1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate-7030E
  6. System manual

Fortinet FortiGate-7030E System Manual

Hide thumbs Also See for FortiGate-7030E:
Table of Contents

Advertisement

Quick Links

Download this manual
FortiGate-7030E System Guide
FortiGate-7000E Series

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate-7030E

Summary of Contents for Fortinet FortiGate-7030E

  • Page 1 FortiGate-7030E System Guide FortiGate-7000E Series...
  • Page 2 FORTINET DOCUMENT LIBRARY https://docs.fortinet.com FORTINET VIDEO GUIDE https://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE & SUPPORT https://support.fortinet.com FORTINET TRAINING & CERTIFICATION PROGRAM https://www.fortinet.com/support-and-training/training.html NSE INSTITUTE https://training.fortinet.com FORTIGUARD CENTER https://fortiguard.com/ END USER LICENSE AGREEMENT https://www.fortinet.com/doc/legal/EULA.pdf FEEDBACK techdoc@fortinet.com Email: April 13, 2020 FortiGate-7030E 6.2.3 System Guide...

  • Page 3: Table Of Contents

    Front mounting brackets Left and right cable management brackets Front cable management bracket (FortiGate-7030E-QSFP28 only) Power cord clamps Mounting the FortiGate-7030E chassis in a four-post rack Mounting the FortiGate-7030E chassis in a two-post rack Air flow Inserting FIM and FPM modules...
  • Page 4 Connecting to the SMC SDI CLI of the FPM module in slot 3 Changing the SMM admin account password Connecting to the SMM using an IPMI tool FortiGate-7030E chassis slots IPMB addresses Rebooting a chassis module from the SMC SDI CLI Comlog...

  • Page 5: Change Log

    Optional accessories and replacement parts on page 10 DC PSUs and supplying DC power to the chassis on page October 29, 2019 Misc changes. October 23, 2019 New version of this document with fixes and changes throughout. FortiGate-7030E System Guide...

  • Page 6: Fortigate-7030E Chassis

    2+1 redundant 100-240 VAC, 50-60 Hz power supply units (PSUs). You can also optionally add a fourth PSU. The FortiGate-7030E can also be equipped with DC PSUs allowing you to connect the chassis to -48V DC power. FortiGate-7030E front panel The FortiGate-7030E chassis is managed by a single System Management Module (SMM) that includes an Ethernet connection as well as two switchable console ports that provide console connections to the modules in the chassis slots.

  • Page 7: Fim Modules

    PSUs (PWR1 and PWR2) must be connected to power. PWR4 is a backup power supply. You can add a fourth power supply to PWR3 to provide a second backup power supply. The back panel includes the FortiGate-7030E chassis ground connector that must be connected to ground.

  • Page 8: Registering Your Fortigate-7030E

    Registering your FortiGate-7030E FortiGate-7000 series products are registered according to the chassis serial number. You need to register your chassis to receive Fortinet customer services such as product updates and customer support. You must also register your https://support.fortinet.com product for FortiGuard services. Register your product by visiting .

  • Page 9: Chassis Hardware Information

    FIM. FPMs include NP6 processors to offload sessions from the FPM CPU and CP9 processors that accelerate content processing. Chassis hardware information This section introduces FortiGate-7030E hardware components and accessories including power requirements and FIM and FPM modules that can be installed in the chassis. Shipping components...

  • Page 10: Optional Accessories And Replacement Parts

    FPM and FIM single slot cover trays to be installed in empty chassis slots Physical description of the FortiGate-7030E chassis The FortiGate-7030E chassis is a 6U chassis that can be installed in a standard 19-inch rack. The following table describes the physical characteristics of the FortiGate-7030E chassis.

  • Page 11: Cooling Fans, Cooling Air Flow, And Minimum Clearance

    Cooling fans, cooling air flow, and minimum clearance The FortiGate-7030E chassis contains three hot swappable cooling fan trays installed in the back of the chassis. Each fan tray includes two fans that operate together. The fan tray includes two LEDs, one for each fan. When these LEDs are green both fans are operating normally.

