Fortinet Version 3.0 Recovering from a FortiGate failure, To add and enable an Snmp community

Page 43

 

 

Configuration and operating procedures

Recovering from a FortiGate failure

To add and enable an SNMP community

1Log into the CLI.

2Add the first SNMP community and name it snmp1. Enter:

config system snmp community edit 1

set name snmp_1

end

The new SNMP community is enabled by default. SNMP v1 and v2 traps are also enable by default. You can disable traps and change ports. See “system snmp community” on page 71 for more information.

3Add the IP addresses of two SNMP managers that can receive traps. Enter

config system snmp community edit 1

config hosts edit 1

set ip 172.20.120.12

next edit 2

set ip 192.168.20.102

end

end

Recovering from a FortiGate failure

After the FortiBridge probe detects a FortiGate failure the FortiBridge unit stops sending probes. To restart probes you can restart the FortiBridge unit, connect to the FortiBridge CLI and enter the execute switch-modecommand, or press the mode button on the FortiBridge unit front panel.

Normally, an action on failure causes the FortiBridge unit to fail open. When the FortiBridge unit fails open, it begins operating in Bypass mode. In bypass mode the INT 1 and EXT 1 interfaces are directly connected and you cannot use Telnet or SSH to connect to the FortiBridge CLI. Use the following procedure to recover from bypass mode after a FortiGate failure and resume normal operation.

To resume normal operation from bypass mode

When the FortiBridge unit is operating in bypass mode, you need to do the following to resume normal operation:

1Review FortiBridge alerts and check the status of your FortiGate unit and network components to determine the source of the failure.

A network component or the FortiGate unit could have experienced a general hardware failure or a specific software failure.

FortiBridge Version 3.0 Administration Guide

43

09-30000-0163-20061109

Page 42 Page 44
Image 43
Page 42 Page 44
Contents M i n i s t r a t i o n G u i d e Regulatory compliance TrademarksContents Using the CLI Configuration and operating proceduresConfig CLI commands Index Execute CLI commandsPage About this document About FortiBridgeFortinet Knowledge Center Customer service and technical supportFortinet documentation Fortinet tools and documentation CDExample FortiBridge application FortiBridge operating principlesConnecting the FortiBridge-1000 copper gigabit ethernet Connecting the FortiBridge unitConnecting the FortiBridge-1000F fiber gigabit ethernet Normal mode operationHow the FortiBridge unit monitors the FortiGate unit Probes and FortiGate firewall policies Normal mode operationEnabling probes to detect FortiGate software failure Enabling probes to detect FortiGate hardware failureProbe interval and probe threshold FortiBridge power failure Bypass mode operationExample FortiGate HA cluster FortiBridge application Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces FortiBridge unit basic information FortiBridge-1000 Package contentsMounting instructions FortiBridge-1000F Package contentsLED indicators Technical specificationsFactory default configuration ConnectorsConnecting and turning on the FortiBridge-1000 unit Connecting and turning on the FortiBridge unitTo connect and turn on the FortiBridge-1000 unit Connecting and turning on the FortiBridge-1000F unitTo connect and turn on the FortiBridge-1000F unit To connect to the FortiBridge console for the first time Connecting to the command line interface CLIConnecting to the FortiBridge console FortiBridge-1000 loginWelcome FortiBridge-1000 # Completing the basic FortiBridge configurationConnecting to the FortiBridge CLI using Telnet To connect to the CLI using TelnetTo change the management IP address Adding an administrator passwordTo add an administrator password Changing the management IP addressTo add static routes Changing DNS server IP addressesAdding static routes To change DNS server IP addressesAdding administrator accounts Allowing management access to the EXT 1 interfaceChanging the system time and date Installing FortiBridge unit firmware Resetting to the factory default configurationTo reset to factory defaults from the FortiBridge CLI Upgrading to a new firmware version To upgrade to a new firmware versionExecute restore image namestr tftpip Execute restore image FBG1000-v10-build010-FORTINET.outTo revert to a previous firmware version Reverting to a previous firmware versionEnter Tftp server address Installing firmware from a system rebootTo install firmware from a system reboot Hit any key to stop autobootGet system status Enter firmware image file image.outExample network settings Configuration and operating proceduresConfiguring FortiBridge probes Configuring FortiBridge probesTo configure probe settings Probe settingsConfig probe probelist ping set status enable End To enable and configure FortiBridge probesEnabling probes Go to System Status Session Config probe probelist Imap set status enable EndVerifying that probes are functioning To verify that probes are functioningTuning the failure threshold and probe interval Configuring FortiBridge alertsFortiBridge syslog To configure alert emailConfig alertemail setting set server mail.myorg.com End FortiBridge alert emailConfig log syslogd setting set server End To configure FortiBridge syslogFortiBridge Snmp To resume normal operation from bypass mode Recovering from a FortiGate failureTo add and enable an Snmp community Config system snmp community edit Set name snmp1 EndTo back up the FortiBridge configuration Manually switching between FortiBridge operating modesBacking up and restoring the FortiBridge configuration Execute switch-modeBacking up and restoring the FortiBridge configuration Backing up and restoring the FortiBridge configuration CLI basics Connecting to the FortiBridge CLI using SSH or TelnetSetting administrative access for SSH or Telnet To use the CLI to configure SSH or Telnet accessGet system interface namestr Other access methodsConnecting to the FortiBridge CLI using SSH Set allowaccess ping telnet sshTo connect to the CLI using SSH Connecting to the FortiBridge CLI using SSH or Telnet Config CLI commands Command syntax pattern Alertemail settingExamples Related Commands Example Log syslogd settingShow probe probelist Probe probelist ping http ftp pop3 smtp imapGet probe probelist Get probe probelist httpSyslog Probe settingRw w System accprofileGet system accprofile policyprofile Get system accprofileShow system accprofile Password passwordstr System adminGet system admin newadmin Get system adminShow system admin Show system console Config system console set EndSystem console Get system consoleGet system dns System dnsShow system dns Get system status Failbypass System failcloseSystem failclose Minutesinteger System globalShow system global Get system globalGet system interface internal System interface internal externalShow system interface internal System manageip Config system manageip Set ip 192.168.2.80 255.255.255.0 endDistanceinteger System routeSystem snmp community Config hostsShow system snmp community Get system snmp communityExecute CLI commands Execute backup config fbdg.cfg BackupCommand syntax Execute backup config filenamestr tftp-serveripv4Execute date datestr datestr has the form mm/dd/yyyy, where DateExecute date 09/17/2004 Execute factoryreset FactoryresetExecute ping addressipv4 host-namestr PingExecute reboot RebootExecute restore config backupconfig RestoreSwitch-mode Execute time timestr TimeTime Index 09-30000-0163-20061109 Snmp SSH
Top Page Image Contents