Fortinet FortiGate-7000E Series System Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Server
  5. FortiGate-7000E Series
  6. System manual
Fortinet FortiGate-7000E Series System Manual

Fortinet FortiGate-7000E Series System Manual

Hide thumbs Also See for FortiGate-7000E Series:
Table of Contents

Advertisement

Quick Links

Download this manual
FortiGate-7040E System Guide
FortiGate-7000E Series

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FortiGate-7000E Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Fortinet FortiGate-7000E Series

Summary of Contents for Fortinet FortiGate-7000E Series

  • Page 1 FortiGate-7040E System Guide FortiGate-7000E Series...

  • Page 2: Connecting To The Fortios Cli Of The Fim Module In Slot

    FORTINET DOCUMENT LIBRARY https://docs.fortinet.com FORTINET VIDEO GUIDE https://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE & SUPPORT https://support.fortinet.com FORTINET TRAINING & CERTIFICATION PROGRAM https://www.fortinet.com/support-and-training/training.html NSE INSTITUTE https://training.fortinet.com FORTIGUARD CENTER https://fortiguard.com/ END USER LICENSE AGREEMENT https://www.fortinet.com/doc/legal/EULA.pdf FEEDBACK techdoc@fortinet.com Email: October 29, 2019 FortiGate-7040E 6.0.6 System Guide...

  • Page 3: Table Of Contents

    Confirming startup status Setting up management connections Setting up a single management connection Setting up redundant management connections Adding a password to the admin administrator account Changing data interface network settings Resetting to factory defaults FortiGate-7040E System Guide Fortinet Technologies Inc.
  • Page 4 Industry Canada Equipment Standard for Digital Equipment (ICES) – Canada European Conformity (CE) - EU Voluntary Control Council for Interference (VCCI) – Japan Product Safety Electrical Appliance & Material (PSE) – Japan Bureau of Standards Metrology and Inspection (BSMI) – Taiwan China FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 5: Change Log

    Change log Change log Date Change description October 29, 2019 Misc changes throughout. October 23, 2019 Misc changes throughout. October 16, 2019 Restructuring and bug fixing. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 6: Fortigate-7040E Chassis

    The FortiGate-7040E is a 6U 19-inch rackmount 4-slot chassis with a 80Gbps fabric and 1Gbps base backplane designed by Fortinet. The fabric backplane provides network data communication and the base backplane provides management and synch communication among the chassis slots. Power is provided to the chassis using three hot swappable 2+1 redundant 100-240 VAC, 50-60 Hz power supply units (PSUs).

  • Page 7: Fim Modules

    The FPM-7620E is a hot swappable processor module that provides FortiOS firewalling and security services. FPMs in the chassis function as workers, processing sessions load balanced to them by the FIMs. FPMs include multiple NP6 network processors and CP9 content processors to accelerate traffic. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 8: Fortigate-7040E Back Panel

    Registering your FortiGate-7040E FortiGate-7000 series products are registered according to the chassis serial number. You need to register your chassis to receive Fortinet customer services such as product updates and customer support. You must also register your FortiGate-7040E System Guide...

  • Page 9: Fortigate-7040E Chassis Schematic

    FortiGuard services. Register your product by visiting https://support.fortinet.com . To register, enter your contact information and the serial numbers of the Fortinet products that you or your organization have purchased. FortiGate-7040E chassis schematic The FortiGate-7040E chassis schematic below shows the communication channels between chassis components including the management module (MGMT), the FIMs (called FIM1 and FIM2) and the FPMs (FPM3 and FPM4).

  • Page 10: Chassis Hardware Information

    1500W AC power supply units (PSUs) for the FortiGate-7040E. FG-7040E-CHASSIS FortiGate-7040E chassis including 1x management module, 3x fan trays, and 3x AC PSUs. You can also order the following: Additional FIMs and FPMs Transceivers FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 11: Physical Description Of The Fortigate-7040E Chassis

    Install the new fan tray by sliding it into place. As you slide the new fan into place it will power up and the fan outlet cover will fall off of the fan tray. Tighten the retention screws. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 12: Cooling Air Flow And Required Minimum Air Flow Clearance

    80% of cooling air comes from the front panel air intake and 20% from the left and right side panels and 100% exits out the back. Side clearance is optional and chassis cooling will be sufficient if no side clearance is available. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 13: Optional Air Filters

    Use a C15 Power cable, supplied with the chassis, to connect power to each PSU C16 power connector. C15/C16 power connectors are used for high temperature environments and are rated up to 120°C. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 14: Hot Swapping An Ac Psu

