Configuring FortiBridge alerts | Configuration and operating procedures |
Figure 15: FortiGate Session list showing FortiBridge probes
This session list shows the following:
•The FortiBridge dynamic probe IP addresses are 2.2.2.213 and 2.2.2.214.
•IMAP probe packets (port 143) are processed by firewall policy 3.
•FTP probe packets (port 21) are processed by firewall policy 2.
•ping probe packets are processed by firewall policy 1.
•SMTP packets using port 26 are processed by firewall policy 1.
Tuning the failure threshold and probe interval
If you find the FortiBridge unit failing open when the FortiGate unit has not failed or if the FortiGate unit fails and there is an unacceptably long delay before the FortiBridge unit fails open, you should adjust the failure threshold and probe interval.
Failing open when the FortiGate unit has not failed indicates that you should increase the time the FortiBridge unit waits to fail open. During startup, if the FortiBridge unit begins sending probe packets before the FortiGate unit has completed its start up sequence the FortiBridge unit may detect a failure and switch to bypass mode. Also, if the FortiGate unit is processing high traffic volumes, a fail open could occur if the FortiGate unit delays FortiBridge probe packets. You can increase the fail open delay by increasing the failure threshold and probe interval.
An unacceptable delay before failing open means network traffic can be interrupted for the time period between when the FortiGate unit fails and the FortiBridge unit fails open. You can minimize the delay by reducing the failure threshold and probe interval.
Configuring FortiBridge alerts
Configure FortiBridge alerts so that the alertemail, syslog, and snmp actions on failure cause the FortiBridge unit to notify system administrators that the FortiGate unit has failed. Until you configure alert email, syslog, and SNMP alerts, the FortiBridge cannot notify system administrators of a FortiGate failure.
You can configure the following FortiBridge alerts:
•FortiBridge alert email
•FortiBridge syslog
•FortiBridge SNMP
40 | FortiBridge Version 3.0 Administration Guide |