Fortinet black logo

FortiGate-6000 and FortiGate-7000 Release Notes

Home FortiGate / FortiOS 7.0.10 FortiGate-6000 and FortiGate-7000 Release Notes
7.0.10
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.2.3
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7

Load balancing configuration to support multihop BFD (MBFD)

Load balancing configuration to support multihop BFD (MBFD)

Support for multihop BFD (MBFD) was added to FortiOS 7.0.6 (see BFD for multihop path for BGP) and is supported by FortiGate-6000 and 7000 for FortiOS 7.0.10. Multihop BFD is supported for normal traffic and over IPsec VPN tunnels that are terminated by the FortiGate-6000 or 7000.

The multihop control protocol uses TCP and UDP traffic on port 4784. Multihop control traffic is not load balanced by DP or NP7 processors. Instead, a flow rule is used to send all multihop control traffic to a single FPC or FPM.

The following flow rule has been added to the FortiOS 7.0.10 default flow rules for traffic that cannot be load balanced to send all multihop control traffic to the primary FPC or FPM. This flow rule should be enabled if you configure multihop BFD support on your FortiGate-6000 or 7000.

config load-balance flow-rule

edit 22

set status disable

set vlan 0

set ether-type ip

set protocol udp

set src-l4port 0-0

set dst-l4port 4784-4784

set action forward

set forward-slot master

set priority 5

set comment "Flow Rule for Multihop BFD"

end

When upgrading to FortiOS 7.0.10, this flow rule will be added to the default flow rules configuration and will be disabled. You need to enable it if you want to use multihop BFD.

Resetting your FortiGate-6000 or 7000 running FortiOS 7.0.10 to factory defaults enables the multihop BFD flow rule.

Previous
Next

Load balancing configuration to support multihop BFD (MBFD)

Support for multihop BFD (MBFD) was added to FortiOS 7.0.6 (see BFD for multihop path for BGP) and is supported by FortiGate-6000 and 7000 for FortiOS 7.0.10. Multihop BFD is supported for normal traffic and over IPsec VPN tunnels that are terminated by the FortiGate-6000 or 7000.

The multihop control protocol uses TCP and UDP traffic on port 4784. Multihop control traffic is not load balanced by DP or NP7 processors. Instead, a flow rule is used to send all multihop control traffic to a single FPC or FPM.

The following flow rule has been added to the FortiOS 7.0.10 default flow rules for traffic that cannot be load balanced to send all multihop control traffic to the primary FPC or FPM. This flow rule should be enabled if you configure multihop BFD support on your FortiGate-6000 or 7000.

config load-balance flow-rule

edit 22

set status disable

set vlan 0

set ether-type ip

set protocol udp

set src-l4port 0-0

set dst-l4port 4784-4784

set action forward

set forward-slot master

set priority 5

set comment "Flow Rule for Multihop BFD"

end

When upgrading to FortiOS 7.0.10, this flow rule will be added to the default flow rules configuration and will be disabled. You need to enable it if you want to use multihop BFD.

Resetting your FortiGate-6000 or 7000 running FortiOS 7.0.10 to factory defaults enables the multihop BFD flow rule.

Previous
Next