Fortinet FortiGate-7060E System Manual

FortiGate-7060E System Guide

7000

FORTINET DOCUMENTLIBRARY

http://docs.fortinet.com

FORTINETVIDEOGUIDE

http://video.fortinet.com

FORTINETBLOG

https://blog.fortinet.com

CUSTOMERSERVICE&SUPPORT

https://support.fortinet.com

http://cookbook.fortinet.com/how-to-work-with-fortinet-support/

FORTIGATECOOKBOOK

http://cookbook.fortinet.com

FORTINETTRAININGSERVICES

http://www.fortinet.com/training

FORTIGUARDCENTER

http://www.fortiguard.com

FORTICAST

http://forticast.fortinet.com

ENDUSER LICENSE AGREEMENT

http://www.fortinet.com/doc/legal/EULA.pdf

FORTINET PRIVACY POLICY

https://www.fortinet.com/corporate/about-us/privacy.html

FEEDBACK

Email: techdocs@fortinet.com

Monday, March 26, 2018

FortiGate-7060E System Guide

01-540-411632-20180326

TABLEOFCONTENTS

FortiGate-7060E Chassis 5

FortiGate-7060E front panel 5

FIM modules 6

FPM-7620E FPMmodules 6
FortiGate-7060E back panel 7
Registering your FortiGate-7060E chassis 7
FortiGate-7060E chassis schematic 8
Chassis hardware information 9

Shipping components 9

Optional accessories and replacement parts 9

Physical description of the FortiGate-7060E chassis 10
Cooling fans, cooling air flow, and minimum clearance 11

Cooling air flow and required minimum air flow clearance 12
Optional air filters 13
AC Power Supply Units (PSUs) and supplying AC power to the chassis 13

Hot Swapping an AC PSU 13
DC Power Supply Units (PSUs) and supplying DC power to the chassis 14

Crimping guidelines 15

Connecting a FortiGate-7060E PSU to DC power 16

Hot Swapping a DC PSU 17
Connecting the FortiGate-7060E chassis to ground 17
Turning on FortiGate-7060E chassis power 18

FortiGate-7060E hardware assembly and rack mounting 19

Installing accessories 20
Mounting the FortiGate-7060E chassis in a four-post rack 21
Mounting the FortiGate-7060E chassis in a two-post rack 22

Air flow 22
Inserting FIM and FPM-7000 series modules 23

Recommended slot locations for interface modules 23

FortiGate-7060E Management Modules 24

Management module failure 25
Management Module LEDs 25
About management module alarm levels 28
Using the console ports 28

Connecting to the FortiOS CLI of the FIM module in slot 1 29
Connecting to the FortiOS CLI of the FIM module in slot 2 30
Connecting to the SMC SDI CLI of the FPMmodule in slot 3 30
Changing the management module admin account password 30
Connecting to the management module using an IPMItool 31
FortiGate-7060E chassis slots IPMB addresses 31
Rebooting a chassis module from the SMC SDI CLI 32
Comlog 32
System event log (SEL) 34
Sensor data record (SDR) 34
Common management module CLI operations 35

Cautions and Warnings 39

Environmental Specifications 39
Safety 40

Regulatory Notices 42

Federal Communication Commission (FCC) – USA 42
Industry Canada Equipment Standard for Digital Equipment (ICES) – Canada 42
European Conformity (CE) - EU 42
Voluntary Control Council for Interference (VCCI) – Japan 43
Product Safety Electrical Appliance & Material (PSE) – Japan 43
Bureau of Standards Metrology and Inspection (BSMI) – Taiwan 43
China 43

FortiGate-7060E front panel FortiGate-7060E Chassis

ESD

socket

FPM-7620E

slot 3

FPM-7620E

slot 4

FIM-7910E

slots 1 and 2

FPM-7620E

slot 5

FPM-7620E

slot 6

Management Module 2Management Module 1

Power

Supply 6

(empty)

Power

Supply 5

(empty)

Power

Supply 1

Power

Supply 4

Power

Supply 2

Power

Supply 3

FortiGate-7060E Chassis

The FortiGate-7060E is a 8U 19-inch rackmount 6-slot chassis with a 80Gbps fabric and 1Gbps base backplane
designed by Fortinet. The fabric backplane provides network data communication and the base backplane
provides management and synch communication among the chassis slots.

