Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for Fortinet FortiGate 6000F Series
Summary of Contents for Fortinet FortiGate 6000F Series
- Page 1 FortiGate 6000F Series System Guide FortiGate 6000F Series...
- Page 2 FORTINET VIDEO GUIDE https://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE & SUPPORT https://support.fortinet.com FORTINET TRAINING & CERTIFICATION PROGRAM https://www.fortinet.com/training-certification NSE INSTITUTE https://training.fortinet.com FORTIGUARD CENTER https://www.fortiguard.com END USER LICENSE AGREEMENT https://www.fortinet.com/doc/legal/EULA.pdf FEEDBACK Email: techdoc@fortinet.com October 6, 2023 FortiGate 6000F Series 7.0.12 System Guide 01-7012-464766-20231006...
-
Page 3: Table Of Contents
Removing the FortiGate 6000F from a four-post rack Surface-mount installation Installing QSFP28, SFP28, SFP+, and SFP transceivers To install transceivers Getting started with FortiGate 6000F series Confirming startup status Default VDOM configuration and configuring the management interfaces FortiGate 6000F Series System Guide... - Page 4 Voluntary Control Council for Interference (VCCI) – Japan Product Safety Electrical Appliance & Material (PSE) – Japan Bureau of Standards Metrology and Inspection (BSMI) – Taiwan China Agência Nacional de Telecomunicações (ANATEL) – Brazil Korea Certification (KC) – Korea FortiGate 6000F Series System Guide...
-
Page 5: Change Log
Change description October 6, 2023 Added information about the FortiGate 6001F, a new FortiGate 6000F series model that includes a total of ten FPCs, by default three of them are active. To increase throughput you can purchase perpetual or subscription licenses for each of the... - Page 6 New information added to: Console port on page 12 FortiGate 6000F four post rack-mount installation on page 28. Corrections to FortiGate 6000F series back panel on page 14 FortiGate 6000F AC power supply units (PSUs) on page FortiGate 6000F Series System Guide...
-
Page 7: Fortigate 6000F Series Hardware Description
FortiGate 6301F and FortiGate 6301F-DC FortiGate 6001F and FortiGate 6001F-DC All FortiGate 6000F series models have the same front and back panel configuration including the same network interfaces. The differences are the processing capacity of the individual models. All FortiGate 6000F series models include a management board (MBD) and internal Fortinet Processor Cards (FPCs) that contain NP6 and CP9 security processors. -
Page 8: Fortigate 6001F Model Licensing
A subscription license provides access to one or more additional FPCs for the term of the subscription. Perpetual or subscription licenses can be purchased from Fortinet. The package you get when you purchase the license includes instructions for obtaining a license key (if required) and activating the license on your FortiGate 6001F (if required). -
Page 9: Interface Groups And Changing Data Interface Speeds
25000full next edit port5 set speed 25000full next edit port9 set speed 25000full next edit port13 set speed 25000full next edit port17 set speed 25000full next edit port21 set speed 25000full FortiGate 6000F Series 7.0.12 System Guide... -
Page 10: Front Panel Leds
Network traffic on this interface. Link/Activity Green No Link MGMT1 Green This interface is connected at 1Gbps or 100Mbps with the correct cable MGMT2 Link/ and the attached network device has power. Activity (Left FortiGate 6000F Series 7.0.12 System Guide... -
Page 11: Front Panel Connectors
Protocol Description 1 to 24 SFP28 1/10/25Gbps Ethernet 1/10/25GigE connection using SFP28 or SPF+ transceivers. For traffic interfaces. 25 to 28 QSFP28 40/100Gbps Ethernet 40/100GigE connections using QSFP28 or QSFP+ transceivers. For traffic interfaces. FortiGate 6000F Series 7.0.12 System Guide... -
Page 12: Console Port
Ctrl-T to connect to another CLI. Your FortiGate 6000F package includes a USB to RJ-45 serial cable that you can use to connect a management PC USB port to the FortiGate 6000F console port. FortiGate 6000F Series 7.0.12 System Guide... -
Page 13: Connecting To The Cli Of An Individual Fpc
NMI switch and NMI reset commands When working with Fortinet Support to troubleshoot problems with your FortiGate 6000F you can use the front panel non-maskable interrupt (NMI) switch to assist with troubleshooting. Pressing this switch causes the software to dump management board registers/backtraces to the console. -
Page 14: Fortigate 6000F Series Back Panel
1,3-4 FortiGate 6000F series back panel The FortiGate 6000F series back panel includes three hot swappable cooling fan trays and three hot swappable redundant AC power supply units (PSUs). For more information on power connections and redundant power, see FortiGate 6000F AC power supply units (PSUs) on page The FortiGate 6000F DC models include two hot swappable -48 to -60 VDC, 50A max DC PSUs. - Page 15 6xKR 6xKR Management Board Fortinet Processor Card (FPC) 4x XAUI Fortinet Processor Card (FPC) 4x XAUI FortiGate 6500F = 10x FPCs FortiGate 6300F = 6x FPCs FortiGate 6001F = 3x-10x FPCs (depends on license) FortiGate 6000F Series 7.0.12 System Guide...