  • Page 12: Cooling Air Flow And Required Minimum Air Flow Clearance

    80% of cooling air comes from the front panel air intake and 20% from the left and right side panels and 100% exits out the back. Side clearance is optional and chassis cooling will be sufficient if no side clearance is available. FortiGate-7030E 6.2.3 System Guide...

  • Page 13: Optional Air Filters

    AC PSUs and supplying AC power to the chassis The FortiGate-7030E chassis back panel includes three hot swappable AC or DC power supply units (PSUs). At least two PSUs (PWR1 and PWR2) must be connected to power. PWR4 is a backup power supply and provides 2+1 redundancy.

  • Page 14: Hot Swapping An Ac Psu

    DC PSUs and supplying DC power to the chassis The DC version of the FortiGate-7030E chassis front panel comes with three hot swappable 48-72V to 12V 125A DC PSUs. Each PSU has a Internal 60A/170VDC fast blow fuse on the DC line input.
  • Page 15 Input voltage outside of normal operating range, PSU fan not operating, or output voltage outside of normal operating range. Flashing Amber Warning that power input or output is close to outside of normal operating range. PSU should be replaced. FortiGate-7030E 6.2.3 System Guide...

  • Page 16: Crimping Guidelines

    -48VDC (black) You need the following equipment to connect the primary FortiGate-7030E PSUs to DC power: An electrostatic discharge (ESD) preventive wrist strap with connection cord. One black 8 AWG stranded wire with attached UL approved ring terminal for 8/M4 studs with ext ring diameter <...

  • Page 17: Hot Swapping A Dc Psu

    Connecting the FortiGate-7030E chassis to ground The FortiGate-7030E chassis includes a ground terminal on the rear the bottom of the FortiGate-7030E back panel. The ground terminal provides two connectors to be used with a double-holed lug such as Thomas & Betts PN 54850BE. This connector must be connected to a local ground connection.

  • Page 18: Turning On Fortigate-7030E Chassis Power

    1. Attach the ESD wrist strap to your wrist and to an ESD socket or to a bare metal surface on the chassis or frame. 2. Make sure that the chassis and ground wire are not energized. 3. Connect the green ground wire from the local ground to the ground connector on the FortiGate-7030E chassis. 4. Secure the ground wire to the chassis.

  • Page 19: Fortigate-7030E Hardware Assembly And Rack Mounting

    FortiGate-7030E hardware assembly and rack mounting The FortiGate-7030E chassis must be mounted in a standard 19-inch rack and requires 6U of vertical space in the rack. This chapter describes how to attach accessories to the FortiGate-7030E chassis, how to install the chassis in a 4-post or 2-post rack, and how to install FIM and FPM modules in the chassis front panel slots.

  • Page 20: Front Cable Management Bracket (Fortigate-7030E-Qsfp28 Only)

    (FIM-7920E only) Front cable management bracket (FortiGate-7030E-QSFP28 only) The FIM-7920E module included with a FortiGate-7030E-QSFP28 ships with an optional front cable management bracket that helps support the relatively large QSFP28 transceivers used with this module. If you decide to use the front cable management bracket, install it by attaching it to the left and right cable management brackets.

  • Page 21: Mounting The Fortigate-7030E Chassis In A Four-Post Rack

    Mounting the FortiGate-7030E chassis in a four-post rack The FortiGate-7030E package includes an set of extendable brackets that you can use to mount the chassis in a 4-post rack. Install the brackets to create a 4-post rack mount tray that the chassis will slide on to. Attach each side of the tray to the 4-post rack using the front and back brackets as shown below.

  • Page 22: Air Flow

    Air flow For rack installation, make sure that the amount of air flow required for safe operation of the FortiGate-7030E chassis is not compromised. Make sure that the chassis ventilation openings at the front and back are not blocked by cables or other components.
  • Page 23 FortiGate-7030E hardware assembly and rack mounting Fortinet Technologies Inc. To insert FIM and FPM modules, see the guide supplied with the module. FIM-7920E front panel Status, Alarm C1 to C4 HA, and Power MGMT1 - MGMT4 100GigE Fabric Channel LEDS...

