Traffic shaping and DDoS policies
FortiGate-7000 v5.4.3 special features and limitations
Traffic shaping and DDoS policies
Each FPM module applies traffic shaping and DDoS quotas independently. Because of load-balancing, this may
allow more traffic than expected.
Sniffer mode (one-arm sniffer)
One-arm sniffer mode is only supported after creating a load balance flow rule to direct sniffer traffic to a specific
FPM module.
FortiGuard Web Filtering
All FortiGuard rating queries are sent through management aggregate interface from the management VDOM
(named dmgmt-vdom).
Log messages include a slot field
An additional "slot" field has been added to log messages to identify the FPM module that generated the log.
FortiOS Carrier
FortiOS Carrier is supported by the FortiGate-7000 v5.4.3 but GTP load balancing is not supported.
You have to apply a FortiOS Carrier license separately to each FIM and FPM module to license a FortiGate-7000
chassis for FortiOS Carrier.
Special notice for new deployment connectivity testing
Only the primary FPM module can successfully ping external IP addresses. During a new deployment, while
performing connectivity testing from the Fortigate-7000, make sure to run
execute ping
tests from the
primary FPM module CLI.
81
FortiGate-7000
Fortinet Technologies Inc.