-
Page 16: Fortigate 6000F Series Hardware Information
FortiGate 6000F series hardware description Fortinet Technologies Inc. FortiGate 6000F series hardware information This section introduces FortiGate 6000F series hardware components and accessories. Shipping components The FortiGate 6000F ships pre-assembled with the following components: The 3U FortiGate 6000F. The AC version of the FortiGate 6000F includes three AC Power Supply Units (PSUs) installed in the back panel. -
Page 17: Fortigate 6000F Series Hardware Generations
For more information on FortiGate 6000F series generation 1 and generation 2, including supported firmware versions and how to determine the generation of your FortiGate 6000F series hardware, see the Fortinet Community article: Technical Tip: Information on FortiGate 6000F series Gen1 and Gen2. -
Page 18: Cooling Fan Trays
Generation 1 FortiGate 6000F PSUs can be connected to low line AC power (120VAC or below) and each PSU provides 1500W AC. Requires at least 2 PSUs to be connected to power. Connecting a third PSU provides 2+1 FortiGate 6000F Series 7.0.12 System Guide... - Page 19 For more information on FortiGate 6000F generation 1 and generation 2, including supported firmware versions and how to determine the generation of your FortiGate 6000F hardware, see the Fortinet Knowledge base article: Technical Tip: Information on FortiGate 6000F series Gen1 and Gen2.
-
Page 20: Connecting Generation 2 Fortigate 6000F Psus To High Line Ac Power
1+1 power redundancy. PSU3 may also be connected if you have three separate power feeds and provides 1+1+1 redundancy. To maintain redundancy, you should replace any failed PSUs. FortiGate 6000F series back panel on page 14 for locations of the PSUs. -
Page 21: Ac Psu Led States
Individual AC PSUs do not have to be connected to ground. Instead you can use the information in Connecting the FortiGate 6000F to ground on page 25 to connect the FortiGate 6000F to ground. Hot swapping an AC PSU Follow these steps to safely hot swap an AC PSU. FortiGate 6000F Series 7.0.12 System Guide... -
Page 22: Dc Psus And Supplying Dc Power To A Fortigate 6000F
Only one PSU must be connected to power. The second PSU is a backup PSU that provides 1+1 redundancy. See FortiGate 6000F series back panel on page 14 for locations of the PSUs. The diagram shows three AC PSUs, the DC version replaces the AC PSUs with two DC PSUs in slots PSU1 and PSU2. -
Page 23: Dc Psu Led States
6000F to ground. Fortinet supplies custom DC power cables that connect to the two-prong power connector on each DC PSU. The connector clicks into a release tab that secures the cable into place. DC terminal rings on the supplied cable must be securely and safely fastened to the your data center power supply terminals. -
Page 24: Connecting A Fortigate 6000F Dc Psu To Dc Power
4. Connect the red RTN power wire from to your RTN connector using the ring terminal. 5. Plug the power cable into the FortiGate 6000F PSU connector. Slide the connector in until the release tab clicks, locking the cable in place. FortiGate 6000F Series 7.0.12 System Guide... -
Page 25: Hot Swapping A Dc Psu
An electrostatic discharge (ESD) preventive wrist strap with connection cord. One green 6 AWG stranded wire with listed closed loop double-hole lug suitable for minimum 6 AWG copper wire, such as Thomas & Betts PN 54850BE. FortiGate 6000F Series 7.0.12 System Guide... - Page 26 2. Make sure that the FortiGate 6000F and ground wire are not energized. 3. Connect the green ground wire from the local ground to the ground connector on the FortiGate 6000F. 4. Secure the ground wire to the FortiGate 6000F. 5. Optionally label the wire GND. FortiGate 6000F Series 7.0.12 System Guide...
-
Page 27: Fortigate 6000F Hardware Assembly And Rack Mounting
All cool air enters the appliance through the front panel and all warm air exhausts out the back. For optimal cooling allow 100 mm of clearance at the front and back of the chassis. This results in a total footprint of 850 mm from front to back. Side clearance is not required. FortiGate 6000F Series 7.0.12 System Guide... -
Page 28: Fortigate 6000F Four Post Rack-Mount Installation
2. Attach the right and left outer rails to the right and left rack posts. 3. Slide the FortiGate 6000F into the rack. As a supplement to the instructions below, you can view the following video: https://video.fortinet.com/latest/rack-mount-sliding-rail-installation FortiGate 6000F Series 7.0.12 System Guide... - Page 29 4. Locate the four rail hooks on the right side of the FortiGate 6000F and the corresponding holes on the inner rail. Rail Hooks Metal clip 5. Align the holes with the hooks and press the hooks into the holes to attach the right inner rail to the right side of the FortiGate 6000F. FortiGate 6000F Series 7.0.12 System Guide...