FortiGate-7060E front panel

The chassis is managed by two redundant management modules. Each module includes an Ethernet connection
as well as two switchable console ports that provide console connections to the modules in the chassis slots. The
active management module controls chassis cooling and power management and provides an interface for
managing the modules installed in the chassis.

FortiGate-7060E front panel, (showing AC PSUs, example module configuration)

5 FortiGate-7060E System Guide

Fortinet Technologies Inc.

FortiGate-7060E Chassis FortiGate-7060E front panel

Do not operate the FortiGate-7060E chassis with open slots on the front or back panel.
For optimum cooling performance and safety, each chassis slot must contain an FIM
or FPM module or an FIM or FPM blank panel (also called a dummy card). For the
same reason, all cooling fan trays, power supplies or power supply slot covers must be
installed while the chassis is operating.

Power is provided to the chassis using four hot swappable 3+1 redundant 100-240 VAC, 50-60 Hz AC or -48V DC
power supply units (PSUs). At least three PSUs (power supplies 1 to 3) must be connected to power. Power
supply 4 is a backup power supply. You can add a 5th or 6th power supply for 3+2 and 3+3 redundancy.

The standard configuration of the FortiGate-7060E includes two FIM (interface) modules in chassis slots 1 and 2
and up to four FPM (processing) modules in chassis slots 3 to 6.

FIM modules

FIM modules are hot swappable interface modules that provide data and management interfaces, base
backplane switching and fabric backplane session-aware load balancing for the chassis. The FIM modules
include an integrated switch fabric and DP2 processors to load balance millions of data sessions over the chassis
fabric backplane to FPM processor modules. The following FIM modules are available:

l The FIM-7901E includes thirty-two front panel 10GigE SFP+ fabric channel interfaces (A1 to A32). These interfaces

are connected to 10Gbps networks. These interfaces can also be configured to operate as Gigabit Ethernet
interfaces using SFP transceivers.

l The FIM-7904E includes eight front panel 40GigE QSFP+ fabric channel interfaces (B1 to B8). These interfaces are

connected to 40Gbps networks. Using 40GBASE-SR4 multimode QSFP+ transceivers, each QSFP+ interface can
also be split into four 10GBASE-SR interfaces and connected to 10Gbps networks.

l The FIM-7910E (shown in FIM modules on page 6) includes four front panel 100GigE CFP2 fabric channel

interfaces (C1 to C4). These interfaces can be connected to 100Gbps networks. Using 100GBASE-SR10 multimode
CFP2 transceivers, each CFP2 interface can also be split into ten 10GBASE-SR interfaces and connected to
10Gbps networks.

l The FIM-7920E includes four front panel 100GigE QSFP28 fabric channel interfaces (C1 to C4). These interfaces

can be connected to 100Gbps networks. Using a 100GBASE-SR4 QSFP28 or 40GBASE-SR4 QSFP+ transceiver,
each QSFP28 interface can also be split into four 10GBASE-SR interfaces and connected to 10Gbps networks.

If you are installing different FIM modules in the FortiGate-7060E chassis, for optimal
configuration you should install the module with the lower model number in slot 1 and
the module with the higher number in slot 2. For example, if your chassis includes a
FIM-7901E and a FIM-7904E, install the FIM-7901E in chassis slot 1 and the FIM­7904E in chassis slot 2. Also, for example, if your chassis includes a FIM-7904E and a
FIM-7920E, install the FIM-7904E in chassis slot 1 and the FIM-7920E in chassis slot

2. This applies to any combination of two different interface modules.

FPM-7620E FPMmodules

The FPM-7620E modules are hot swappable processor modules that provide FortiOS firewalling and security
services. The FPM modules function as workers, processing sessions load balanced to them by the FIM modules.
FPM modules include multiple NP6 network processors and CP9 content processors to accelerate traffic.

FortiGate-7060E System Guide
Fortinet Technologies Inc.

6

FortiGate-7060E back panel FortiGate-7060E Chassis

Fan Tray 1Fan Tray 2Fan Tray 3

Chassis

Ground

Connector

FortiGate-7060E back panel

The FortiGate-7060E back panel provides access to three hot swappable cooling fan trays and the chassis ground
connector that must be connected to ground.

FortiGate-7060E back panel

Registering your FortiGate-7060E chassis

FortiGate-7000 series products are registered according to the chassis serial number. You need to register your
chassis to receive Fortinet customer services such as product updates and customer support. You must also
register your product for FortiGuard services. Register your product by visiting https://support.fortinet.com. To

7 FortiGate-7060E System Guide

Fortinet Technologies Inc.

