DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
FortiGate-7000E Administration Guide
What's New
What's new for FortiGate 7000E 7.2.8
What's new for FortiGate 7000E 7.2.7
What's new for FortiGate 7000E 7.2.6
What's new for FortiGate 7000E 7.2.5
FortiGate 7000E overview
FortiGate 7060E
FortiGate 7040E
FortiGate 7030E
FIM-7901E interface module
FIM-7904E interface module
FIM-7910E interface module
FIM-7920E interface module
FPM-7620E processing module
FPM-7630E processing module
Getting started with FortiGate 7000E
Confirming startup status
FortiGate 7000E and the Security Fabric
FortiGate 7000E and FortiOS Carrier
Configuration synchronization
Confirming that the FortiGate 7000E is synchronized
Viewing more details about FortiGate 7000E synchronization
Cluster status dashboard widget
FortiGate 7000E dashboard widgets
Multi VDOM mode
Setting up management connections
FortiGate 7000E 7.2.8 incompatibilities and limitations
Managing individual FortiGate 7000E FIMs and FPMs
Special management port numbers
HA mode special management port numbers
Managing individual FIMs and FPMs from the CLI
Connecting to individual FIM and FPM CLIs of the secondary FortiGate 7000E in an HA configuration
Load balancing and flow rules
Setting the load balancing method
Determining the primary FPM
Flow rules for sessions that cannot be load balanced
Default flow rules for traffic that cannot be load balanced
GTP load balancing
Enabling GTP load balancing
GTP with dynamic source port allocation
GTP load balancing and fabric channel usage
Optimizing FortiOS Carrier NPU GTP performance
PFCP load balancing
ICMP load balancing
Load balancing TCP, UDP, and ICMP sessions with fragmented packets
Adding flow rules to support DHCP relay
Flow rules to support multihop BFD (MBFD)
Flow rules to support IP multicast
Controlling SNAT port partitioning behavior
Showing how the DP2 processor will load balance a session
Maximum number of flow rules limited by hardware
SSL VPN load balancing
Setting up SSL VPN using flow rules
IPsec VPN load balancing
Configuring IPsec VPN load balancing
SD-WAN with multiple IPsec VPN tunnels
Example FortiGate 7000E IPsec VPN VRF configuration
Troubleshooting
FortiGate 7000E high availability
Introduction to FortiGate 7000E FGCP HA
Before you begin configuring HA
Connect the M1 and M2 interfaces for HA heartbeat communication
Default HA heartbeat VLAN triple-tagging
HA heartbeat VLAN double-tagging
Basic FortiGate 7000E HA configuration
Confirming that the FortiGate 7000E HA cluster is synchronized
Viewing more details about HA cluster synchronization
Primary FortiGate 7000E selection with override disabled (default)
Primary FortiGate 7000E selection with override enabled
Failover protection
Device failure
FIM failure
Link failure
FPM failure
Session failover
Primary FortiGate 7000E recovery
Setting up HA management connections
HA reserved management interfaces
HA in-band management for management interfaces
Virtual clustering
Limitations of FortiGate 7000E virtual clustering
Virtual clustering VLAN/VDOM limitation
Configuring virtual clustering
HA cluster firmware upgrades
Distributed clustering
Modifying heartbeat timing
Changing how long routes stay in a cluster unit routing table
Session failover (session-pickup)
FortiGate 7000E FGSP
FortiGate 7000E FortiOS Carrier GTP with FGSP support
FGSP session synchronization options
Using data interfaces for FGSP session synchronization
Synchronizing sessions between FortiGate 7000E FGCP clusters
Example FortiGate 7000E FGSP session synchronization with a data interface LAG
Example FortiGate 7000E FGSP configuration using 1-M1 interfaces
Standalone configuration synchronization
FortiGate 7000E VRRP HA
Operating a FortiGate 7000E
FortiLink support
ECMP support
VDOM-based session tables
IPv4 and IPv6 ECMP load balancing
Enabling auxiliary session support
ICAP support
SSL mirroring support
