FortiBridge 4.0 Administration Guide

Leave a reply

CLI Configuration for Inline mode

This chapter describes the CLI configuration settings related to Inline mode.

With the default configuration values, the system will transition each network segment into Inline mode. To restore a segment to the default inline operation, set the following values:

l Set the current module and segment l Active heartbeat restore: Inline l Heartbeat active mode: Enable l Heartbeat interval: 5 l Heartbeat hold time: 20 l Heartbeat expiry state: Bypass l (Optional) Define a custom heartbeat packet

The following sections provide information about these parameters.

Set Automatic Recovery from Heartbeat Expiry

FortiBridge supports automatic or manual recovery from heartbeat expiry. The default actions is automatic recovery to Inline mode. You can change the configuration to set manual recovery.

FBG-3002L#set_en_act_hb_restore inline

Set Heartbeat Active Mode

When heartbeat active mode is enabled,the segment automatically transitions to inline mode.

To set heartbeat active mode:

FBG-3002L#set_hb_act_mode enable

Set Heartbeat Characteristics

Use these commands to set the heartbeat interval time and hold time.

The heartbeat interval specifies how often the heartbeat packets are generated by the sending port.

The heartbeat hold time specifies the maximum time that the receiving port will wait for a heartbeat packet. If the packet is not received within this time, the system triggers the heartbeat expiry event.

NOTE: set the hold time to be at least 3 times the heartbeat interval.

FBG-3002L#set_hb_interval 10

FBG-3002L#set_hb_holdtime 40

By default, the heartbeat is sent by Mon0 and received at Mon1. You can reverse the direction of the heartbeat, and you can also set it to be bidirectional, as shown in the following example:

FBG-3002L#set_hb_tx_dir bidirectional

Set Heartbeat Expiry State

Use this command to set the heartbeat expiry mode for the current segment.

The system will transition this segment to the heartbeat expiry mode if the heartbeat expiry event is detected. FBG-3002L#set_hb_exp_state bypass

Set Heartbeat Packet Contents

The system includes a default heartbeat packet format. You can define a custom format for the heartbeat packet, and load it into the system.

Load the Heartbeat contents. The load command expects a file named “‘hb.bin”.

FBG-3002L#load_hb_pkt 192.168.0.2 tftpboot Restore the Heartbeat contents to the default content:

FBG-3002L#set_default_hb_pkt

See the FortiBridge CLI Reference for additional information about defining a custom heartbeat packet: http://docs.fortinet.com/fortibridge/reference

Configure FortiGate for Heartbeat Packets

The heartbeat probe relies on the inline network device to pass the heartbeat packets between the two monitor ports. If your inline device is a firewall, you need to configure the firewall ports (that are attached to the monitor ports) to accept and forward the heartbeat packets. For the default heartbeat packet, you also need to enable Layer 2 forwarding.

The following example shows the configuration required for a FortiGate firewall. Port10 and port11 are the Fortigate interfaces that are connected to the Fortibridge monitor ports:

config firewall policy edit 1 set srcintf “port10” set dstintf “port11” set srcaddr “all” set dstaddr “all” set action accept set schedule “always” set service “ALL” next

edit 2

set srcintf “port11” set dstintf “port10” set srcaddr “all” set dstaddr “all” set action accept set schedule “always” set service “ALL”

next

end

Enable Layer 2 forwarding:

config system interface edit port10 set l2forward enable

edit port11

set l2forward enable

Pages: 1 2 3 4 5 6 7

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.