FortiGate-7060E Chassis FortiGate-7060E chassis schematic

IPMB
SERIAL

IPMB
SERIAL

IPMB
SERIAL

IPMB
SERIAL

NP6

CP9

NP6

CP9

SMC SDI

ISF

DP2

ISF

DP2

IPMB
SERIAL
1G

SMC SDISMC SDI

MGMT2 (active by default, IPMB 0x20)MGMT1 (inactive by default, IPMB 0x22)

FPM Module

FIM Module

FIM Module

FPM Module

FPM3 IPMB 0x86

IPMB
SERIAL

NP6

CP9

SMC SDI

FPM Module

FPM5 IPMB 0x8A

FPM4 IPMB 0x88

FIM1 IPMB 0x82

FIM2 IPMB 0x84

PMB 0x82

SMC SDI

PMB 0x84

SMC SDI

PMB 0x88

SMC SDI

IPMB
SERIAL

NP6

CP9

FPM Module

FPM6 IPMB 0x8C

SMC SDI

Data

Interfaces

MGMT

1-4

M1 M2

Data

Interfaces

MGMT

1-4

M1 M2

Fabric Backplane

1G

1G

1G

1G

1G

1G

80G
80G
80G
80G

80G
80G
80G
80G

80G

80G

80G

80G

80G

80G

80G

80G

40G

40G

Base Backplane

register, enter your contact information and the serial numbers of the Fortinet products that you or your
organization have purchased.

FortiGate-7060E chassis schematic

The FortiGate-7060E chassis schematic below shows the communication channels between chassis components
including the management modules (MGMT), the FIM modules (called FIM1 and FIM2) and the FPM modules
(FPM3, FPM4, FPM5, and FPM6).

By default MGMT2 is the active management module and MGMT1 is inactive. The active management module
always has the IPMB address 0x20 and the inactive management module always has the IPMB address 0x22.

The active management module communicates with all modules in the chassis over the base backplane. Each
module, including the management modules has a Shelf Management Controller (SMC). These SMCs support
Intelligent Platform Management Bus (IPMB) communication between the active management module and the
FIM and FPM modules for storing and sharing sensor data that the management module uses to control chassis
cooling and power distribution. The base backplane also supports serial communications to allow console access
from the management module to all modules, and 1Gbps Ethernet communication for management and
heartbeat communication betweenmodules.

FortiGate-7060E System Guide
Fortinet Technologies Inc.

FIM1 and FIM2 (IPMB addresses 0x82 and 0x84) are the FIM modules in slots 1 and 2. The interfaces of these
modules connect the chassis to data networks and can be used for Ethernet management access to chassis
components. The FIM modules include DP2 processors that distribute sessions over the Integrated Switch Fabric
(ISF) to the NP6 processors in the FPMmodules. Data sessions are communicated to the FPM modules over the
80Gbps chassis fabric backplane.

8

Chassis hardware information FortiGate-7060E Chassis

FPM03, FPM04, FPM05, and FPM06 (IPMB addresses 0x86, 0x88, 0x8A, and 0x8C) are the FPM processor
modules in slots 3 to 6. These worker modules process sessions distributed to them by the FIMmodules.
FPMmodules include NP6 processors to offload sessions from the FPM CPU and CP9 processors that accelerate
content processing.

Chassis hardware information

This section introduces FortiGate-7060E hardware components and accessories including power requirements
and FIMand FPM modules that can be installed in the chassis.

Shipping components

The FortiGate-7060E chassis ships pre-assembled with the following components:

l The 8U FortiGate-7060E chassis

l Two FIM modules

l Up to four FPM modules

l Two management modules in the front of the chassis. (Management modules are not field replacable. If a

management module fails you must RMA the chassis. The chassis will continue to operate with one or no operating
management modules.)

l Four Power Supply Units (PSUs) installed in the front of the chassis

l Three cooling fan trays installed in the back of the chassis

l One protective front panel installed in the chassis to protect internal chassis components. This panel must be

removed before installing FIM and FPM modules.

l Four power cords with C15 power connectors

l Four power cord management clamps

l One set of 4-post rack mounting components

l One set of 2-post rack mounting components

l One pair of cable management side brackets

l Two front mounting brackets

l Twenty M4x6 flat-head screws

l Six M4x8 large head pan-head screws

l Six rubber feet

l Two console cables

l One RJ-45 Ethernet cable

Optional accessories and replacement parts

The following optional accessories can be ordered separately:

SKU Description

FG-7060E-FAN FortiGate-7060E fan tray.

