Справочник Пользователя для Fortinet Version 3.0
FortiBridge Version 3.0 Administration Guide
16
09-30000-0163-20061109
Example configuration with other FortiGate interfaces
FortiBridge operating principles
1
Connect the FortiBridge-1000 INT 2 interface to the switch connected to the HA
cluster internal interface.
cluster internal interface.
2
Connect the switch connected to the HA cluster external interface to the
FortiBridge-1000 EXT 2 interface.
FortiBridge-1000 EXT 2 interface.
3
Connect the internal network to the FortiBridge-1000 INT 1 interface.
4
Connect the FortiBridge-1000 EXT 1 interface to the router.
Connecting the FortiBridge-1000F (fiber gigabit ethernet)
The FortiBridge-1000F unit contains 4 multimode fiber optic gigabit interfaces that
connect to the internal and external networks and to the FortiGate cluster
interfaces that were connected to these networks. Use the following steps to
connect a FortiBridge-1000F unit to the network as shown in
connect to the internal and external networks and to the FortiGate cluster
interfaces that were connected to these networks. Use the following steps to
connect a FortiBridge-1000F unit to the network as shown in
Figure 3
.
1
Connect the FortiBridge-1000F INT 2 interface to the switch connected to the HA
cluster internal interface.
cluster internal interface.
2
Connect the switch connected to the HA cluster external interface to the
FortiBridge-1000F EXT 2 interface.
FortiBridge-1000F EXT 2 interface.
3
Connect the internal network to the FortiBridge-1000F INT 1 interface.
4
Connect the FortiBridge-1000F EXT 1 interface to the router.
Example configuration with other FortiGate interfaces
All of the examples in this chapter describe using the FortiBridge unit to provide
fail open protection for traffic passing between the FortiGate unit internal and
external interfaces. You can actually use a FortiBridge unit to provide fail open
protection for any two FortiGate unit interfaces. No limitation is implied by naming
the FortiBridge interfaces INT and EXT. These names are used to simplify
installation procedures.
fail open protection for traffic passing between the FortiGate unit internal and
external interfaces. You can actually use a FortiBridge unit to provide fail open
protection for any two FortiGate unit interfaces. No limitation is implied by naming
the FortiBridge interfaces INT and EXT. These names are used to simplify
installation procedures.
Figure 8
shows a FortiBridge-1000 unit providing fail open
protection for network traffic between ports 5 and 6 of a FortiGate-500A unit.
Figure 8: FortiBridge unit providing fail open protection for a single FortiGate unit
To connect a FortiBridge-1000 unit to the network shown in
Figure 8
:
1
Connect the FortiBridge-1000 INT 2 interface to the FortiGate-500A port 5
interface.
interface.
2
Connect the FortiGate-500A port 6 interface to the FortiBridge-1000 EXT 2
interface.
interface.
Router
INT 1
INT 2
EXT 1
EXT 2
Port 5
Port 6
Internal network
Internet
(Transparent mode)
(Normal mode)
-500A