Connecting The Fortibridge Unit - Fortinet Version 3.0 Administration Manual

Example FortiBridge application

Connecting the FortiBridge unit

10
The FortiGate unit acts as an extra layer of protection for your internal network.
While it is operating, the FortiGate unit protects the internal network from threats
originating on the Internet. All users on the internal network connect through the
FortiGate unit to the Internet. This also means that if a failure or other interruption
caused the FortiGate unit to stop functioning, users on the internal network would
not be able to connect to the Internet.
You can install a FortiBridge unit to maintain internet connectivity for the internal
network if the FortiGate unit stops functioning. The FortiBridge unit provides fail
open protection for your network by bypassing the FortiGate unit if a failure
occurs.
Operating in normal mode, the FortiBridge unit functions like a layer-2 bridge,
passing all traffic to the FortiGate unit. The FortiGate unit processes the traffic,
which then passes through the FortiBridge unit again and then to its final
destination.
In most cases, you do not have to make changes to the FortiGate unit
configuration or to the network to add a FortiBridge unit. The only network
requirement for FortiBridge is the availability of a single management IP address
for the FortiBridge unit. The FortiBridge management IP address is required in
addition to the FortiGate management IP address.
The connection procedure is different depending on whether the FortiBridge unit
uses copper gigabit ethernet network connections or fiber gigabit ethernet network
connections. This section includes the following connection procedures:
• Connecting the FortiBridge-1000 (copper gigabit ethernet)
• Connecting the FortiBridge-1000F (fiber gigabit ethernet)
Figure 3: FortiBridge unit providing fail open protection
Internal network
Connecting the FortiBridge-1000 (copper gigabit ethernet)
The FortiBridge-1000 unit contains 4 auto-sensing 10/100/1000 Ethernet
interfaces that connect to the internal and external networks and to the FortiGate
interfaces that were connected to these networks. Use the following steps to
connect a FortiBridge-1000 unit to the network as shown in
Note: Normally, you would use straight-through ethernet cables to connect the
FortiBridge-1000 unit to the FortiGate unit and to your networks. However, for some
connections you may need a crossover ethernet cable (for example, for compatibility with
network devices that do not support Auto MDI/MDIX).
FortiBridge operating principles
(Normal mode)
INT 1 EXT 1
EXT 2
INT 2
Internal External
(Transparent mode)
FortiBridge Version 3.0 Administration Guide
Internet
Router
Figure 3.
09-30000-0163-20061109