Fortinet 125 FortiWeb 5.0 Patch 6 Administration Guide
To configure an IPv4 bridge in the CLI
1. If you have installed a physical FortiWeb appliance, connect one of the physical ports in the
bridge to your protected web servers, and the other port to the Internet or your internal
network.
Because port1 is reserved for connections with your management computer, for physical
appliances, this means that you must connect at least 3 ports:
•port1 to your management computer
• one port to your web servers
• one port to the Internet or your internal network
If you have installed a virtual FortiWeb appliance, the number and topology of connections of
your physical ports depend on your vNIC mappings. For details, see the FortiWeb-VM Install
Guide.
2. If you have installed FortiWeb as a virtual appliance (FortiWeb-VM), configure the virtual
switch. For details, see the FortiWeb-VM Install Guide.
3. Enter the following commands:
config system v-zone
edit <v-zone_name>
set ip <address_ipv4> <netmask_ipv4>
set interfaces {<port_name> ...}
end
where:
•<v-zone_name> is the name of the bridge
•{<port_name> ...} is a space-delimited list of one or more network ports that will be
members of this bridge. Eligible network ports must not yet belong to a bridge, and have
no assigned IP address. For a list of eligible ports, enter:
set interfaces ?
•<address_ipv4> <netmask_ipv4> is an IP address for the purposes of testing
connectivity to the bridge ports
4. To use the bridge, select it in a policy (see “Configuring a server policy” on page 483).
See also
•Network interface or bridge?
•Configuring the network interfaces
•Link aggregation
•Adding a gateway
Adding a gatewayStatic routes direct traffic exiting the FortiWeb appliance based upon the packet’s destination —
you can specify through which network interface a packet will leave, and the IP address of a
next-hop router that is reachable from that network interface. Routers are aware of which IP
addresses are reachable through various network pathways, and can forward those packets
along pathways capable of reaching the packets’ ultimate destinations. Your FortiWeb itself
does not need to know the full route, as long as the routers can pass along the packet.
You must configure FortiWeb with at least one static route that points to a router, often a router
that is the gateway to the Internet. You may need to configure multiple static routes if you have
multiple gateway routers (e.g. each of which should receive packets destined for a different