Bridge Administration Guide

ManualsBrandsFortinet ManualsNetwork RouterVersion 3.0

www.fortinet.com

FortiBridge

Version 3.0

Administration Guide

Summary of content (88 pages)

PAGE 1
Administration Guide FortiBridge Version 3.0 www.fortinet.
PAGE 2
FortiBridge Administration Guide Version 3.0 9 November 2006 09-30000-0163-20061109 © Copyright 2006 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.
PAGE 3
Contents Contents Introduction ........................................................................................ 7 About FortiBridge .............................................................................................. 7 About this document......................................................................................... 7 Fortinet documentation..................................................................................... 8 Fortinet tools and documentation CD..................
PAGE 4
Contents Completing the basic FortiBridge configuration.......................................... 26 Adding an administrator password.............................................................. Changing the management IP address ...................................................... Changing DNS server IP addresses ........................................................... Adding static routes ....................................................................................
PAGE 5
Contents system console................................................................................................ 61 system dns ....................................................................................................... 62 get system status ............................................................................................ 63 system fail_close ............................................................................................. 64 system global............................
PAGE 6
Contents 6 FortiBridge Version 3.
PAGE 7
Introduction About FortiBridge Introduction This chapter introduces you to the FortiBridge-1000 and FortiBridge-1000F products that provide fail open protection for FortiGate Antivirus Firewalls operating in transparent mode. Fail open protection keeps network traffic flowing in the event of a FortiGate unit failure.
PAGE 8
Fortinet documentation Introduction • Using the CLI describes how to use the FortiBridge CLI. • config CLI commands is the FortiBridge config CLI command reference. • execute CLI commands is the FortiBridge execute CLI command reference. Fortinet documentation The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com.
PAGE 9
FortiBridge operating principles Example FortiBridge application FortiBridge operating principles This chapter describes a typical transparent mode FortiGate network and how to add a FortiBridge unit to this network to provide fail open protection. This chapter also contains detailed information about how FortiBridge units operate and concludes with descriptions of adding a FortiBridge unit to an HA cluster and connecting a FortiBridge unit other FortiGate interfaces.
PAGE 10
Example FortiBridge application FortiBridge operating principles The FortiGate unit acts as an extra layer of protection for your internal network. While it is operating, the FortiGate unit protects the internal network from threats originating on the Internet. All users on the internal network connect through the FortiGate unit to the Internet.
PAGE 11
FortiBridge operating principles Normal mode operation 1 Connect the FortiBridge-1000 INT 2 interface to the FortiGate internal interface. 2 Connect the FortiGate external interface to the FortiBridge-1000 EXT 2 interface. 3 Connect the internal network to the FortiBridge-1000 INT 1 interface. 4 Connect the FortiBridge-1000 EXT 1 interface to the router.
PAGE 12
Normal mode operation FortiBridge operating principles Figure 5: FortiBridge unit operating in normal mode sending probe packets (Normal mode) Internal network INT 1 INT 2 Internal EXT 1 EXT 2 Internet Router External Probe packets (Transparent mode) You can enable ICMP (ping), HTTP, FTP, POP3, SMTP, and IMAP probes to test connectivity through the FortiGate unit for each of these protocols.
PAGE 13
FortiBridge operating principles Normal mode operation Table 1: FortiBridge probes and FortiGate firewall policy requirements (Continued) FortiGate Firewall policy Probe Description Direction POP3 POP3 packets are sent from a POP3 client at the INT 2 interface to a POP3 server at the EXT 2 interface. The POP3 server sends a response from the EXT 2 interface to the INT 2 interface.
PAGE 14
Bypass mode operation FortiBridge operating principles Bypass mode operation When the FortiBridge unit operates in bypass mode, the FortiBridge INT 1 and EXT 1 interfaces are directly connected. All traffic between the internal and external network segments flows, whether or not the FortiGate unit is operating normally. Because the INT 1 and EXT 1 interfaces are directly connected, you cannot use Telnet or SSH to connect to the FortiBridge CLI. Instead you must use a console connection.
