Version:

Version:

Version:


Table of Contents

FortiGate-7000F Handbook

Download PDF
Copy Link

FIM-7941F interface module

The FIM-7941F interface module is a hot swappable module that provides data, management, and session sync/heartbeat interfaces, base backplane switching, hardware acceleration, and fabric backplane session-aware load balancing for a FortiGate-7000F series chassis. The FIM-7941F includes an integrated switch fabric, five NP7 processors to load balance millions of data sessions over the FortiGate-7000F 400Gbps fabric backplane channel to FPM processor modules. The FIM-7941F also includes a 50Gbps base backplane channel for base backplane management communication with each FPM in the chassis, one 1Tbps fabric backplane channel for fabric backplane communication with the other FIM in the chassis, and a second 50Gbps base backplane channel for base backplane communication with the other FIM in the chassis. The FIM-7941F also includes two 4 TByte SSD log disks in a RAID-1 configuration. The SSDs are accessible from the FIM-7941F front panel but should not be removed.

Note

The FIM-7941F interface module is an update of the FIM-7921F interface module with the same architecture but a newer switch fabric that has a greater capacity and supports more advanced features. You cannot include a FIM-7941F and FIM-7921F in the same FortiGate-7000F chassis. In an HA configuration, both chassis in the HA cluster must have the same FIMs.

The FIM-7941F can be installed in any FortiGate-7000F series chassis in chassis hub/switch slots 1 or 2. The FIM-7941F includes eighteen front panel 100GigE QSFP28 fabric channel data network interfaces (1 to 18) and two 400GigE QSFP-DD fabric channel data network interfaces (19 and 20). Interfaces 1 to 18 can be connected to 100Gbps data networks. Interfaces 19 and 20 can be connected to 400Gbps data networks. You can also change the interface type of interfaces 19 and 20 and change the speeds of all of the data interfaces. You can also split interfaces 1 to 20, M1 and M2.

The FIM-7941F also includes two 100 GigE QSFP28 base channel management interfaces (M1 and M2) and two 25 GigE SPF28 base channel management interfaces (M3 and M4).  The management interfaces can be used for HA heartbeat communication and session synchronization between two chassis in HA mode or for other management functions such as remote logging. You can also change the speeds of the management interfaces. You can also split the M1 and M2 interfaces.

The FIM-7941F includes a console port to provide console access to the FIM-7941F CLI.

FIM-7941F front panel

Front panel interfaces

You connect the FIM-7941F to your 100Gbps data networks using the 1 to 18 front panel QSFP28 interfaces. You can also connect the FIM-7941F to your 400Gbps data networks using the 19 and 20 front panel QSFP-DD interfaces. You can create link aggregation groups that can include data interfaces from multiple FIMs and FPMs in the same chassis.

The front panel also includes M1 and M2 QSFP28, M3 and M4 SFP28 interfaces that connect to the base channel, two Ethernet management interfaces (MGMT1 and MGMT2), and a USB port. The USB port can be used with any USB key for backing up and restoring configuration files and installing and restoring firmware.

Connector Type Speed Protocol Description
1 to 18 QSFP28

100Gbps

40Gbps

4 x 25Gbps (split)

4 x 10Gbps (split)

Ethernet

Eighteen front panel 100GigE QSFP28 fabric channel data interfaces that can be connected to 100Gbps data networks to distribute sessions to the FPMs in chassis slots 3 and up. The speed of these interfaces can be changed to 40Gbps. These interfaces can be split into four interfaces. Each split interface can operate at 25Gbps or 10Gbps.

19 and 20

QSFP-DD

400Gbps

100Gbps

40Gbps

4 x 100Gbps (split)

4 x 25Gbps (split)

4 x 10Gbps (split)

Ethernet

Two front panel 400GigE QSFP-DD fabric channel data interfaces that can be connected to 400Gbps data networks to distribute sessions to the FPMs in chassis slots 3 and up. These interfaces can be changed to 100GigE QSFP28 interfaces and the speed changed to 40Gbps. These Interfaces can be split into four interfaces. Each split interface can operate at 100Gbps, 25Gbps, or 10Gbps.

M1 and M2 QSFP28

100Gbps

40Gbps

4 x 25Gbps (split)

4 x 10Gbps (split)

Ethernet

Two front panel 100GigE QSFP28 base channel management interfaces. These interfaces are used for HA heartbeat, and session synchronization between FIM-7941Fs in different chassis. These interfaces can also be used for management communication (for example, for remote logging). The speed of these interfaces can be changed to 40Gbps. These interfaces can be split into four interfaces. Each split interface can operate at 25Gbps or 10Gbps.

