Fortinet white logo
Fortinet white logo

FortiGate-7000E Handbook

FIM-7920E interface module

FIM-7920E interface module

The FIM-7920E interface module is a hot swappable module that provides data, management, and session sync/heartbeat interfaces, base backplane switching, and fabric backplane session-aware load balancing for a FortiGate-7000E series chassis. The FIM-7920E includes an integrated switch fabric and DP2 processors to load balance millions of data sessions over the 80Gbps fabric backplane channel to FPM processor modules. The FIM-7920E also includes a 1Gbps base backplane channel for base backplane management communication with each FPM module in the chassis, one 40Gbps fabric backplane channel for fabric backplane communication with the FIM module(s) in the chassis, and a second 1Gbps base backplane channel for base backplane communication with the FIM module(s) in the chassis.

The FIM-7920E can be installed in any FortiGate-7000E series chassis in chassis hub/switch slots 1 or 2. The FIM-7920E provides four Quad Small Form-factor Pluggable 28 (QSFP28) 100GigE interfaces for a FortiGate-7000E chassis. Using a 100GBASE-SR4 QSFP28 or 40GBASE-SR4 QSFP+ transceiver, each QSFP28 interface can also be split into four 10GBASE-SR SFP+ interfaces.

You can also install FIM-7920Es in a second chassis and operate the chassis in HA mode to provide chassis failover protection.

FIM-7920E front panel

FIM-7920E front panel interfaces

You connect the FIM-7920E to your 100Gbps networks using the C1 to C4 front panel QSFP28 interfaces. The front panel also includes M1 and M2 SFP+ interfaces for the base channel, four Ethernet management interfaces (MGMT1 to MGMT4), and a USB port. The USB port can be used with any USB key for backing up and restoring configuration files.

Connector Type Speed Protocol Description
C1 to C4 QSFP28 100Gbps/40Gbps/10Gbps Ethernet Four front panel 100GigE QSFP28 fabric channel interfaces that can be connected to 100Gbps networks to distribute sessions to the FPM processor modules installed in chassis slots 3 and up. Using a 100GBASE-SR4 QSFP28 or 40GBASE-SR4 QSFP+ transceiver, each QSFP28 interface can also be split into four 10GBASE-SR interfaces. These interfaces also support creating link aggregation groups (LAGs) that can include interfaces from multiple FIM-7920Es.
M1 and M2 SFP+ 10Gbps/1Gbps Ethernet Two front panel 10GigE SFP+ interfaces that connect to the base backplane channel. These interfaces are used for heartbeat, session sync, and management communication between FIM-7920Es in different chassis. These interfaces can also be configured to operate as Gigabit Ethernet interfaces using SFP transceivers, but should not normally be changed. If you use switches to connect these interfaces, the switch ports should be able to accept packets with a maximum frame size of at least 1526. The M1 and M2 interfaces need to be on different broadcast domains. If M1 and M2 are connected to the same switch, Q-in-Q must be enabled on the switch
MGMT1 to MGMT4 RJ-45 10/100/1000Mbps Ethernet Four 10/100/1000BASE-T copper out of band management Ethernet interfaces.
USB USB 3.0 Type A USB 3.0 USB 2.0 Standard USB connector.

Changing the interface type and splitting the FIM-7920E C1 to C4 interfaces

By default, the FIM-7920E C1 to C4 interfaces are configured as 100GE QSFP28 interfaces. You can use the following command to convert them to 40GE QSFP+ interfaces. Once converted, you can use the other command below to split them into four 10GBASE-SR interfaces.

Note

You should change the interface type and configure split interfaces on both FortiGate-7000Es before forming an FGCP HA cluster. If you decide to change the split interfaces configuration after forming a cluster, you need to remove the backup FortiGate-7000E from the cluster and change the split interfaces configuration on both FortiGate-7000Es separately. After the FortiGate-7000Es restart, you can re-form the cluster. This process will cause traffic interruptions.

Changing the interface type

For example, to change the interface type of the C1 interface of the FIM-7920E in slot 1 to 40GE QSFP+ connect to the CLI of your FortiGate-7000E system using the management IP and enter the following command:

config system global

set qsfp28-40g-port 1-C1

end

The FortiGate-7000E system reboots and when it starts up interface C1 of the FIM-7920E in slot 1 is operating as a 40GE QSFP+ interface .

To change the interface type of the C3 and C4 ports of the FIM-7920E in slot 2 to 40GE QSFP+ enter the following command:

config system global

set qsfp28-40g-port 2-C3 2-C4

end

The FortiGate-7000E system reboots and when it starts up interfaces C3 and C4 of the FIM-7920E in slot 2 are operating as a 40GE QSFP+ interfaces.

