Fortinet Version 3.0 manual Enabling probes to detect FortiGate hardware failure

Table 1: FortiBridge probes and FortiGate firewall policy requirements (Continued)

Enabling probes to detect FortiGate hardware failure

A FortiGate unit can stop processing network traffic because of a hardware failure such as the failure of a hardware component, a loss of power, or a loss of connectivity if a network cable is unplugged.

If a hardware failure occurs, the FortiGate unit stops processing all traffic. You can enable any FortiBridge probe for the FortiBridge unit to detect a FortiGate hardware failure.

Enabling probes to detect FortiGate software failure

A FortiGate unit can also stop processing network traffic because of a software failure. For example, a firmware issue could cause a specific software process to crash. Also, network traffic could increase to a point where the FortiGate unit cannot process all traffic. As a result, the FortiGate unit could stop processing some or all traffic without a hardware failure occurring.

To detect a FortiGate software failure, you can enable probes for FortiGate services that you want to provide fail open protection for. For example, if it is a high priority for your network to provide SMTP email services, you should enable the SMTP probe. If the SMTP probe detects a failure of SMTP traffic through the FortiGate unit, the FortiBridge unit switches to bypass mode to maintain SMTP traffic flow.

If you do not consider FTP traffic a high priority, you can leave the FTP probe disabled. In this configuration, if only FTP traffic fails, the FortiBridge does not switch to bypass mode.

Probe interval and probe threshold

For each probe, you set a probe interval and a probe threshold. The probe interval defines how often to test the connection. The probe threshold defines how many consecutive failed probes can occur before the FortiBridge considers the connection to have failed.