Fortinet black logo

FortiGate-7000 Handbook

Managing individual FIMs and FPMs

Copy Link
Copy Doc ID bf67d868-679e-11e9-81a4-00505692583a:745239
Download PDF

Managing individual FIMs and FPMs

In some cases you may want to connect to individual modules. For example, you may want to view the traffic being processed by a specific FPM. You can connect to the GUI or CLI of individual modules in the FortiGate-7000 using the mgmt interface IP address with a special port number.

For example, if the mgmt interface IP address is 192.168.1.99, you can connect to the GUI of the FPM in slot 3 using the mgmt interface IP address followed by the special port number, for example:

https://192.168.1.99:44303

The special port number (in this case 44303) is a combination of the service port (for HTTPS, the service port is 443) and the chassis slot number (in this example, 03). The following table lists the special ports to use to connect to each FortiGate-7000 slot using common management protocols:

FortiGate-7000 special management port numbers
Slot Number Slot Address HTTP (80) HTTPS (443) Telnet (23) SSH (22) SNMP (161)
5 FPM05 8005 44305 2305 2205 16105
3 FPM03 8003 44303 2303 2203 16103
1 FIM01 8001 44301 2301 2201 16101
2 FIM02 8002 44302 2302 2202 16102
4 FPM04 8004 44304 2304 2204 16104
6 FPM06 8006 44306 2306 2206 16106

For example, to connect to the GUI of the FIM in slot 2 using HTTPS you would browse to https://192.168.1.99:44302.

To verify which module you have logged into, the GUI header banner and the CLI prompt shows its hostname. The CLI prompt also shows slot address in the format <hostname> [<slot address>] #.

Logging in to different modules allows you to use FortiView or Monitor GUI pages to view the activity of that module. Even though you can log in to different modules, you can only make configuration changes from the primary FIM; which is the FIM in slot 1.

Managing individual modules from the CLI

From the any CLI, you can use the execute load-balance slot manage [<chassis>.]<slot> command to log into the CLI of different FIMs and FPMs. You can use this command to view the status or configuration of the module, restart the module, or perform other operations. You should not change the configuration of individual FIMs or FPMs because this can cause configuration synchronization errors.

<chassis> is the HA chassis ID and can be 1 or 2. The chassis ID is required only in an HA configuration where you are attempting to log in to the other chassis. In HA mode, if you skip the chassis ID you can log in to another component in the same chassis.

<slot> is the slot number of the component that you want to log in to.

For example, in a FortiGate-7040E standalone configuration, if you have logged in to the CLI of the FIM in slot 1, enter the following command to log in to the FPM in slot 4:

execute load-balance slot manage 4

In a FortiGate-7040E HA configuration, if you logged into the CLI of the FIM in slot 1 chassis 1, enter the following command to log into the FPM in chassis 2 slot 4:

execute load-balance slot manage 2.4

In a FortiGate-7060E HA configuration, if you logged in to the CLI of the FIM in slot 1 chassis 2, enter the following command to log in to the FPM in chassis 1 slot 3:

execute load-balance slot manage 1.3

In a FortiGate-6000 HA configuration, if you logged in to the CLI of the FIM in slot 1 chassis 1, enter the following command to log in to the FPM in slot 3 of the same chassis:

execute load-balance slot manage 3

After you log in to a different module in this way, you can't use the execute load-balance slot manage command to log in to another module. Instead you must use the exit command to revert back to the CLI of the component that you originally logged in to. Then, you can use the execute load-balance slot manage command to log into another module.

Managing individual FIMs and FPMs

In some cases you may want to connect to individual modules. For example, you may want to view the traffic being processed by a specific FPM. You can connect to the GUI or CLI of individual modules in the FortiGate-7000 using the mgmt interface IP address with a special port number.

For example, if the mgmt interface IP address is 192.168.1.99, you can connect to the GUI of the FPM in slot 3 using the mgmt interface IP address followed by the special port number, for example:

https://192.168.1.99:44303

The special port number (in this case 44303) is a combination of the service port (for HTTPS, the service port is 443) and the chassis slot number (in this example, 03). The following table lists the special ports to use to connect to each FortiGate-7000 slot using common management protocols:

FortiGate-7000 special management port numbers
Slot Number Slot Address HTTP (80) HTTPS (443) Telnet (23) SSH (22) SNMP (161)
5 FPM05 8005 44305 2305 2205 16105
3 FPM03 8003 44303 2303 2203 16103
1 FIM01 8001 44301 2301 2201 16101
2 FIM02 8002 44302 2302 2202 16102
4 FPM04 8004 44304 2304 2204 16104
6 FPM06 8006 44306 2306 2206 16106

For example, to connect to the GUI of the FIM in slot 2 using HTTPS you would browse to https://192.168.1.99:44302.

To verify which module you have logged into, the GUI header banner and the CLI prompt shows its hostname. The CLI prompt also shows slot address in the format <hostname> [<slot address>] #.

Logging in to different modules allows you to use FortiView or Monitor GUI pages to view the activity of that module. Even though you can log in to different modules, you can only make configuration changes from the primary FIM; which is the FIM in slot 1.

Managing individual modules from the CLI

From the any CLI, you can use the execute load-balance slot manage [<chassis>.]<slot> command to log into the CLI of different FIMs and FPMs. You can use this command to view the status or configuration of the module, restart the module, or perform other operations. You should not change the configuration of individual FIMs or FPMs because this can cause configuration synchronization errors.

<chassis> is the HA chassis ID and can be 1 or 2. The chassis ID is required only in an HA configuration where you are attempting to log in to the other chassis. In HA mode, if you skip the chassis ID you can log in to another component in the same chassis.

<slot> is the slot number of the component that you want to log in to.

For example, in a FortiGate-7040E standalone configuration, if you have logged in to the CLI of the FIM in slot 1, enter the following command to log in to the FPM in slot 4:

execute load-balance slot manage 4

In a FortiGate-7040E HA configuration, if you logged into the CLI of the FIM in slot 1 chassis 1, enter the following command to log into the FPM in chassis 2 slot 4:

execute load-balance slot manage 2.4

In a FortiGate-7060E HA configuration, if you logged in to the CLI of the FIM in slot 1 chassis 2, enter the following command to log in to the FPM in chassis 1 slot 3:

execute load-balance slot manage 1.3

In a FortiGate-6000 HA configuration, if you logged in to the CLI of the FIM in slot 1 chassis 1, enter the following command to log in to the FPM in slot 3 of the same chassis:

execute load-balance slot manage 3

After you log in to a different module in this way, you can't use the execute load-balance slot manage command to log in to another module. Instead you must use the exit command to revert back to the CLI of the component that you originally logged in to. Then, you can use the execute load-balance slot manage command to log into another module.