Fortinet black logo

FortiGate-7000 Release Notes

Home FortiGate-7000 7.0.15 FortiGate-7000 Release Notes
7.0.15
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.2.3
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
5.6.6
5.4.9
5.4.5
5.4.3

Default FortiGate-6000 and 7000 configuration for traffic that cannot be load balanced

Default FortiGate-6000 and 7000 configuration for traffic that cannot be load balanced

The default configure load-balance flow-rule command contains the recommended default flow rules that control how the FortiGate-6000 or 7000 handles traffic types that cannot be load balanced. Most of the flow rules in the default configuration are enabled and are intended to send common traffic types that cannot be load balanced to the primary FPC or FPM.

Note

Starting with FortiOS 7.0.13, you can find text files containing the FortiGate 6000F, 7000E and 7000F default flow rules in the same folders as firmware images on the Fortinet Support Download Firmware Images page by selecting the FortiGate-6K7K product.

FortiGate-6000F, 7000E, and 7000F for FortiOS 7.0.15 have the same default flow rules with one exception.

The FortiGate- 7000E includes the following flow rule; which sends VRRP packets to all FPMs:

config load-balance flow-rule
    edit 20
        set status enable
        set vlan 0
        set ether-type ip
        set protocol vrrp
        set action forward
        set forward-slot all
        set priority 6
        set comment "vrrp to all blades"
    next
end

For the FortiGate-6000F and 7000F, the VRRP flow rule sends all VRRP packets to the primary FPC or FPM:

config load-balance flow-rule
    edit 20
        set status enable
        set vlan 0
        set ether-type ip
        set protocol vrrp
        set action forward
        set forward-slot master
        set priority 6
        set comment "vrrp to primary blade"
    next
end

All other default flow rules identify the traffic type using the options available in the command and direct matching traffic to the primary (or master) FPC or FPM (action set to forward and forward-slot set to master). Each default flow rule also includes a comment that identifies the traffic type.

The default configuration also includes disabled flow rules for Kerberos and PPTP traffic. Normally, you would only need to enable these flow rules if you know that your FortiGate will be handling these types of traffic.

Previous
Next

Default FortiGate-6000 and 7000 configuration for traffic that cannot be load balanced

The default configure load-balance flow-rule command contains the recommended default flow rules that control how the FortiGate-6000 or 7000 handles traffic types that cannot be load balanced. Most of the flow rules in the default configuration are enabled and are intended to send common traffic types that cannot be load balanced to the primary FPC or FPM.

Note

Starting with FortiOS 7.0.13, you can find text files containing the FortiGate 6000F, 7000E and 7000F default flow rules in the same folders as firmware images on the Fortinet Support Download Firmware Images page by selecting the FortiGate-6K7K product.

FortiGate-6000F, 7000E, and 7000F for FortiOS 7.0.15 have the same default flow rules with one exception.

The FortiGate- 7000E includes the following flow rule; which sends VRRP packets to all FPMs:

config load-balance flow-rule
    edit 20
        set status enable
        set vlan 0
        set ether-type ip
        set protocol vrrp
        set action forward
        set forward-slot all
        set priority 6
        set comment "vrrp to all blades"
    next
end

For the FortiGate-6000F and 7000F, the VRRP flow rule sends all VRRP packets to the primary FPC or FPM:

config load-balance flow-rule
    edit 20
        set status enable
        set vlan 0
        set ether-type ip
        set protocol vrrp
        set action forward
        set forward-slot master
        set priority 6
        set comment "vrrp to primary blade"
    next
end

All other default flow rules identify the traffic type using the options available in the command and direct matching traffic to the primary (or master) FPC or FPM (action set to forward and forward-slot set to master). Each default flow rule also includes a comment that identifies the traffic type.

The default configuration also includes disabled flow rules for Kerberos and PPTP traffic. Normally, you would only need to enable these flow rules if you know that your FortiGate will be handling these types of traffic.

Previous
Next