Fortinet Version 3.0 - Manual

FortiBridge Version 3.0 Administration Guide 8 09-30000-0163-20061109 Fortinet documentation Introduction • Using the CLI describes how to use the FortiBridge CLI. • config CLI commands is the FortiBridge config CLI command reference. • execute CLI commands is the FortiBridge execute CLI command ref...

FortiBridge operating principles Example FortiBridge application FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 9 FortiBridge operating principles This chapter describes a typical transparent mode FortiGate network and how to add a FortiBridge unit to this network to provide fail...

FortiBridge Version 3.0 Administration Guide 10 09-30000-0163-20061109 Example FortiBridge application FortiBridge operating principles The FortiGate unit acts as an extra layer of protection for your internal network. While it is operating, the FortiGate unit protects the internal network from thre...

FortiBridge operating principles Normal mode operation FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 11 1 Connect the FortiBridge-1000 INT 2 interface to the FortiGate internal interface. 2 Connect the FortiGate external interface to the FortiBridge-1000 EXT 2 interface. 3 Conne...

FortiBridge Version 3.0 Administration Guide 12 09-30000-0163-20061109 Normal mode operation FortiBridge operating principles Figure 5: FortiBridge unit operating in normal mode sending probe packets You can enable ICMP (ping), HTTP, FTP, POP3, SMTP, and IMAP probes to test connectivity through the ...

FortiBridge operating principles Normal mode operation FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 13 Enabling probes to detect FortiGate hardware failure A FortiGate unit can stop processing network traffic because of a hardware failure such as the failure of a hardware compo...

FortiBridge Version 3.0 Administration Guide 14 09-30000-0163-20061109 Bypass mode operation FortiBridge operating principles Bypass mode operation When the FortiBridge unit operates in bypass mode, the FortiBridge INT 1 and EXT 1 interfaces are directly connected. All traffic between the internal a...

FortiBridge operating principles Example FortiGate HA cluster FortiBridge application FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 15 Example FortiGate HA cluster FortiBridge application A FortiBridge unit can provide fail open protection for a FortiGate HA cluster operating in...

FortiBridge Version 3.0 Administration Guide 16 09-30000-0163-20061109 Example configuration with other FortiGate interfaces FortiBridge operating principles 1 Connect the FortiBridge-1000 INT 2 interface to the switch connected to the HA cluster internal interface. 2 Connect the switch connected to...

Setting up FortiBridge units FortiBridge unit basic information FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 19 Setting up FortiBridge units This chapter contains the information you need to unpack, connect, and configure your FortiBridge unit: • FortiBridge unit basic informat...

FortiBridge Version 3.0 Administration Guide 20 09-30000-0163-20061109 FortiBridge unit basic information Setting up FortiBridge units Figure 9: FortiBridge-1000 package contents FortiBridge-1000F Package contents The FortiBridge-1000F package contains the following items: • the FortiBridge-1000F un...

Setting up FortiBridge units FortiBridge unit basic information FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 21 Technical specifications LED indicators Table 2: FortiBridge-1000 and 1000F technical specifications Dimensions 8.63 x 6.13 x 1.38 in. (21.9 x 15.6 x 3.5 cm) Weight 1...

FortiBridge Version 3.0 Administration Guide 22 09-30000-0163-20061109 FortiBridge unit basic information Setting up FortiBridge units Connectors Factory default configuration Table 5: FortiBridge-1000 connectors Connector Type Speed Protocol Description INT 1 RJ-45 10/100/1000 Base-T Ethernet Coppe...

Setting up FortiBridge units Connecting and turning on the FortiBridge unit FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 23 Connecting and turning on the FortiBridge unit In most cases, you can connect the FortiBridge unit without making any configuration changes to your networ...

FortiBridge Version 3.0 Administration Guide 24 09-30000-0163-20061109 Connecting and turning on the FortiBridge unit Setting up FortiBridge units To connect and turn on the FortiBridge-1000 unit 1 Connect the FortiBridge-1000 INT 2 interface to the FortiGate unit internal interface. 2 Connect the F...

Setting up FortiBridge units Connecting to the command line interface (CLI) FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 25 3 Connect the internal network to the FortiBridge-1000F INT 1 interface. 4 Connect the FortiBridge-1000F EXT 1 interface to the router. Connecting to the ...

FortiBridge Version 3.0 Administration Guide 26 09-30000-0163-20061109 Completing the basic FortiBridge configuration Setting up FortiBridge units 9 Type the password for this administrator and press Enter. The default admin account does not require a password. For improved security, you should add ...

Setting up FortiBridge units Completing the basic FortiBridge configuration FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 27 • Adding an administrator password • Changing the management IP address • Changing DNS server IP addresses • Adding static routes • Allowing management ac...