VXLAN support
FortiGate 7000E IPsec load balancing EMAC VLAN interface limitation
Global option for proxy-based certificate queries
Using data interfaces for management traffic
Setting the MTU for a data interface
More management connections than expected for one device
More ARP queries than expected for one device - potential issue on large WiFi networks
VLAN ID 1 is reserved
Connecting to module CLIs using the System Management Module
Remote logging for individual FPMs
Some VDOM exception options not supported in HA mode
Configuring individual FPMs to send logs to different FortiAnalyzers
Configuring VDOMs on individual FPMs to send logs to different FortiAnalyzers
Configuring individual FPMs to send logs to different syslog servers
Configuring VDOMs on individual FPMs to send logs to different syslog servers
Firmware upgrade basics
Verifying that a firmware upgrade is successful
Installing firmware on individual FIMs or FPMs
Upgrading the firmware on an individual FIM
Upgrading the firmware on an individual FPM
Installing FIM firmware from the BIOS after a reboot
Installing FPM firmware from the BIOS after a reboot
Synchronizing FIMs and FPMs after upgrading the primary FIM firmware from the BIOS
Replacing a failed FPM or FIM
Resolving FIM or FPM boot device I/O errors
Formatting an FIM boot device and installing new firmware
Formatting an FPM boot device and installing new firmware
Failover in a standalone FortiGate 7000E
Adjusting global DP2 timers
Resetting to factory defaults
Restarting the FortiGate 7000E
Packet sniffing for FIM and FPM packets
Packet sniffing on integrated switch fabric (ISF) interfaces
Diagnose debug flow trace for FPM and FIM activity
FortiGate 7000E config CLI commands
FortiGate 7000E execute CLI commands
Change log
Home
FortiGate / FortiOS 7.2.8
FortiGate-7000E Administration Guide
7.2.8
7.6.0
7.4.5
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
GTP load balancing
GTP load balancing
You can use the information in this section to optimize
FortiGate 7000E
GTP performance.
Previous
Next
GTP load balancing
GTP load balancing
You can use the information in this section to optimize
FortiGate 7000E
GTP performance.
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
What's New
What's new for FortiGate 7000E 7.2.8
What's new for FortiGate 7000E 7.2.7
What's new for FortiGate 7000E 7.2.6
What's new for FortiGate 7000E 7.2.5
FortiGate 7000E overview
FortiGate 7060E
FortiGate 7040E
FortiGate 7030E
FIM-7901E interface module
FIM-7904E interface module
FIM-7910E interface module
FIM-7920E interface module
FPM-7620E processing module
FPM-7630E processing module
Getting started with FortiGate 7000E
Confirming startup status
FortiGate 7000E and the Security Fabric
FortiGate 7000E and FortiOS Carrier
Configuration synchronization
Confirming that the FortiGate 7000E is synchronized
Viewing more details about FortiGate 7000E synchronization
Cluster status dashboard widget
FortiGate 7000E dashboard widgets
Multi VDOM mode
Setting up management connections
FortiGate 7000E 7.2.8 incompatibilities and limitations
Managing individual FortiGate 7000E FIMs and FPMs
Special management port numbers
HA mode special management port numbers
Managing individual FIMs and FPMs from the CLI
Connecting to individual FIM and FPM CLIs of the secondary FortiGate 7000E in an HA configuration
Load balancing and flow rules
Setting the load balancing method
Determining the primary FPM
Flow rules for sessions that cannot be load balanced
Default flow rules for traffic that cannot be load balanced
GTP load balancing
Enabling GTP load balancing
GTP with dynamic source port allocation
GTP load balancing and fabric channel usage
Optimizing FortiOS Carrier NPU GTP performance
PFCP load balancing
ICMP load balancing
Load balancing TCP, UDP, and ICMP sessions with fragmented packets
Adding flow rules to support DHCP relay
Flow rules to support multihop BFD (MBFD)