Splitting the C1 to C4 interfaces

Each 40GE interface (C1 to C4) on the FIM-7920Es in slot 1 and slot 2 of a FortiGate-7000E system can be split into 4 x 10GBE interfaces. You split these interfaces after the FIM-7920Es are installed in your FortiGate-7000E system and the system is up and running. You can split the interfaces of the FIM-7920Es in slot 1 and slot 2 at the same time by entering a single CLI command. Enabling, disabling, or changing the split interfaces configuration requires a system reboot. Fortinet recommends that you split multiple interfaces at the same time according to your requirements to avoid traffic disruption.

For example, to split the C1 interface of the FIM-7920E in slot 1 (this interface is named 1-C1) and the C1 and C4 interfaces of the FIM-7920E in slot 2 (these interfaces are named 2-C1 and 2-C4) connect to the CLI of your FortiGate-7000E system using the management IP and enter the following command:

config system global

set split-port 1-C1 2-C1 2-C4

end

After you enter the command, the FortiGate-7000E reboots and when it comes up:

  • The 1-C1 interface will no longer be available. Instead the 1-C1/1, 1-C1/2, 1-C1/3, and 1-C1/4 interfaces will be available.
  • The 2-C1 interface will no longer be available. Instead the 2-C1/1, 2-C1/2, 2-C1/3, and 2-C1/4 interfaces will be available.
  • The 2-C4 interface will no longer be available. Instead the 2-C4/1, 2-C4/2, 2-C4/3, and 2-C4/4 interfaces will be available.

You can now connect breakout cables to these interfaces and configure traffic between them just like any other FortiGate interface.

FIM-7920E hardware schematic

The FIM-7920E includes an integrated switch fabric (ISF) that connects the front panel interfaces to the DP2 session-aware load balancers and to the chassis backplanes. The ISF also allows the DP2 processors to distribute sessions among all NP6 processors on the FPM modules in the same chassis.

The FIM-7920E also includes the following backplane communication channels:

  • One 80Gbps fabric backplane channel to distribute traffic to the FPMs.
  • One 1Gbps base backplane channel for base backplane communication with the FPMs.
  • One 40Gbps fabric backplane channel for fabric backplane communication with the other FIM.
  • One 1Gbps base backplane channel for base backplane communication with the other FIM.
FIM-7920E hardware architecture

FIM-7920E interface module

FIM-7920E interface module

The FIM-7920E interface module is a hot swappable module that provides data, management, and session sync/heartbeat interfaces, base backplane switching, and fabric backplane session-aware load balancing for a FortiGate-7000E series chassis. The FIM-7920E includes an integrated switch fabric and DP2 processors to load balance millions of data sessions over the 80Gbps fabric backplane channel to FPM processor modules. The FIM-7920E also includes a 1Gbps base backplane channel for base backplane management communication with each FPM module in the chassis, one 40Gbps fabric backplane channel for fabric backplane communication with the FIM module(s) in the chassis, and a second 1Gbps base backplane channel for base backplane communication with the FIM module(s) in the chassis.

The FIM-7920E can be installed in any FortiGate-7000E series chassis in chassis hub/switch slots 1 or 2. The FIM-7920E provides four Quad Small Form-factor Pluggable 28 (QSFP28) 100GigE interfaces for a FortiGate-7000E chassis. Using a 100GBASE-SR4 QSFP28 or 40GBASE-SR4 QSFP+ transceiver, each QSFP28 interface can also be split into four 10GBASE-SR SFP+ interfaces.

You can also install FIM-7920Es in a second chassis and operate the chassis in HA mode to provide chassis failover protection.

FIM-7920E front panel

FIM-7920E front panel interfaces

You connect the FIM-7920E to your 100Gbps networks using the C1 to C4 front panel QSFP28 interfaces. The front panel also includes M1 and M2 SFP+ interfaces for the base channel, four Ethernet management interfaces (MGMT1 to MGMT4), and a USB port. The USB port can be used with any USB key for backing up and restoring configuration files.

