FortiWAN – System Configurations

System Configurations

This topic elaborates on [System] and its submenus. Simple examples are given to illustrate how to configure [system] settings.

Summary

As soon as you log in to the web UI, you will see the [System/Summary].It shows you basic information on the system, including [System Information], [Peer Information],and [WAN Link State]. [Peer Information] is populated as soon as HA mode becomes active. As is mentioned in “FortiWAN in HA (High Availability) Mode”, HA (High Availability) is hot backup. In HA mode, one FortiWAN is the primary system while the other is the backup system.

System Information / Peer Information

System Information

Version : The firmware version of the device.
Model/Max Bandwidth (Total RAM) : The model of the device and the bandwidth capability that the model supports. You can purchase a license for higher bandwidth capability from your Fortinet channel partner (See subsection “License Control” in “Administration”). For deployment of FortiWAN-VM, the Total RAM is displayed here rather than Max Bandwidth.
Serial Number : The serial number of the device.
Uptime : The time the device has been up and running.
Connections : The number of connections.
CPU Usage % : The CPU usage in percentage.
Packets/Second : The number of the packets that are processed per second.
VRRP State : The state of VRRP (Virtual Router Redundancy Protocol) – whether it is enabled. Note: When VRRP is enabled, HA will be disabled, and vice versa. (See “LAN Private Subnet”)
Hard Disk : FortiWAN’s hard disk for Reports is being consumed by increasing report database. Once the disk space is used up, Reports will fail to continue log processing. This field monitors the disk space status of Reports by displaying the total space and consumed space. (See “Reports”)

 

License Status

Peer Information

: This field is visible only when the model is FortiWAN-VM. This field displays the status of a FortiWAN-VM license as follows:

Trial License is in use. (Expire in x days x hours x mins): This is a trail or evaluation license.

Valid: This is a permanent license.

Expired: This license is expired.

Click Update button and upload your FortiWAN-VM license file to update your FortiWAN-VM appliance. You can request a evaluation or trial license from Fortinet Customer Support or you can purchase a permanent license from your Fortinet channel partner.

Version : The firmware version of the slave.
Model/Max Bandwidth : The model of the slave and the bandwidth capability that the model supports. For deployment of FortiWAN-VM, only the model of the slave is displayed here, no Max Bandwidth and Total RAM.
Serial Number : The serial number of the slave.
Uptime : The time the slave has been up and running.
State : Normally, this field displays “Slave”.

During the procedure of reboot, this field displays “Rebooting“.

System panic happens, this field displays “Panic“.

Peer unit is lost (power-off or Ethernet cable disconnected), this field displays “None“.

Firmware version, FortiWAN model or throughput license is

inconsistent with the local unit, this field displays “Incompatible“.

Note1: Connections may exceed 100 when FortiWAN is started, but will return to normal in a while. This happens because FortiWAN sends out ICMP packets to test the network.

Note2: Once HA becomes active, settings of master unit will be synchronized to slave unit automatically.

WAN Link State

[WAN Link State] shows you the number of WAN links enabled and their current status. The number of WAN links available for each FortiWAN may vary depending on models. In [WAN Link State], each WAN link is color-coded to indicate its status. See the color-coding scheme below:

 

l Green: Active WAN link l Blue: Backup WAN link l Red: Failed WAN link

WAN Link State

WAN : Enabled WAN Link.
State : Current connection status.
IPv4 / IPv6 Address : The IPv4 or IPv6 address of the WAN port (See “Configuring your WAN”).
Note The notes for the WAN link (See “Configuring your WAN”).

Get system information, peer information and WAN link state via SNMP

You can use SNMP manager to get the system information, HA peer information and WAN link state. Configure SNMP for your FortiWAN unit (See “SNMP”) and you can get the information in a MIB field via SNMP manager. The correspondent MIB fields and OIDs are listed as following:

SNMP field names and OIDs

MIB Field OID Description
fwnSysSlaveVersion 1.3.6.1.4.1.12356.118.1.2 Firmware version of the slave unit deployed with this local unit in HA mode.
fwnSysSlaveSerialNumber 1.3.6.1.4.1.12356.118.1.3 Serial number of the slave unit deployed with this local unit in HA mode.
fwnSysSlaveUptime 1.3.6.1.4.1.12356.118.1.4 Uptime of the slave unit deployed with this local unit in HA mode.
fwnSysSlaveState 1.3.6.1.4.1.12356.118.1.5 State of the slave unit deployed with this local unit in HA mode.
fwnSysConnections 1.3.6.1.4.1.12356.118.1.6 Number of connections that are being processed in the system.
fwnSysCpuLoad 1.3.6.1.4.1.12356.118.1.7 Current CPU load (in percentage) of the system.
fwnSysUsers 1.3.6.1.4.1.12356.118.1.8 Number of IP addresses connecting to the FortiWAN unit from the LAN and DMZ subnets.
fwnSysPktPerSec 1.3.6.1.4.1.12356.118.1.9 Number of packets transferred via the system every second.

 

MIB Field OID Description
fwnSysConnectionRates 1.3.6.1.4.1.12356.118.1.10 Number of connections that are established with the FortiWAN unit every second.
fwnWanStatus 1.3.6.1.4.1.12356.118.2.1.2.1.3 State of every WAN link: ok(1), failed(2), disabled(3), backup(4) and unkown(5).
fwnWanIP 1.3.6.1.4.1.12356.118.2.1.2.1.4 First one of the IP addresses deployed on the WAN port

(localhost) of every WAN link.

See also

l FortiWAN in HA (High Availability) Mode l LAN Private Subnet l Configuring your WAN l Reports

This entry was posted in Administration Guides, FortiWAN and tagged on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.