Accelerated IPS, SSL VPN, and IPsec VPN (CP9 content processors)
Getting started with FortiGate-7000
Getting started with FortiGate-7000
Once you have installed your FortiGate-7000 chassis in a rack and installed FIM interface modules and FPM
processing modules in it you can power on the chassis and all modules in the chassis will power up.
Whenever a chassis is first powered on, it takes about 5 minutes for all modules to start up and become
completely initialized and synchronized. During this time the chassis will not allow traffic to pass through and you
may not be able to log into the GUI, or if you manage to log in the session could time out as the FortiGate-7000
continues negotiating.
Review the chassis and module front panel LEDs to verify that everything is operating normally. Wait until the
chassis has complete started up and synchronized before making configuration changes. You can use the
diagnose system ha status
command to confirm that the FortiGate-7000 is completely initialized. If the
output from entering this command hasn't changed after checking for a few minutes you can assume that the
system has initialized. You don't normally have to confirm that the system has initialized, but this diagnose
command is available if needed.
You can configure and manage the FortiGate-7000 by connecting an Ethernet cable to one of the MGMT1 to
MGMT4 interfaces of one of the FIM interface modules in the chassis. By default the MGMT1 to MGMT4
interfaces of both interface modules have been added to a static 802.3 aggregate interface called
mgmt
with a
default IP address of 192.168.1.99.
LACP is not supported for the mgmt aggregate interface. The MGMT1 to MGMT4
interfaces are in a static aggregate interface.
You can connect to any of the MGMT1 to MGMT4 interfaces to create a management connection to the
FortiGate-7000. You can also set up a switch with a static 802.3 aggregate interface and connect the switch ports
in the aggregate interface to multiple MGMT1 to MGMT4 interfaces to set up redundant management
connections to the FortiGate-7000.
Connect to the GUI by browsing to https://192.168.1.99. Log into the GUI using the admin account with no
password. Connect to the CLI by using SSH to connect to 192.168.1.99. You may have to enable SSH
administrative access for the mgmt interface before you can connect to the CLI.
For security reasons you should add a password to the admin account before
connecting the chassis to your network.
Once you have logged into the GUI or CLI you can view and change the configuration of your FortiGate-7000 just
like any FortiGate. For example, all of the interfaces from both interface modules are visible and you can
configure firewall policies between any two interfaces, even if they are physically in different interface modules.
You can also configure aggregate interfaces that include physical interfaces from both interface modules.
The following example Unit Operation dashboard widget shows a FortiGate-7040E with FIM-7901E modules in
slots 1 and 2 and FPM modules in slots 3 and 4.
31
FortiGate-7000
Fortinet Technologies Inc.