Fortinet Comprehensive Guide on Configuring FortiBridge Alerts and SNMP Settings

Page 42

Configuring FortiBridge alerts

Configuration and operating procedures

02-01-2005 8:21:27 Local7.Alert 172.20.120.13 date=2005-02-

01time=15:26:59 device_id= log_id=0100020001 type=event subtype=system pri=alert msg="FortiBridge detect FortiGate failure: [failed time: Tue Feb 1 15:26:59 2005][failed protocol: ftp] [failed FortiGate serial number: FGT8002803923050]"

02-01-2005 18:17:17 Local7.Alert 172.20.120.13 date=2005-02-

01time=15:22:49 device_id= log_id=0100020001 type=event subtype=system pri=alert msg="FortiBridge detect FortiGate failure: [failed time: Tue Feb 1 15:22:49 2005][failed protocol: ping] [failed FortiGate serial number: FGT8002803923050]"

02-01-2005 8:13:43 Local7.Alert 172.20.120.13 date=2005-02-

01time=15:19:15 device_id= log_id=0100020001 type=event subtype=system pri=alert msg="FortiBridge detect FortiGate failure: [failed time: Tue Feb 1 15:19:15 2005][failed protocol: smtp] [failed FortiGate serial number: FGT8002803923050]"

To configure FortiBridge syslog

In most cases you should only need to configure the IP address of the syslog server to receive FortiBridge syslog messages. See “log syslogd setting” on page 54 for more FortiBridge syslog options.

1Log into the CLI.

2Configure syslog settings. Enter:

config log syslogd setting set server 172.20.120.11

end

FortiBridge SNMP

If you set the probe action on failure to snmp, you can configure FortiBridge SNMP settings so that the FortiBridge unit sends SNMP v1 and v2c compliant traps to SNMP v1 and v2c compliant SNMP managers if the FortiBridge unit detects a failure. The traps inform the recipient that a FortiGate unit has failed and include the protocol for which the failure was detected.

Only the first probe to detect a failure triggers the actions on failure. So, even if multiple probes are configured, when a failure is detected, the FortiBridge unit sends one v1 SNMP trap and one v2c SNMP trap.

Configure FortiBridge SNMP by adding and configuring an SNMP community. An SNMP community is a grouping of equipment for network administration purposes. You can add up to three SNMP communities. Each community can have a different configuration for SNMP traps. You can add the IP addresses of up to 8 SNMP managers to each community.

42	FortiBridge Version 3.0 Administration Guide
	09-30000-0163-20061109

Image 42

Contents M i n i s t r a t i o n G u i d e Trademarks Regulatory complianceContents Configuration and operating procedures Using the CLIConfig CLI commands Execute CLI commands IndexPage About FortiBridge About this documentFortinet tools and documentation CD Customer service and technical supportFortinet documentation Fortinet Knowledge CenterFortiBridge operating principles Example FortiBridge applicationConnecting the FortiBridge unit Connecting the FortiBridge-1000 copper gigabit ethernetNormal mode operation Connecting the FortiBridge-1000F fiber gigabit ethernetHow the FortiBridge unit monitors the FortiGate unit Normal mode operation Probes and FortiGate firewall policiesEnabling probes to detect FortiGate hardware failure Enabling probes to detect FortiGate software failureProbe interval and probe threshold Bypass mode operation FortiBridge power failureExample FortiGate HA cluster FortiBridge application Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces FortiBridge-1000 Package contents FortiBridge unit basic informationFortiBridge-1000F Package contents Mounting instructionsTechnical specifications LED indicatorsConnectors Factory default configurationConnecting and turning on the FortiBridge unit Connecting and turning on the FortiBridge-1000 unitConnecting and turning on the FortiBridge-1000F unit To connect and turn on the FortiBridge-1000 unitTo connect and turn on the FortiBridge-1000F unit FortiBridge-1000 login Connecting to the command line interface CLIConnecting to the FortiBridge console To connect to the FortiBridge console for the first timeTo connect to the CLI using Telnet Completing the basic FortiBridge configurationConnecting to the FortiBridge CLI using Telnet Welcome FortiBridge-1000 #Changing the management IP address Adding an administrator passwordTo add an administrator password To change the management IP addressTo change DNS server IP addresses Changing DNS server IP addressesAdding static routes To add static routesAllowing management access to the EXT 1 interface Adding administrator accountsChanging the system time and date Resetting to the factory default configuration Installing FortiBridge unit firmwareTo reset to factory defaults from the FortiBridge CLI Execute restore image FBG1000-v10-build010-FORTINET.out To upgrade to a new firmware versionExecute restore image namestr tftpip Upgrading to a new firmware versionReverting to a previous firmware version To revert to a previous firmware versionHit any key to stop autoboot Installing firmware from a system rebootTo install firmware from a system reboot Enter Tftp server addressEnter firmware image file image.out Get system statusConfiguration and operating procedures Example network settingsConfiguring FortiBridge probes Configuring FortiBridge probesProbe settings To configure probe settingsTo enable and configure FortiBridge probes Config probe probelist ping set status enable EndEnabling probes To verify that probes are functioning Config probe probelist Imap set status enable EndVerifying that probes are functioning Go to System Status SessionConfiguring FortiBridge alerts Tuning the failure threshold and probe intervalFortiBridge alert email To configure alert emailConfig alertemail setting set server mail.myorg.com End FortiBridge syslogTo configure FortiBridge syslog Config log syslogd setting set server EndFortiBridge Snmp Config system snmp community edit Set name snmp1 End Recovering from a FortiGate failureTo add and enable an Snmp community To resume normal operation from bypass modeExecute switch-mode Manually switching between FortiBridge operating modesBacking up and restoring the FortiBridge configuration To back up the FortiBridge configurationBacking up and restoring the FortiBridge configuration Backing up and restoring the FortiBridge configuration To use the CLI to configure SSH or Telnet access Connecting to the FortiBridge CLI using SSH or TelnetSetting administrative access for SSH or Telnet CLI basicsSet allowaccess ping telnet ssh Other access methodsConnecting to the FortiBridge CLI using SSH Get system interface namestrTo connect to the CLI using SSH Connecting to the FortiBridge CLI using SSH or Telnet Config CLI commands Alertemail setting Command syntax patternExamples Related Commands Log syslogd setting ExampleGet probe probelist http Probe probelist ping http ftp pop3 smtp imapGet probe probelist Show probe probelistProbe setting SyslogSystem accprofile Rw wGet system accprofile Get system accprofile policyprofileShow system accprofile System admin Password passwordstrGet system admin Get system admin newadminShow system admin Get system console Config system console set EndSystem console Show system consoleSystem dns Get system dnsShow system dns Get system status System failclose FailbypassSystem failclose System global MinutesintegerGet system global Show system globalSystem interface internal external Get system interface internalShow system interface internal Config system manageip Set ip 192.168.2.80 255.255.255.0 end System manageipSystem route DistanceintegerConfig hosts System snmp communityGet system snmp community Show system snmp communityExecute CLI commands Execute backup config filenamestr tftp-serveripv4 BackupCommand syntax Execute backup config fbdg.cfgDate Execute date datestr datestr has the form mm/dd/yyyy, whereExecute date 09/17/2004 Factoryreset Execute factoryresetPing Execute ping addressipv4 host-namestrReboot Execute rebootRestore Execute restore config backupconfigSwitch-mode Time Execute time timestrTime Index 09-30000-0163-20061109 Snmp SSH