M3 and M4

SFP28

25Gbps

10Gbps

Ethernet

Two front panel 25GigE SFP28 base channel management interfaces. These interfaces are used for HA heartbeat, and session synchronization between FIM-7941Fs in different chassis. These interfaces can also be used for management communication (for example, for remote logging). The speed of these interfaces can be changed to 10Gbps.

MGMT1 and MGMT2 RJ-45

10Mbps

100Mbps

1000Mbps

Ethernet Two 10/100/1000BASE-T copper out of band management ethernet interfaces.
USB USB 3.0 Type A USB 3.0 USB 2.0 Standard USB connector.
Console RJ-45 9600 bps
8/N/1
RS-232 serial Serial connection to the FIM-7941F CLI.

Changing the FIM-7941F 1 to 18, M1, and M2 interfaces

By default, the FIM-7941F 1 to 18 (P1 to P18) , M1, and M2 interfaces are configured as 100GigE QSFP28 interfaces. You can make the following changes to these interfaces:

  • Change the interface speed to 40G using the config system interface command.

  • Split one or more of the interfaces into four 25GigE interfaces.

  • Change the interface speed of one or more of the split interfaces to 10Gig.

Note

You should configure split interfaces on both FortiGate-7000Fs before forming an FGCP HA cluster. If you decide to change the split interface configuration after forming a cluster, you need to remove the backup FortiGate-7000F from the cluster and change the split interface configuration on both FortiGate-7000Fs separately. After the FortiGate-7000Fs restart, you can re-form the cluster. This process will cause traffic interruptions.

You can use the following command to split the P3 interface of the FIM-7941F in slot 1 and the P16 and M1 interfaces of the FIM-7941F in slot 2:

config system global

set split-port 1-P3 2-P16 2-M1

end

The FortiGate-7000F reboots and when it starts up:

  • Interface 1-P3 has been replaced by four 25GigE CR2 interfaces named 1-P3/1 to 1-P3/4.

  • Interface 2-P16 has been replaced by four 25GigE CR2 interfaces named 2-P16/1 to 2-P16/4.

  • Interface 2-M1 has been replaced by four 25GigE CR2 interfaces named 2-M1/1 to 2-M1/4.

You can use the config system interface command to change the speeds of each of the split interfaces. You can change the speed of some or all of the individual split interfaces depending on whether the transceiver installed in the interface slot supports different speeds for the split interfaces.

For example, to change the speed of the 2-P16/3 interface to 10Gig:

config system interface

edit 2-P16/3

set speed 10000full

end

Changing the FIM-7941F 19 and 20 interfaces

By default, the FIM-7941F 19 and 20 (P19 and P20) interfaces are configured as 400GigE QSFP-DD interfaces. You can make the following changes to one or both of interfaces:

  • Change the interface speed to 400G, 100G, or 40G using the config system interface command.

  • Change the interface type to 100GigE QSFP28.

  • Split the interface into four 100GigE CR2 interfaces.

  • Split the interface into four 25GigE CR or 10GigE SR interfaces.

All of these operations, except changing the interface speed using the config system interface command, require a system restart. Fortinet recommends that you perform these operations during a maintenance window and plan the changes to avoid traffic disruption. For example, you can change interface types and split interfaces as a single operation.

Note

You should change interface types or split interfaces on both FortiGate-7000Fs before forming an FGCP HA cluster. If you decide to change interface type or split interfaces after forming a cluster, you need to remove the backup FortiGate-7000F from the cluster and change interfaces as required on both FortiGate-7000Fs separately. After the FortiGate-7000Fs restart, you can re-form the cluster. This process will cause traffic interruptions.

Changing the P19 or P20 interface type to 100GigE QSFP28

You can use the following command to convert the P19 or P20 interface to a 100GigE QSFP28 interface. To change the interface type of P19 of the FIM-7941F in slot 1 (1-P19) and P20 of the FIM-7941F in slot 2 (2-P20) enter the following command:

config system global

set qsfpdd-100g-port 1-P19 2-P20

end

The FortiGate-7000F reboots and when it starts up interface 1-P19 and 2-P20 are operating as 100GigE QSFP28 interfaces.

