More management connections than expected for one device
The FortiGate-6000 and 7000 may show more management-related network activity than most FortiGate devices. This occurs because many management functions are handled independently by each FortiGate-6000 management board and individual FPCs and by each FortiGate-7000 FIM and FPM.
For example, when a FortiGate-6000 first starts up, the management board and all of the FPCs perform their DNS lookups. Resulting in more DNS-related traffic during startup than expected for a single device. Once the system is processing data traffic, the amount of management traffic would be proportional to the amount of traffic the system is processing.