PAGE 15
FortiBridge operating principles Example FortiGate HA cluster FortiBridge application Example FortiGate HA cluster FortiBridge application A FortiBridge unit can provide fail open protection for a FortiGate HA cluster operating in transparent mode in much the same way as for a standalone FortiGate unit. To provide fail open protection for an HA cluster, connect the FortiBridge unit to the switches that connect the internal and external interfaces of the cluster.
PAGE 16
Example configuration with other FortiGate interfaces FortiBridge operating principles 1 Connect the FortiBridge-1000 INT 2 interface to the switch connected to the HA cluster internal interface. 2 Connect the switch connected to the HA cluster external interface to the FortiBridge-1000 EXT 2 interface. 3 Connect the internal network to the FortiBridge-1000 INT 1 interface. 4 Connect the FortiBridge-1000 EXT 1 interface to the router.
PAGE 17
FortiBridge operating principles 3 4 Example configuration with other FortiGate interfaces Connect the internal network to the FortiBridge-1000 INT 1 interface. Connect the FortiBridge-1000 EXT 1 interface to the router. You must add port 5 -> port 6 firewall policies to the FortiGate-500A unit configuration. FortiBridge Version 3.
PAGE 18
Example configuration with other FortiGate interfaces 18 FortiBridge operating principles FortiBridge Version 3.
PAGE 19
Setting up FortiBridge units FortiBridge unit basic information Setting up FortiBridge units This chapter contains the information you need to unpack, connect, and configure your FortiBridge unit: • FortiBridge unit basic information • Connecting and turning on the FortiBridge unit • Connecting to the command line interface (CLI) • Completing the basic FortiBridge configuration • Resetting to the factory default configuration • Installing FortiBridge unit firmware When you complete the procedu
PAGE 20
FortiBridge unit basic information Setting up FortiBridge units Figure 9: FortiBridge-1000 package contents Bypass Change Mode Mode Front PWR INT 1 STATUS PWR EXT 1 Esc INT 2 BYPASS MODE NORMAL Enter FortiGate 2 Orange Crossover Ethernet Cables MODE FACTORY RESET EXT 2 Power INT 1 EXT 1 Normal Factory INT 2 EXT 2 Mode Reset Back Power Cable Power Supply RJ-45 to DB-9 Serial Cable TO FORTIGATE DC+5V CONSOLE PWR INT 2 EXT 2 EXT 1 INT 1 FortiBridge-1000 INT 1 Console Connection Po
PAGE 21
Setting up FortiBridge units FortiBridge unit basic information Technical specifications Table 2: FortiBridge-1000 and 1000F technical specifications Dimensions 8.63 x 6.13 x 1.38 in. (21.9 x 15.6 x 3.5 cm) Weight 1.5 lb. (0.
PAGE 22
FortiBridge unit basic information Setting up FortiBridge units Connectors Table 5: FortiBridge-1000 connectors Connector Type Speed Protocol Description INT 1 RJ-45 10/100/1000 Ethernet Base-T Copper gigabit ethernet connection to the internal network. EXT 1 RJ-45 10/100/1000 Ethernet Base-T Copper gigabit ethernet connection to the external network. INT 2 RJ-45 10/100/1000 Ethernet Base-T Copper gigabit ethernet connection to the FortiGate unit internal interface.
PAGE 23
Setting up FortiBridge units Connecting and turning on the FortiBridge unit Connecting and turning on the FortiBridge unit In most cases, you can connect the FortiBridge unit without making any configuration changes to your network or your FortiGate unit. All that is required is to move and reconnect network cables. Note: The default FortiBridge management IP address is 192.168.1.99.
PAGE 24
Connecting and turning on the FortiBridge unit Setting up FortiBridge units To connect and turn on the FortiBridge-1000 unit 1 Connect the FortiBridge-1000 INT 2 interface to the FortiGate unit internal interface. 2 Connect the FortiBridge-1000 EXT 2 interface to the FortiGate unit external interface. 3 Connect the FortiBridge-1000 INT 1 interface to the internal network. 4 Connect the FortiBridge-1000 EXT 1 interface to the external network.
