Fortinet 5.0 Patch 6 Configuring a bridge (V-zone)

Fortinet 122 FortiWeb 5.0 Patch 6 Administration Guide

To configure an IPv4link aggregate via the CLI

1. Enter the following commands:

config system interface

edit "aggregate"

set type agg

set status up

set intf <port_name> <port_name>

set algorithm {layer2 | layer2_3 | layer3_4}

set lacp-speed {fast | slow}

set ip <address_ipv4> <netmask_ipv4mask>

end

where:

•<port_name> is the name of a physical network interface, such as port3

•<address_ipv4> is the IP address assigned to the network interface

•<netmask_ipv4mask> is its netmask in dotted decimal format

•{layer2 | layer2_3 | layer3_4} is a choice between the connectivity layers that

will be considered when distributing frames among the aggregated physical ports.

•{fast | slow} is a choice of the rate of transmission for the LACP frames (LACPUs)

between FortiWeb and the peer device at the other end of the trunking cables; this must

match the LACP peer

See also

•Network interface or bridge?

•Configuring the network interfaces

•Configuring a bridge (V-zone)

•Adding a gateway

Configuring a bridge (V-zone)

You can configure a bridge either via the web UI or the CLI.

Bridges allow network connections to travel through the FortiWeb appliance’s physical network

ports without explicitly connecting to one of its IP addresses. Due to this nature, bridges are

configured only when FortiWeb is operating in either true transparent proxy or transparent

inspection mode.

Bridges on the FortiWeb appliance support IEEE 802.1d spanning tree protocol (STP) by

forwarding bridge protocol data unit (BPDU) packets, but do not generate BPDU packets of

their own. Therefore, in some cases, you might need to manually test the bridged network for

Layer 2 loops. Also, you may prefer to manually design a tree that uses the minimum cost path

to the root switch for design and performance reasons.

True bridges typically have no IP address of their own. They use only media access control

(MAC) addresses to describe the location of physical ports within the scope of their network

and do network switching at Layer 2 of the OSI model. However, if you require the ability to use

an IP address to use ICMP ECHO_REQUEST (ping) to test connectivity with the physical ports

comprising the bridge, you can assign an IP address to the bridge and thereby create a virtual

network interface that will respond.