    3+2 redundancy. You can add a 6th power supply to provide a third backup power supply and 3+3 redundancy. See FortiGate-7040E back panel on page 8 for locations of the PSUs. The diagram shows AC PSUs, with a DC version of the chassis the AC PSUs are replaced with DC PSUs. FortiGate-7040E System Guide Fortinet Technologies Inc.
  • Page 15 Input voltage outside of normal operating range, PSU fan not operating, or output voltage outside of normal operating range. Flashing Amber Warning that power input or output is close to outside of normal operating range. PSU should be replaced. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 16: Crimping Guidelines

    1. Attach the ESD wrist strap to your wrist and to an ESD socket or to a bare metal surface on the chassis or frame. 2. Make sure that the PSU and power cords are not energized. 3. Snap the clear plastic cover off of the PSU power terminals. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 17: Hot Swapping A Dc Psu

    An electrostatic discharge (ESD) preventive wrist strap with connection cord. One green 6 AWG stranded wire with listed closed loop double-hole lug suitable for minimum 6 AWG copper wire, such as Thomas & Betts PN 54850BE. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 18: Turning On Fortigate-7040E Chassis Power

    When the chassis first starts up you should also hear the cooling fans operating. In addition, if any modules have been installed in the chassis they should power on and their front panel LEDs should indicate that they are starting up and operating normally. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 19: Fortigate-7040E Hardware Assembly And Rack Mounting

    You can optionally install the left and right cable management brackets to help manage the network cables connected to FIM modules installed in the FortiGate-7040E. Install the left and right cable management brackets by attaching them to the left and right front mounting brackets. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 20: Front Cable Management Brackets (Fim-7910E And Fim-7920E Only)

    (FIM-7910E/FIM-7920E only) Front cable management brackets (FIM-7910E and FIM-7920E only) These front cable management brackets are not included with the FortiGate-7040E package. Fortinet ships a front cable management bracket with each FIM-7910E and FIM-7920E module. These brackets help support the relatively large CFP2 transceivers used with FIM-7910E modules and QSFP28 transceivers used with FIM-7920E modules.

  • Page 21: Mounting The Fortigate-7040E Chassis In A Four-Post Rack

    2-post rack. As shown in the diagram, first attach the mid-mount trays to the rack making sure to leave enough space above the trays for the chassis. Then attach the mid-mount ears to the chassis also as shown in the FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 22: Air Flow

    All FortiGate-7040E chassis are shipped with a protective front panel installed in the chassis to protect internal chassis components. This panel must be removed before you install FIM and FPM modules. Insert FIM modules into chassis slots 1 and 2. Insert FPM modules into chassis slots 3 and 4. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 23: Recommended Slot Locations For Interface Modules

    If you are installing different FIM modules in the FortiGate-7040E chassis, for optimal configuration you should install the module with the lower model number in slot 1 and the module with the higher number in slot 2. FortiGate-7040E System Guide Fortinet Technologies Inc.
  • Page 24 2. If your chassis includes a FIM-7904E and a FIM-7920E, install the FIM-7904E in chassis slot 1 and the FIM-7920E in chassis slot 2. This applies to any combination of two different interface modules. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 25: Getting Started With Fortigate-7000

    (mgmt) and the HA heartbeat interfaces (M1 and M2) are in this VDOM. You cannot delete or rename this VDOM. You also cannot remove interfaces from it or add interfaces to it. You can however, configure other settings such as routing for management communications, the mgmt interface IP address, and so on. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 26: Confirming Startup Status

    When your FortiGate-7000 first starts up, the MGMT1 to MGMT4 interfaces of both of the FIMs are part of a static 802.3 aggregate interface with a default IP address of 192.168.1.99. On the GUI or CLI the 802.3 aggregate interface is mgmt . named FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 27: Setting Up A Single Management Connection

    MGMT1 interfaces of each FIM to a switch. The switch is configured with a 802.3 static aggregate interface that includes two ports, one for each MGMT1 interface. The switch also connects the MGMT1 interfaces to a management network. FortiGate-7040E System Guide Fortinet Technologies Inc.
  • Page 28 The following example shows redundant connections between both FIMs and the switch. In this case you need to add more switch ports to the static aggregate interface on the switch. You do not have to change the configuration of the FortiGate-7000 to set up this redundant management connection configuration. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 29: Adding A Password To The Admin Administrator Account

    From the GUI, access the Global GUI and go to Change Password . From the CLI: config global config system admin edit admin set password <new-password> Changing data interface network settings To change the IP address of any FortiGate-7040E data interface: FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 30: Resetting To Factory Defaults

