Fortinet Version 3.0 manual FortiBridge operating principles, Example FortiBridge application

Page 9


FortiBridge operating principles	Example FortiBridge application

FortiBridge operating principles

This chapter describes a typical transparent mode FortiGate network and how to add a FortiBridge unit to this network to provide fail open protection. This chapter also contains detailed information about how FortiBridge units operate and concludes with descriptions of adding a FortiBridge unit to an HA cluster and connecting a FortiBridge unit other FortiGate interfaces.

This chapter contains the following sections:

•Example FortiBridge application

•Normal mode operation

•Bypass mode operation

•FortiBridge power failure

•Example FortiGate HA cluster FortiBridge application

•Example configuration with other FortiGate interfaces

Example FortiBridge application

A typical application of a FortiGate unit operating in transparent mode is to insert the FortiGate unit into an internal network, between the network and the router that connects the network to the Internet. In this configuration, the FortiGate unit can provide security services for all traffic passing between the internal network and the internet. These security services can include:

•applying firewall policies and IPS attack prevention to all traffic,

•applying virus scanning to HTTP, FTP, POP3, SMTP, and IMAP traffic,

•applying web filtering to HTTP traffic,

•applying Spam filtering to POP3, SMTP, and IMAP traffic.

The internal network is connected to the FortiGate unit internal interface. The router is connected to the FortiGate unit external interface. The FortiGate unit can be added to the network without changing the configuration of the network (except to add the FortiGate management IP address).

Figure 2: Example transparent mode network

Internal network

Internet

Internal	External	Router
		Router

(Transparent mode)

To allow users on the internal network to connect to resources on the Internet, add Internal ->External firewall policies to the FortiGate unit. Add protection profiles to the firewall policies to apply security services such as virus scanning, web filtering, spam filtering and IPS to the traffic that passes through the FortiGate unit.

FortiBridge Version 3.0 Administration Guide	9
09-30000-0163-20061109

Image 9

Contents M i n i s t r a t i o n G u i d e Regulatory compliance TrademarksContents Configuration and operating procedures Using the CLIConfig CLI commands Index Execute CLI commandsPage About this document About FortiBridgeFortinet documentation Customer service and technical supportFortinet tools and documentation CD Fortinet Knowledge CenterExample FortiBridge application FortiBridge operating principlesConnecting the FortiBridge-1000 copper gigabit ethernet Connecting the FortiBridge unitNormal mode operation Connecting the FortiBridge-1000F fiber gigabit ethernetHow the FortiBridge unit monitors the FortiGate unit Probes and FortiGate firewall policies Normal mode operationEnabling probes to detect FortiGate hardware failure Enabling probes to detect FortiGate software failureProbe interval and probe threshold FortiBridge power failure Bypass mode operationExample FortiGate HA cluster FortiBridge application Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces FortiBridge unit basic information FortiBridge-1000 Package contentsMounting instructions FortiBridge-1000F Package contentsLED indicators Technical specificationsFactory default configuration ConnectorsConnecting and turning on the FortiBridge-1000 unit Connecting and turning on the FortiBridge unitConnecting and turning on the FortiBridge-1000F unit To connect and turn on the FortiBridge-1000 unitTo connect and turn on the FortiBridge-1000F unit Connecting to the FortiBridge console Connecting to the command line interface CLIFortiBridge-1000 login To connect to the FortiBridge console for the first timeConnecting to the FortiBridge CLI using Telnet Completing the basic FortiBridge configurationTo connect to the CLI using Telnet Welcome FortiBridge-1000 #To add an administrator password Adding an administrator passwordChanging the management IP address To change the management IP addressAdding static routes Changing DNS server IP addressesTo change DNS server IP addresses To add static routesAllowing management access to the EXT 1 interface Adding administrator accountsChanging the system time and date Resetting to the factory default configuration Installing FortiBridge unit firmwareTo reset to factory defaults from the FortiBridge CLI Execute restore image namestr tftpip To upgrade to a new firmware versionExecute restore image FBG1000-v10-build010-FORTINET.out Upgrading to a new firmware versionTo revert to a previous firmware version Reverting to a previous firmware versionTo install firmware from a system reboot Installing firmware from a system rebootHit any key to stop autoboot Enter Tftp server addressGet system status Enter firmware image file image.outExample network settings Configuration and operating proceduresConfiguring FortiBridge probes Configuring FortiBridge probesTo configure probe settings Probe settingsTo enable and configure FortiBridge probes Config probe probelist ping set status enable EndEnabling probes Verifying that probes are functioning Config probe probelist Imap set status enable EndTo verify that probes are functioning Go to System Status SessionTuning the failure threshold and probe interval Configuring FortiBridge alertsConfig alertemail setting set server mail.myorg.com End To configure alert emailFortiBridge alert email FortiBridge syslogTo configure FortiBridge syslog Config log syslogd setting set server EndFortiBridge Snmp To add and enable an Snmp community Recovering from a FortiGate failureConfig system snmp community edit Set name snmp1 End To resume normal operation from bypass modeBacking up and restoring the FortiBridge configuration Manually switching between FortiBridge operating modesExecute switch-mode To back up the FortiBridge configurationBacking up and restoring the FortiBridge configuration Backing up and restoring the FortiBridge configuration Setting administrative access for SSH or Telnet Connecting to the FortiBridge CLI using SSH or TelnetTo use the CLI to configure SSH or Telnet access CLI basicsConnecting to the FortiBridge CLI using SSH Other access methodsSet allowaccess ping telnet ssh Get system interface namestrTo connect to the CLI using SSH Connecting to the FortiBridge CLI using SSH or Telnet Config CLI commands Alertemail setting Command syntax patternExamples Related Commands Example Log syslogd settingGet probe probelist Probe probelist ping http ftp pop3 smtp imapGet probe probelist http Show probe probelistSyslog Probe settingRw w System accprofileGet system accprofile Get system accprofile policyprofileShow system accprofile Password passwordstr System adminGet system admin Get system admin newadminShow system admin System console Config system console set EndGet system console Show system consoleSystem dns Get system dnsShow system dns Get system status Failbypass System failcloseSystem failclose Minutesinteger System globalShow system global Get system globalSystem interface internal external Get system interface internalShow system interface internal System manageip Config system manageip Set ip 192.168.2.80 255.255.255.0 endDistanceinteger System routeSystem snmp community Config hostsShow system snmp community Get system snmp communityExecute CLI commands Command syntax BackupExecute backup config filenamestr tftp-serveripv4 Execute backup config fbdg.cfgDate Execute date datestr datestr has the form mm/dd/yyyy, whereExecute date 09/17/2004 Execute factoryreset FactoryresetExecute ping addressipv4 host-namestr PingExecute reboot RebootExecute restore config backupconfig RestoreSwitch-mode Execute time timestr TimeTime Index 09-30000-0163-20061109 Snmp SSH