Fortinet Document Library

Version:


Table of Contents

New Features

6.4.0
Download PDF
Copy Link

Support for new VM bandwidth-limited SKUs 6.4.2

Four new stackable SKUs allow you to purchase and deploy VMs with limited bandwidths per interface. The bandwidth limits are calculated per interface, or aggregate interface, per direction. Management only interfaces are exempt from the limit.

Each SKU includes one of the following service bundles:

  • FortiClient only
  • UTM
  • Enterprise
  • 360 Protection

The FortiGate gets the service bundle and bandwidth from FortiGuard after the VM license is uploaded to the FortiGate.

These examples show two of the license options:

  • UTM and 100Gbps bandwidth (unlimited bandwidth)
  • 360 Protection with 900Mbps bandwidth

UTM and 100Gbps

After the license is imported and validated, FortiGuard services are shown on the Status dashboard.

The CLI shows unlimited bandwidth for the license and no bandwidth for interfaces, because it is unlimited.

# diagnose debug vm-print-license
SerialNumber: FGVMSBTM20090007
CreateDate: Fri May 15 00:36:41 2020
License expires: Sun May 16 17:00:00 2021
Key: yes
Cert: yes
Key2: yes
Cert2: yes
Model: SB (19)
CPU: 2147483647
MEM: 2147483647
Bandwidth: unlimited
# diagnose netlink interface list port3

if=port3 family=00 type=1 index=5 mtu=1500 link=0 master=0
ref=14 state=start present fw_flags=10008000 flags=up broadcast run multicast
Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:1f broadcast_addr=ff:ff:ff:ff:ff:ff
stat: rxp=857 txp=5 rxb=80456 txb=312 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=14

360 Protection and 900Mbps bandwidth

After the license is imported and validated, FortiGuard services are shown on the Status dashboard.

The CLI shows an extra 10% bandwidth for the license and interfaces, not including management interfaces:

# diagnose debug vm-print-license
SerialNumber: FGVMSBTM00000000
CreateDate: Sat May 16 02:27:24 2020
License expires: Mon May 17 17:00:00 2021
Key: yes
Cert: yes
Key2: yes
Cert2: yes
Model: SB (19)
CPU: 2147483647
MEM: 2147483647
Bandwidth: 990000 kbps
# diagnose netlink interface list port2

if=port2 family=00 type=1 index=4 mtu=1500 link=0 master=0
ref=28 state=start present fw_flags=8000 flags=up broadcast run multicast
Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:15 broadcast_addr=ff:ff:ff:ff:ff:ff
inbandwidth=990000(kbps)        total_bytes=0   drop_bytes=0
outbandwidth=990000(kbps)
        priority=0      allocated-bandwidth=10(kbps)    total_bytes=125K        drop_bytes=0
        priority=1      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=2      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=3      allocated-bandwidth=0(kbps)     total_bytes=864         drop_bytes=0
        priority=4      allocated-bandwidth=989989(kbps)        total_bytes=0   drop_bytes=0
stat: rxp=490 txp=574 rxb=289785 txb=126227 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=28

Aggregate interfaces

Aggregate interfaces have the same bandwidth limit as individual interfaces:

config system interface
    edit "agg56"
        set vdom "root"
        set allowaccess ping https ssh http
        set type aggregate
        set member "port5" "port6"
        set device-identification enable
        set lldp-transmission enable
        set role lan
        set snmp-index 15
    next
end
# diagnose netlink interface list agg56

if=agg56 family=00 type=1 index=16 mtu=1500 link=0 master=0
ref=42 state=start present no_carrier fw_flags=3800 flags=up broadcast master multicast
Qdisc=noqueue hw_addr=00:0c:29:15:df:33 broadcast_addr=ff:ff:ff:ff:ff:ff
inbandwidth=990000(kbps)        total_bytes=0   drop_bytes=0
outbandwidth=990000(kbps)
        priority=0      allocated-bandwidth=0(kbps)     total_bytes=90  drop_bytes=0
        priority=1      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=2      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=3      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=4      allocated-bandwidth=110000(kbps)        total_bytes=0   drop_bytes=0
stat: rxp=53501934 txp=139 rxb=3210121819 txb=17166 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=7 arp_entry=0 refcnt=42
# diagnose netlink interface list port5

if=port5 family=00 type=1 index=7 mtu=1500 link=0 master=16
ref=12 state=start present fw_flags=0 flags=up broadcast run noarp slave multicast
Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:33 broadcast_addr=ff:ff:ff:ff:ff:ff
inbandwidth=990000(kbps)        total_bytes=0   drop_bytes=0
outbandwidth=990000(kbps)
        priority=0      allocated-bandwidth=0(kbps)     total_bytes=8770        drop_bytes=0
        priority=1      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=2      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=3      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=4      allocated-bandwidth=989999(kbps)        total_bytes=0   drop_bytes=0
stat: rxp=70 txp=71 rxb=9289 txb=8770 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=12
# diagnose netlink interface list port6