    When you enter this command from the primary FIM, all of the modules restart. To restart individual FIMs or FPMs, log in to the CLI of the module to restart and run the execute reboot command. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 31: Managing Individual Fortigate-7000 Fims And Fpms

    SSL VPN), does not affect the special management port numbers. FortiGate-7000 special management port numbers Slot Number Slot Address HTTP HTTPS (443) Telnet SSH (22) SNMP (161) (80) (23) FPM03 8003 44303 2303 2203 16103 FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 32: Ha Mode Special Management Port Numbers

    FIMs and FPMs. You can use this command to view the status or configuration of the module, restart the module, or perform other operations. You should not change the configuration of individual FIMs or FPMs because this can cause configuration synchronization errors. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 33: Connecting To Individual Fim And Fpm Clis Of The Backup Fortigate-7000 In An Ha Configuration

    After you have logged in, you can manage the backup FortiGate-7000 from the primary FIM or you can use the execute-load-balance slot manage command to connect to the CLIs of the other FIM and the FPMs in the backup FortiGate-7000. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 34: Firmware Upgrades

    DP processor firmware upgrade is included. Before beginning a firmware upgrade, Fortinet recommends that you perform the following tasks: Review the latest release notes for the firmware version that you are upgrading to.

  • Page 35: Upgrading The Firmware Running On Individual Fims Or Fpms

    You may need to use the special port number to log in to the FIM in slot two (for example, browse to https://192.168.1.99:44302). 2. Once the FIM restarts, verify that the new firmware has been installed. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 36: Upgrading Fpm Firmware

    CLI of the FIM or FPM and restart it using the execute reboot command.If this does not solve the problem, contact Fortinet Support at https://support.fortinet.com The example output also shows that the uptime of the FIM in slot 2 is lower than the uptime of the other modules, indicating that the FIM in slot 2 has recently restarted.

  • Page 37: Installing Fim Firmware From The Bios After A Reboot

    If this does not solve the problem, contact Fortinet Support at The command output also shows that the uptime of the FPM in slot 4 is lower than the uptime of the other modules, indicating that the FPM in slot 4 has recently restarted.
  • Page 38 CLI of the FIM or FPM and restart it using the execute reboot command. If this does not solve the problem, contact Fortinet Support at https://support.fortinet.com The command output also shows that the uptime of the FIM in slot 2 is lower than the uptime of the other modules, indicating that the FIM in slot 2 has recently restarted.

  • Page 39: Installing Fpm Firmware From The Bios After A Reboot

    TFTP server. This address must not be the same as the FortiGate-7000 management IP address and cannot conflict with other addresses on your network. [S]: Set local Subnet Mask : Set as required for your network. [G]: Set local gateway : Set as required for your network. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 40: Synchronizing Fims And Fpms After Upgrading The Primary Fim Firmware From The Bios

    . https://support.fortinet.com If this does not solve the problem, contact Fortinet Support at The command output also shows that the uptime of the FPM in slot 4 is lower than the uptime of the other modules, indicating that the FPM in slot 4 has recently restarted.
  • Page 41 FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1 FIM10E3E16000040, Slave, uptime=69346.99, priority=2, slot_id=1:2, idx=1, flag=0x0, in_sync=1 FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1 FIM10E3E16000040, Slave, uptime=69346.99, priority=2, slot_id=1:2, idx=1, flag=0x0, in_sync=1 FPM20E3E17900217, Slave, uptime=69387.74, priority=20, slot_id=1:4, idx=2, flag=0x64, in_sync=1 FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 42: Fortigate-7040E Management Module

    SMC SDI and to connect to each module's SMC SDI console. You can also interact with the SMC SDI consoles using an Intelligent Platform Management Interface (IPMI) tool. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 43: Management Module Failure

    All temperature sensors indicated acceptable operating temperatures. Blinking green At least one temperature sensor is detecting a high temperature outside of the normal operating range. In this case an upper non-critical (UNC) temperature. The FortiGate-7040E System Guide Fortinet Technologies Inc.
  • Page 44 A fan tachometer sensor in this fan tray has registered an alert because a critical or non-recoverable (NR) threshold has been crossed. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 45: About Management Module Alarm Levels

    This includes the management module CLI, the FortiOS CLIs (also called host CLIs) of the FIM and FPM modules in chassis slots 1 to 6 and all of the SMC SDI consoles in the chassis. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 46: Connecting To The Fortios Cli Of The Fim Module In Slot 1