  • Page 24: Getting Started With Fortigate-7000

    VDOM and a management VDOM named mgmt-vdom . The management interface (mgmt) and the HA heartbeat interfaces (M1 and M2) are in mgmt-vdom and all of the data interfaces are in the root VDOM. FortiGate-7030E 6.2.3 System Guide Fortinet Technologies Inc.

  • Page 25: Confirming Startup Status

    FIM10E3E16000040, Slave, uptime=53707.36, priority=4, slot_id=1:2, idx=2, flag=0x10, in_sync=1 FPM20E3E16900234, Slave, uptime=53790.98, priority=16, slot_id=2:3, idx=4, flag=0x64, in_sync=1 FPM20E3E16900269, Slave, uptime=53783.67, priority=17, slot_id=2:4, idx=5, flag=0x64, in_sync=1 FPM20E3E17900113, Slave, uptime=53783.78, priority=116, slot_id=1:3, idx=6, flag=0x64, in_sync=1 FPM20E3E17900217, Slave, uptime=53784.11, priority=117, slot_id=1:4, idx=7, flag=0x64, in_sync=1 FortiGate-7030E 6.2.3 System Guide...

  • Page 26: Setting Up Management Connections

    From the GUI, access the Global GUI and go to System > Administrators , edit the admin account, and select Change Password . From the CLI: config global config system admin edit admin FortiGate-7030E 6.2.3 System Guide...

  • Page 27: Changing Data Interface Network Settings

    <interface-name> set ip <ip-address> <netmask> Resetting to factory defaults At any time during the configuration process, if you run into problems, you can reset the FortiGate-7030E to factory defaults and start over. From the primary FIM CLI enter: config global...

  • Page 28: Managing Individual Fortigate-7000 Fims And Fpms

    SSL VPN), does not affect the special management port numbers. FortiGate-7000 special management port numbers Slot Number Slot Address HTTP HTTPS (443) Telnet SSH (22) SNMP (161) (80) (23) FPM03 8003 44303 2303 2203 16103 FortiGate-7030E 6.2.3 System Guide Fortinet Technologies Inc.

  • Page 29: Ha Mode Special Management Port Numbers

    After you log in to a different module in this way, you can't use the execute load-balance slot manage command to log in to another module. Instead you must use the exit command to revert back to the CLI of the FortiGate-7030E 6.2.3 System Guide...

  • Page 30: Connecting To Individual Fim And Fpm Clis Of The Secondary Fortigate-7000 In An Ha Configuration

    After you have logged in, you can manage the secondary FortiGate-7000 from the primary FIM or you can use the execute-load-balance slot manage command to connect to the CLIs of the other FIM and the FPMs in the secondary FortiGate-7000. FortiGate-7030E 6.2.3 System Guide...

  • Page 31: Firmware Upgrades

    Firmware upgrades In addition to introducing the basics of upgrading FortiGate-7030E firmware, this section describes how to: Upgrade the firmware running on individual FPCs. Upgrade the management board firmware from the BIOS and reset the configuration of all of the FPCs.

  • Page 32: Upgrading The Firmware Running On Individual Fims Or Fpms

    MGMT interface. If you perform the firmware upgrade from the CLI, the FIM must be able to communicate with an FTP or TFTP server. During the upgrade, the FIM will not be able to process traffic. However, the other FIM and the FPMs should continue to operate normally. FortiGate-7030E 6.2.3 System Guide...

  • Page 33: Upgrading Fpm Firmware

    CLI of the FIM or FPM and restart it using the execute reboot command.If this does not solve the problem, contact Fortinet Support at https://support.fortinet.com The example output also shows that the uptime of the FIM in slot 2 is lower than the uptime of the other modules, indicating that the FIM in slot 2 has recently restarted.