PAGE 25
Setting up FortiBridge units Connecting to the command line interface (CLI) 3 Connect the internal network to the FortiBridge-1000F INT 1 interface. 4 Connect the FortiBridge-1000F EXT 1 interface to the router. Connecting to the command line interface (CLI) You configure and manage the FortiBridge unit from the FortiBridge command line interface (CLI). You can use a direct console connection, SSH, or Telnet to connect to the FortiBridge CLI.
PAGE 26
Completing the basic FortiBridge configuration 9 Setting up FortiBridge units Type the password for this administrator and press Enter. The default admin account does not require a password. For improved security, you should add a password for this account as soon as possible. Use the procedure “Adding an administrator password” on page 27 to add a password. The following prompt appears: Welcome ! FortiBridge-1000 # You have connected to the FortiBridge CLI, and you can enter CLI commands.
PAGE 27
Setting up FortiBridge units Completing the basic FortiBridge configuration Note: Not all of the following procedures are required to complete the basic FortiBridge unit configuration. Choose the procedures that apply to your installation.
PAGE 28
Completing the basic FortiBridge configuration Setting up FortiBridge units Changing DNS server IP addresses Change the FortiBridge DNS server IP addresses to the IP addresses of your DNS servers. The correct DNS server configuration is required for alert email. To change DNS server IP addresses 1 Log in to the CLI. 2 Change the primary and secondary DNS server IP addresses.
PAGE 29
Setting up FortiBridge units Completing the basic FortiBridge configuration Allowing management access to the EXT 1 interface By default no management access is configured for the EXT 1 interface. Use the following procedure to add management access to this interface if required. To allow management access to the EXT 1 interface 1 Log in to the CLI. 2 Allow Telnet and ping management access to the EXT 1 interface.
PAGE 30
Resetting to the factory default configuration Setting up FortiBridge units config system admin edit set password set accprofile prof_admin end For example: config system admin edit new_admin set password p8ssw0rd set accprofile prof_admin end For more information about configuring administrators see “system admin” on page 59. Resetting to the factory default configuration Use the following procedure to reset the FortiBridge unit to the factory default configuration.
PAGE 31
Setting up FortiBridge units Installing FortiBridge unit firmware Table 8: Firmware upgrade procedures Procedure Description Upgrading to a new firmware version Upgrade to a new FortiBridge firmware version or to a more recent build of the same firmware version. Reverting to a previous firmware version Revert to a previous firmware version. This procedure reverts the FortiBridge unit to its factory default configuration.
PAGE 32
Installing FortiBridge unit firmware Setting up FortiBridge units Reverting to a previous firmware version This procedure reverts the FortiBridge unit to a previous firmware version and rests the unit to its factory default configuration. Before using this procedure you can backup the FortiBridge unit configuration using the command execute backup config. To use the following procedure you must have a TFTP server that you can connect to from the FortiBridge unit.
PAGE 33
Setting up FortiBridge units Installing FortiBridge unit firmware Installing firmware from a system reboot This procedure installs a specified firmware image and resets the FortiBridge unit to default settings. You can use this procedure to upgrade to a new firmware version, revert to an older firmware version, or to re-install the current firmware.
PAGE 34
Installing FortiBridge unit firmware Setting up FortiBridge units Note: The local IP address is a temporary address used to download the firmware image. The local IP address should be on the same subnet as the TFTP server IP address. The following message appears: Enter firmware image file [image.out]: 10 Type the firmware image file name and press Enter.
PAGE 35
Configuration and operating procedures Example network settings Configuration and operating procedures This chapter describes how to configure a FortiBridge unit to provide fail open protection for a FortiGate unit operating in transparent mode. This chapter also describes some commonly required FortiBridge operating procedures such as recovering from a fail open event, manually switching between FortiBridge operating modes and backing up and restoring the FortiBridge configuration.
PAGE 36
Configuring FortiBridge probes Configuration and operating procedures Figure 13: Example FortiBridge application (Normal mode) Internal network INT 1 INT 2 Internal EXT 1 EXT 2 Internet Router External Mail server Syslog server SNMP Manager (Transparent mode) Table 9 lists the internal network configuration. Table 9: Internal network configuration FortiGate management IP address 172.20.120.10/24 Internal network subnet IP address 172.20.120.0/24 Router internal IP address 172.20.120.
