Справочник Пользователя для Fortinet Version 3.0
FortiBridge operating principles
Example FortiGate HA cluster FortiBridge application
FortiBridge Version 3.0 Administration Guide
09-30000-0163-20061109
09-30000-0163-20061109
15
Example FortiGate HA cluster FortiBridge application
A FortiBridge unit can provide fail open protection for a FortiGate HA cluster
operating in transparent mode in much the same way as for a standalone
FortiGate unit. To provide fail open protection for an HA cluster, connect the
FortiBridge unit to the switches that connect the internal and external interfaces of
the cluster. Use the following steps to connect a FortiBridge unit to the HA cluster,
as shown in
operating in transparent mode in much the same way as for a standalone
FortiGate unit. To provide fail open protection for an HA cluster, connect the
FortiBridge unit to the switches that connect the internal and external interfaces of
the cluster. Use the following steps to connect a FortiBridge unit to the HA cluster,
as shown in
Figure 7
:
Figure 7: FortiBridge unit providing fail open protection for a FortiGate HA cluster
The network configuration and FortiBridge configuration are the same for a cluster
and for a standalone FortiGate unit. In normal mode, packets pass through the
FortiBridge unit and through the FortiGate HA cluster and back through the
FortiBridge unit. For the cluster to process this traffic, you must add
Internal -> External firewall policies to the cluster configuration. If a failure occurs
and the cluster no longer processes traffic, the FortiBridge unit switches to bypass
mode, bypassing the cluster.
and for a standalone FortiGate unit. In normal mode, packets pass through the
FortiBridge unit and through the FortiGate HA cluster and back through the
FortiBridge unit. For the cluster to process this traffic, you must add
Internal -> External firewall policies to the cluster configuration. If a failure occurs
and the cluster no longer processes traffic, the FortiBridge unit switches to bypass
mode, bypassing the cluster.
The connection procedure is different depending on whether the FortiBridge unit
uses copper gigabit ethernet network connections or fiber gigabit ethernet
network connections. This section includes the following connection procedures:
uses copper gigabit ethernet network connections or fiber gigabit ethernet
network connections. This section includes the following connection procedures:
•
•
Connecting the FortiBridge-1000 (copper gigabit ethernet)
The FortiBridge-1000 unit contains 4 auto-sensing 10/100/1000 Ethernet
interfaces that connect to the internal and external networks and to the cluster
interfaces that were connected to these networks. Use the following steps to
connect a FortiBridge-1000 unit to the network as shown in
interfaces that connect to the internal and external networks and to the cluster
interfaces that were connected to these networks. Use the following steps to
connect a FortiBridge-1000 unit to the network as shown in
Figure 7
.
Router
INT 1
INT 2
EXT 1
EXT 2
Internal
External
Internal network
Internet
(Transparent mode)
(Normal mode)
HA cluster
Probe packets
Note: Normally, you would use straight-through ethernet cables to connect the
FortiBridge-1000 unit to the FortiGate unit and to your networks. However, for some
connections you may need a crossover ethernet cable (for example, for compatibility with
network devices that do not support Auto MDI/MDIX).
FortiBridge-1000 unit to the FortiGate unit and to your networks. However, for some
connections you may need a crossover ethernet cable (for example, for compatibility with
network devices that do not support Auto MDI/MDIX).