Shelf Manager Module
FortiGate-7000 v5.4.3 special features and limitations
l
FortiGate Session Life Support Procotol (FGSP) HA (also called standalone session synchronization) is not
supported.
Shelf Manager Module
It is not possible to access SMM CLI using Telnet or SSH. Only console access is supported using the chassis
front panel console ports as described in the FortiGate-7000 system guide.
For monitoring purpose, IPMI over IP is supported on SMM Ethernet ports. See your FortiGate-7000 system
guide for details.
FortiOS features that are not supported by FortiGate-7000 v5.4.3
The following mainstream FortiOS 5.4.3 features are not supported by the FortiGate-7000 v5.4.3:
l
Hardware switch
l
Switch controller
l
WiFi controller
l
WAN load balancing (SD-WAN)
l
IPv4 over IPv6, IPv6 over IPv4, IPv6 over IPv6 features
l
GRE tunneling is only supported after creating a load balance flow rule, for example:
config load-balance flow-rule
edit 0
set status enable
set vlan 0
set ether-type ip
set protocol gre
set action forward
set forward-slot master
set priority 3
end
l
Hard disk features including, WAN optimization, web caching, explicit proxy content caching, disk logging, and GUI-
based packet sniffing.
l
Log messages should be sent only using the management aggregate interface
IPsec VPN tunnels terminated by the FortiGate-7000
This section lists FortiGate-7000 limitations for IPsec VPN tunnels terminated by the FortiGate-7000:
l
Interface-based IPsec VPN is recommended.
l
Policy based IPsec VPN is supported, but requires creating flow-rules for each Phase 2 selector.
l
Dynamic routing and policy routing is not supported for IPsec interfaces.
l
Remote network subnets are limited to /16 prefix.
l
IPsec static routes don't consider distance, weight, priority settings. IPsec static routes are always installed in the
routing table, regardless of the tunnel state.
79
FortiGate-7000
Fortinet Technologies Inc.