PAGE 37
Configuration and operating procedures Configuring FortiBridge probes This section describes: • Probe settings • Enabling probes • Verifying that probes are functioning • Tuning the failure threshold and probe interval Probe settings Configure probe settings to control the response when a FortiBridge probe detects that the FortiGate unit has failed.
PAGE 38
Configuring FortiBridge probes Configuration and operating procedures 2 Configure probe settings. Enter: config probe setting set action_on_failure alertmail failopen snmp syslog set dynamic_ip_pattern 2.2.2.* set fgt_serial FGT8002803923050 end Enabling probes Enable probes to control the protocols that the FortiBridge unit uses to confirm that the FortiGate unit is functioning normally. You can configure probes for ping (ICMP), HTTP, FTP, POP3, SMTP, and IMAP protocols.
PAGE 39
Configuration and operating procedures 3 Configuring FortiBridge probes Display ping probe settings, enter: get probe probe_list ping name : ping failure_threshold : 3 probe_interval : 1 status : enable 4 Enable the FTP probe. Increase the failure threshold to 5 and the probe interval to 8.
PAGE 40
Configuring FortiBridge alerts Configuration and operating procedures Figure 15: FortiGate Session list showing FortiBridge probes This session list shows the following: • The FortiBridge dynamic probe IP addresses are 2.2.2.213 and 2.2.2.214. • IMAP probe packets (port 143) are processed by firewall policy 3. • FTP probe packets (port 21) are processed by firewall policy 2. • ping probe packets are processed by firewall policy 1. • SMTP packets using port 26 are processed by firewall policy 1.
PAGE 41
Configuration and operating procedures Configuring FortiBridge alerts FortiBridge alert email If you set the probe action on failure to alertmail, you can configure alert email so that the FortiBridge unit sends an email message to up to three email addresses if the FortiBridge unit detects a failure. The alert email informs the recipient that a FortiGate unit has failed, includes the protocol for which the failure was detected, and includes the serial number of the FortiGate unit that failed.
PAGE 42
Configuring FortiBridge alerts Configuration and operating procedures 02-01-2005 8:21:27 Local7.Alert 172.20.120.13 date=2005-0201 time=15:26:59 device_id= log_id=0100020001 type=event subtype=system pri=alert msg="FortiBridge detect FortiGate failure: [failed time: Tue Feb 1 15:26:59 2005][failed protocol: ftp] [failed FortiGate serial number: FGT8002803923050]" 02-01-2005 18:17:17 Local7.Alert 172.20.120.
PAGE 43
Configuration and operating procedures Recovering from a FortiGate failure To add and enable an SNMP community 1 Log into the CLI. 2 Add the first SNMP community and name it snmp1. Enter: config system snmp community edit 1 set name snmp_1 end The new SNMP community is enabled by default. SNMP v1 and v2 traps are also enable by default. You can disable traps and change ports. See “system snmp community” on page 71 for more information.
PAGE 44
Manually switching between FortiBridge operating modes 2 Configuration and operating procedures Make the required changes to fix the problem. Depending on the cause, this could mean re-connecting and restarting the FortiGate unit, or diagnosing a problem with the FortiGate unit or other network component. If all network and FortiGate unit hardware and software is functioning normally, you may have to adjust FortiBridge probe settings. See “Tuning the failure threshold and probe interval” on page 40.
PAGE 45
Configuration and operating procedures 3 Backing up and restoring the FortiBridge configuration Restore the system configuration from a text file on the TFTP server. Enter: execute restore config The config file is copied from the TFTP server to the FortiBridge unit. The FortiBridge unit reboots loading the new configuration. While the FortiBridge unit is rebooting, all network traffic passes directly from INT 1 and EXT 1 bypassing the FortiGate unit.
PAGE 46
Backing up and restoring the FortiBridge configuration 46 Configuration and operating procedures FortiBridge Version 3.