-
Page 30: Sliding The Fortigate 6000F Into The Rack
2. Verify that the outer rails are level, both at the same height, and securely attached to the rack. 3. Pull the middle rails out from the front of the outer rails until they lock into place. FortiGate 6000F Series 7.0.12 System Guide... - Page 31 7. Push the FortiGate 6000F all the way into the rack until the system release buttons click into the locked position on the front of the rack. 8. Use a screw driver to install four rack screws into the handle brackets on the front of the FortiGate 6000F to secure it in the rack. FortiGate 6000F Series 7.0.12 System Guide...
-
Page 32: Removing The Fortigate 6000F From A Four-Post Rack
Apply even pressure to both sides of the FortiGate 6000F while doing this. As you slide the FortiGate 6000F out, the inner rails will slide out of the middle rails. 7. Push the middle rail latch counter clockwise, and slide the middle rails back into the outer rails. FortiGate 6000F Series 7.0.12 System Guide... -
Page 33: Surface-Mount Installation
The HA1 and HA2 interfaces are used for heartbeat, session sync, and management communication between two and only two FortiGate 6000Fs in HA mode. This communication requires SFP+ 10 Gbps connections. Using to SFP 1 Gbps connections is not recommended. FortiGate 6000F Series 7.0.12 System Guide... -
Page 34: To Install Transceivers
1. Attach the ESD wrist strap to your wrist and to an available ESD socket or wrist strap terminal. 2. Remove the caps from the cage sockets on the FortiGate 6000F front panel. 3. Hold the sides of the transceiver and slide it into the cage socket until it clicks into place. FortiGate 6000F Series 7.0.12 System Guide... -
Page 35: Getting Started With Fortigate 6000F Series
Getting started with FortiGate 6000F series This section is a quick start guide to connecting and configuring a FortiGate 6000F for your network. Before using this chapter, your FortiGate 6000F should be mounted and connected to your grounding and power system. -
Page 36: Confirming Startup Status
6000F is completely started up and synchronized. This can take a few minutes. The FortiGate 6000F uses the Fortinet Security Fabric for communication and synchronization between the management board and the FPCs and for normal GUI operation. By default, the Security Fabric is enabled and must remain enabled for normal operation. -
Page 37: Changing Data Interface Network Settings
Getting started with FortiGate 6000F series Fortinet Technologies Inc. You can use the root VDOM for data traffic and you can also add more VDOMs for data traffic as required, depending on your Multi VDOM license. Changing data interface network settings To change the IP address of any FortiGate 6000F data interface: From the GUI access the Global GUI and go to Network >... - Page 38 Getting started with FortiGate 6000F series Fortinet Technologies Inc. Use the following command to disable RAID: execute disk raid disable RAID is disabled, the disks are separated and formatted. Use the following command to change the RAID level to RAID-0: execute disk raid rebuild-level 0 The disks are formatted for RAID-0.
-
Page 39: Managing Individual Fortigate 6000F Management Boards And Fpcs
You can't change the special management port numbers. Changing configurable management port numbers, for example the HTTPS management port number (which you might change to support SSL VPN), does not affect the special management port numbers. FortiGate 6000F Series 7.0.12 System Guide Fortinet Technologies Inc. -
Page 40: Ha Mode Special Management Port Numbers
HTTP HTTPS (443) Telnet SSH (22) SNMP (161) (80) (23) Slot 0, (MBD) 8020 44320 2320 2220 16120 Slot 1 (FPC01) 8021 44321 2321 2221 16121 Slot 2 (FPC02) 8022 44322 2322 2222 16122 FortiGate 6000F Series 7.0.12 System Guide... -
Page 41: Connecting To Individual Fpc Consoles
In an HA configuration, the execute system console-server commands only allow access to FPCs in the FortiGate 6000F that you are logged into. You can't use this command to access FPCs in the other FortiGate 6000F in an HA cluster FortiGate 6000F Series 7.0.12 System Guide... -
Page 42: Connecting To Individual Fpc Clis
Where <slots> can be one or more slot numbers or slot number ranges separated by commas. Do not include spaces. For example, to shut down the FPCs in slots 2, and 4 to 6 enter: execute load-balance slot power-off 2,4-6 FortiGate 6000F Series 7.0.12 System Guide... -
