FortiGate-7000 v5.4.5 special features and limitations
Managing the FortiGate-7000
FortiGate-7000 v5.4.5 special features and limitations
This section describes special features and limitations for FortiGate-7000 v5.4.5.
Managing the FortiGate-7000
Management is only possible through the MGMT1 to MGMT4 front panel management interfaces. By default the
MGMT1 to MGMT4 interfaces of the FIM modules in slot 1 and slot 2 are in a single static aggregate interface
named mgmt with IP address 192.168.1.99. You manage the FortiGate-7000 by connecting any one of these
eight interfaces to your network, opening a web browser and browsing to https://192.168.1.99.
The FortiGate-7030E has one FIM module and the MGMT1 to MGMT4 interfaces of
that module are the only ones in the aggregate interface.
Default management VDOM
By default the FortiGate-7000 configuration includes a management VDOM named dmgmt-vdom. For the
FortiGate-7000 system to operate normally you should not change the configuration of this VDOM and this
VDOM should always be the management VDOM. You should also not add or remove interfaces from this
VDOM.
You have full control over the configurations of other FortiGate-7000 VDOMs.
Firewall
TCP sessions with NAT enabled that are expected to be idle for more than the distributed processing normal TCP
timer (which is 3605 seconds) should only be distributed to the master FPM using a flow rule. You can configure
the distributed normal TCP timer using the following command:
config system global
set dp-tcp-normal-timer <timer>
end
UDP sessions with NAT enabled that are expected to be idle for more than the distributed processing normal UDP
timer should only be distributed to the primary FPM using a flow rule.
IP Multicast
IPv4 and IPv6 Multicast traffic is only sent to the primary FPM module (usually the FPM in slot 3). This is
controlled by the following configuration:
config load-balance flow-rule
edit 18
FortiGate-7000
Fortinet Technologies Inc.
72