PAGE 47
Using the CLI CLI basics Using the CLI This chapter explains how to connect to the command line interface (CLI) and contains some basic information about using the CLI. You use CLI commands to view all system information and to change all system configuration settings. This chapter describes: • CLI basics • Connecting to the FortiBridge CLI using SSH or Telnet CLI basics The FortiBridge CLI functions the same as the FortiOS v2.80 CLI.
PAGE 48
Connecting to the FortiBridge CLI using SSH or Telnet Using the CLI For example, to configure the internal interface to accept SSH connections, enter: config system interface edit internal set allowaccess ssh end 3 Use the following command to configure an interface to accept Telnet connections: config system interface edit set allowaccess telnet end Where is the name of the FortiBridge interface to be configured to accept Telnet connections.
PAGE 49
Using the CLI Connecting to the FortiBridge CLI using SSH or Telnet To connect to the CLI using SSH 1 Install and start an SSH client. 2 Connect to a FortiBridge interface that is configured for SSH connections. 3 Type a valid administrator name and press Enter. 4 Type the password for this administrator and press Enter. The FortiBridge model name followed by a # is displayed. You have connected to the FortiBridge CLI, and you can enter CLI commands. FortiBridge Version 3.
PAGE 50
Connecting to the FortiBridge CLI using SSH or Telnet 50 Using the CLI FortiBridge Version 3.
PAGE 51
config CLI commands config CLI commands alertemail setting system admin system global log syslogd setting system console system interface {internal | external} probe probe_list {ping | http | ftp | system dns pop3 | smtp | imap} get system status probe setting system fail_close system accprofile FortiBridge Version 3.
PAGE 52
alertemail setting config CLI commands alertemail setting Use this command to configure the FortiBridge unit to send alert email to up to three recipients when action on failure is set to send a alert email message.
PAGE 53
config CLI commands alertemail setting Related Commands • probe setting FortiBridge Version 3.
PAGE 54
log syslogd setting config CLI commands log syslogd setting Use this command to configure the FortiBridge unit to send a syslog message to a remote syslog server when action on failure is set to send a syslog message.
PAGE 55
config CLI commands probe probe_list {ping | http | ftp | pop3 | smtp | imap} probe probe_list {ping | http | ftp | pop3 | smtp | imap} Use this command to configure probes for ping, HTTP, FTP, POP3, SMTP, and IMAP traffic. Probes monitor different types of traffic. For each protocol you configure the time interval between probes (interval) and how many lost probes are required to register a failure (threshold).
PAGE 56
probe setting config CLI commands probe setting Use this command to configure how the FortiBridge unit responds when a probe determines that the FortiGate unit has failed. You can also configure the dynamic IP pattern used by probes and add the FortiGate serial number, which is used in FortiBridge alert messages.
PAGE 57
config CLI commands system accprofile system accprofile Use this command to add access profiles that control administrator access to FortiBridge features. Each administrator account must include an access profile. You can create access profiles that deny access to or allow read only, write only, or both read and write access to FortiBridge features.
PAGE 58
system accprofile config CLI commands Example Use the following commands to add a new access profile named policy_profile that allows read and write access system shutdown. An administrator account with this access profile can shutdown the system and upgrade firmware. config system accprofile edit policy_profile set secgrp rw end This example shows how to display the settings for the system accprofile command.
PAGE 59
config CLI commands system admin system admin Use this command to add, edit, and delete administrator accounts. Use the admin account or an account with system configuration read and write privileges to add new administrator accounts and control their permission levels. Each administrator account must include an access profile. You cannot delete the admin administrator account. You cannot change the admin administrator account permissions.
PAGE 60
system admin config CLI commands Example Use the following commands to add a new administrator account named new_admin with the password set to p8ssw0rd and that includes an access profile named policy_profile. Administrators that log in to this account will have administrator access to the FortiBridge unit from any IP address. config system admin edit new_admin set password p8ssw0rd set accprofile policy_profile end This example shows how to display the settings for the system admin command.
PAGE 61
config CLI commands system console system console Use this command to set the console command mode and output setting. Command syntax pattern config system console set end config system console unset end get system console show system console Keywords and variables Description Default mode {batch | line} Set the console mode to line or batch. Used for auto testing only.