    2. Start a terminal emulation program on the management computer. Use these settings: Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and Flow Control None. 3. Press Ctrl-T to enter console switch mode. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 47: Connecting To The Smc Sdi Cli Of The Fpm Module In Slot 3

    For security reasons, it is strongly recommended that you change the password. 7. You can begin entering commands at the admin@FPM03-MC # prompt. 8. When your session is complete, enter the exit command to log out. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 48: Changing The Management Module Admin Account Password

    For example, to list the sensors on the FIM module in chassis slot 2 (0x82), use the following IPMI command: sudo ipmitool -I lanplus -H 10.160.19.30 -k gkey -U <username> -P <password0> -t 0x82 sensor FortiGate-7040E chassis slots IPMB addresses The following table lists the IPMB addresses of the FortiGate-7040E chassis slots. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 49: Rebooting A Chassis Module From The Smc Sdi Cli

    All module SMCs include a comlog system for writing and saving console log messages. When enabled, the comlog saves log messages in a local comlog file. Log messages include all local host console messages including BIOS boot up messages. In the comlog these messages include the following headers: FortiGate-7040E System Guide Fortinet Technologies Inc.
  • Page 50 Set comlog baud rate. comlog setbaud <speed> fortinetoem comlog setbaud <speed> can be 9600, 19200, <speed> 38400,57600, 115200, or expressed as level 1 to 4. Available on the passive module. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 51: System Event Log (Sel)

    (use this command to display online help for setting sensor thresholds) Common management module CLI operations The following table lists many of the operations you can perform from the management module CLI and the commands you use to perform them. FortiGate-7040E System Guide Fortinet Technologies Inc.
  • Page 52 Verbose + Low-Level Errors 2: Alerts + Errors + Verbose + Low-Level Errors + PI traffic 3: Alerts + Errors + Verbose + Low-Level Errors + PI traffic + IPMB traffic + LAN Interface traffic FortiGate-7040E System Guide Fortinet Technologies Inc.
  • Page 53 | operator | administrator level> [<channel number>] has for a specified | no_access} [<channel>] session-based IPMI <channel>. If a <channel> is not specified the privilege level is set for all IPMI channels. Available on the passive module. FortiGate-7040E System Guide Fortinet Technologies Inc.
  • Page 54 Power off a module. fru deactivate <slot> [<fruid>] picmg deactivate Reset a module. fru reset <slot> [<fruid>] picmg reset Power cycle the chassis power cycle chassis Get chassis sttatus chassis status Display the LAN lan print <channel> FortiGate-7040E System Guide Fortinet Technologies Inc.
  • Page 55 Change LED picmg led set help settings. (use this command to display online help for LED settings) Display HPM.1 hpm check status. Run an HPM.1 hpm upgrade <.img> hpm upgrade upgrade. <.img> all activate FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 56: Cautions And Warnings

    Blade Carriers, Cards and Modems must be Listed Accessories or Switch, Processor, Carrier and similar blades or cards should be UL Listed or Equivalent. Serveur-blades, cartes et modems doivent être des accessoires listés ou commutateurs, processeurs, serveurs et similaire blades ou cartes doivent être listé UL ou équivalent. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 57: Safety

    Austreten von brennbarer Flüssigkeit oder Gas führen kann. Eine BATTERIE, die einem extrem niedrigen Luftdruck ausgesetzt ist, der zu einer EXPLOSION oder zum Austreten von brennbarer Flüssigkeit oder Gas führen kann. CAUTION: Shock Hazard. Disconnect all power sources. FortiGate-7040E System Guide Fortinet Technologies Inc.
  • Page 58 Fiber optic transceiver must be rated 3.3V, 22mA max, Laser Class 1, UL certified component. Le transceiver optique doit avoir les valeurs nominales de 3.3 V, maximum 22 mA, Laser Class 1, homologué UL FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 59: Regulatory Notices

    Communications du Canada. European Conformity (CE) - EU This is a Class A product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures. FortiGate-7040E System Guide Fortinet Technologies Inc.

  • Page 60: Voluntary Control Council For Interference (Vcci) - Japan

    此 为 A级 产 品 , 在 生 活 环 境 中 , 该 产 品 可 能 会 造 成 无 线 电 干 扰 。 这 种 情 况 下 , 可 能 需 要 用 户 对 其 采 取 切 实 可 行 的 措 施 。 FortiGate-7040E System Guide Fortinet Technologies Inc.
  • Page 61 Copyright© 2019 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners.

This manual is also suitable for:

Fortigate-7040e

Table of Contents