9 FortiGate-7060E System Guide

Fortinet Technologies Inc.

FortiGate-7060E Chassis Chassis hardware information

SKU Description

FG-7060E-PS-AC 1500W AC power supply units (PSUs) for the FortiGate-7060E.

FG-7060E-PS-DC 1500W DC power supply units (PSUs) for the FortiGate-7060E.

FG-7060E-CHASSIS

FortiGate-7060E chassis including 2x management module, 3x fan trays, and 4x AC or
DC PSUs.

You can also order the following:

l Additional FIM and FPM modules

l Transceivers

l DC PSUs

l Air Filter kit

l FPM and FIM single slot cover trays to be installed in empty chassis slots

The following optional accessories can be ordered separately:

l Additional FIM and FPM modules

l Transceivers

l DC PSUs

l Additional AC PSUs

l Additional FAN trays

l Air Filter kit

l FPM and FIM blank panels to be installed in empty chassis slots

Physical description of the FortiGate-7060E chassis

The FortiGate-7060E chassis is a 8U chassis that can be installed in a standard 19-inch rack. The following table
describes the physical characteristics of the FortiGate-7060E chassis.

Dimensions (H x W x D) 14.0 x 17.3 x 25.6 in (352.7 x 440 x 650 mm)

Chassis weight completely assembled with
FIM and FPM modules installed

207.2 lbs (94.1 kg)

Operating Temperature 32 to 104°F (0 to 40°C)

Storage Temperature -31 to 158°F (-35 to 70°C)

Relative Humidity 10% to 90% non-condensing

Noise Level

63db

AC Input Current and Voltage Range 10-12 A, 100 to 240 VAC (50 to 60 Hz)

DC Input Rating Average: 12.5A@48V for eachPSU, max 44A

FortiGate-7060E System Guide
Fortinet Technologies Inc.

10

Cooling fans, cooling air flow, and minimum clearance FortiGate-7060E Chassis

Reten ti on
Screw

Fan
LED

Reten ti on
Screw

Reten ti on

Screw

Reten ti on

Screw

Outle t

Grill

Outle t

Grill

Power Support Rating max. 3277W

Supplied Power Supply Units (PSUs) 4 (for 3+1 redundancy)

Max Power Supply Units (PSUs) 6 (for 3+3 redundancy)

Max Power Consumption 3277W

Average Power Consumption 2330W

Heat Dissipation 11799KJ/hr (11184BTU/hr)

Cooling fans, cooling air flow, and minimum clearance

The FortiGate-7060E chassis contains three hot swappable cooling fan trays installed in the back of the chassis.
Each fan tray includes two fans that operate together. When the fan tray LED is green both fans are operating
normally. If the LED turns red or goes off, one or both of the fans is not working and the fan tray should be
replaced.

Cooling Fan Tray

11 FortiGate-7060E System Guide

Fortinet Technologies Inc.

FortiGate-7060E Chassis Cooling fans, cooling air flow, and minimum clearance

Cool air

Intake

Left and R ig ht

Side Coo l A ir

Intakes

50 mm
Clearanc e
(Optiona l)

Front

FortiGat e- 70 60E chassis ( si de Vie w)

Fan

Trays

100 m m

650 m m

Warm Air

Exhaust

Back

100 m m

During normal chassis operation, all three fan trays are active and the fan speed is controlled by the active
management module. Fan trays are hot swappable. You can replace a failed fan tray while the chassis is
operating. To replace a fan tray, unscrew the four retention screws and use the handles to pull the fan tray out of
the chassis.

Install a replacement fan tray by sliding it into place in the empty slot and tightening the retention screws. As you
slide the new fan into place it will power up and the fan tray LED will light.

The other fan trays will continue to operate and cool the chassis as a fan tray is being removed and replaced.
However an open fan tray slot will result in less air flow through the chassis so do not delay installing the
replacement fan tray.

Cooling air flow and required minimum air flow clearance

When installing the chassis, make sure there is enough clearance for effective cooling air flow. The following
diagram shows the cooling air flow through the chassis and the locations of fan trays. Make sure the cooling air
intake and warm air exhaust openings are not blocked by cables or rack construction because this could result in
cooling performance reduction and possible overheating and component damage.

