beautypg.com

Probes and fortigate firewall policies – Fortinet Version 3.0 User Manual

Page 12

background image

FortiBridge Version 3.0 Administration Guide

12

09-30000-0163-20061109

Normal mode operation

FortiBridge operating principles

Figure 5: FortiBridge unit operating in normal mode sending probe packets

You can enable ICMP (ping), HTTP, FTP, POP3, SMTP, and IMAP probes to test
connectivity through the FortiGate unit for each of these protocols. The
FortiBridge unit simultaneously tests connectivity through the FortiGate unit for
each probe that is enabled.

The first probe that registers a failure causes the FortiBridge unit to stop sending
all probe packets. The FortiBridge unit responds to the failure according to the
action on failure that you configure. The action on failure can include fail open,
send alert email, send a syslog message, and send an SNMP trap. You can
enable any combination of these actions on failure. Fail open switches the
FortiBridge unit to bypass mode. Other actions on failure alert system
administrators that the FortiBridge has determined that a failure occurred.

Probes and FortiGate firewall policies

Probe packets are accepted and passed through the FortiGate unit by firewall
policies added to the FortiGate unit. When enabling probes, you must make sure
that the firewall policies added to the FortiGate unit can accept probe packets. For
example, if your FortiGate unit does not accept FTP packets, you should not
enable the FTP probe.

Table 1

describes FortiGate firewall policy requirements for

each FortiBridge probe.

Router

INT 1

INT 2

EXT 1

EXT 2

Internal

External

Probe packets

Internal network

Internet

(Transparent mode)

(Normal mode)

Table 1: FortiBridge probes and FortiGate firewall policy requirements

Probe Description

FortiGate Firewall policy

Direction

Service

Ping

ICMP packets are sent from the INT 2
interface to the EXT 2 interface. The EXT 2
interface responds to the ping.

Internal -> External ICMP or ANY

HTTP

HTTP requests are sent from an HTTP
client at the INT 2 interface to a web server
at the EXT 2 interface. The web server
sends a response from the EXT 2 interface
to the INT 2 interface.

Internal -> External HTTP or ANY

FTP

FTP requests are sent from an FTP client at
the INT 2 interface to an FTP server at the
EXT 2 interface. The FTP server sends a
response from the EXT 2 interface to the
INT 2 interface.

Internal -> External FTP or ANY

See also other documents in the category Fortinet Hardware: