Fortinet white logo
Fortinet white logo

FortiGate-7000F Administration Guide

Replacing a failed FPM or FIM

Replacing a failed FPM or FIM

This section describes how to remove a failed FPM or FIM and replace it with a new one. The procedure is slightly different depending on if you are operating in HA mode with two FortiGate-7000Fs or just operating a standalone FortiGate-7000F.

Replacing a failed FPM or FIM in a standalone FortiGate-7000F

  1. Power down the failed FPM or FIM by pressing the front panel power button.
  2. Remove the FPM or FIM from the chassis.
  3. Insert the replacement FPM or FIM . It should power up when inserted into the chassis if the chassis has power.
  4. The FPM or FIM configuration is synchronized and its firmware is upgraded to match the firmware version on the primary FIM. The new FPM or FIM reboots.
  5. Confirm that the new FPM or FIM is running the correct firmware version either from the GUI or by using the get system status command.

    Manually update the FPM or FIM to the correct version if required. You can do this by logging into the FPM or FIM and performing a firmware upgrade.

  6. Use the diagnose sys confsync status | grep in_sy command to confirm that the configuration has been synchronized. The field in_sync=1 indicates that the configurations of the FPMs and FIMs are synchronized.

    If in_sync is not equal to 1, or if a module is missing in the command output you can try restarting the FPM or FIM in the chassis by entering execute reboot from any FPM or FIM CLI. If this does not solve the problem, contact Fortinet Support.

Replacing a failed FPM or FIM in a FortiGate-7000F chassis in an HA cluster

  1. Power down the failed FPM or FIM by pressing the front panel power button.
  2. Remove the FPM or FIM from the chassis.
  3. Insert the replacement FPM or FIM . It should power up when inserted into the chassis if the chassis has power.
  4. The FPM or FIM configuration is synchronized and its firmware is upgraded to match the configuration and firmware version on the primary FIM. The new FPM or FIM reboots.
  5. Confirm that the FPM or FIM is running the correct firmware version.
    Manually update the FPM or FIM to the correct version if required. You can do this by logging into the FPM or FIM and performing a firmware upgrade.
  6. Configure the new FPM or FIM for HA operation. For example:

    config system ha

    set mode a-p

    set chassis-id 1

    set hbdev m1 m2

    set hbdev-vlan-id 999

    set hbdev-second-vlan-id 990

    end

  7. Optionally configure the hostname:

    config system global

    set hostname <name>

    end

    The HA configuration and the hostname must be set manually because HA settings and the hostname is not synchronized.

  8. Use the diagnose sys confsync status | grep in_sy command to confirm that the configuration has been synchronized. The field in_sync=1 indicates that the configurations of the FPMs and FIMs are synchronized.

    If in_sync is not equal to 1, or if a module is missing in the command output you can try restarting the FPM or FIM in the chassis by entering execute reboot from any module CLI. If this does not solve the problem, contact Fortinet support at https://support.fortinet.com.

Replacing a failed FPM or FIM

Replacing a failed FPM or FIM

This section describes how to remove a failed FPM or FIM and replace it with a new one. The procedure is slightly different depending on if you are operating in HA mode with two FortiGate-7000Fs or just operating a standalone FortiGate-7000F.

Replacing a failed FPM or FIM in a standalone FortiGate-7000F

  1. Power down the failed FPM or FIM by pressing the front panel power button.
  2. Remove the FPM or FIM from the chassis.
  3. Insert the replacement FPM or FIM . It should power up when inserted into the chassis if the chassis has power.
  4. The FPM or FIM configuration is synchronized and its firmware is upgraded to match the firmware version on the primary FIM. The new FPM or FIM reboots.
  5. Confirm that the new FPM or FIM is running the correct firmware version either from the GUI or by using the get system status command.

    Manually update the FPM or FIM to the correct version if required. You can do this by logging into the FPM or FIM and performing a firmware upgrade.

  6. Use the diagnose sys confsync status | grep in_sy command to confirm that the configuration has been synchronized. The field in_sync=1 indicates that the configurations of the FPMs and FIMs are synchronized.

    If in_sync is not equal to 1, or if a module is missing in the command output you can try restarting the FPM or FIM in the chassis by entering execute reboot from any FPM or FIM CLI. If this does not solve the problem, contact Fortinet Support.

Replacing a failed FPM or FIM in a FortiGate-7000F chassis in an HA cluster

  1. Power down the failed FPM or FIM by pressing the front panel power button.
  2. Remove the FPM or FIM from the chassis.
  3. Insert the replacement FPM or FIM . It should power up when inserted into the chassis if the chassis has power.
  4. The FPM or FIM configuration is synchronized and its firmware is upgraded to match the configuration and firmware version on the primary FIM. The new FPM or FIM reboots.
  5. Confirm that the FPM or FIM is running the correct firmware version.
    Manually update the FPM or FIM to the correct version if required. You can do this by logging into the FPM or FIM and performing a firmware upgrade.
  6. Configure the new FPM or FIM for HA operation. For example:

    config system ha

    set mode a-p

    set chassis-id 1

    set hbdev m1 m2

    set hbdev-vlan-id 999

    set hbdev-second-vlan-id 990

    end

  7. Optionally configure the hostname:

    config system global

    set hostname <name>

    end

    The HA configuration and the hostname must be set manually because HA settings and the hostname is not synchronized.

  8. Use the diagnose sys confsync status | grep in_sy command to confirm that the configuration has been synchronized. The field in_sync=1 indicates that the configurations of the FPMs and FIMs are synchronized.

    If in_sync is not equal to 1, or if a module is missing in the command output you can try restarting the FPM or FIM in the chassis by entering execute reboot from any module CLI. If this does not solve the problem, contact Fortinet support at https://support.fortinet.com.