Fortinet Version 3.0 manual Bypass mode operation, FortiBridge power failure

Page 14

Bypass mode operation

FortiBridge operating principles

Bypass mode operation

When the FortiBridge unit operates in bypass mode, the FortiBridge INT 1 and EXT 1 interfaces are directly connected. All traffic between the internal and external network segments flows, whether or not the FortiGate unit is operating normally.

Because the INT 1 and EXT 1 interfaces are directly connected, you cannot use Telnet or SSH to connect to the FortiBridge CLI. Instead you must use a console connection.

The FortiBridge unit remains in bypass mode even if the FortiGate unit recovers. To restore the FortiGate unit, you must manually switch the FortiBridge unit back to normal mode. You can switch the FortiBridge unit to normal mode by pressing the mode switch on the FortiBridge front panel or by using a console connection to the CLI and entering the command execute switch-mode. You can also use the mode switch and the execute switch-modecommand to manually switch the FortiBridge unit from normal mode to bypass mode.

Figure 6: FortiBridge unit operating in bypass mode

(Bypass mode)

Internal network

 

 

INT 1

EXT 1

Internet

INT 2

EXT 2

Router

Internal

External

 

(Transparent mode)

When the FortiBridge unit is operating in bypass mode you can still connect to the FortiBridge CLI and manage the FortiBridge unit (for example to switch the FortiBridge unit to normal mode). When the FortiBridge unit operates in bypass mode, you cannot connect to the FortiGate interfaces that are connected to the FortiBridge unit.

FortiBridge power failure

If a power failure occurs and the FortiBridge unit loses power, zero power fail open technology causes FortiBridge unit to fail open. The FortiBridge unit bypasses the FortiGate unit and all traffic passes between the FortiBridge INT 1 and EXT 1 interfaces. If power is restored to the FortiBridge unit, it starts up in bypass mode and then switches to normal mode when its start up sequence is complete, reconnecting the FortiGate unit to the network.

Note: The FortiBridge-1000F contains a battery to keep the fibers lit in fail open mode. If the FortiBridge-1000F unit loses power, the battery will power the fail open condition for approximately three hours. When power is restored, the battery requires approximately three hours to recharge if completely drained. The FortiBridge-1000 unit does not use a battery and can maintain a fail open condition indefinitely.

14

FortiBridge Version 3.0 Administration Guide

09-30000-0163-20061109

Page 13 Page 15
Image 14
Page 13 Page 15
Contents M i n i s t r a t i o n G u i d e Trademarks Regulatory complianceContents Config CLI commands Configuration and operating proceduresUsing the CLI Execute CLI commands IndexPage About FortiBridge About this documentFortinet tools and documentation CD Customer service and technical supportFortinet documentation Fortinet Knowledge CenterFortiBridge operating principles Example FortiBridge applicationConnecting the FortiBridge unit Connecting the FortiBridge-1000 copper gigabit ethernetHow the FortiBridge unit monitors the FortiGate unit Normal mode operationConnecting the FortiBridge-1000F fiber gigabit ethernet Normal mode operation Probes and FortiGate firewall policiesProbe interval and probe threshold Enabling probes to detect FortiGate hardware failureEnabling probes to detect FortiGate software failure Bypass mode operation FortiBridge power failureExample FortiGate HA cluster FortiBridge application Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces FortiBridge-1000 Package contents FortiBridge unit basic informationFortiBridge-1000F Package contents Mounting instructionsTechnical specifications LED indicatorsConnectors Factory default configurationConnecting and turning on the FortiBridge unit Connecting and turning on the FortiBridge-1000 unitTo connect and turn on the FortiBridge-1000F unit Connecting and turning on the FortiBridge-1000F unitTo connect and turn on the FortiBridge-1000 unit FortiBridge-1000 login Connecting to the command line interface CLIConnecting to the FortiBridge console To connect to the FortiBridge console for the first timeTo connect to the CLI using Telnet Completing the basic FortiBridge configurationConnecting to the FortiBridge CLI using Telnet Welcome FortiBridge-1000 #Changing the management IP address Adding an administrator passwordTo add an administrator password To change the management IP addressTo change DNS server IP addresses Changing DNS server IP addressesAdding static routes To add static routesChanging the system time and date Allowing management access to the EXT 1 interfaceAdding administrator accounts To reset to factory defaults from the FortiBridge CLI Resetting to the factory default configurationInstalling FortiBridge unit firmware Execute restore image FBG1000-v10-build010-FORTINET.out To upgrade to a new firmware versionExecute restore image namestr tftpip Upgrading to a new firmware versionReverting to a previous firmware version To revert to a previous firmware versionHit any key to stop autoboot Installing firmware from a system rebootTo install firmware from a system reboot Enter Tftp server addressEnter firmware image file image.out Get system statusConfiguration and operating procedures Example network settingsConfiguring FortiBridge probes Configuring FortiBridge probesProbe settings To configure probe settingsEnabling probes To enable and configure FortiBridge probesConfig probe probelist ping set status enable End To verify that probes are functioning Config probe probelist Imap set status enable EndVerifying that probes are functioning Go to System Status SessionConfiguring FortiBridge alerts Tuning the failure threshold and probe intervalFortiBridge alert email To configure alert emailConfig alertemail setting set server mail.myorg.com End FortiBridge syslogFortiBridge Snmp To configure FortiBridge syslogConfig log syslogd setting set server End Config system snmp community edit Set name snmp1 End Recovering from a FortiGate failureTo add and enable an Snmp community To resume normal operation from bypass modeExecute switch-mode Manually switching between FortiBridge operating modesBacking up and restoring the FortiBridge configuration To back up the FortiBridge configurationBacking up and restoring the FortiBridge configuration Backing up and restoring the FortiBridge configuration To use the CLI to configure SSH or Telnet access Connecting to the FortiBridge CLI using SSH or TelnetSetting administrative access for SSH or Telnet CLI basicsSet allowaccess ping telnet ssh Other access methodsConnecting to the FortiBridge CLI using SSH Get system interface namestrTo connect to the CLI using SSH Connecting to the FortiBridge CLI using SSH or Telnet Config CLI commands Examples Alertemail settingCommand syntax pattern Related Commands Log syslogd setting ExampleGet probe probelist http Probe probelist ping http ftp pop3 smtp imapGet probe probelist Show probe probelistProbe setting SyslogSystem accprofile Rw wShow system accprofile Get system accprofileGet system accprofile policyprofile System admin Password passwordstrShow system admin Get system adminGet system admin newadmin Get system console Config system console set EndSystem console Show system consoleShow system dns System dnsGet system dns Get system status System failclose FailbypassSystem failclose System global MinutesintegerGet system global Show system globalShow system interface internal System interface internal externalGet system interface internal Config system manageip Set ip 192.168.2.80 255.255.255.0 end System manageipSystem route DistanceintegerConfig hosts System snmp communityGet system snmp community Show system snmp communityExecute CLI commands Execute backup config filenamestr tftp-serveripv4 BackupCommand syntax Execute backup config fbdg.cfgExecute date 09/17/2004 DateExecute date datestr datestr has the form mm/dd/yyyy, where Factoryreset Execute factoryresetPing Execute ping addressipv4 host-namestrReboot Execute rebootRestore Execute restore config backupconfigSwitch-mode Time Execute time timestrTime Index 09-30000-0163-20061109 Snmp SSH
Top Page Image Contents