch is configured with a 802 3 static aggregate interface that includes two ports one for each MGMT1 interface The switch also conn...

Page 35: ...th switches Adding a password to the admin administrator account For security purposes one of the first things you should do is add a password to the admin account Depending on your firmware version w...

Page 36: ...process if you run into problems you can reset the FortiGate 7060E to factory defaults and start over From the primary FIM CLI enter config global execute factoryreset Restarting the FortiGate 7060E...

Page 37: ...disable management or administrative access for the mgmt interface For example if the mgmt interface IP address is 192 168 1 99 you can connect to the GUI of the FPM in slot 3 using the mgmt interfac...

Page 38: ...h you can log in to different modules you can only make configuration changes from the primary FIM which is usually the FIM in slot 1 HA mode special management port numbers In HA mode you use the sam...

Page 39: ...manage command to log in to another module Instead you must use the exit command to revert back to the CLI of the component that you originally logged in to Then you can use the execute load balance s...

Page 40: ...0 system Some firmware upgrades may take longer depending on factors such as the size of the configuration and whether an upgrade of the DP2 processor is included Before beginning a firmware upgrade F...

Page 41: ...lling a replacement FIM or FPM that is running a different firmware version l Installing firmware on or formatting an FIM or FPM from the BIOS To verify the firmware versions on each FIM or FPM you ca...

Page 42: ...oes not solve the problem contact Fortinet Support at https support fortinet com The example output also shows that the uptime of the FIM in slot 2 is lower than the uptime of the other modules indica...

Page 43: ...o reset the FPM to normal operation diagnose load balance switch set compatible slot disable Configuration synchronization errors will occur if you do not reset the FPM to normal operation Installing...

Page 44: ...ion of the primary FIM The FIM restarts again and can start processing traffic 15 Once the FIM restarts verify that the correct firmware is installed You can do this from the FIM GUI dashboard or from...

Page 45: ...7000 slot containing the FPM to be upgraded 3 Set up your network to allow traffic between the TFTP server and a MGMT interface of one of the FIMs You can use any MGMT interface of either of the FIMs...

Page 46: ...sy FIM10E3E16000040 Slave uptime 69346 99 priority 2 slot_id 1 2 idx 1 flag 0x0 in_sync 1 FIM04E3E16000010 Master uptime 69398 91 priority 1 slot_id 1 1 idx 0 flag 0x0 in_sync 1 FPM20E3E17900217 Slave...

Page 47: ...rmware for a second time on the primary FIM to trigger synchronization to the FIM and the FPMs but takes much longer 1 Log into the primary FIM GUI 2 Install a firmware build on the primary FIM from t...

Page 48: ...net Interface Console 1 Connection LEDs H8S Mode LED H8S Mode Select Button Console 2 Connection LEDs Retention Screw Retention Screw Console 1 RJ 45 RS 232 Serial Interface Console 1 Connection Chang...

Page 49: ...e chassis and the modules in it will continue to operate with one or no functioning SMMs until you can replace the chassis If there is no functioning SMM the chassis fans operate at maximum speed and...

Page 50: ...indicating an anomaly Temp Solid green All temperature sensors indicated acceptable operating temperatures Blinking green At least one temperature sensor is detecting a high temperature outside of th...

Page 51: ...inistrator disabled them from the SMM CLI Green The fan tray is operating normally Blinking red The fan tray is not working Chassis cooling may be sufficient but redundancy is lost and the fan tray th...

Page 52: ...serial console in the chassis This includes the SMM CLI the FortiOS CLIs also called host CLIs of the FIM and FPM modules in chassis slots 1 to 6 and all of the SMC SDI consoles in the chassis The FI...

Page 53: ...he USB port on your management computer 2 Start a terminal emulation program on the management computer Use these settings Baud Rate bps 9600 Data bits 8 Parity None Stop bits 1 and Flow Control None...

Page 54: ...nt password Use the following procedure to change the SMM admin account password 1 Enter the following command to show all users and their user IDs user list The output should show that the admin user...

Page 55: ...1 if active 0x20 if passive the default 0x22 SMM 2 MGMT2 if active the default 0x20 if passive 0x22 5 FPM5 0x8A 3 FPM3 0x86 1 FIM1 0x82 2 FIM2 0x84 4 FPM4 0x88 6 FPM6 0x8C You can use the IPMB address...

Page 56: ...ssages In the comlog these messages include the following headers Header Cause n COMLOG SYSTEM BOOT YYYY MM DD hh mm ss n The module is starting up after being powered on or reset n COMLOG DISABLED YY...

Page 57: ...IM and FPM SMCs They are also all collected and stored by the SMM SMC From the SMM you can use the following commands from the active or passive SMM to view and clear SEL messages Operation SMC CLI Co...

Page 58: ...tions you can perform from the SMM CLI and the commands you use to perform them Only a subset of these commands are available on the passive SMM as indicated below Also the slot option is not availabl...

Page 59: ...Low Level Errors 2 Alerts Errors Verbose Low Level Errors PI traffic 3 Alerts Errors Verbose Low Level Errors PI traffic IPMB traffic LAN Interface traffic 4 Same as 3 verbose level N A Display the S...

Page 60: ...f a channel is not specified the privilege level is set for all IPMI channels Available on the passive module user priv user id callback user operator administrator no_access channel user priv user id...

Page 61: ...status Display the LAN configuration Available on the passive module lan print channel Set LAN configuration The kgkey and krkey options are used for RCMP lan set channel ipaddr ip netmask lan set cha...

Page 62: ...7060E System Management Modules Fortinet Technologies Inc Action SMC CLI Commands IPMI Commands status Run an HPM 1 upgrade N A hpm upgrade img hpm upgrade img all activate FortiGate 7060E 6 4 2 Syste...

Page 63: ...ment M canique Montage de l quipement dans le rack doit tre telle qu une situation dangereuse n est pas li un chargement m canique in gal Circuit Overloading Consideration should be given to the conne...

Page 64: ...ez pas les batteries au feu Ils peuvent exploser Jetez les piles usag es conform ment aux r glementations locales IMPORTANT Suisse l annexe 4 10 de SR814 013 s appliquent aux batteries CAUTION There i...

Page 65: ...a terre de la prise This product has a separate protective earthing terminal provided on the back of the product in addition to the grounding terminal of the attachment plug This separate protective e...

Page 66: ...ause harmful interference in which case the user will be required to correct the interference at his own expense WARNING Any changes or modifications to this product not expressly approved by the part...

Page 67: ...fety Electrical Appliance Material PSE Japan PSE Bureau of Standards Metrology and Inspection BSMI Taiwan The presence conditions of the restricted substance BSMI RoHS table are available at the link...

Page 68: ...inet enters a binding written contract signed by Fortinet s General Counsel with a purchaser that expressly warrants that the identified product will perform according to certain expressly identified...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands