Table of Contents
Advertisement
SSL VPN
SSL VPN
Sending all SSL VPN sessions to the primary FPM module is recommended. You can do this by:
Creating a flow rule that sends all sessions that use the SSL VPN destination port and IP address to the primary
l
FPM module.
Creating flow rules that send all sessions that use the SSL VPN IP pool addresses to the primary FPM module.
l
Traffic shaping and DDoS policies
Each FPM module applies traffic shaping and DDoS quotas independently. Because of load-balancing, this may
allow more traffic than expected.
Sniffer mode (one-arm sniffer)
One-arm sniffer mode is only supported after creating a load balance flow rule to direct sniffer traffic to a specific
FPM module.
FortiGuard Web Filtering
All FortiGuard rating queries are sent through management aggregate interface from the management VDOM
(named dmgmt-vdom).
Log messages include a slot field
An additional "slot" field has been added to log messages to identify the FPM module that generated the log.
FortiOS Carrier
You have to apply a FortiOS Carrier license separately to each FIM and FPM module to license a FortiGate-7000
chassis for FortiOS Carrier.
Special notice for new deployment connectivity testing
Only the primary FPM module can successfully ping external IP addresses. During a new deployment, while
performing connectivity testing from the Fortigate-7000, make sure to run execute ping tests from the
primary FPM module CLI.
75
FortiGate-7000 v5.4.5 special features and limitations
FortiGate-7000
Fortinet Technologies Inc.
Advertisement
Table of Contents
