Probe interval and probe threshold – Fortinet Version 3.0 User Manual

Page 13

Advertising
background image

FortiBridge operating principles

Normal mode operation

FortiBridge Version 3.0 Administration Guide
09-30000-0163-20061109

13

Enabling probes to detect FortiGate hardware failure

A FortiGate unit can stop processing network traffic because of a hardware failure
such as the failure of a hardware component, a loss of power, or a loss of
connectivity if a network cable is unplugged.

If a hardware failure occurs, the FortiGate unit stops processing all traffic. You can
enable any FortiBridge probe for the FortiBridge unit to detect a FortiGate
hardware failure.

Enabling probes to detect FortiGate software failure

A FortiGate unit can also stop processing network traffic because of a software
failure. For example, a firmware issue could cause a specific software process to
crash. Also, network traffic could increase to a point where the FortiGate unit
cannot process all traffic. As a result, the FortiGate unit could stop processing
some or all traffic without a hardware failure occurring.

To detect a FortiGate software failure, you can enable probes for FortiGate
services that you want to provide fail open protection for. For example, if it is a
high priority for your network to provide SMTP email services, you should enable
the SMTP probe. If the SMTP probe detects a failure of SMTP traffic through the
FortiGate unit, the FortiBridge unit switches to bypass mode to maintain SMTP
traffic flow.

If you do not consider FTP traffic a high priority, you can leave the FTP probe
disabled. In this configuration, if only FTP traffic fails, the FortiBridge does not
switch to bypass mode.

Probe interval and probe threshold

For each probe, you set a probe interval and a probe threshold. The probe interval
defines how often to test the connection. The probe threshold defines how many
consecutive failed probes can occur before the FortiBridge considers the
connection to have failed.

POP3 POP3 packets are sent from a POP3 client

at the INT 2 interface to a POP3 server at
the EXT 2 interface. The POP3 server
sends a response from the EXT 2 interface
to the INT 2 interface.

Internal -> External POP3 or ANY

SMTP SMTP packets are sent from an SMTP

server at the INT 2 interface to an SMTP
server at the EXT 2 interface. The SMTP
server sends a response from the EXT 2
interface to the INT 2 interface.

Internal -> External SMTP or ANY

IMAP

IMAP packets are sent from an IMAP client
at the INT 2 interface to an IMAP server at
the EXT 2 interface. The IMAP server sends
a response from the EXT 2 interface to the
INT 2 interface.

Internal -> External IMAP or ANY

Table 1: FortiBridge probes and FortiGate firewall policy requirements (Continued)

Probe Description

FortiGate Firewall policy

Direction

Service

Advertising
Popular Brands
Popular manuals