Справочник Пользователя для Fortinet Version 3.0
FortiBridge Version 3.0 Administration Guide
38
09-30000-0163-20061109
Configuring FortiBridge probes
Configuration and operating procedures
2
Configure probe settings. Enter:
config probe setting
set action_on_failure alertmail failopen snmp syslog
set dynamic_ip_pattern 2.2.2.*
set fgt_serial FGT8002803923050
end
Enabling probes
Enable probes to control the protocols that the FortiBridge unit uses to confirm
that the FortiGate unit is functioning normally. You can configure probes for ping
(ICMP), HTTP, FTP, POP3, SMTP, and IMAP protocols. For all probes you can
configure the probe interval (the time between consecutive probe packets), and
the probe threshold (the number of probe packets lost before the FortiBridge unit
registers a failure). For HTTP, FTP, POP3, SMTP, and IMAP probes you can also
change the probe port. You would change the probe port for a protocol if the
FortiGate unit uses a non-standard port for that protocol.
that the FortiGate unit is functioning normally. You can configure probes for ping
(ICMP), HTTP, FTP, POP3, SMTP, and IMAP protocols. For all probes you can
configure the probe interval (the time between consecutive probe packets), and
the probe threshold (the number of probe packets lost before the FortiBridge unit
registers a failure). For HTTP, FTP, POP3, SMTP, and IMAP probes you can also
change the probe port. You would change the probe port for a protocol if the
FortiGate unit uses a non-standard port for that protocol.
The FortiBridge unit simultaneously tests connectivity through the FortiGate unit
for each probe that you have enabled. The first probe that registers a failure
causes all probes to stop and the configured action on failure to occur.
for each probe that you have enabled. The first probe that registers a failure
causes all probes to stop and the configured action on failure to occur.
Before you configure probes, the FortiGate unit must be configured to pass the
probe traffic. A single Internal->External firewall policy that allows all traffic also
allows all probe packets. You can also configure individual policies for each
protocol. For example, you could add the policies shown in
probe traffic. A single Internal->External firewall policy that allows all traffic also
allows all probe packets. You can also configure individual policies for each
protocol. For example, you could add the policies shown in
to the
FortiGate unit.
Figure 14: Sample firewall policies
Policy 1 processes any network traffic. Policy 2 processes all FTP traffic. Policy 2
is above Policy 1 in the policy list, so FTP traffic is matched by policy 2. In the
same way, Policy 3 processes all IMAP traffic.
is above Policy 1 in the policy list, so FTP traffic is matched by policy 2. In the
same way, Policy 3 processes all IMAP traffic.
FTP and IMAP probes would be processed by policies 2 and 3 respectively. All
other probes would be processed by policy 1. This would include pings, SMTP
traffic and so on.
other probes would be processed by policy 1. This would include pings, SMTP
traffic and so on.
To enable and configure FortiBridge probes
The following steps show examples for configuring ping, HTTP, FTP, POP3,
SMTP, and IMAP probes. For a complete description of FortiBridge probes see
SMTP, and IMAP probes. For a complete description of FortiBridge probes see
1
Log into the FortiBridge CLI.
2
Enable the ping probe using the default ping probe parameters. Enter:
config probe probe_list ping
set status enable
end