system fail_close

config CLI commands

system fail_close

Use this command to configure the fail close feature.

Command syntax pattern

config system fail_close set <keyword> <variable>

end

config system fail_close

unset <keyword> end

get system fail_close

show system fail_close

Keywords and variables

Description

Default

 

 

 

status {disable

The fail_bypass option is only available on the

disable

fail_close

FBG-1000F.

 

fail_bypass}

When the FortiBridge detects an upstream or downstream

 

network disconnection (whether due to a cut/disconnected

 

 

cable, failure of the connected device, or failure of the

 

 

FortiBridge unit’s own interface), it will bring down its own

 

 

network interface after waiting the amount of time set for

 

 

the threshold variable. If the fail close status is set to

 

 

fail_close and a switch connected to EXT1 fails, the

 

 

FortiBridge would bring down its own INT1. This way, the

 

 

device connected to INT1 will be able to determine there is

 

 

a problem Similarly, if a device connected to INT1 fails, the

 

 

FortiBridge would bring down its own EXT1.

 

 

When the problem is corrected, the FortiBridge will enable

 

 

its own network interface after waiting the amount of time

 

 

set for the threshold variable.

 

 

Some early FBG-1000 units will return an Not supported

 

 

by this hardware error when this command is invoked. This

 

 

is normal as hardware support for fail_close was only

 

 

added in later units.

 

 

When using a FBG-1000F, some fiber-connected

 

 

equipment doesn’t properly detect the status of a

 

 

FortiBridge interface brought down by the fail_close

 

 

option. To prevent this problem, use fail_bypass

 

 

instead. If a network problem is detected with

 

 

fail_bypass set, the FortiBridge will switch to bypass

 

 

mode. This way, the network devices can detect the

 

 

problem directly through the FortiBridge. Note that

 

 

fail_bypass causes the FortiBridge to remove itself

 

 

from the network when a problem is detected so manual

 

 

intervention is required to switch back to normal mode.

 

 

 

 

threshold

Enter how long, in seconds, the FortiBridge will wait after

3

<seconds_integer>

detecting a network problem before activating the fail close

 

 

feature. Except when fail_bypass is set, the FortiBridge

 

 

will wait the specified time before deactivating the fail close

 

 

feature when the problem is corrected.

 

 

 

 

64

FortiBridge Version 3.0 Administration Guide

09-30000-0163-20061109

Page 64
Image 64
Fortinet Version 3.0 manual System failclose, Failbypass