if=port6 family=00 type=1 index=8 mtu=1500 link=0 master=16
ref=12 state=start present fw_flags=0 flags=up broadcast run noarp slave multicast
Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:33 broadcast_addr=ff:ff:ff:ff:ff:ff
inbandwidth=990000(kbps)        total_bytes=0   drop_bytes=0
outbandwidth=990000(kbps)
        priority=0      allocated-bandwidth=0(kbps)     total_bytes=8770        drop_bytes=0
        priority=1      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=2      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=3      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=4      allocated-bandwidth=989999(kbps)        total_bytes=0   drop_bytes=0
stat: rxp=54003304 txp=71 rxb=3240198976 txb=8770 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=12

Management interfaces

Normal and VPN interfaces that are dedicated to management do not have a bandwidth limitation

config system interface
    edit "port1"
        set vdom "root"
        set ip 10.6.30.173 255.255.255.0
        set allowaccess ping https ssh http fgfm
        set type physical
        set dedicated-to management
        set snmp-index 1
    next
end
# diagnose netlink interface list port1

if=port1 family=00 type=1 index=3 mtu=1500 link=0 master=0
ref=18 state=start present fw_flags=0 flags=up broadcast run multicast
Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:0b broadcast_addr=ff:ff:ff:ff:ff:ff
stat: rxp=6957 txp=4270 rxb=1196300 txb=2942486 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=18

Setting the interface bandwidth

The in and out bandwidths can be configured with 10% extra bandwidth:

config system interface
    edit "port3"
        set vdom "root"
        set ip 172.16.200.173 255.255.255.0
        set allowaccess ping https ssh snmp http telnet fgfm radius-acct probe-response fabric ftm
        set type physical
        set inbandwidth 990000
        set outbandwidth 990000
        set snmp-index 3
    next
end

Setting the bandwidth too high will result in an error:

# set inbandwidth 1000000
Should be in the range of 0 - 990000.
node_check_object fail! for outbandwidth 1000000

value parse error before '1000000'
Command fail. Return code -2

Support for new VM bandwidth-limited SKUs 6.4.2

Four new stackable SKUs allow you to purchase and deploy VMs with limited bandwidths per interface. The bandwidth limits are calculated per interface, or aggregate interface, per direction. Management only interfaces are exempt from the limit.

Each SKU includes one of the following service bundles:

  • FortiClient only
  • UTM
  • Enterprise
  • 360 Protection

The FortiGate gets the service bundle and bandwidth from FortiGuard after the VM license is uploaded to the FortiGate.

These examples show two of the license options:

  • UTM and 100Gbps bandwidth (unlimited bandwidth)
  • 360 Protection with 900Mbps bandwidth

UTM and 100Gbps

After the license is imported and validated, FortiGuard services are shown on the Status dashboard.

The CLI shows unlimited bandwidth for the license and no bandwidth for interfaces, because it is unlimited.

# diagnose debug vm-print-license
SerialNumber: FGVMSBTM20090007
CreateDate: Fri May 15 00:36:41 2020
License expires: Sun May 16 17:00:00 2021
Key: yes
Cert: yes
Key2: yes
Cert2: yes
Model: SB (19)
CPU: 2147483647
MEM: 2147483647
Bandwidth: unlimited
# diagnose netlink interface list port3

if=port3 family=00 type=1 index=5 mtu=1500 link=0 master=0
ref=14 state=start present fw_flags=10008000 flags=up broadcast run multicast
Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:1f broadcast_addr=ff:ff:ff:ff:ff:ff
stat: rxp=857 txp=5 rxb=80456 txb=312 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=14

360 Protection and 900Mbps bandwidth

After the license is imported and validated, FortiGuard services are shown on the Status dashboard.

