Configuring FortiBridge alerts | Fortinet Version 3.0 manual

Configuring FortiBridge alerts

Configuration and operating procedures

Figure 15: FortiGate Session list showing FortiBridge probes

This session list shows the following:

•The FortiBridge dynamic probe IP addresses are 2.2.2.213 and 2.2.2.214.

•IMAP probe packets (port 143) are processed by firewall policy 3.

•FTP probe packets (port 21) are processed by firewall policy 2.

•ping probe packets are processed by firewall policy 1.

•SMTP packets using port 26 are processed by firewall policy 1.

Tuning the failure threshold and probe interval

If you find the FortiBridge unit failing open when the FortiGate unit has not failed or if the FortiGate unit fails and there is an unacceptably long delay before the FortiBridge unit fails open, you should adjust the failure threshold and probe interval.

Failing open when the FortiGate unit has not failed indicates that you should increase the time the FortiBridge unit waits to fail open. During startup, if the FortiBridge unit begins sending probe packets before the FortiGate unit has completed its start up sequence the FortiBridge unit may detect a failure and switch to bypass mode. Also, if the FortiGate unit is processing high traffic volumes, a fail open could occur if the FortiGate unit delays FortiBridge probe packets. You can increase the fail open delay by increasing the failure threshold and probe interval.

An unacceptable delay before failing open means network traffic can be interrupted for the time period between when the FortiGate unit fails and the FortiBridge unit fails open. You can minimize the delay by reducing the failure threshold and probe interval.

Configuring FortiBridge alerts

Configure FortiBridge alerts so that the alertemail, syslog, and snmp actions on failure cause the FortiBridge unit to notify system administrators that the FortiGate unit has failed. Until you configure alert email, syslog, and SNMP alerts, the FortiBridge cannot notify system administrators of a FortiGate failure.

You can configure the following FortiBridge alerts:

•FortiBridge alert email

•FortiBridge syslog

•FortiBridge SNMP

40	FortiBridge Version 3.0 Administration Guide
	09-30000-0163-20061109

Image 40

Fortinet Version 3.0 manual Configuring FortiBridge alerts, Tuning the failure threshold and probe interval

Contents

M i n i s t r a t i o n G u i d e Trademarks Regulatory compliance Contents Using the CLI Configuration and operating proceduresConfig CLI commands Execute CLI commands IndexPage About FortiBridge About this document Customer service and technical support Fortinet documentationFortinet tools and documentation CD Fortinet Knowledge Center FortiBridge operating principles Example FortiBridge application Connecting the FortiBridge unit Connecting the FortiBridge-1000 copper gigabit ethernet Connecting the FortiBridge-1000F fiber gigabit ethernet Normal mode operationHow the FortiBridge unit monitors the FortiGate unit Normal mode operation Probes and FortiGate firewall policies Enabling probes to detect FortiGate software failure Enabling probes to detect FortiGate hardware failureProbe interval and probe threshold Bypass mode operation FortiBridge power failure Example FortiGate HA cluster FortiBridge application Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces FortiBridge-1000 Package contents FortiBridge unit basic information FortiBridge-1000F Package contents Mounting instructions Technical specifications LED indicators Connectors Factory default configuration Connecting and turning on the FortiBridge unit Connecting and turning on the FortiBridge-1000 unit To connect and turn on the FortiBridge-1000 unit Connecting and turning on the FortiBridge-1000F unitTo connect and turn on the FortiBridge-1000F unit Connecting to the command line interface CLI Connecting to the FortiBridge consoleFortiBridge-1000 login To connect to the FortiBridge console for the first time Completing the basic FortiBridge configuration Connecting to the FortiBridge CLI using TelnetTo connect to the CLI using Telnet Welcome FortiBridge-1000 # Adding an administrator password To add an administrator passwordChanging the management IP address To change the management IP address Changing DNS server IP addresses Adding static routesTo change DNS server IP addresses To add static routes Adding administrator accounts Allowing management access to the EXT 1 interfaceChanging the system time and date Installing FortiBridge unit firmware Resetting to the factory default configurationTo reset to factory defaults from the FortiBridge CLI To upgrade to a new firmware version Execute restore image namestr tftpipExecute restore image FBG1000-v10-build010-FORTINET.out Upgrading to a new firmware version Reverting to a previous firmware version To revert to a previous firmware version Installing firmware from a system reboot To install firmware from a system rebootHit any key to stop autoboot Enter Tftp server address Enter firmware image file image.out Get system status Configuration and operating procedures Example network settings Configuring FortiBridge probes Configuring FortiBridge probes Probe settings To configure probe settings Config probe probelist ping set status enable End To enable and configure FortiBridge probesEnabling probes Config probe probelist Imap set status enable End Verifying that probes are functioningTo verify that probes are functioning Go to System Status Session Configuring FortiBridge alerts Tuning the failure threshold and probe interval To configure alert email Config alertemail setting set server mail.myorg.com EndFortiBridge alert email FortiBridge syslog Config log syslogd setting set server End To configure FortiBridge syslogFortiBridge Snmp Recovering from a FortiGate failure To add and enable an Snmp communityConfig system snmp community edit Set name snmp1 End To resume normal operation from bypass mode Manually switching between FortiBridge operating modes Backing up and restoring the FortiBridge configurationExecute switch-mode To back up the FortiBridge configuration Backing up and restoring the FortiBridge configuration Backing up and restoring the FortiBridge configuration Connecting to the FortiBridge CLI using SSH or Telnet Setting administrative access for SSH or TelnetTo use the CLI to configure SSH or Telnet access CLI basics Other access methods Connecting to the FortiBridge CLI using SSHSet allowaccess ping telnet ssh Get system interface namestr To connect to the CLI using SSH Connecting to the FortiBridge CLI using SSH or Telnet Config CLI commands Command syntax pattern Alertemail settingExamples Related Commands Log syslogd setting Example Probe probelist ping http ftp pop3 smtp imap Get probe probelistGet probe probelist http Show probe probelist Probe setting Syslog System accprofile Rw w Get system accprofile policyprofile Get system accprofileShow system accprofile System admin Password passwordstr Get system admin newadmin Get system adminShow system admin Config system console set End System consoleGet system console Show system console Get system dns System dnsShow system dns Get system status System failclose Failbypass System failclose System global Minutesinteger Get system global Show system global Get system interface internal System interface internal externalShow system interface internal Config system manageip Set ip 192.168.2.80 255.255.255.0 end System manageip System route Distanceinteger Config hosts System snmp community Get system snmp community Show system snmp community Execute CLI commands Backup Command syntaxExecute backup config filenamestr tftp-serveripv4 Execute backup config fbdg.cfg Execute date datestr datestr has the form mm/dd/yyyy, where DateExecute date 09/17/2004 Factoryreset Execute factoryreset Ping Execute ping addressipv4 host-namestr Reboot Execute reboot Restore Execute restore config backupconfig Switch-mode Time Execute time timestr Time Index 09-30000-0163-20061109 Snmp SSH