FortiGate-7060E cooling air flow and minimum air flow clearance

Most cool air enters the chassis through the chassis front panel and all warm air exhausts out the back. For
optimal cooling allow 100 mm of clearance at the front and back of the chassis and 50 mm of clearance at the
sides. Under these conditions 80% of cooling air comes from the front panel air intake and 20% from the left and
right side panels and 100% exits out the back. Side clearance is optional and chassis cooling will be sufficient if
no side clearance is available.

FortiGate-7060E System Guide
Fortinet Technologies Inc.

12

Optional air filters FortiGate-7060E Chassis

Latch

PSU
LED

C16

Power

Connect or

Optional air filters

You can purchase an optional NEBScompliant air filter kit that includes a front filter that fits over the front of the
chassis and two filters for the side cool air intakes. These filters are not required for normal operation but can be
added if you require air filtration.

The air filters should be inspected regularly. If dirty or damaged, the filters should be disposed of and replaced.
The air filters can be fragile and should be handled carefully.

AC Power Supply Units (PSUs) and supplying AC power to the chassis

The AC version of the FortiGate-7060E chassis front panel includes four hot swappable DC PSUs. At least three
PSUs (1, 2, and 3) must be connected to power. Power supplies 4 to 6 are backup power supplies that provide
3+1 , 3+2, and 3+3 redundancy. See FortiGate-7060E front panel on page 5 for locations of the PSUs.

All PSUs should be connected to AC power. To improve redundancy you can connect each power supply to a
separate power source.

Use a C15 Power cable, supplied with the chassis, to connect power to each PSU C16 power connector. C15/C16
power connectors are used for high temperature environments and are rated up to 120°C.

AC PSU showing C16 power connector

The PSU LED indicates whether the PSUis operating correctly and connected to power. If this LEDis not lit check
to make sure the PSU is connected to power. If the power connection is good then the PSU has failed and should
be replaced.

Hot Swapping an AC PSU

Follow these steps to safely hot swap an AC PSU.

You can hot swap a PSU without powering down the FortiGate-7060E as long as three
PSUs are connected to power and operating normally. If you need to hot swap one of
three operating PSUs you must power down the chassis first.

13 FortiGate-7060E System Guide

Fortinet Technologies Inc.

FortiGate-7060E Chassis DC Power Supply Units (PSUs) and supplying DC power to the chassis

1.

Attach an ESD wrist strap to your wrist and to an ESD socket or to a bare metal surface on the chassis or frame.

2.

Turn off the power being supplied to the power supply and disconnect the power cord.

3.

Press the latch towards the handle until the PSU is detached then pull it out of the chassis.

4.

Insert a replacement PSU into the chassis and slide it in until it locks into place.

5.

Connect the PSUpower terminals as described above.

6.

Turn on power to the PSU.

7.

Verify that the PSU status LED is solid green meaning that the PSU is powered up and operating normally.

DC Power Supply Units (PSUs) and supplying DC power to the chassis

The DC version of the FortiGate-7060E chassis front panel comes with four hot swappable 48-72V to 12V 125A
DC PSUs. Each PSU has a Internal 60A/170VDC fast blow fuse on the DC line input.

At least three PSUs (power supplies 1, 2, and 3) must be connected to power. The fourth power supply is a
backup power supply and provides 3+1 redundancy. You can add a 5th power supply to provide a second backup
power supply and 3+2 redundancy. You can add a 6th power supply to provide a third backup power supply and
3+3 redundancy. See FortiGate-7060E front panel on page 5 for locations of the PSUs. The diagram shows AC
PSUs, with a DC version of the chassis the AC PSUs are replaced with DC PSUs.

Each PSU is designed to be installed in a Telecom data center or similar location that has available -48VDC
power fed from a listed 40A circuit breaker. To improve redundancy you can connect each power supply to a
separate power circuit.

DC power cables are intended to be used only for in-rack wiring, must be routed away from sharp edges, and
must be adequately fixed to prevent excessive strain on the wires and terminals.

DC terminals accept UL approved ring terminals for 8/M4 stud with ext ring diameter < 9.8 mm. DC cables must
be a minimum of 8 AWG.

The following table lists some key power data for each PSU.

Max Inrush Current 50A

Max Inrush Current Duration 200ms

Input Voltage -40V to -72V

Input Current Average: 12.5A@48V for each PSU, Max: 44A

FortiGate-7060E System Guide
Fortinet Technologies Inc.

14