Configuring FortiBridge probes

Configuration and operating procedures

2Configure probe settings. Enter:

config probe setting

set action_on_failure alertmail failopen snmp syslog set dynamic_ip_pattern 2.2.2.*

set fgt_serial FGT8002803923050 end

Enabling probes

Enable probes to control the protocols that the FortiBridge unit uses to confirm that the FortiGate unit is functioning normally. You can configure probes for ping (ICMP), HTTP, FTP, POP3, SMTP, and IMAP protocols. For all probes you can configure the probe interval (the time between consecutive probe packets), and the probe threshold (the number of probe packets lost before the FortiBridge unit registers a failure). For HTTP, FTP, POP3, SMTP, and IMAP probes you can also change the probe port. You would change the probe port for a protocol if the FortiGate unit uses a non-standard port for that protocol.

The FortiBridge unit simultaneously tests connectivity through the FortiGate unit for each probe that you have enabled. The first probe that registers a failure causes all probes to stop and the configured action on failure to occur.

Before you configure probes, the FortiGate unit must be configured to pass the probe traffic. A single Internal->External firewall policy that allows all traffic also allows all probe packets. You can also configure individual policies for each protocol. For example, you could add the policies shown in Figure 14 to the FortiGate unit.

Figure 14: Sample firewall policies

Policy 1 processes any network traffic. Policy 2 processes all FTP traffic. Policy 2 is above Policy 1 in the policy list, so FTP traffic is matched by policy 2. In the same way, Policy 3 processes all IMAP traffic.

FTP and IMAP probes would be processed by policies 2 and 3 respectively. All other probes would be processed by policy 1. This would include pings, SMTP traffic and so on.

To enable and configure FortiBridge probes

The following steps show examples for configuring ping, HTTP, FTP, POP3, SMTP, and IMAP probes. For a complete description of FortiBridge probes see “probe probe_list {ping http ftp pop3 smtp imap}” on page 55.

1Log into the FortiBridge CLI.

2Enable the ping probe using the default ping probe parameters. Enter:

config probe probe_list ping set status enable

end

38

FortiBridge Version 3.0 Administration Guide

09-30000-0163-20061109

Page 38
Image 38
Fortinet Version 3.0 manual Enabling probes, To enable and configure FortiBridge probes