Connector Type Speed Protocol Description
C1 to C4 QSFP28 100Gbps/40Gbps/10Gbps Ethernet Four front panel 100GigE QSFP28 fabric channel interfaces that can be connected to 100Gbps networks to distribute sessions to the FPM processor modules installed in chassis slots 3 and up. Using a 100GBASE-SR4 QSFP28 or 40GBASE-SR4 QSFP+ transceiver, each QSFP28 interface can also be split into four 10GBASE-SR interfaces. These interfaces also support creating link aggregation groups (LAGs) that can include interfaces from multiple FIM-7920Es.
M1 and M2 SFP+ 10Gbps/1Gbps Ethernet Two front panel 10GigE SFP+ interfaces that connect to the base backplane channel. These interfaces are used for heartbeat, session sync, and management communication between FIM-7920Es in different chassis. These interfaces can also be configured to operate as Gigabit Ethernet interfaces using SFP transceivers, but should not normally be changed. If you use switches to connect these interfaces, the switch ports should be able to accept packets with a maximum frame size of at least 1526. The M1 and M2 interfaces need to be on different broadcast domains. If M1 and M2 are connected to the same switch, Q-in-Q must be enabled on the switch
MGMT1 to MGMT4 RJ-45 10/100/1000Mbps Ethernet Four 10/100/1000BASE-T copper out of band management Ethernet interfaces.
USB USB 3.0 Type A USB 3.0 USB 2.0 Standard USB connector.

Changing the interface type and splitting the FIM-7920E C1 to C4 interfaces

By default, the FIM-7920E C1 to C4 interfaces are configured as 100GE QSFP28 interfaces. You can use the following command to convert them to 40GE QSFP+ interfaces. Once converted, you can use the other command below to split them into four 10GBASE-SR interfaces.

Note

You should change the interface type and configure split interfaces on both FortiGate-7000Es before forming an FGCP HA cluster. If you decide to change the split interfaces configuration after forming a cluster, you need to remove the backup FortiGate-7000E from the cluster and change the split interfaces configuration on both FortiGate-7000Es separately. After the FortiGate-7000Es restart, you can re-form the cluster. This process will cause traffic interruptions.

Changing the interface type

For example, to change the interface type of the C1 interface of the FIM-7920E in slot 1 to 40GE QSFP+ connect to the CLI of your FortiGate-7000E system using the management IP and enter the following command:

config system global

set qsfp28-40g-port 1-C1

end

The FortiGate-7000E system reboots and when it starts up interface C1 of the FIM-7920E in slot 1 is operating as a 40GE QSFP+ interface .

To change the interface type of the C3 and C4 ports of the FIM-7920E in slot 2 to 40GE QSFP+ enter the following command:

config system global

set qsfp28-40g-port 2-C3 2-C4

end

The FortiGate-7000E system reboots and when it starts up interfaces C3 and C4 of the FIM-7920E in slot 2 are operating as a 40GE QSFP+ interfaces.

Splitting the C1 to C4 interfaces

Each 40GE interface (C1 to C4) on the FIM-7920Es in slot 1 and slot 2 of a FortiGate-7000E system can be split into 4 x 10GBE interfaces. You split these interfaces after the FIM-7920Es are installed in your FortiGate-7000E system and the system is up and running. You can split the interfaces of the FIM-7920Es in slot 1 and slot 2 at the same time by entering a single CLI command. Enabling, disabling, or changing the split interfaces configuration requires a system reboot. Fortinet recommends that you split multiple interfaces at the same time according to your requirements to avoid traffic disruption.

For example, to split the C1 interface of the FIM-7920E in slot 1 (this interface is named 1-C1) and the C1 and C4 interfaces of the FIM-7920E in slot 2 (these interfaces are named 2-C1 and 2-C4) connect to the CLI of your FortiGate-7000E system using the management IP and enter the following command:

config system global

set split-port 1-C1 2-C1 2-C4

end

After you enter the command, the FortiGate-7000E reboots and when it comes up:

  • The 1-C1 interface will no longer be available. Instead the 1-C1/1, 1-C1/2, 1-C1/3, and 1-C1/4 interfaces will be available.
  • The 2-C1 interface will no longer be available. Instead the 2-C1/1, 2-C1/2, 2-C1/3, and 2-C1/4 interfaces will be available.
  • The 2-C4 interface will no longer be available. Instead the 2-C4/1, 2-C4/2, 2-C4/3, and 2-C4/4 interfaces will be available.

You can now connect breakout cables to these interfaces and configure traffic between them just like any other FortiGate interface.

FIM-7920E hardware schematic

The FIM-7920E includes an integrated switch fabric (ISF) that connects the front panel interfaces to the DP2 session-aware load balancers and to the chassis backplanes. The ISF also allows the DP2 processors to distribute sessions among all NP6 processors on the FPM modules in the same chassis.

The FIM-7920E also includes the following backplane communication channels:

  • One 80Gbps fabric backplane channel to distribute traffic to the FPMs.
  • One 1Gbps base backplane channel for base backplane communication with the FPMs.
  • One 40Gbps fabric backplane channel for fabric backplane communication with the other FIM.
  • One 1Gbps base backplane channel for base backplane communication with the other FIM.
FIM-7920E hardware architecture