Enabling Or Disabling Bypass Mode For Amc Bridge Modules - Fortinet FortiGate Series Administration Manual

System Status

Enabling or disabling bypass mode for AMC bridge modules

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
4 Insert the FortiGate-ASM-CX4 or FortiGate-ASM-FX2 module into a single-width AMC
slot.
5 Power up the FortiGate unit.
As long as the slot that you have inserted the module into is set to auto the FortiGate
unit should automatically find the module when it powers up.
6 Add the name of the module to the FortiGate configuration and configure bypass and
recovery settings.
The following command configures AMC single width slot 1 (sw1) for a FortiGate-ASM-
CX4.
This command also enables the bypass watchdog and increases the bypass timeout
from the default value of 10 seconds to 60 seconds. This means that if a failure occurs
the bridge module will change to bypass mode 60 seconds after the bypass watchdog
detects the failure.
This command also enables watchdog recovery and sets the watchdog recovery
period to 30 seconds. This means that if a failure occurs, while the FortiGate-ASM-CX4
module is bridging the connection the AMC bypass watchdog monitors FortiGate
processes and will revert to normal operating mode (that is disable the bridging the
interfaces with the FortiGate-ASM-CX4 module) if the FortiGate unit recovers from the
failure.
config system amc
set sw1 asm-cx4
set bypass-watchdog enable
set bypass-timeout 60
set watchdog-recovery enable
set watchdog-recovery-period 30
end
Use the execute amc bypass command to switch between normal mode and bypass
mode for a FortiGate-ASM-CX4 or FortiGate-ASM-FX2 module installed in an single-width
AMC slot in a FortiGate unit. Normally the FortiGate-ASM-CX4 and FortiGate-ASM-FX2
modules operate with bypass mode disabled and traffic passes through the FortiGate
interfaces bridged by the FortiGate-ASM-CX4 or FortiGate-ASM-FX2 module. You can
use this command manually enable bypass mode and force traffic to bypass the FortiGate
interfaces and pass through the FortiGate-ASM-CX4 or FortiGate-ASM-FX2 module.
Also, if bypass mode has been enabled (using this command or because of a failure), you
can also use this command to manually disable bypass mode and resume normal
operation. This can be useful if the problem that caused the failure has been fixed and
normal operation can resume.
To manually enable bypass mode
1 Use the following command to manually enable bypass mode:
execute amc bypass enable
2 Use the following diagnose command to view the status of the AMC modules installed
in a FortiGate unit, including whether they are operating in bypass mode.
For example if you have installed a FortiGate-ASM-CX4 module in AMC slot 2 of a
FortiGate-3810A and bypass mode is enabled:
diagnose sys amc bypass status
ASM-CX4 in slot 2:
amc-sw2/1 <--> amc-sw2/2: mode=bypass (admin action)
Configuring AMC modules
135