Fortinet Version 3.0 manual Probe settings, To configure probe settings

Page 37

 

 

Configuration and operating procedures

Configuring FortiBridge probes

This section describes:

Probe settings

Enabling probes

Verifying that probes are functioning

Tuning the failure threshold and probe interval

Probe settings

Configure probe settings to control the response when a FortiBridge probe detects that the FortiGate unit has failed. Probe settings consist of:

Table 11: Probe settings

Probe Setting

Description

Default

 

 

 

Action on failure

Set the FortiBridge unit response when a probe detects that

fail open

 

the FortiGate unit has failed. The FortiBridge unit can.

 

 

Send alertmail

 

 

Fail open

 

 

Send an SNMP trap

 

 

Send a message to a syslog server

 

 

You can add up to four actions on failure. All of the

 

 

configured actions on failure occur when the FortiBridge

 

 

unit detects a failure.

 

 

 

 

Dynamic IP

Configure the INT 2 and EXT 2 interfaces with dynamic

(none)

pattern

probe IP addresses. The dynamic probe IP addresses

 

 

should not conflict with IP addresses on the network that

 

 

the FortiGate unit is connected to. These IP addresses are

 

 

not visible from the outside network, but they should not

 

 

conflict with IP addresses in packets passing through the

 

 

FortiBridge unit. You cannot change the dynamic IP pattern

 

 

if any probes are enabled.

 

 

 

 

FortiGate unit

The serial number of the FortiGate unit that the FortiBridge

(none)

serial number

unit is connected to. The serial number appears in

 

 

FortiBridge alert mail, and syslog messages to identify the

 

 

FortiGate unit.

 

 

 

 

 

To configure probe settings

This procedure shows how to configure the following probe settings:

The FortiBridge unit responds to a FortiGate unit failure by failing open and by sending an alert email, a syslog message, and an SNMP trap

The dynamic IP pattern is 2.2.2.*

The FortiGate unit serial number is FGT8002803923050

Note: The FortiBridge unit does not have to fail open if the FortiGate unit fails. The

FortiBridge unit can be configured just to send alerts if the FortiGate unit fails.

1Log in to the FortiBridge CLI.

FortiBridge Version 3.0 Administration Guide

37

09-30000-0163-20061109

Image 37
Contents M i n i s t r a t i o n G u i d e Regulatory compliance TrademarksContents Using the CLI Configuration and operating proceduresConfig CLI commands Index Execute CLI commandsPage About this document About FortiBridgeFortinet documentation Customer service and technical supportFortinet tools and documentation CD Fortinet Knowledge CenterExample FortiBridge application FortiBridge operating principlesConnecting the FortiBridge-1000 copper gigabit ethernet Connecting the FortiBridge unitConnecting the FortiBridge-1000F fiber gigabit ethernet Normal mode operationHow the FortiBridge unit monitors the FortiGate unit Probes and FortiGate firewall policies Normal mode operationEnabling probes to detect FortiGate software failure Enabling probes to detect FortiGate hardware failureProbe interval and probe threshold FortiBridge power failure Bypass mode operationExample FortiGate HA cluster FortiBridge application Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces FortiBridge unit basic information FortiBridge-1000 Package contentsMounting instructions FortiBridge-1000F Package contentsLED indicators Technical specificationsFactory default configuration ConnectorsConnecting and turning on the FortiBridge-1000 unit Connecting and turning on the FortiBridge unitTo connect and turn on the FortiBridge-1000 unit Connecting and turning on the FortiBridge-1000F unitTo connect and turn on the FortiBridge-1000F unit Connecting to the FortiBridge console Connecting to the command line interface CLIFortiBridge-1000 login To connect to the FortiBridge console for the first timeConnecting to the FortiBridge CLI using Telnet Completing the basic FortiBridge configurationTo connect to the CLI using Telnet Welcome FortiBridge-1000 #To add an administrator password Adding an administrator passwordChanging the management IP address To change the management IP addressAdding static routes Changing DNS server IP addressesTo change DNS server IP addresses To add static routesAdding administrator accounts Allowing management access to the EXT 1 interfaceChanging the system time and date Installing FortiBridge unit firmware Resetting to the factory default configurationTo reset to factory defaults from the FortiBridge CLI Execute restore image namestr tftpip To upgrade to a new firmware versionExecute restore image FBG1000-v10-build010-FORTINET.out Upgrading to a new firmware versionTo revert to a previous firmware version Reverting to a previous firmware versionTo install firmware from a system reboot Installing firmware from a system rebootHit any key to stop autoboot Enter Tftp server addressGet system status Enter firmware image file image.outExample network settings Configuration and operating proceduresConfiguring FortiBridge probes Configuring FortiBridge probesTo configure probe settings Probe settingsConfig probe probelist ping set status enable End To enable and configure FortiBridge probesEnabling probes Verifying that probes are functioning Config probe probelist Imap set status enable EndTo verify that probes are functioning Go to System Status SessionTuning the failure threshold and probe interval Configuring FortiBridge alertsConfig alertemail setting set server mail.myorg.com End To configure alert emailFortiBridge alert email FortiBridge syslogConfig log syslogd setting set server End To configure FortiBridge syslogFortiBridge Snmp To add and enable an Snmp community Recovering from a FortiGate failureConfig system snmp community edit Set name snmp1 End To resume normal operation from bypass modeBacking up and restoring the FortiBridge configuration Manually switching between FortiBridge operating modesExecute switch-mode To back up the FortiBridge configurationBacking up and restoring the FortiBridge configuration Backing up and restoring the FortiBridge configuration Setting administrative access for SSH or Telnet Connecting to the FortiBridge CLI using SSH or TelnetTo use the CLI to configure SSH or Telnet access CLI basicsConnecting to the FortiBridge CLI using SSH Other access methodsSet allowaccess ping telnet ssh Get system interface namestrTo connect to the CLI using SSH Connecting to the FortiBridge CLI using SSH or Telnet Config CLI commands Command syntax pattern Alertemail settingExamples Related Commands Example Log syslogd settingGet probe probelist Probe probelist ping http ftp pop3 smtp imapGet probe probelist http Show probe probelistSyslog Probe settingRw w System accprofileGet system accprofile policyprofile Get system accprofileShow system accprofile Password passwordstr System adminGet system admin newadmin Get system adminShow system admin System console Config system console set EndGet system console Show system consoleGet system dns System dnsShow system dns Get system status Failbypass System failcloseSystem failclose Minutesinteger System globalShow system global Get system globalGet system interface internal System interface internal externalShow system interface internal System manageip Config system manageip Set ip 192.168.2.80 255.255.255.0 endDistanceinteger System routeSystem snmp community Config hostsShow system snmp community Get system snmp communityExecute CLI commands Command syntax BackupExecute backup config filenamestr tftp-serveripv4 Execute backup config fbdg.cfgExecute date datestr datestr has the form mm/dd/yyyy, where DateExecute date 09/17/2004 Execute factoryreset FactoryresetExecute ping addressipv4 host-namestr PingExecute reboot RebootExecute restore config backupconfig RestoreSwitch-mode Execute time timestr TimeTime Index 09-30000-0163-20061109 Snmp SSH