PAGE 62
system dns config CLI commands system dns Use this command to set the DNS server addresses. Several FortiBridge functions, including sending email alerts and URL blocking, use DNS. On models numbered 100 and lower, you can use this command to set up DNS forwarding.
PAGE 63
config CLI commands get system status get system status Use this command to display system status information. This command displays: • FortiBridge unit firmware version and build number • FortiBridge unit host name • FortiBridge unit operation mode (normal or bypass) • FortiBridge unit serial number Command syntax pattern get system status FortiBridge Version 3.
PAGE 64
system fail_close config CLI commands system fail_close Use this command to configure the fail close feature. Command syntax pattern config system fail_close set end config system fail_close unset end get system fail_close show system fail_close 64 Keywords and variables Description Default status {disable | fail_close | fail_bypass} The fail_bypass option is only available on the disable FBG-1000F.
PAGE 65
config CLI commands system fail_close Example This example shows how to enable the FortiBridge fail_close feature, and set the threshold time to five seconds. config system fail_close set status fail_close set threshold 5 end This example shows how to display the configuration for the system fail_close command. show system fail_close FortiBridge Version 3.
PAGE 66
system global config CLI commands system global Use this command to configure global settings that affect various FortiBridge systems and configurations. Command syntax pattern config system global set end config system global unset end get system global show system global 66 Keywords and variables Description Default admintimeout Set the administrator idle timeout to control the amount of inactive time before the administrator must log in again.
PAGE 67
config CLI commands system global Keywords and variables Description Default syncinterval Enter how often, in minutes, the FortiGate unit should synchronize its time with the Network Time Protocol (NTP) server. The syncinterval number can be 1 to 1440; 0 disables time synchronization. 60 timezone The number corresponding to your time zone. Press ? 00 to list time zones and their numbers.
PAGE 68
system interface {internal | external} config CLI commands system interface {internal | external} Use this command to configure management access to the FortiBridge internal or external interface. The internal interface in the INT 1 interface. The external interface is the EXT 1 interface. Command syntax pattern Entering a name string for the edit keyword that is not the name of a physical interface adds a VLAN subinterface.
PAGE 69
config CLI commands system manageip system manageip Configure the FortiBridge management IP address. Use the management IP address for management access to the FortiBridge unit. Command syntax pattern config system manageip set end config system manageip unset end get system manageip show system manageip Keywords and variables Description Default ip Set the IP address and netmask of the FortiBridge management interface. 192.168.1.99 255.255.255.
PAGE 70
system route config CLI commands system route Use this command to add or edit FortiBridge static routes. Command syntax pattern config system route edit set end config router static unset get system route show system route Keywords and variables distance dst gateway Description The administrative distance for the route.
PAGE 71
config CLI commands system snmp community system snmp community Use this command to configure SNMP communities. Add SNMP communities so that the FortiBridge unit can send SNMP v1 and v2c traps to SNMP managers when action on failure is set to send SNMP traps. You can add up to three SNMP communities. Each community can have a different configuration for SNMP traps. You can also the add IP addresses of up to 8 SNMP managers to each community.
PAGE 72
system snmp community config CLI commands Command syntax pattern config hosts edit set end config hosts edit unset end config hosts delete end get system snmp community [] show system snmp community [] Keywords and variables Description Default ip The IP address of the SNMP manager. 0.0.0.0 Example This example shows how to add a new SNMP community named SNMP_Com1.
PAGE 73
execute CLI commands execute CLI commands backup reboot date restore factoryreset switch-mode ping time FortiBridge Version 3.
PAGE 74
backup execute CLI commands backup Backup the FortiBridge configuration to a file on a TFTP server. Command syntax execute backup config Keywords and variables Description config Back up the FortiBridge configuration. The name to give the file that is copied to the TFTP server. The TFTP server IP address. Example This example shows how to backup a system configuration file from the FortiBridge unit to a TFTP server.
PAGE 75
execute CLI commands date date Get or set the system date. Command syntax execute date [] date_str has the form mm/dd/yyyy, where • • • mm is the month and can be 01 to 12 dd is the day of the month and can be 01 to 31 yyyy is the year and can be 2001 to 2100 If you do not specify a date, the command returns the current system date. Example This example sets the date to 17 September 2004: execute date 09/17/2004 FortiBridge Version 3.
