Fortinet Version 3.0 manual Probe settings, To configure probe settings

Page 37


Configuration and operating procedures	Configuring FortiBridge probes

This section describes:

•Probe settings

•Enabling probes

•Verifying that probes are functioning

•Tuning the failure threshold and probe interval

Probe settings

Configure probe settings to control the response when a FortiBridge probe detects that the FortiGate unit has failed. Probe settings consist of:

Table 11: Probe settings

Probe Setting	Description		Default

Action on failure	Set the FortiBridge unit response when a probe detects that		fail open
	the FortiGate unit has failed. The FortiBridge unit can.
	•	Send alertmail
	•	Fail open
	• Send an SNMP trap
	• Send a message to a syslog server
	You can add up to four actions on failure. All of the
	configured actions on failure occur when the FortiBridge
	unit detects a failure.

Dynamic IP	Configure the INT 2 and EXT 2 interfaces with dynamic		(none)
pattern	probe IP addresses. The dynamic probe IP addresses
	should not conflict with IP addresses on the network that
	the FortiGate unit is connected to. These IP addresses are
	not visible from the outside network, but they should not
	conflict with IP addresses in packets passing through the
	FortiBridge unit. You cannot change the dynamic IP pattern
	if any probes are enabled.

FortiGate unit	The serial number of the FortiGate unit that the FortiBridge		(none)
serial number	unit is connected to. The serial number appears in
	FortiBridge alert mail, and syslog messages to identify the
	FortiGate unit.

To configure probe settings

This procedure shows how to configure the following probe settings:

•The FortiBridge unit responds to a FortiGate unit failure by failing open and by sending an alert email, a syslog message, and an SNMP trap

•The dynamic IP pattern is 2.2.2.*

•The FortiGate unit serial number is FGT8002803923050

Note: The FortiBridge unit does not have to fail open if the FortiGate unit fails. The

FortiBridge unit can be configured just to send alerts if the FortiGate unit fails.

1Log in to the FortiBridge CLI.

FortiBridge Version 3.0 Administration Guide	37
09-30000-0163-20061109

Image 37

Contents M i n i s t r a t i o n G u i d e Regulatory compliance TrademarksContents Using the CLI Configuration and operating proceduresConfig CLI commands Index Execute CLI commandsPage About this document About FortiBridgeFortinet documentation Customer service and technical supportFortinet tools and documentation CD Fortinet Knowledge CenterExample FortiBridge application FortiBridge operating principlesConnecting the FortiBridge-1000 copper gigabit ethernet Connecting the FortiBridge unitConnecting the FortiBridge-1000F fiber gigabit ethernet Normal mode operationHow the FortiBridge unit monitors the FortiGate unit Probes and FortiGate firewall policies Normal mode operationEnabling probes to detect FortiGate software failure Enabling probes to detect FortiGate hardware failureProbe interval and probe threshold FortiBridge power failure Bypass mode operationExample FortiGate HA cluster FortiBridge application Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces FortiBridge unit basic information FortiBridge-1000 Package contentsMounting instructions FortiBridge-1000F Package contentsLED indicators Technical specificationsFactory default configuration ConnectorsConnecting and turning on the FortiBridge-1000 unit Connecting and turning on the FortiBridge unitTo connect and turn on the FortiBridge-1000 unit Connecting and turning on the FortiBridge-1000F unitTo connect and turn on the FortiBridge-1000F unit Connecting to the FortiBridge console Connecting to the command line interface CLIFortiBridge-1000 login To connect to the FortiBridge console for the first timeConnecting to the FortiBridge CLI using Telnet Completing the basic FortiBridge configurationTo connect to the CLI using Telnet Welcome FortiBridge-1000 #To add an administrator password Adding an administrator passwordChanging the management IP address To change the management IP addressAdding static routes Changing DNS server IP addressesTo change DNS server IP addresses To add static routesAdding administrator accounts Allowing management access to the EXT 1 interfaceChanging the system time and date Installing FortiBridge unit firmware Resetting to the factory default configurationTo reset to factory defaults from the FortiBridge CLI Execute restore image namestr tftpip To upgrade to a new firmware versionExecute restore image FBG1000-v10-build010-FORTINET.out Upgrading to a new firmware versionTo revert to a previous firmware version Reverting to a previous firmware versionTo install firmware from a system reboot Installing firmware from a system rebootHit any key to stop autoboot Enter Tftp server address Get system status Enter firmware image file image.outExample network settings Configuration and operating proceduresConfiguring FortiBridge probes Configuring FortiBridge probesTo configure probe settings Probe settingsConfig probe probelist ping set status enable End To enable and configure FortiBridge probesEnabling probes Verifying that probes are functioning Config probe probelist Imap set status enable EndTo verify that probes are functioning Go to System Status SessionTuning the failure threshold and probe interval Configuring FortiBridge alertsConfig alertemail setting set server mail.myorg.com End To configure alert emailFortiBridge alert email FortiBridge syslogConfig log syslogd setting set server End To configure FortiBridge syslogFortiBridge Snmp To add and enable an Snmp community Recovering from a FortiGate failureConfig system snmp community edit Set name snmp1 End To resume normal operation from bypass modeBacking up and restoring the FortiBridge configuration Manually switching between FortiBridge operating modesExecute switch-mode To back up the FortiBridge configurationBacking up and restoring the FortiBridge configuration Backing up and restoring the FortiBridge configuration Setting administrative access for SSH or Telnet Connecting to the FortiBridge CLI using SSH or TelnetTo use the CLI to configure SSH or Telnet access CLI basicsConnecting to the FortiBridge CLI using SSH Other access methodsSet allowaccess ping telnet ssh Get system interface namestrTo connect to the CLI using SSH Connecting to the FortiBridge CLI using SSH or Telnet Config CLI commands Command syntax pattern Alertemail settingExamples Related Commands Example Log syslogd settingGet probe probelist Probe probelist ping http ftp pop3 smtp imapGet probe probelist http Show probe probelistSyslog Probe settingRw w System accprofileGet system accprofile policyprofile Get system accprofileShow system accprofile Password passwordstr System adminGet system admin newadmin Get system adminShow system admin System console Config system console set EndGet system console Show system consoleGet system dns System dnsShow system dns Get system status Failbypass System failcloseSystem failclose Minutesinteger System globalShow system global Get system globalGet system interface internal System interface internal externalShow system interface internal System manageip Config system manageip Set ip 192.168.2.80 255.255.255.0 endDistanceinteger System routeSystem snmp community Config hostsShow system snmp community Get system snmp communityExecute CLI commands Command syntax BackupExecute backup config filenamestr tftp-serveripv4 Execute backup config fbdg.cfgExecute date datestr datestr has the form mm/dd/yyyy, where DateExecute date 09/17/2004 Execute factoryreset FactoryresetExecute ping addressipv4 host-namestr PingExecute reboot RebootExecute restore config backupconfig RestoreSwitch-mode Execute time timestr TimeTime Index 09-30000-0163-20061109 Snmp SSH