Example FortiBridge application | FortiBridge operating principles |
The FortiGate unit acts as an extra layer of protection for your internal network. While it is operating, the FortiGate unit protects the internal network from threats originating on the Internet. All users on the internal network connect through the FortiGate unit to the Internet. This also means that if a failure or other interruption caused the FortiGate unit to stop functioning, users on the internal network would not be able to connect to the Internet.
You can install a FortiBridge unit to maintain internet connectivity for the internal network if the FortiGate unit stops functioning. The FortiBridge unit provides fail open protection for your network by bypassing the FortiGate unit if a failure occurs.
Connecting the FortiBridge unit
Operating in normal mode, the FortiBridge unit functions like a
In most cases, you do not have to make changes to the FortiGate unit configuration or to the network to add a FortiBridge unit. The only network requirement for FortiBridge is the availability of a single management IP address for the FortiBridge unit. The FortiBridge management IP address is required in addition to the FortiGate management IP address.
The connection procedure is different depending on whether the FortiBridge unit uses copper gigabit ethernet network connections or fiber gigabit ethernet network connections. This section includes the following connection procedures:
•Connecting the
•Connecting the
Figure 3: FortiBridge unit providing fail open protection
(Normal mode)
Internal network
INT 1
INT 2
Internal
EXT 1 | Internet |
EXT 2 | Router |
External |
|
(Transparent mode)
Connecting the FortiBridge-1000 (copper gigabit ethernet)
The
Note: Normally, you would use
10 | FortiBridge Version 3.0 Administration Guide |