PAGE 76
factoryreset execute CLI commands factoryreset Reset the FortiBridge configuration to factory default settings. Command syntax execute factoryreset ! 76 Caution: This procedure deletes all changes that you have made to the FortiBridge configuration and reverts the system to its original configuration, including resetting the management IP address. FortiBridge Version 3.
PAGE 77
execute CLI commands ping ping Send five ICMP echo requests (pings) to test the network connection between the FortiBridge unit and another network device. Command syntax execute ping { | } Example This example shows how to ping a host with the IP address 192.168.1.23. execute ping 192.168.1.23 FortiBridge Version 3.
PAGE 78
reboot execute CLI commands reboot Restart the FortiBridge unit. Command syntax execute reboot 78 FortiBridge Version 3.
PAGE 79
execute CLI commands restore restore Use this command to restore a backup configuration and to change the FortiBridge firmware. Command syntax execute restore config execute restore image Keywords and variables Description config Restore a system configuration. The new configuration replaces the existing configuration, including administrator accounts and passwords.
PAGE 80
switch-mode execute CLI commands switch-mode Use this command to switch between bypass and normal mode. Command syntax execute switch-mode 80 FortiBridge Version 3.
PAGE 81
execute CLI commands time time Get or set the system time. Command syntax execute time [] time_str has the form hh:mm:ss, where • • • hh is the hour and can be 00 to 23 mm is the minutes and can be 00 to 59 ss is the seconds and can be 00 to 59 If you do not specify a time, the command returns the current system time. Example This example sets the system time to 15:31:03: execute time 15:31:03 FortiBridge Version 3.
PAGE 82
time 82 execute CLI commands FortiBridge Version 3.
PAGE 83
Index Index A accprofile 59 action on failure fail open 37 probe 37 send alertmail 37 SNMP trap 37 syslog 37 action_on_failure 56 admingrp 57 administrative access for SSH or Telnet 47 administrator adding a password 27 administrator accounts adding 29 admintimeout 66 alert email configuring 41 sample message 41 alertemail setting 52 alertmail action on failure 37 action_on_failure 56 alerts configuring 40 allowaccess {http https ping snmp ssh telnet} 68 authenticate {disable | enable} 52 B backing up con
PAGE 84
Index HA cluster 15 other FortiGate interfaces 16 execute CLI commands 73 switch-mode 44 execute switch-mode 14 EXT 1 management access 29 ftp F HA cluster FortiBridge application 15 heartbeat 66 hostname 66 HTTP probe 12 http probe_list 55 facility 54 factory default configuration 22 resetting 30 factoryreset 76 fail bypass 64 fail close 64 fail bypass 64 threshold 64 fail open 37 action_on_failure 56 recovering from 43 failure recovering from 43 failure threshold tuning 40 failure_threshold 55 fgt_se
PAGE 85
Index monitor FortiGate unit 11 mounting instructions 20 N name 71 new version FortiBridge firmware 31 normal mode 10, 11 monitoring the FortiGate unit 11 probe 11 resuming from bypass mode 43 switching to 14 switching to bypass mode 14 traffic flow 11 ntpserver 66 ntpsync {disable | enable} 66 O operating procedures 35 operating modes switching between 44 operating principles 9 output {standard | more} 61 P package contents FortiBridge-1000 19 FortiBridge-1000F 20 password 52, 59 adding 27 ping 77 enab
PAGE 86
Index v2c 42 snmp action_on_failure 56 SSH access to CLI 47 standalone FortiGate unit 9 static route adding 28 status 54 status {disable | enable} 54, 55, 71 switch switching between modes 14 switching between operating modes 44 switch-mode 14, 80 execute 44 syncinterval 67 sysgrp 57 syslog 41 action_on_failure 56 configuring 42 sample message 41 syslog message 37 sysshutdowngrp 57 system accprofile 57 system admin 59 system console 61 system dns 62 system global 66 system interface {internal | external} 6
PAGE 87
www.fortinet.
PAGE 88
www.fortinet.