Splitting the P19 or P20 interfaces into four 100GigE CR2 interfaces

You can use the following command to split the P19 or P20 interfaces into four 100GigE CR2 interfaces. To split P19 of the FIM-7941F in slot 1 (1-P19) and P20 of the FIM-7941F in slot 2 (2-P20) enter the following command:

config system global

set split-port 1-P19 2-P20

end

The FortiGate-7000F reboots and when it starts up:

  • Interface 1-P19 has been replaced by four 100GigE CR2 interfaces named 1-P19/1 to 1-P19/4.

  • Interface 2-P20 has been replaced by four 100GigE CR2 interfaces named 2-P20/1 to 2-P20/4.

Splitting the P19 or P20 interfaces into four 25GigE CR or 10GigE SR interfaces

You can use the following command to split the P19 or P20 interfaces into four 25GigE CR interfaces. The following command converts the interface into a 100GigE QSFP28 interface then splits this interface into four 25 GigE CR interfaces. To change P19 of the FIM-7941F in slot 1 (1-P19) and P20 of the FIM-7941F in slot 2 (2-P20) enter the following command:

config system global

set qsfpdd-100g-port 1-P19 2-P20

set split-port 1-P19 2-P20

end

The FortiGate-7000F reboots and when it starts up:

  • Interface 1-P19 has been replaced by four 25GigE CR interfaces named 1-P19/1 to 1-P19/4.

  • Interface 2-P20 has been replaced by four 25GigE CR interfaces named 2-P20/1 to 2-P20/4.

If you want some or all of these interfaces to operate as 10GigE SR interfaces you can use the config system interface command to change the interface speed. You can change the speed of some or all of the individual split interfaces depending on whether the transceiver installed in the interface slot supports different speeds for the split interfaces.

FIM-7941F hardware architecture

The FIM-7941F includes an integrated switch fabric (ISF) that connects the front panel interfaces and the chassis fabric backplane to the NP7 processors. The NP7 processors receive sessions from the FIM front panel data interfaces and the FPM front panel data interfaces over the fabric backplane. The NP7 processors use SLBC to distribute sessions to FPMs over the fabric backplane.

The FIM-7941F also includes the following backplane communication channels:

  • Ten 400Gbps fabric backplane channel to distribute traffic to the FPMs.
  • Ten 50Gbps base backplane channel for base backplane communication with the FPMs.
  • One 1Tbps fabric backplane channel for fabric backplane communication with the other FIM.
  • One 50Gbps base backplane channel for base backplane communication with the other FIM.
FIM-7941F hardware architecture

FIM-7941F interface module

The FIM-7941F interface module is a hot swappable module that provides data, management, and session sync/heartbeat interfaces, base backplane switching, hardware acceleration, and fabric backplane session-aware load balancing for a FortiGate-7000F series chassis. The FIM-7941F includes an integrated switch fabric, five NP7 processors to load balance millions of data sessions over the FortiGate-7000F 400Gbps fabric backplane channel to FPM processor modules. The FIM-7941F also includes a 50Gbps base backplane channel for base backplane management communication with each FPM in the chassis, one 1Tbps fabric backplane channel for fabric backplane communication with the other FIM in the chassis, and a second 50Gbps base backplane channel for base backplane communication with the other FIM in the chassis. The FIM-7941F also includes two 4 TByte SSD log disks in a RAID-1 configuration. The SSDs are accessible from the FIM-7941F front panel but should not be removed.

Note

The FIM-7941F interface module is an update of the FIM-7921F interface module with the same architecture but a newer switch fabric that has a greater capacity and supports more advanced features. You cannot include a FIM-7941F and FIM-7921F in the same FortiGate-7000F chassis. In an HA configuration, both chassis in the HA cluster must have the same FIMs.

The FIM-7941F can be installed in any FortiGate-7000F series chassis in chassis hub/switch slots 1 or 2. The FIM-7941F includes eighteen front panel 100GigE QSFP28 fabric channel data network interfaces (1 to 18) and two 400GigE QSFP-DD fabric channel data network interfaces (19 and 20). Interfaces 1 to 18 can be connected to 100Gbps data networks. Interfaces 19 and 20 can be connected to 400Gbps data networks. You can also change the interface type of interfaces 19 and 20 and change the speeds of all of the data interfaces. You can also split interfaces 1 to 20, M1 and M2.

The FIM-7941F also includes two 100 GigE QSFP28 base channel management interfaces (M1 and M2) and two 25 GigE SPF28 base channel management interfaces (M3 and M4).  The management interfaces can be used for HA heartbeat communication and session synchronization between two chassis in HA mode or for other management functions such as remote logging. You can also change the speeds of the management interfaces. You can also split the M1 and M2 interfaces.

