Fortinet Version 3.0 Normal mode operation, How the FortiBridge unit monitors the FortiGate unit

Page 11

 

 

 

FortiBridge operating principles

Normal mode operation

1Connect the FortiBridge-1000 INT 2 interface to the FortiGate internal interface.

2Connect the FortiGate external interface to the FortiBridge-1000 EXT 2 interface.

3Connect the internal network to the FortiBridge-1000 INT 1 interface.

4Connect the FortiBridge-1000 EXT 1 interface to the router.

Connecting the FortiBridge-1000F (fiber gigabit ethernet)

The FortiBridge-1000F unit contains 4 multimode fiber optic gigabit interfaces that connect to the internal and external networks and to the FortiGate interfaces that were connected to these networks. Use the following steps to connect a FortiBridge-1000F unit to the network as shown in Figure 3.

1Connect the FortiBridge-1000F INT 2 interface to the FortiGate internal interface.

2Connect the FortiGate external interface to the FortiBridge-1000F EXT 2 interface.

3Connect the internal network to the FortiBridge-1000F INT 1 interface.

4Connect the FortiBridge-1000F EXT 1 interface to the router.

Normal mode operation

If the FortiGate unit is operating normally, the FortiBridge unit operates in Normal mode. Traffic from the internal network enters the FortiBridge INT 1 interface then exits the INT 2 interface to the FortiGate unit. The traffic from the FortiBridge INT 2 interface enters the FortiGate internal interface. Firewall policies and protection profiles are applied to the traffic by the FortiGate unit. Accepted traffic then exits the FortiGate External interface and enters the FortiBridge EXT 2 interface. The traffic then exits the FortiBridge EXT 1 interface and goes to the external network. Traffic from the external network reverses this sequence.

Figure 4: Normal mode traffic flow

(Normal mode)

Internal network INT 1

INT 2

Internal

EXT 1

Internet

EXT 2

Router

External

 

(Transparent mode)

How the FortiBridge unit monitors the FortiGate unit

To monitor the FortiGate unit for failure, you must enable probes on the FortiBridge unit. When you enable a probe, the FortiBridge unit sends packets from the FortiBridge INT 2 interface, through the FortiGate unit to the FortiBridge EXT 2 interface. If the EXT 2 interface receives the probe packets, the FortiGate unit is operating normally. If the EXT 2 interface does not receive probe packets the FortiBridge unit assumes that the FortiGate unit has failed.

FortiBridge Version 3.0 Administration Guide

11

09-30000-0163-20061109

Page 10 Page 12
Image 11
Page 10 Page 12
Contents M i n i s t r a t i o n G u i d e Regulatory compliance TrademarksContents Config CLI commands Configuration and operating proceduresUsing the CLI Index Execute CLI commandsPage About this document About FortiBridge Fortinet Knowledge Center Customer service and technical support Fortinet documentation Fortinet tools and documentation CDExample FortiBridge application FortiBridge operating principlesConnecting the FortiBridge-1000 copper gigabit ethernet Connecting the FortiBridge unitHow the FortiBridge unit monitors the FortiGate unit Normal mode operationConnecting the FortiBridge-1000F fiber gigabit ethernet Probes and FortiGate firewall policies Normal mode operationProbe interval and probe threshold Enabling probes to detect FortiGate hardware failureEnabling probes to detect FortiGate software failure FortiBridge power failure Bypass mode operationExample FortiGate HA cluster FortiBridge application Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces FortiBridge unit basic information FortiBridge-1000 Package contentsMounting instructions FortiBridge-1000F Package contentsLED indicators Technical specificationsFactory default configuration ConnectorsConnecting and turning on the FortiBridge-1000 unit Connecting and turning on the FortiBridge unitTo connect and turn on the FortiBridge-1000F unit Connecting and turning on the FortiBridge-1000F unitTo connect and turn on the FortiBridge-1000 unit To connect to the FortiBridge console for the first time Connecting to the command line interface CLIConnecting to the FortiBridge console FortiBridge-1000 loginWelcome FortiBridge-1000 # Completing the basic FortiBridge configurationConnecting to the FortiBridge CLI using Telnet To connect to the CLI using TelnetTo change the management IP address Adding an administrator passwordTo add an administrator password Changing the management IP addressTo add static routes Changing DNS server IP addressesAdding static routes To change DNS server IP addressesChanging the system time and date Allowing management access to the EXT 1 interfaceAdding administrator accounts To reset to factory defaults from the FortiBridge CLI Resetting to the factory default configurationInstalling FortiBridge unit firmware Upgrading to a new firmware version To upgrade to a new firmware versionExecute restore image namestr tftpip Execute restore image FBG1000-v10-build010-FORTINET.outTo revert to a previous firmware version Reverting to a previous firmware versionEnter Tftp server address Installing firmware from a system rebootTo install firmware from a system reboot Hit any key to stop autobootGet system status Enter firmware image file image.outExample network settings Configuration and operating proceduresConfiguring FortiBridge probes Configuring FortiBridge probesTo configure probe settings Probe settingsEnabling probes To enable and configure FortiBridge probesConfig probe probelist ping set status enable End Go to System Status Session Config probe probelist Imap set status enable EndVerifying that probes are functioning To verify that probes are functioningTuning the failure threshold and probe interval Configuring FortiBridge alertsFortiBridge syslog To configure alert emailConfig alertemail setting set server mail.myorg.com End FortiBridge alert emailFortiBridge Snmp To configure FortiBridge syslogConfig log syslogd setting set server End To resume normal operation from bypass mode Recovering from a FortiGate failureTo add and enable an Snmp community Config system snmp community edit Set name snmp1 EndTo back up the FortiBridge configuration Manually switching between FortiBridge operating modesBacking up and restoring the FortiBridge configuration Execute switch-modeBacking up and restoring the FortiBridge configuration Backing up and restoring the FortiBridge configuration CLI basics Connecting to the FortiBridge CLI using SSH or TelnetSetting administrative access for SSH or Telnet To use the CLI to configure SSH or Telnet accessGet system interface namestr Other access methodsConnecting to the FortiBridge CLI using SSH Set allowaccess ping telnet sshTo connect to the CLI using SSH Connecting to the FortiBridge CLI using SSH or Telnet Config CLI commands Examples Alertemail settingCommand syntax pattern Related Commands Example Log syslogd settingShow probe probelist Probe probelist ping http ftp pop3 smtp imapGet probe probelist Get probe probelist httpSyslog Probe settingRw w System accprofileShow system accprofile Get system accprofileGet system accprofile policyprofile Password passwordstr System adminShow system admin Get system adminGet system admin newadmin Show system console Config system console set EndSystem console Get system consoleShow system dns System dnsGet system dns Get system status Failbypass System failcloseSystem failclose Minutesinteger System globalShow system global Get system globalShow system interface internal System interface internal externalGet system interface internal System manageip Config system manageip Set ip 192.168.2.80 255.255.255.0 endDistanceinteger System routeSystem snmp community Config hostsShow system snmp community Get system snmp communityExecute CLI commands Execute backup config fbdg.cfg BackupCommand syntax Execute backup config filenamestr tftp-serveripv4Execute date 09/17/2004 DateExecute date datestr datestr has the form mm/dd/yyyy, where Execute factoryreset FactoryresetExecute ping addressipv4 host-namestr PingExecute reboot RebootExecute restore config backupconfig RestoreSwitch-mode Execute time timestr TimeTime Index 09-30000-0163-20061109 Snmp SSH
Top Page Image Contents