FortiBridge Version 3.0 Administration Guide 28 09-30000-0163-20061109 Completing the basic FortiBridge configuration Setting up FortiBridge units Changing DNS server IP addresses Change the FortiBridge DNS server IP addresses to the IP addresses of your DNS servers. The correct DNS server configura...

Setting up FortiBridge units Completing the basic FortiBridge configuration FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 29 Allowing management access to the EXT 1 interface By default no management access is configured for the EXT 1 interface. Use the following procedure to ad...

FortiBridge Version 3.0 Administration Guide 30 09-30000-0163-20061109 Resetting to the factory default configuration Setting up FortiBridge units config system admin edit <admin_name_str> set password <password> set accprofile prof_admin end For example: config system admin edit new_adm...

Setting up FortiBridge units Installing FortiBridge unit firmware FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 31 Upgrading to a new firmware version You cannot use this procedure to re-install the current firmware or to revert to an older version of the firmware. If you need t...

FortiBridge Version 3.0 Administration Guide 32 09-30000-0163-20061109 Installing FortiBridge unit firmware Setting up FortiBridge units Reverting to a previous firmware version This procedure reverts the FortiBridge unit to a previous firmware version and rests the unit to its factory default confi...

Setting up FortiBridge units Installing FortiBridge unit firmware FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 33 Installing firmware from a system reboot This procedure installs a specified firmware image and resets the FortiBridge unit to default settings. You can use this pr...

Configuration and operating procedures Example network settings FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 35 Configuration and operating procedures This chapter describes how to configure a FortiBridge unit to provide fail open protection for a FortiGate unit operating in tr...

FortiBridge Version 3.0 Administration Guide 36 09-30000-0163-20061109 Configuring FortiBridge probes Configuration and operating procedures Figure 13: Example FortiBridge application Table 9 lists the internal network configuration. Table 10 lists the basic FortiBridge unit configuration settings. ...

Configuration and operating procedures Configuring FortiBridge probes FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 37 This section describes: • Probe settings • Enabling probes • Verifying that probes are functioning • Tuning the failure threshold and probe interval Probe setti...

FortiBridge Version 3.0 Administration Guide 38 09-30000-0163-20061109 Configuring FortiBridge probes Configuration and operating procedures 2 Configure probe settings. Enter: config probe setting set action_on_failure alertmail failopen snmp syslog set dynamic_ip_pattern 2.2.2.* set fgt_serial FGT8...

Configuration and operating procedures Configuring FortiBridge probes FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 39 3 Display ping probe settings, enter: get probe probe_list ping name : ping failure_threshold : 3 probe_interval : 1 status : enable 4 Enable the FTP probe. Inc...

FortiBridge Version 3.0 Administration Guide 40 09-30000-0163-20061109 Configuring FortiBridge alerts Configuration and operating procedures Figure 15: FortiGate Session list showing FortiBridge probes This session list shows the following: • The FortiBridge dynamic probe IP addresses are 2.2.2.213 ...

Configuration and operating procedures Configuring FortiBridge alerts FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 41 FortiBridge alert email If you set the probe action on failure to alertmail , you can configure alert email so that the FortiBridge unit sends an email message ...

FortiBridge Version 3.0 Administration Guide 42 09-30000-0163-20061109 Configuring FortiBridge alerts Configuration and operating procedures 02-01-2005 8:21:27 Local7.Alert 172.20.120.13 date=2005-02- 01 time=15:26:59 device_id= log_id=0100020001 type=event subtype=system pri=alert msg="FortiBri...

Configuration and operating procedures Recovering from a FortiGate failure FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 43 To add and enable an SNMP community 1 Log into the CLI. 2 Add the first SNMP community and name it snmp1 . Enter: config system snmp community edit 1 set n...

FortiBridge Version 3.0 Administration Guide 44 09-30000-0163-20061109 Manually switching between FortiBridge operating modes Configuration and operating procedures 2 Make the required changes to fix the problem. Depending on the cause, this could mean re-connecting and restarting the FortiGate unit...

Using the CLI CLI basics FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 47 Using the CLI This chapter explains how to connect to the command line interface (CLI) and contains some basic information about using the CLI. You use CLI commands to view all system information and to ch...

FortiBridge Version 3.0 Administration Guide 48 09-30000-0163-20061109 Connecting to the FortiBridge CLI using SSH or Telnet Using the CLI For example, to configure the internal interface to accept SSH connections, enter: config system interface edit internal set allowaccess ssh end 3 Use the follow...

