Справочник Пользователя для Fortinet Version 3.0
FortiBridge Version 3.0 Administration Guide
12
09-30000-0163-20061109
Normal mode operation
FortiBridge operating principles
Figure 5: FortiBridge unit operating in normal mode sending probe packets
You can enable ICMP (ping), HTTP, FTP, POP3, SMTP, and IMAP probes to test
connectivity through the FortiGate unit for each of these protocols. The
FortiBridge unit simultaneously tests connectivity through the FortiGate unit for
each probe that is enabled.
connectivity through the FortiGate unit for each of these protocols. The
FortiBridge unit simultaneously tests connectivity through the FortiGate unit for
each probe that is enabled.
The first probe that registers a failure causes the FortiBridge unit to stop sending
all probe packets. The FortiBridge unit responds to the failure according to the
action on failure that you configure. The action on failure can include fail open,
send alert email, send a syslog message, and send an SNMP trap. You can
enable any combination of these actions on failure. Fail open switches the
FortiBridge unit to bypass mode. Other actions on failure alert system
administrators that the FortiBridge has determined that a failure occurred.
all probe packets. The FortiBridge unit responds to the failure according to the
action on failure that you configure. The action on failure can include fail open,
send alert email, send a syslog message, and send an SNMP trap. You can
enable any combination of these actions on failure. Fail open switches the
FortiBridge unit to bypass mode. Other actions on failure alert system
administrators that the FortiBridge has determined that a failure occurred.
Probes and FortiGate firewall policies
Probe packets are accepted and passed through the FortiGate unit by firewall
policies added to the FortiGate unit. When enabling probes, you must make sure
that the firewall policies added to the FortiGate unit can accept probe packets. For
example, if your FortiGate unit does not accept FTP packets, you should not
enable the FTP probe.
policies added to the FortiGate unit. When enabling probes, you must make sure
that the firewall policies added to the FortiGate unit can accept probe packets. For
example, if your FortiGate unit does not accept FTP packets, you should not
enable the FTP probe.
describes FortiGate firewall policy requirements for
each FortiBridge probe.
Router
INT 1
INT 2
EXT 1
EXT 2
Internal
External
Probe packets
Internal network
Internet
(Transparent mode)
(Normal mode)
Table 1: FortiBridge probes and FortiGate firewall policy requirements
Probe Description
FortiGate Firewall policy
Direction
Service
Ping
ICMP packets are sent from the INT 2
interface to the EXT 2 interface. The EXT 2
interface responds to the ping.
interface to the EXT 2 interface. The EXT 2
interface responds to the ping.
Internal -> External ICMP or ANY
HTTP
HTTP requests are sent from an HTTP
client at the INT 2 interface to a web server
at the EXT 2 interface. The web server
sends a response from the EXT 2 interface
to the INT 2 interface.
client at the INT 2 interface to a web server
at the EXT 2 interface. The web server
sends a response from the EXT 2 interface
to the INT 2 interface.
Internal -> External HTTP or ANY
FTP
FTP requests are sent from an FTP client at
the INT 2 interface to an FTP server at the
EXT 2 interface. The FTP server sends a
response from the EXT 2 interface to the
INT 2 interface.
the INT 2 interface to an FTP server at the
EXT 2 interface. The FTP server sends a
response from the EXT 2 interface to the
INT 2 interface.
Internal -> External FTP or ANY