Fortinet Document Library
Version:
6.4.8
6.4.6
6.4.2
Version:
6.2.10
6.2.9
6.2.7
Version:
6.2.6
6.2.4
6.2.3
Version:
6.0.14
6.0.13
6.0.12
Version:
6.0.10
6.0.9
6.0.8
Version:
6.0.6
6.0.4
5.6.14
Version:
5.6.12
5.6.11
5.6.7
Version:
5.4.10
Table of Contents
What's New
What's new for FortiGate-6000 6.4.6
What's new for FortiGate-6000 6.4.2
FortiGate-6000 overview
Front panel interfaces
FortiGate-6000 schematic
Interface groups and changing data interface speeds
FortiGate-6000F hardware generations
Getting started with FortiGate-6000
Confirming startup status
Configuration synchronization
Confirming that FortiGate-6000 components are synchronized
Viewing more details about FortiGate-6000 synchronization
Configuration sync monitor
FortiGate-6000 dashboard widgets
Multi VDOM mode
Multi VDOM mode and the Security Fabric
Multi VDOM mode and HA
Reverting to Multi VDOM mode
Security Fabric and Split-Task VDOM mode
Enabling Split-Task VDOM mode
Split-Task VDOM mode limitations and notes
Default Split-Task VDOM mode configuration
Split-Task VDOM mode and HA
Managing individual FortiGate-6000 management boards and FPCs
Special management port numbers
HA mode special management port numbers
Connecting to individual FPC consoles
Connecting to individual FPC CLIs
Connecting to individual FPC CLIs of the secondary FortiGate-6000 in an HA configuration
Performing other operations on individual FPCs
Load balancing and flow rules
Setting the load balancing method
Flow rules for sessions that cannot be load balanced
Determining the primary FPC
SSL VPN load balancing
Enabling GTP load balancing
ICMP load balancing
Load balancing TCP, UDP, and ICMP sessions with fragmented packets
Adding flow rules to support DHCP relay
Default configuration for traffic that cannot be load balanced
Showing how the DP3 processor will load balance a session
FortiGate-6000 IPsec VPN
IPsec VPN load balancing
SD-WAN with multiple IPsec VPN tunnels
Example FortiGate-6000 IPsec VPN VRF configuration
Troubleshooting
FortiGate-6000 high availability
Introduction to FortiGate-6000 FGCP HA
Before you begin configuring HA
Connect the HA1 and HA2 interfaces for HA heartbeat communication
Default HA heartbeat VLAN triple-tagging
HA heartbeat VLAN double-tagging
Basic FortiGate-6000 HA configuration
Confirming that the FortiGate-6000 HA cluster is synchronized
Viewing more details about HA cluster synchronization
Primary FortiGate-6000 selection with override disabled (default)
Primary FortiGate-6000 selection with override enabled
Failover protection
Device failure
Link failure
FPC failure
SSD failure
Session failover
Primary FortiGate-6000 recovery
HA reserved management interfaces
Virtual clustering
Limitations of FortiGate-6000 virtual clustering
Virtual clustering VLAN/VDOM limitation
Configuring virtual clustering
HA cluster firmware upgrades
Distributed clustering
Modifying heartbeat timing
Setting a FortiGate-6000 to always be the primary FortiGate-6000
Changing how long routes stay in a cluster unit routing table
Session failover (session-pickup)
FortiGate-6000 FGSP
FGSP session synchronization options
Creating an HA1/HA2 LAG for FGSP session synchronization
Example FortiGate-6000 FGSP configuration
Inter-cluster session synchronization
Example FortiGate-6000 inter-cluster session synchronization configuration
Standalone configuration synchronization
FortiGate-6000 VRRP HA
Operating a FortiGate-6000
FortiLink support
ECMP support
VDOM-based session tables
IPv4 and IPv6 ECMP load balancing
Enabling auxiliary session support
ICAP support
SSL mirroring support
VXLAN support
Global option for proxy-based certificate queries
Using data interfaces for management traffic
FortiGate-6000 management interface LAG and VLAN support
Setting the MTU for a data interface
More management connections than expected for one device
More ARP queries than expected for one device - potential issue on large WiFi networks
VLAN ID 1 is reserved
Connecting to FPC CLIs using the console port
Firmware upgrade basics
Installing firmware on an individual FPC
Installing firmware from the BIOS after a reboot
Synchronizing the FPCs with the management board
FPC failover in a standalone FortiGate-6000
Troubleshooting an FPC failure
Adjusting global DP3 timers
Changing the FortiGate-6301F and 6501F log disk and RAID configuration
Restarting the FortiGate-6000
Packet sniffing for FPC and management board packets
NMI switch and NMI reset commands
Diagnose debug flow trace for FPC and management board activity
FortiGate-6000 v6.4.6 special features and limitations
FortiGate-6000 v6.4.2 special features and limitations
FortiGate-6000 config CLI commands
FortiGate-6000 execute CLI commands
Change log
Home
FortiGate-6000 6.4.6
FortiGate-6000 Handbook
FortiGate-6000 Handbook
What's New
What's new for FortiGate-6000 6.4.6