The FIM-7941F includes a console port to provide console access to the FIM-7941F CLI.

FIM-7941F front panel

Front panel interfaces

You connect the FIM-7941F to your 100Gbps data networks using the 1 to 18 front panel QSFP28 interfaces. You can also connect the FIM-7941F to your 400Gbps data networks using the 19 and 20 front panel QSFP-DD interfaces. You can create link aggregation groups that can include data interfaces from multiple FIMs and FPMs in the same chassis.

The front panel also includes M1 and M2 QSFP28, M3 and M4 SFP28 interfaces that connect to the base channel, two Ethernet management interfaces (MGMT1 and MGMT2), and a USB port. The USB port can be used with any USB key for backing up and restoring configuration files and installing and restoring firmware.

Connector Type Speed Protocol Description
1 to 18 QSFP28

100Gbps

40Gbps

4 x 25Gbps (split)

4 x 10Gbps (split)

Ethernet

Eighteen front panel 100GigE QSFP28 fabric channel data interfaces that can be connected to 100Gbps data networks to distribute sessions to the FPMs in chassis slots 3 and up. The speed of these interfaces can be changed to 40Gbps. These interfaces can be split into four interfaces. Each split interface can operate at 25Gbps or 10Gbps.

19 and 20

QSFP-DD

400Gbps

100Gbps

40Gbps

4 x 100Gbps (split)

4 x 25Gbps (split)

4 x 10Gbps (split)

Ethernet

Two front panel 400GigE QSFP-DD fabric channel data interfaces that can be connected to 400Gbps data networks to distribute sessions to the FPMs in chassis slots 3 and up. These interfaces can be changed to 100GigE QSFP28 interfaces and the speed changed to 40Gbps. These Interfaces can be split into four interfaces. Each split interface can operate at 100Gbps, 25Gbps, or 10Gbps.

M1 and M2 QSFP28

100Gbps

40Gbps

4 x 25Gbps (split)

4 x 10Gbps (split)

Ethernet

Two front panel 100GigE QSFP28 base channel management interfaces. These interfaces are used for HA heartbeat, and session synchronization between FIM-7941Fs in different chassis. These interfaces can also be used for management communication (for example, for remote logging). The speed of these interfaces can be changed to 40Gbps. These interfaces can be split into four interfaces. Each split interface can operate at 25Gbps or 10Gbps.

M3 and M4

SFP28

25Gbps

10Gbps

Ethernet

Two front panel 25GigE SFP28 base channel management interfaces. These interfaces are used for HA heartbeat, and session synchronization between FIM-7941Fs in different chassis. These interfaces can also be used for management communication (for example, for remote logging). The speed of these interfaces can be changed to 10Gbps.

MGMT1 and MGMT2 RJ-45

10Mbps

100Mbps

1000Mbps

Ethernet Two 10/100/1000BASE-T copper out of band management ethernet interfaces.
USB USB 3.0 Type A USB 3.0 USB 2.0 Standard USB connector.
Console RJ-45 9600 bps
8/N/1
RS-232 serial Serial connection to the FIM-7941F CLI.

Changing the FIM-7941F 1 to 18, M1, and M2 interfaces

By default, the FIM-7941F 1 to 18 (P1 to P18) , M1, and M2 interfaces are configured as 100GigE QSFP28 interfaces. You can make the following changes to these interfaces:

  • Change the interface speed to 40G using the config system interface command.

  • Split one or more of the interfaces into four 25GigE interfaces.

  • Change the interface speed of one or more of the split interfaces to 10Gig.

Note

You should configure split interfaces on both FortiGate-7000Fs before forming an FGCP HA cluster. If you decide to change the split interface configuration after forming a cluster, you need to remove the backup FortiGate-7000F from the cluster and change the split interface configuration on both FortiGate-7000Fs separately. After the FortiGate-7000Fs restart, you can re-form the cluster. This process will cause traffic interruptions.

You can use the following command to split the P3 interface of the FIM-7941F in slot 1 and the P16 and M1 interfaces of the FIM-7941F in slot 2:

config system global

set split-port 1-P3 2-P16 2-M1

end

The FortiGate-7000F reboots and when it starts up:

  • Interface 1-P3 has been replaced by four 25GigE CR2 interfaces named 1-P3/1 to 1-P3/4.

  • Interface 2-P16 has been replaced by four 25GigE CR2 interfaces named 2-P16/1 to 2-P16/4.

  • Interface 2-M1 has been replaced by four 25GigE CR2 interfaces named 2-M1/1 to 2-M1/4.

