1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Network Hardware
  5. FortiOS 3.0
  6. Administration manual

Probes And Fortigate Firewall Policies - Fortinet Version 3.0 Administration Manual

Fortinet bridge administration guide
Hide thumbs Also See for Version 3.0:
Table of Contents

Advertisement

Normal mode operation

Probes and FortiGate firewall policies

12
Figure 5: FortiBridge unit operating in normal mode sending probe packets
Internal network
You can enable ICMP (ping), HTTP, FTP, POP3, SMTP, and IMAP probes to test
connectivity through the FortiGate unit for each of these protocols. The
FortiBridge unit simultaneously tests connectivity through the FortiGate unit for
each probe that is enabled.
The first probe that registers a failure causes the FortiBridge unit to stop sending
all probe packets. The FortiBridge unit responds to the failure according to the
action on failure that you configure. The action on failure can include fail open,
send alert email, send a syslog message, and send an SNMP trap. You can
enable any combination of these actions on failure. Fail open switches the
FortiBridge unit to bypass mode. Other actions on failure alert system
administrators that the FortiBridge has determined that a failure occurred.
Probe packets are accepted and passed through the FortiGate unit by firewall
policies added to the FortiGate unit. When enabling probes, you must make sure
that the firewall policies added to the FortiGate unit can accept probe packets. For
example, if your FortiGate unit does not accept FTP packets, you should not
enable the FTP probe.
Table 1
each FortiBridge probe.
Table 1: FortiBridge probes and FortiGate firewall policy requirements
Probe Description
Ping
ICMP packets are sent from the INT 2
interface to the EXT 2 interface. The EXT 2
interface responds to the ping.
HTTP HTTP requests are sent from an HTTP
client at the INT 2 interface to a web server
at the EXT 2 interface. The web server
sends a response from the EXT 2 interface
to the INT 2 interface.
FTP
FTP requests are sent from an FTP client at
the INT 2 interface to an FTP server at the
EXT 2 interface. The FTP server sends a
response from the EXT 2 interface to the
INT 2 interface.
FortiBridge operating principles
(Normal mode)
INT 1
EXT 1
EXT 2
INT 2
Internal
External
(Transparent mode)
describes FortiGate firewall policy requirements for
FortiGate Firewall policy
Direction
Internal -> External ICMP or ANY
Internal -> External HTTP or ANY
Internal -> External FTP or ANY
FortiBridge Version 3.0 Administration Guide
Internet
Router
Probe packets
Service
09-30000-0163-20061109

Advertisement

Table of Contents
loading

Related Manuals for Fortinet Version 3.0

Related Content for Fortinet Version 3.0

This manual is also suitable for:

Fortibridge 3.0

Table of Contents

Save PDF