What's new for FortiGate-6000 6.4.2
FortiGate-6000 overview
Front panel interfaces
FortiGate-6000 schematic
Interface groups and changing data interface speeds
FortiGate-6000F hardware generations
Getting started with FortiGate-6000
Confirming startup status
Configuration synchronization
Confirming that FortiGate-6000 components are synchronized
Viewing more details about FortiGate-6000 synchronization
Configuration sync monitor
FortiGate-6000 dashboard widgets
Multi VDOM mode
Multi VDOM mode and the Security Fabric
Multi VDOM mode and HA
Reverting to Multi VDOM mode
Security Fabric and Split-Task VDOM mode
Enabling Split-Task VDOM mode
Split-Task VDOM mode limitations and notes
Default Split-Task VDOM mode configuration
Split-Task VDOM mode and HA
Managing individual FortiGate-6000 management boards and FPCs
Special management port numbers
HA mode special management port numbers
Connecting to individual FPC consoles
Connecting to individual FPC CLIs
Connecting to individual FPC CLIs of the secondary FortiGate-6000 in an HA configuration
Performing other operations on individual FPCs
Load balancing and flow rules
Setting the load balancing method
Flow rules for sessions that cannot be load balanced
Determining the primary FPC
SSL VPN load balancing
Enabling GTP load balancing
ICMP load balancing
Load balancing TCP, UDP, and ICMP sessions with fragmented packets
Adding flow rules to support DHCP relay
Default configuration for traffic that cannot be load balanced
Showing how the DP3 processor will load balance a session
FortiGate-6000 IPsec VPN
IPsec VPN load balancing
SD-WAN with multiple IPsec VPN tunnels
Example FortiGate-6000 IPsec VPN VRF configuration
Troubleshooting
FortiGate-6000 high availability
Introduction to FortiGate-6000 FGCP HA
Before you begin configuring HA
Connect the HA1 and HA2 interfaces for HA heartbeat communication
Default HA heartbeat VLAN triple-tagging
HA heartbeat VLAN double-tagging
Basic FortiGate-6000 HA configuration
Confirming that the FortiGate-6000 HA cluster is synchronized
Viewing more details about HA cluster synchronization
Primary FortiGate-6000 selection with override disabled (default)
Primary FortiGate-6000 selection with override enabled
Failover protection
Device failure
Link failure
FPC failure
SSD failure
Session failover
Primary FortiGate-6000 recovery
HA reserved management interfaces
Virtual clustering
Limitations of FortiGate-6000 virtual clustering
Virtual clustering VLAN/VDOM limitation
Configuring virtual clustering
HA cluster firmware upgrades
Distributed clustering
Modifying heartbeat timing
Setting a FortiGate-6000 to always be the primary FortiGate-6000
Changing how long routes stay in a cluster unit routing table
Session failover (session-pickup)
FortiGate-6000 FGSP
FGSP session synchronization options
Creating an HA1/HA2 LAG for FGSP session synchronization
Example FortiGate-6000 FGSP configuration
Inter-cluster session synchronization
Example FortiGate-6000 inter-cluster session synchronization configuration
Standalone configuration synchronization
FortiGate-6000 VRRP HA
Operating a FortiGate-6000
FortiLink support
ECMP support
VDOM-based session tables
IPv4 and IPv6 ECMP load balancing
Enabling auxiliary session support
ICAP support
SSL mirroring support
VXLAN support
Global option for proxy-based certificate queries
Using data interfaces for management traffic
FortiGate-6000 management interface LAG and VLAN support
Setting the MTU for a data interface
More management connections than expected for one device
More ARP queries than expected for one device - potential issue on large WiFi networks
VLAN ID 1 is reserved
Connecting to FPC CLIs using the console port
Firmware upgrade basics
Installing firmware on an individual FPC
Installing firmware from the BIOS after a reboot
Synchronizing the FPCs with the management board
FPC failover in a standalone FortiGate-6000
Troubleshooting an FPC failure
Adjusting global DP3 timers
Changing the FortiGate-6301F and 6501F log disk and RAID configuration
Restarting the FortiGate-6000
Packet sniffing for FPC and management board packets
NMI switch and NMI reset commands
Diagnose debug flow trace for FPC and management board activity
FortiGate-6000 v6.4.6 special features and limitations
FortiGate-6000 v6.4.2 special features and limitations
FortiGate-6000 config CLI commands
FortiGate-6000 execute CLI commands
Change log
6.4.6
6.4.8
6.4.6
6.4.2
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.2.3
6.0.14
6.0.13
6.0.12
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
5.4.10
Download PDF
Copy Link
What's New
This section describes what's been added to FortiOS 6.4 FortiGate-6000 releases.
What's New
What's New
This section describes what's been added to FortiOS 6.4 FortiGate-6000 releases.
Link
PDF
TOC