  • Page 34: Installing Fim Firmware From The Bios After A Reboot

    If this does not solve the problem, contact Fortinet Support at The command output also shows that the uptime of the FPM in slot 4 is lower than the uptime of the other modules, indicating that the FPM in slot 4 has recently restarted.
  • Page 35 If this does not solve the problem, contact Fortinet Support at The command output also shows that the uptime of the FIM in slot 2 is lower than the uptime of the other modules, indicating that the FIM in slot 2 has recently restarted.

  • Page 36: Installing Fpm Firmware From The Bios After A Reboot

    11. To set up the TFTP configuration, press C. 12. Use the BIOS menu to set the following. Change settings only if required. [P]: Set image download port: FIM01 (the FIM that can communicate with the TFTP server). [D]: Set DHCP mode: Disabled. FortiGate-7030E 6.2.3 System Guide...
  • Page 37 . https://support.fortinet.com If this does not solve the problem, contact Fortinet Support at The command output also shows that the uptime of the FPM in slot 4 is lower than the uptime of the other modules, indicating that the FPM in slot 4 has recently restarted.

  • Page 38: Synchronizing Fims And Fpms After Upgrading The Primary Fim Firmware From The Bios

    FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1 FIM10E3E16000040, Slave, uptime=69346.99, priority=2, slot_id=1:2, idx=1, flag=0x0, in_sync=1 FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1 FIM10E3E16000040, Slave, uptime=69346.99, priority=2, slot_id=1:2, idx=1, flag=0x0, in_sync=1 FPM20E3E17900217, Slave, uptime=69387.74, priority=20, slot_id=1:4, idx=2, flag=0x64, in_sync=1 FortiGate-7030E 6.2.3 System Guide...

  • Page 39: Fortigate-7030E System Management Module

    FortiGate-7030E System Management Module The FortiGate-7030E chassis includes a System Management Module (SMM) or shelf manager, located at the top right of the chassis front panel. The SMM is factory installed and configured and is not field replaceable. FortiGate-7030E SMM front panel...

  • Page 40: System Management Module Failure

    FortiGate-7030E System Management Module Fortinet Technologies Inc. System Management Module failure If the SSM fails, you should RMA the chassis. The chassis and the modules in it will continue to operate with no functioning SMM until you can replace the chassis. If there is no functioning SMM, the chassis fans operate at maximum speed and the FIM and FPM modules in the chassis switch to standalone mode and manage their own power.
  • Page 41 FortiGate-7030E System Management Module Fortinet Technologies Inc. State Description Blinking red At least one temperature sensor is detecting a temperature outside of the acceptable operating range. In this case an upper critical (UC) temperature. The SMM increases fan speed to the maximum level. This also indicates possible problems with the cooling system and could mean that the ambient temperature is too high.

  • Page 42: About Smm Alarm Levels

    FortiGate-7030E System Management Module Fortinet Technologies Inc. State Description PSU (LEDs for each of four The PSU is not installed in the chassis. PSUs) Green The PSU is present and operating normally. Blinking red The PSU module is installed but no power is being delivered (not plugged in).

  • Page 43: Connecting To The Fortios Cli Of The Fim Module In Slot 1

    FortiGate-7030E System Management Module Fortinet Technologies Inc. Each module, including the SMM, includes an SMC SDI console. These consoles are used for low level programming of the module using an IPMI tool and are disabled by default. You can enable serial access to individual module SMC SDI consoles from the SMM SMC SDI CLI using the command serial set sdi enable <slot>...

  • Page 44: Connecting To The Smc Sdi Cli Of The Fpm Module In Slot 3

    FortiGate-7030E System Management Module Fortinet Technologies Inc. <Switching to Console: FIM01 (9600)> 5. Login with an administrator name and password. The default is admin with no password. For security reasons, it is strongly recommended that you change the password. 6. When your session is complete, enter the exit command to log out.

