Fortinet FortiGate Series Administration Manual page 184

Configuring interfaces
184
Enable one-arm Select to configure this interface to operate as a one-armed sniffer as part of
configuring a FortiGate unit to operate as an IDS appliance by sniffing packets for
sniffer
attacks without actually receiving and otherwise processing the packets. Once the
interface is enabled for sniffing you cannot use the interface for other traffic. You
must add sniffer policies for the interface to actually sniff packets.
For more information on one-armed IPS, see
sniffer policies to detect network attacks" on page
Enable explicit Select to enable explicit web proxying on this interface. When enabled, this
interface will be displayed on System > Network > Web Proxy under Listen on
Web Proxy
Interfaces and web traffic on this interface will be proxied according to the Web
Proxy settings. For more information, see
page 210.
Enable DDNS Select Enable DDNS to configure a Dynamic DNS service for this interface. For
more information, see
Override To change the MTU, select Override default MTU value (1 500) and enter the
MTU size based on the addressing mode of the interface
Default MTU
• 68 to 1 500 bytes for static mode
Value
• 576 to 1 500 bytes for DHCP mode
• 576 to 1 492 bytes for PPPoE mode
• larger frame sizes if supported
This field is available only on physical interfaces. VLANs inherit the parent
interface MTU size by default.
For more information on MTU size, see
Enable DNS Select to configure the interface to accept DNS queries. Select recursive or non-
recursive. For more information, see
Query
page 205.
recursive Look up domain names in the FortiGate DNS database. If the entry is not found,
relay the request to the DNS servers configured under System > Network >
Options.
non- Look up domain names in the FortiGate DNS database. Do not relay the request
to the DNS servers configured under System > Network > Options.
recursive
Administrative Select the types of administrative access permitted on this interface.
Access
HTTPS Allow secure HTTPS connections to the web-based manager through this
interface.
PING Interface responds to pings. Use this setting to verify your installation and for
testing.
HTTP Allow HTTP connections to the web-based manager through this interface. HTTP
connections are not secure and can be intercepted by a third party.
SSH Allow SSH connections to the CLI through this interface.
SNMP Allow a remote SNMP manager to request SNMP information by connecting to
this interface. See
TELNET Allow Telnet connections to the CLI through this interface. Telnet connections are
not secure and can be intercepted by a third party.
Detect Interface Configure interface status detection for when the ECMP Route Failover & Load
Balance Method is set to spill-over. See
Status for
load balancing" on page 193
Gateway Load
Balancing
Secondary IP Add additional IP addresses to this interface. Select the blue arrow to expand or
hide the section. See
Address
Description Enter a description up to 63 characters.
Administrative Select either Up (green arrow) or Down (red arrow) as the status of this interface.
Status Up indicates the interface is active and can accept network traffic.
Down indicates the interface is not active and cannot accept traffic.
"Firewall Policy Using one-arm
"Configuring the explicit web proxy" on
"Configuring Dynamic DNS on an interface" on page
"Interface MTU packet size" on page
"Configuring FortiGate DNS services" on
"Configuring SNMP" on page
"Interface status detection for gateway
"Secondary IP Addresses" on page
FortiGate Version 4.0 MR1 Administration Guide
System Network
406.
191.
242.
196.
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
195.