Flow rules to support IP multicast
Controlling SNAT port partitioning behavior
Showing how the DP2 processor will load balance a session
Maximum number of flow rules limited by hardware
SSL VPN load balancing
Setting up SSL VPN using flow rules
IPsec VPN load balancing
Configuring IPsec VPN load balancing
SD-WAN with multiple IPsec VPN tunnels
Example FortiGate 7000E IPsec VPN VRF configuration
Troubleshooting
FortiGate 7000E high availability
Introduction to FortiGate 7000E FGCP HA
Before you begin configuring HA
Connect the M1 and M2 interfaces for HA heartbeat communication
Default HA heartbeat VLAN triple-tagging
HA heartbeat VLAN double-tagging
Basic FortiGate 7000E HA configuration
Confirming that the FortiGate 7000E HA cluster is synchronized
Viewing more details about HA cluster synchronization
Primary FortiGate 7000E selection with override disabled (default)
Primary FortiGate 7000E selection with override enabled
Failover protection
Device failure
FIM failure
Link failure
FPM failure
Session failover
Primary FortiGate 7000E recovery
Setting up HA management connections
HA reserved management interfaces
HA in-band management for management interfaces
Virtual clustering
Limitations of FortiGate 7000E virtual clustering
Virtual clustering VLAN/VDOM limitation
Configuring virtual clustering
HA cluster firmware upgrades
Distributed clustering
Modifying heartbeat timing
Changing how long routes stay in a cluster unit routing table
Session failover (session-pickup)
FortiGate 7000E FGSP
FortiGate 7000E FortiOS Carrier GTP with FGSP support
FGSP session synchronization options
Using data interfaces for FGSP session synchronization
Synchronizing sessions between FortiGate 7000E FGCP clusters
Example FortiGate 7000E FGSP session synchronization with a data interface LAG
Example FortiGate 7000E FGSP configuration using 1-M1 interfaces
Standalone configuration synchronization
FortiGate 7000E VRRP HA
Operating a FortiGate 7000E
FortiLink support
ECMP support
VDOM-based session tables
IPv4 and IPv6 ECMP load balancing
Enabling auxiliary session support
ICAP support
SSL mirroring support
VXLAN support
FortiGate 7000E IPsec load balancing EMAC VLAN interface limitation
Global option for proxy-based certificate queries
Using data interfaces for management traffic
Setting the MTU for a data interface
More management connections than expected for one device
More ARP queries than expected for one device - potential issue on large WiFi networks
VLAN ID 1 is reserved
Connecting to module CLIs using the System Management Module
Remote logging for individual FPMs
Some VDOM exception options not supported in HA mode
Configuring individual FPMs to send logs to different FortiAnalyzers
Configuring VDOMs on individual FPMs to send logs to different FortiAnalyzers
Configuring individual FPMs to send logs to different syslog servers
Configuring VDOMs on individual FPMs to send logs to different syslog servers
Firmware upgrade basics
Verifying that a firmware upgrade is successful
Installing firmware on individual FIMs or FPMs
Upgrading the firmware on an individual FIM
Upgrading the firmware on an individual FPM
Installing FIM firmware from the BIOS after a reboot
Installing FPM firmware from the BIOS after a reboot
Synchronizing FIMs and FPMs after upgrading the primary FIM firmware from the BIOS
Replacing a failed FPM or FIM
Resolving FIM or FPM boot device I/O errors
Formatting an FIM boot device and installing new firmware
Formatting an FPM boot device and installing new firmware
Failover in a standalone FortiGate 7000E
Adjusting global DP2 timers
Resetting to factory defaults
Restarting the FortiGate 7000E
Packet sniffing for FIM and FPM packets
Packet sniffing on integrated switch fabric (ISF) interfaces
Diagnose debug flow trace for FPM and FIM activity
FortiGate 7000E config CLI commands
FortiGate 7000E execute CLI commands
Change log