Fortinet Version 3.0 manual System failclose, Failbypass

Page 64

system fail_close

config CLI commands

system fail_close

Use this command to configure the fail close feature.

Command syntax pattern

config system fail_close set <keyword> <variable>

end

config system fail_close

unset <keyword> end

get system fail_close

show system fail_close

Keywords and variables	Description	Default

status {disable	The fail_bypass option is only available on the	disable
fail_close	FBG-1000F.
fail_bypass}	When the FortiBridge detects an upstream or downstream
fail_bypass}	network disconnection (whether due to a cut/disconnected
	cable, failure of the connected device, or failure of the
	FortiBridge unit’s own interface), it will bring down its own
	network interface after waiting the amount of time set for
	the threshold variable. If the fail close status is set to
	fail_close and a switch connected to EXT1 fails, the
	FortiBridge would bring down its own INT1. This way, the
	device connected to INT1 will be able to determine there is
	a problem Similarly, if a device connected to INT1 fails, the
	FortiBridge would bring down its own EXT1.
	When the problem is corrected, the FortiBridge will enable
	its own network interface after waiting the amount of time
	set for the threshold variable.
	Some early FBG-1000 units will return an Not supported
	by this hardware error when this command is invoked. This
	is normal as hardware support for fail_close was only
	added in later units.
	When using a FBG-1000F, some fiber-connected
	equipment doesn’t properly detect the status of a
	FortiBridge interface brought down by the fail_close
	option. To prevent this problem, use fail_bypass
	instead. If a network problem is detected with
	fail_bypass set, the FortiBridge will switch to bypass
	mode. This way, the network devices can detect the
	problem directly through the FortiBridge. Note that
	fail_bypass causes the FortiBridge to remove itself
	from the network when a problem is detected so manual
	intervention is required to switch back to normal mode.

threshold	Enter how long, in seconds, the FortiBridge will wait after	3
<seconds_integer>	detecting a network problem before activating the fail close
	feature. Except when fail_bypass is set, the FortiBridge
	will wait the specified time before deactivating the fail close
	feature when the problem is corrected.

64	FortiBridge Version 3.0 Administration Guide
	09-30000-0163-20061109

Image 64

Contents M i n i s t r a t i o n G u i d e Trademarks Regulatory complianceContents Using the CLI Configuration and operating proceduresConfig CLI commands Execute CLI commands IndexPage About FortiBridge About this documentCustomer service and technical support Fortinet documentationFortinet tools and documentation CD Fortinet Knowledge CenterFortiBridge operating principles Example FortiBridge applicationConnecting the FortiBridge unit Connecting the FortiBridge-1000 copper gigabit ethernetConnecting the FortiBridge-1000F fiber gigabit ethernet Normal mode operationHow the FortiBridge unit monitors the FortiGate unit Normal mode operation Probes and FortiGate firewall policiesEnabling probes to detect FortiGate software failure Enabling probes to detect FortiGate hardware failureProbe interval and probe threshold Bypass mode operation FortiBridge power failureExample FortiGate HA cluster FortiBridge application Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces FortiBridge-1000 Package contents FortiBridge unit basic informationFortiBridge-1000F Package contents Mounting instructionsTechnical specifications LED indicatorsConnectors Factory default configurationConnecting and turning on the FortiBridge unit Connecting and turning on the FortiBridge-1000 unitTo connect and turn on the FortiBridge-1000 unit Connecting and turning on the FortiBridge-1000F unitTo connect and turn on the FortiBridge-1000F unit Connecting to the command line interface CLI Connecting to the FortiBridge consoleFortiBridge-1000 login To connect to the FortiBridge console for the first timeCompleting the basic FortiBridge configuration Connecting to the FortiBridge CLI using TelnetTo connect to the CLI using Telnet Welcome FortiBridge-1000 #Adding an administrator password To add an administrator passwordChanging the management IP address To change the management IP addressChanging DNS server IP addresses Adding static routesTo change DNS server IP addresses To add static routesAdding administrator accounts Allowing management access to the EXT 1 interfaceChanging the system time and date Installing FortiBridge unit firmware Resetting to the factory default configurationTo reset to factory defaults from the FortiBridge CLI To upgrade to a new firmware version Execute restore image namestr tftpipExecute restore image FBG1000-v10-build010-FORTINET.out Upgrading to a new firmware versionReverting to a previous firmware version To revert to a previous firmware versionInstalling firmware from a system reboot To install firmware from a system rebootHit any key to stop autoboot Enter Tftp server addressEnter firmware image file image.out Get system statusConfiguration and operating procedures Example network settingsConfiguring FortiBridge probes Configuring FortiBridge probesProbe settings To configure probe settingsConfig probe probelist ping set status enable End To enable and configure FortiBridge probesEnabling probes Config probe probelist Imap set status enable End Verifying that probes are functioningTo verify that probes are functioning Go to System Status SessionConfiguring FortiBridge alerts Tuning the failure threshold and probe intervalTo configure alert email Config alertemail setting set server mail.myorg.com EndFortiBridge alert email FortiBridge syslogConfig log syslogd setting set server End To configure FortiBridge syslogFortiBridge Snmp Recovering from a FortiGate failure To add and enable an Snmp communityConfig system snmp community edit Set name snmp1 End To resume normal operation from bypass modeManually switching between FortiBridge operating modes Backing up and restoring the FortiBridge configurationExecute switch-mode To back up the FortiBridge configurationBacking up and restoring the FortiBridge configuration Backing up and restoring the FortiBridge configuration Connecting to the FortiBridge CLI using SSH or Telnet Setting administrative access for SSH or TelnetTo use the CLI to configure SSH or Telnet access CLI basicsOther access methods Connecting to the FortiBridge CLI using SSHSet allowaccess ping telnet ssh Get system interface namestrTo connect to the CLI using SSH Connecting to the FortiBridge CLI using SSH or Telnet Config CLI commands Command syntax pattern Alertemail settingExamples Related Commands Log syslogd setting ExampleProbe probelist ping http ftp pop3 smtp imap Get probe probelistGet probe probelist http Show probe probelistProbe setting SyslogSystem accprofile Rw wGet system accprofile policyprofile Get system accprofileShow system accprofile System admin Password passwordstrGet system admin newadmin Get system adminShow system admin Config system console set End System consoleGet system console Show system consoleGet system dns System dnsShow system dns Get system status System failclose FailbypassSystem failclose System global MinutesintegerGet system global Show system globalGet system interface internal System interface internal externalShow system interface internal Config system manageip Set ip 192.168.2.80 255.255.255.0 end System manageipSystem route DistanceintegerConfig hosts System snmp communityGet system snmp community Show system snmp communityExecute CLI commands Backup Command syntaxExecute backup config filenamestr tftp-serveripv4 Execute backup config fbdg.cfgExecute date datestr datestr has the form mm/dd/yyyy, where DateExecute date 09/17/2004 Factoryreset Execute factoryresetPing Execute ping addressipv4 host-namestrReboot Execute rebootRestore Execute restore config backupconfigSwitch-mode Time Execute time timestrTime Index 09-30000-0163-20061109 Snmp SSH