The CLI shows an extra 10% bandwidth for the license and interfaces, not including management interfaces:

# diagnose debug vm-print-license
SerialNumber: FGVMSBTM00000000
CreateDate: Sat May 16 02:27:24 2020
License expires: Mon May 17 17:00:00 2021
Key: yes
Cert: yes
Key2: yes
Cert2: yes
Model: SB (19)
CPU: 2147483647
MEM: 2147483647
Bandwidth: 990000 kbps
# diagnose netlink interface list port2

if=port2 family=00 type=1 index=4 mtu=1500 link=0 master=0
ref=28 state=start present fw_flags=8000 flags=up broadcast run multicast
Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:15 broadcast_addr=ff:ff:ff:ff:ff:ff
inbandwidth=990000(kbps)        total_bytes=0   drop_bytes=0
outbandwidth=990000(kbps)
        priority=0      allocated-bandwidth=10(kbps)    total_bytes=125K        drop_bytes=0
        priority=1      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=2      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=3      allocated-bandwidth=0(kbps)     total_bytes=864         drop_bytes=0
        priority=4      allocated-bandwidth=989989(kbps)        total_bytes=0   drop_bytes=0
stat: rxp=490 txp=574 rxb=289785 txb=126227 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=28

Aggregate interfaces

Aggregate interfaces have the same bandwidth limit as individual interfaces:

config system interface
    edit "agg56"
        set vdom "root"
        set allowaccess ping https ssh http
        set type aggregate
        set member "port5" "port6"
        set device-identification enable
        set lldp-transmission enable
        set role lan
        set snmp-index 15
    next
end
# diagnose netlink interface list agg56

if=agg56 family=00 type=1 index=16 mtu=1500 link=0 master=0
ref=42 state=start present no_carrier fw_flags=3800 flags=up broadcast master multicast
Qdisc=noqueue hw_addr=00:0c:29:15:df:33 broadcast_addr=ff:ff:ff:ff:ff:ff
inbandwidth=990000(kbps)        total_bytes=0   drop_bytes=0
outbandwidth=990000(kbps)
        priority=0      allocated-bandwidth=0(kbps)     total_bytes=90  drop_bytes=0
        priority=1      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=2      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=3      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=4      allocated-bandwidth=110000(kbps)        total_bytes=0   drop_bytes=0
stat: rxp=53501934 txp=139 rxb=3210121819 txb=17166 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=7 arp_entry=0 refcnt=42
# diagnose netlink interface list port5

if=port5 family=00 type=1 index=7 mtu=1500 link=0 master=16
ref=12 state=start present fw_flags=0 flags=up broadcast run noarp slave multicast
Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:33 broadcast_addr=ff:ff:ff:ff:ff:ff
inbandwidth=990000(kbps)        total_bytes=0   drop_bytes=0
outbandwidth=990000(kbps)
        priority=0      allocated-bandwidth=0(kbps)     total_bytes=8770        drop_bytes=0
        priority=1      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=2      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=3      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=4      allocated-bandwidth=989999(kbps)        total_bytes=0   drop_bytes=0
stat: rxp=70 txp=71 rxb=9289 txb=8770 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=12
# diagnose netlink interface list port6

if=port6 family=00 type=1 index=8 mtu=1500 link=0 master=16
ref=12 state=start present fw_flags=0 flags=up broadcast run noarp slave multicast
Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:33 broadcast_addr=ff:ff:ff:ff:ff:ff
inbandwidth=990000(kbps)        total_bytes=0   drop_bytes=0
outbandwidth=990000(kbps)
        priority=0      allocated-bandwidth=0(kbps)     total_bytes=8770        drop_bytes=0
        priority=1      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=2      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=3      allocated-bandwidth=0(kbps)     total_bytes=0   drop_bytes=0
        priority=4      allocated-bandwidth=989999(kbps)        total_bytes=0   drop_bytes=0
stat: rxp=54003304 txp=71 rxb=3240198976 txb=8770 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=12

Management interfaces

Normal and VPN interfaces that are dedicated to management do not have a bandwidth limitation

config system interface
    edit "port1"
        set vdom "root"
        set ip 10.6.30.173 255.255.255.0
        set allowaccess ping https ssh http fgfm
        set type physical
        set dedicated-to management
        set snmp-index 1
    next
end
# diagnose netlink interface list port1

if=port1 family=00 type=1 index=3 mtu=1500 link=0 master=0
ref=18 state=start present fw_flags=0 flags=up broadcast run multicast
Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:0b broadcast_addr=ff:ff:ff:ff:ff:ff
stat: rxp=6957 txp=4270 rxb=1196300 txb=2942486 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=18

Setting the interface bandwidth

The in and out bandwidths can be configured with 10% extra bandwidth:

config system interface
    edit "port3"
        set vdom "root"
        set ip 172.16.200.173 255.255.255.0
        set allowaccess ping https ssh snmp http telnet fgfm radius-acct probe-response fabric ftm
        set type physical
        set inbandwidth 990000
        set outbandwidth 990000
        set snmp-index 3
    next
end

Setting the bandwidth too high will result in an error:

# set inbandwidth 1000000
Should be in the range of 0 - 990000.
node_check_object fail! for outbandwidth 1000000

value parse error before '1000000'
Command fail. Return code -2