Using the CLI Connecting to the FortiBridge CLI using SSH or Telnet FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 49 To connect to the CLI using SSH 1 Install and start an SSH client. 2 Connect to a FortiBridge interface that is configured for SSH connections. 3 Type a valid adm...

config CLI commands FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 51 config CLI commands alertemail setting log syslogd setting probe probe_list {ping | http | ftp | pop3 | smtp | imap} probe setting system accprofile system admin system console system dns get system status syst...

FortiBridge Version 3.0 Administration Guide 52 09-30000-0163-20061109 alertemail setting config CLI commands alertemail setting Use this command to configure the FortiBridge unit to send alert email to up to three recipients when action on failure is set to send a alert email message. Command synta...

config CLI commands alertemail setting FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 53 Related Commands • probe setting

FortiBridge Version 3.0 Administration Guide 54 09-30000-0163-20061109 log syslogd setting config CLI commands log syslogd setting Use this command to configure the FortiBridge unit to send a syslog message to a remote syslog server when action on failure is set to send a syslog message. Command syn...

config CLI commands system accprofile FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 57 system accprofile Use this command to add access profiles that control administrator access to FortiBridge features. Each administrator account must include an access profile. You can create a...

FortiBridge Version 3.0 Administration Guide 58 09-30000-0163-20061109 system accprofile config CLI commands Example Use the following commands to add a new access profile named policy_profile that allows read and write access system shutdown. An administrator account with this access profile can sh...

config CLI commands system console FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 61 system console Use this command to set the console command mode and output setting. Command syntax pattern config system console set <keyword> <variable> end config system console uns...

FortiBridge Version 3.0 Administration Guide 62 09-30000-0163-20061109 system dns config CLI commands system dns Use this command to set the DNS server addresses. Several FortiBridge functions, including sending email alerts and URL blocking, use DNS. On models numbered 100 and lower, you can use th...

FortiBridge Version 3.0 Administration Guide 66 09-30000-0163-20061109 system global config CLI commands system global Use this command to configure global settings that affect various FortiBridge systems and configurations. Command syntax pattern config system global set <keyword> <variabl...

config CLI commands system manageip FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 69 system manageip Configure the FortiBridge management IP address. Use the management IP address for management access to the FortiBridge unit. Command syntax pattern config system manageip set &l...

FortiBridge Version 3.0 Administration Guide 70 09-30000-0163-20061109 system route config CLI commands system route Use this command to add or edit FortiBridge static routes. Command syntax pattern config system route edit <sequence_integer> set <keyword> <variable> end config rou...

config CLI commands system snmp community FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 71 system snmp community Use this command to configure SNMP communities. Add SNMP communities so that the FortiBridge unit can send SNMP v1 and v2c traps to SNMP managers when action on failu...

execute CLI commands FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 73 execute CLI commands backup date factoryreset ping reboot restore switch-mode time

FortiBridge Version 3.0 Administration Guide 74 09-30000-0163-20061109 backup execute CLI commands backup Backup the FortiBridge configuration to a file on a TFTP server. Command syntax execute backup config <filename_str> <tftp-server_ipv4> Example This example shows how to backup a sys...

execute CLI commands date FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 75 date Get or set the system date. Command syntax execute date [<date_str>] date_str has the form mm/dd/yyyy , where • mm is the month and can be 01 to 12 • dd is the day of the month and can be 01 to...

FortiBridge Version 3.0 Administration Guide 76 09-30000-0163-20061109 factoryreset execute CLI commands factoryreset Reset the FortiBridge configuration to factory default settings. Command syntax execute factoryreset ! Caution: This procedure deletes all changes that you have made to the FortiBrid...

execute CLI commands ping FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 77 ping Send five ICMP echo requests (pings) to test the network connection between the FortiBridge unit and another network device. Command syntax execute ping {<address_ipv4> | <host-name_str>}...

FortiBridge Version 3.0 Administration Guide 78 09-30000-0163-20061109 reboot execute CLI commands reboot Restart the FortiBridge unit. Command syntax execute reboot

execute CLI commands restore FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 79 restore Use this command to restore a backup configuration and to change the FortiBridge firmware. Command syntax execute restore config <filename_str> <tftp-server_ipv4> execute restore im...

execute CLI commands time FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 81 time Get or set the system time. Command syntax execute time [<time_str>] time_str has the form hh:mm:ss , where • hh is the hour and can be 00 to 23 • mm is the minutes and can be 00 to 59 • ss is ...

Index FortiBridge Version 3.0 Administration Guide09-30000-0163-20061109 83 Index A accprofile 59action on failure fail open 37probe 37send alertmail 37SNMP trap 37syslog 37 action_on_failure 56admingrp 57administrative access for SSH or Telnet 47 administrator adding a password 27 administrator acc...