Page 43: Firmware Upgrades
Back up your FortiGate 6000F configuration. To make sure a FortiGate 6000F firmware upgrade is successful, before starting the upgrade Fortinet recommends you use health checking to make sure the management board and the FPCs are all synchronized and operating as expected. -
Page 44: Installing Firmware On An Individual Fpc
Firmware upgrades Fortinet Technologies Inc. Fortinet recommends that you review the services provided by your FortiGate 6000F before a firmware upgrade and then again after the upgrade to make sure that these services continue to operate normally. For example, you might want to verify that you can successfully access an important server used by your organization before the upgrade and make sure that you can still reach the server after the upgrade and performance is comparable. -
Page 45: Installing Firmware From The Bios After A Reboot
8. To set up the TFTP configuration, press C. 9. Use the BIOS menu to set the following.Change settings only if required. [P]: Set image download port: MGMT1 (the connected MGMT interface) [D]: Set DHCP mode: Disabled FortiGate 6000F Series 7.0.12 System Guide... -
Page 46: Synchronizing The Fpcs With The Management Board
F6KF31T018900143, Primary, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1 FPC6KFT018901345, Secondary, uptime=57.40, priority=23, slot_id=1:5, idx=1, flag=0x4, in_sync=0 F6KF31T018900143, Primary, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1 FPC6KFT018901556, Secondary, uptime=58.43, priority=24, slot_id=1:6, idx=1, flag=0x4, in_sync=0 F6KF31T018900143, Primary, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1 FortiGate 6000F Series 7.0.12 System Guide... - Page 47 FPC6KFT018901345, Secondary, uptime=3773.59, priority=23, slot_id=1:5, idx=2, flag=0x24, in_sync=1 FPC6KFT018901346, Secondary, uptime=3774.68, priority=21, slot_id=1:3, idx=3, flag=0x24, in_sync=1 FPC6KFT018901372, Secondary, uptime=3774.26, priority=20, slot_id=1:2, idx=4, flag=0x24, in_sync=1 FPC6KFT018901556, Secondary, uptime=3774.82, priority=24, slot_id=1:6, idx=5, flag=0x24, in_sync=1 FPC6KFT018901574, Secondary, uptime=3774.19, priority=22, slot_id=1:4, idx=6, flag=0x24, in_sync=1 FortiGate 6000F Series 7.0.12 System Guide...
-
Page 48: Cautions And Warnings
UL Listed or Equivalent. Serveur-blades, cartes et modems doivent être des accessoires listés ou commutateurs, processeurs, serveurs et similaire blades ou cartes doivent être listé UL ou équivalent. FortiGate 6000F Series 7.0.12 System Guide Fortinet Technologies Inc. -
Page 49: Safety
Austreten von brennbarer Flüssigkeit oder Gas führen kann. Eine BATTERIE, die einem extrem niedrigen Luftdruck ausgesetzt ist, der zu einer EXPLOSION oder zum Austreten von brennbarer Flüssigkeit oder Gas führen kann. CAUTION: Shock Hazard. Disconnect all power sources. FortiGate 6000F Series 7.0.12 System Guide... - Page 50 Fiber optic transceiver must be rated 3.3V, 22mA max, Laser Class 1, UL certified component. Le transceiver optique doit avoir les valeurs nominales de 3.3 V, maximum 22 mA, Laser Class 1, homologué UL FortiGate 6000F Series 7.0.12 System Guide...
-
Page 51: Regulatory Notices
Communications du Canada. European Conformity (CE) - EU This is a Class A product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures. FortiGate 6000F Series 7.0.12 System Guide... -
Page 52: Voluntary Control Council For Interference (Vcci) - Japan
英屬 蓋曼 群島 商防 特網 股份有 限公 司台 灣分 公司 地址 : 台 北市 內湖 區行 愛路 176號2樓 電話 : (02) 27961666 China 警告 : 在 居住 环境 中, 运 行此 设备 可能会 造成 无线 电干 扰 。 FortiGate 6000F Series 7.0.12 System Guide... -
Page 53: Agência Nacional De Telecomunicações (Anatel) - Brazil
Para maiores informações, consulte o site da ANATEL www.anatel.gov.br. Korea Certification (KC) – Korea A급 기기 (업무용 방송통신기자재) 이 기기는 업무용(A급) 전자파적합기기로서 판매자 또는 사용자는 이 점을 주의하시기를 바라며, 가정외의 지역에서 사 용하는 것을 목적으로 합니다. FortiGate 6000F Series 7.0.12 System Guide... - Page 54 Regulatory notices Fortinet Technologies Inc. FortiGate 6000F Series 7.0.12 System Guide...
- Page 55 Regulatory notices Fortinet Technologies Inc. FortiGate 6000F Series 7.0.12 System Guide...
- Page 56 Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate.
Need help?
Do you have a question about the FortiGate 6000F Series and is the answer not in the manual?
Questions and answers