  • Page 45: Connecting To The Smm Using An Ipmi Tool

    -I lanplus -H <mgmt-ip> -k gkey -U <username> -P <password0> -t 0x82 sensor FortiGate-7030E chassis slots IPMB addresses The following table lists the IPMB addresses of the FortiGate-7030E chassis slots. Chassis slot number Name IPMB Address (FRUID)

  • Page 46: Comlog

    FortiGate-7030E System Management Module Fortinet Technologies Inc. Use the following command to power off the module in slot 4: fru deactivate 4 Use the following command to power on the FIM module in slot 2 (IPMI address 0x84): fru activate 0x84 Use the following IPMI command to reset the module SMC to reboot the module in slot 3: sudo ipmitool -I lanplus -H 10.160.19.30 -k gkey -U admin -P admin -t 0x86 mc reset warm...

  • Page 47: System Event Log (Sel)

    FortiGate-7030E System Management Module Fortinet Technologies Inc. Description SMC CLI Commands IPMI commands by resetting the a comlog start location in flash (reset_loc) or erasing all of the flash storage (chip_erase). Available on the passive module. Disable a module's comlog.

  • Page 48: Common Smm Cli Operations

    FortiGate-7030E System Management Module Fortinet Technologies Inc. linearization parameters, sensor thresholds, and so on. The following commands display information stored in the SDR. Operation SMC CLI Commands IPMI Commands Display current local sensor values sensor <slot> sensor and sensor SDRs or sensor sensor_thresholds <slot>...
  • Page 49 FortiGate-7030E System Management Module Fortinet Technologies Inc. Action SMC CLI Commands IPMI Commands budget and hot swap state for all modules. Available on the passive module. List the IPMI channel list channel info [<channel-number>] channels. Change the SDI verbose <level>...
  • Page 50 FortiGate-7030E System Management Module Fortinet Technologies Inc. Action SMC CLI Commands IPMI Commands on the passive module. Set a user account user set password <user-id> user set password <user-id> password. Available <password> <password> on the passive module. Set the privilege level user priv <user-id>...
  • Page 51 FortiGate-7030E System Management Module Fortinet Technologies Inc. Action SMC CLI Commands IPMI Commands Cold or warm reset a mc reset <slot> cold mc reset cold module. mc reset <slot> warm mc reset warm Run a module self mc selftest test.

  • Page 52: Cautions And Warnings

    Blade Carriers, Cards and Modems must be Listed Accessories or Switch, Processor, Carrier and similar blades or cards should be UL Listed or Equivalent. Serveur-blades, cartes et modems doivent être des accessoires listés ou commutateurs, processeurs, serveurs et similaire blades ou cartes doivent être listé UL ou équivalent. FortiGate-7030E 6.2.3 System Guide Fortinet Technologies Inc.

  • Page 53: Safety

    Austreten von brennbarer Flüssigkeit oder Gas führen kann. Eine BATTERIE, die einem extrem niedrigen Luftdruck ausgesetzt ist, der zu einer EXPLOSION oder zum Austreten von brennbarer Flüssigkeit oder Gas führen kann. CAUTION: Shock Hazard. Disconnect all power sources. FortiGate-7030E 6.2.3 System Guide...
  • Page 54 Attention: Un équipement monté sur bâti ne doit pas être utilisé sur une étagère ou dans un espace de travail. Fiber optic transceiver must be rated 3.3V, 22mA max, Laser Class 1, UL certified component. Le transceiver optique doit avoir les valeurs nominales de 3.3 V, maximum 22 mA, Laser Class 1, homologué UL FortiGate-7030E 6.2.3 System Guide...

  • Page 55: Regulatory Notices

    European Conformity (CE) - EU This is a Class A product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures. FortiGate-7030E 6.2.3 System Guide Fortinet Technologies Inc.

  • Page 56: Voluntary Control Council For Interference (Vcci) - Japan

    此 为 A级 产 品 , 在 生 活 环 境 中 , 该 产 品 可 能 会 造 成 无 线 电 干 扰 。 这 种 情 况 下 , 可 能 需 要 用 户 对 其 采 取 切 实 可 行 的 措 施 。 FortiGate-7030E 6.2.3 System Guide...
  • Page 57 Copyright© 2020 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners.

Table of Contents