Failover in a standalone FortiGate-7000
Operating a FortiGate-7000
Operating a FortiGate-7000
This chapter describes some FortiGate-7000 general operating procedure.
Failover in a standalone FortiGate-7000
A FortiGate-7000 will continue to operate even if one of the FIM or FPM modules fails or is removed. If an FPM
module fails, sessions being processed by that module fail. All sessions are then load balanced to the remaining
FPM modules. Sessions that were being processed by the failed module are restarted and load balanced to the
remaining FPM modules.
If an FIM module fails, the other FIM module will continue to operate and will become the config-sync master.
However, traffic received by the failed FIM module will be lost.
You can use LACP or redundant interfaces to connect interfaces of both FIMs to the same network. In this way, if
one of the FIMs fails the traffic will continue to be received by the other FIM module.
Replacing a failed FPM or FIM module
This section describes how to remove a failed FPM or FIM module and replace it with a new one. The procedure
is slightly different depending on if you are operating in HA mode with two chassis or just operating a standalone
chassis.
Replacing a failed module in a standalone FortiGate-7000 chassis
1. Power down the failed module by pressing the front panel power button.
2. Remove the module from the chassis.
3. Insert the replacement module. It should power up when inserted into the chassis if the chassis has power.
4. The module's configuration is synchronized and its firmware is upgraded to match the firmware version on the
primary module. The new module reboots.
5. Confirm that the new module is running the correct firmware version either from the GUI or by using the
config
system status
command.
Manually update the module to the correct version if required. You can do this by logging into the module and
performing a firmware upgrade.
6. Verify that the configuration has been synchronized.
The following command output shows the sync status of the FIM modules in a FortiGate-7000 chassis. The field
in_sync=1
indicates that the configurations of the modules are synchronized.
diagnose sys confsync
status | grep in_sy
FIM04E3E16000080, Slave, uptime=177426.45, priority=2,
slot_id=1:2, idx=0, flag=0x0, in_sync=1
FIM10E3E16000063, Master, uptime=177415.38, priority=1,
slot_id=1:1, idx=1, flag=0x0, in_sync=1
45
FortiGate-7000
Fortinet Technologies Inc.