You can use the config system interface command to change the speeds of each of the split interfaces. You can change the speed of some or all of the individual split interfaces depending on whether the transceiver installed in the interface slot supports different speeds for the split interfaces.

For example, to change the speed of the 2-P16/3 interface to 10Gig:

config system interface

edit 2-P16/3

set speed 10000full

end

Changing the FIM-7941F 19 and 20 interfaces

By default, the FIM-7941F 19 and 20 (P19 and P20) interfaces are configured as 400GigE QSFP-DD interfaces. You can make the following changes to one or both of interfaces:

  • Change the interface speed to 400G, 100G, or 40G using the config system interface command.

  • Change the interface type to 100GigE QSFP28.

  • Split the interface into four 100GigE CR2 interfaces.

  • Split the interface into four 25GigE CR or 10GigE SR interfaces.

All of these operations, except changing the interface speed using the config system interface command, require a system restart. Fortinet recommends that you perform these operations during a maintenance window and plan the changes to avoid traffic disruption. For example, you can change interface types and split interfaces as a single operation.

Note

You should change interface types or split interfaces on both FortiGate-7000Fs before forming an FGCP HA cluster. If you decide to change interface type or split interfaces after forming a cluster, you need to remove the backup FortiGate-7000F from the cluster and change interfaces as required on both FortiGate-7000Fs separately. After the FortiGate-7000Fs restart, you can re-form the cluster. This process will cause traffic interruptions.

Changing the P19 or P20 interface type to 100GigE QSFP28

You can use the following command to convert the P19 or P20 interface to a 100GigE QSFP28 interface. To change the interface type of P19 of the FIM-7941F in slot 1 (1-P19) and P20 of the FIM-7941F in slot 2 (2-P20) enter the following command:

config system global

set qsfpdd-100g-port 1-P19 2-P20

end

The FortiGate-7000F reboots and when it starts up interface 1-P19 and 2-P20 are operating as 100GigE QSFP28 interfaces.

Splitting the P19 or P20 interfaces into four 100GigE CR2 interfaces

You can use the following command to split the P19 or P20 interfaces into four 100GigE CR2 interfaces. To split P19 of the FIM-7941F in slot 1 (1-P19) and P20 of the FIM-7941F in slot 2 (2-P20) enter the following command:

config system global

set split-port 1-P19 2-P20

end

The FortiGate-7000F reboots and when it starts up:

  • Interface 1-P19 has been replaced by four 100GigE CR2 interfaces named 1-P19/1 to 1-P19/4.

  • Interface 2-P20 has been replaced by four 100GigE CR2 interfaces named 2-P20/1 to 2-P20/4.

Splitting the P19 or P20 interfaces into four 25GigE CR or 10GigE SR interfaces

You can use the following command to split the P19 or P20 interfaces into four 25GigE CR interfaces. The following command converts the interface into a 100GigE QSFP28 interface then splits this interface into four 25 GigE CR interfaces. To change P19 of the FIM-7941F in slot 1 (1-P19) and P20 of the FIM-7941F in slot 2 (2-P20) enter the following command:

config system global

set qsfpdd-100g-port 1-P19 2-P20

set split-port 1-P19 2-P20

end

The FortiGate-7000F reboots and when it starts up:

  • Interface 1-P19 has been replaced by four 25GigE CR interfaces named 1-P19/1 to 1-P19/4.

  • Interface 2-P20 has been replaced by four 25GigE CR interfaces named 2-P20/1 to 2-P20/4.

If you want some or all of these interfaces to operate as 10GigE SR interfaces you can use the config system interface command to change the interface speed. You can change the speed of some or all of the individual split interfaces depending on whether the transceiver installed in the interface slot supports different speeds for the split interfaces.

FIM-7941F hardware architecture

The FIM-7941F includes an integrated switch fabric (ISF) that connects the front panel interfaces and the chassis fabric backplane to the NP7 processors. The NP7 processors receive sessions from the FIM front panel data interfaces and the FPM front panel data interfaces over the fabric backplane. The NP7 processors use SLBC to distribute sessions to FPMs over the fabric backplane.

The FIM-7941F also includes the following backplane communication channels:

  • Ten 400Gbps fabric backplane channel to distribute traffic to the FPMs.
  • Ten 50Gbps base backplane channel for base backplane communication with the FPMs.
  • One 1Tbps fabric backplane channel for fabric backplane communication with the other FIM.
  • One 50Gbps base backplane channel for base backplane communication with the other FIM.
FIM-7941F hardware architecture