Support User Manuals

Fortinet Version 3.0 Network Router User Manual

Open as PDF

of 88

FortiBridge operating principles Normal mode operation

FortiBridge Version 3.0 Administration Guide

09-30000-0163-20061109 11

1 Connect the FortiBridge-1000 INT 2 interface to the FortiGate internal interface.

2 Connect the FortiGate external interface to the FortiBridge-1000 EXT 2 interface.

3 Connect the internal network to the FortiBridge-1000 INT 1 interface.

4 Connect the FortiBridge-1000 EXT 1 interface to the router.

Connecting the FortiBridge-1000F (fiber gigabit ethernet)

The FortiBridge-1000F unit contains 4 multimode fiber optic gigabit interfaces that

connect to the internal and external networks and to the FortiGate interfaces that

were connected to these networks. Use the following steps to connect a

FortiBridge-1000F unit to the network as shown in Figure 3.

1 Connect the FortiBridge-1000F INT 2 interface to the FortiGate internal interface.

2 Connect the FortiGate external interface to the FortiBridge-1000F EXT 2

interface.

3 Connect the internal network to the FortiBridge-1000F INT 1 interface.

4 Connect the FortiBridge-1000F EXT 1 interface to the router.

Normal mode operation

If the FortiGate unit is operating normally, the FortiBridge unit operates in Normal

mode. Traffic from the internal network enters the FortiBridge INT 1 interface then

exits the INT 2 interface to the FortiGate unit. The traffic from the FortiBridge

INT 2 interface enters the FortiGate internal interface. Firewall policies and

protection profiles are applied to the traffic by the FortiGate unit. Accepted traffic

then exits the FortiGate External interface and enters the FortiBridge EXT 2

interface. The traffic then exits the FortiBridge EXT 1 interface and goes to the

external network. Traffic from the external network reverses this sequence.

Figure 4: Normal mode traffic flow

How the FortiBridge unit monitors the FortiGate unit

To monitor the FortiGate unit for failure, you must enable probes on the

FortiBridge unit. When you enable a probe, the FortiBridge unit sends packets

from the FortiBridge INT 2 interface, through the FortiGate unit to the FortiBridge

EXT 2 interface. If the EXT 2 interface receives the probe packets, the FortiGate

unit is operating normally. If the EXT 2 interface does not receive probe packets

the FortiBridge unit assumes that the FortiGate unit has failed.

Router

INT 1

INT 2

EXT 1

EXT 2

Internal

External

Internal network

Internet

(Transparent mode)

(Normal mode)

previous next