Fortinet Version 3.0 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Fortinet Version 3.0, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Fortinet Version 3.0 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Fortinet Version 3.0. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Fortinet Version 3.0 should contain:
- informations concerning technical data of Fortinet Version 3.0
- name of the manufacturer and a year of construction of the Fortinet Version 3.0 item
- rules of operation, control and maintenance of the Fortinet Version 3.0 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Fortinet Version 3.0 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Fortinet Version 3.0, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Fortinet service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Fortinet Version 3.0.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Fortinet Version 3.0 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    www.fortinet.com FortiB ri dge V ersion 3.0 Administration Guide[...]

  • Page 2

    FortiBridge Administration Guide V ersion 3.0 9 November 200 6 09-30000-01 63-20061 109 © Copyright 2006 Fortine t, Inc. All rights reserved. No part of this publication including te xt, examp les, diagrams or illustrations may be re produced, transmitted, or translate d in any form or by any means, electronic, mechanical, manual , optical or othe[...]

  • Page 3

    Contents FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 3 Contents Introduction ............... ................................. .............................. .......... 7 About FortiBridge ....................... ................ .................... ................ ................ ... 7 About this document .............[...]

  • Page 4

    FortiBridge Version 3.0 Administration Guide 4 09-30000-0163-20061 109 Contents Completing the basic FortiBridge confi guration ................ ................ .......... 26 Adding an administrator password .......... ................ ................ ................... . 27 Changing the management IP address ..... ... ... .... ... ... ... .... [...]

  • Page 5

    Contents FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 5 system console ..................... ................ ................... ................ .................... .... 61 system dns ............ ................ ................ ................... ................ ................ ........ 62 get system status . .....[...]

  • Page 6

    FortiBridge Version 3.0 Administration Guide 6 09-30000-0163-20061 109 Contents[...]

  • Page 7

    Introduction About FortiBridge FortiBridge Version 3.0 Administration Guide 09-30000-0163-20061 109 7 Introduction This chapter introduces yo u to the FortiBridge-1000 an d FortiBridge-1000F products that pr ovide fail open protection for FortiGat e Antivirus Fir ewalls operating in transp ar ent mode. Fail open pr otection keeps network traffic fl[...]

  • Page 8

    FortiBridge Version 3.0 Administration Guide 8 09-30000-0163-20061 109 Fortinet documentation Introduction • Using th e CLI describes how to use the FortiBridge CLI. • config CLI commands is the FortiBridge config CLI command r eference. • execute CLI commands is the FortiBridge execute CLI command reference. Fortinet document ation The most [...]

  • Page 9

    FortiBridge operating principles Example FortiBridge ap plica tion FortiBridge Version 3.0 Administration Guide 09-30000-0163-20061 109 9 FortiBridge operating principles This chapter descri bes a typical transp arent mode FortiGate network and how to add a FortiBridge unit to this network to provide fail open protection. This chapter also cont ain[...]

  • Page 10

    FortiBridge Version 3.0 Administration Guide 10 09-30000-0163-20061 109 Example FortiBridge applicati on FortiBridge operating principle s The FortiGate unit acts as an extra layer of protec tion for your in ternal netw ork. While it is operating, the FortiGate un it protects the interna l network from threats originating on the Intern et. All user[...]

  • Page 11

    FortiBridge operating princip les Normal mode operation FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 11 1 Connect the FortiBridge-100 0 INT 2 interface to the FortiGate intern al inter face. 2 Connect the FortiGate external interface to the Fort iBridge-1000 EXT 2 interface. 3 Connect the internal network to the FortiBridg [...]

  • Page 12

    FortiBridge Version 3.0 Administration Guide 12 09-30000-0163-20061 109 Normal mode operation FortiBridge operating principle s Figure 5: FortiBridge unit operating i n normal mode sendin g probe p acket s Y ou can enable ICMP (ping), HTTP , FTP , POP3, SMTP , and IMAP probes to test connectivity through the FortiGate un it for each of these pr oto[...]

  • Page 13

    FortiBridge operating princip les Normal mode operation FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 13 Enabling probes to detect For tiGate hardware failure A FortiGate unit can stop processing networ k traf fic because of a hardware failu re such as the failure of a hardware component, a loss of power , or a loss of conne[...]

  • Page 14

    FortiBridge Version 3.0 Administration Guide 14 09-30000-0163-20061 109 Bypass mode operation FortiBridge operating principle s Byp ass mode operation When the FortiBri dge unit operates in bypass mode, the FortiBridge INT 1 and EXT 1 interfaces are directly connected. All traf fic between the internal and external network segment s flows, whether [...]

  • Page 15

    FortiBridge operating princip les Example Fo rtiGate HA clu ster FortiBridge ap plication FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 15 Example FortiGate HA cluster FortiBridge application A FortiBridge unit can p rovide fail open protection for a FortiGate HA cluster operating in transp arent mode in much the same way as[...]

  • Page 16

    FortiBridge Version 3.0 Administration Guide 16 09-30000-0163-20061 109 Example conf i gu ra tion with other Fo rti G ate interfaces FortiBridge operating principle s 1 Connect the For tiBr idg e- 1 00 0 INT 2 inte rf ac e to th e switc h co nn ec te d to the HA cluster internal interface. 2 Connect the switch connected to the HA cluster external i[...]

  • Page 17

    FortiBridge operating princip l es Example configuration wit h other FortiG ate interfaces FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 17 3 Connect the internal network to the FortiBridg e-1000 INT 1 interface. 4 Connect the FortiBridge-1000 EXT 1 inter fa ce to the router . Y ou must add port 5 -> port 6 firewall polic[...]

  • Page 18

    FortiBridge Version 3.0 Administration Guide 18 09-30000-0163-20061 109 Example conf i gu ra tion with other Fo rti G ate interfaces FortiBridge operating principle s[...]

  • Page 19

    Setting up FortiBridge units FortiBridge unit ba si c information FortiBridge Version 3.0 Administration Guide 09-30000-0163-20061 109 19 Setting up FortiBridge unit s This chapter cont ains the info rmation you need to unp ack, connect, and config ure your FortiBridge unit: • FortiBridge unit ba sic inf or ma tion • Connecting and turning on t[...]

  • Page 20

    FortiBridge Version 3.0 Administration Guide 20 09-30000-0163-20061 109 FortiBridge unit basic info rmation Setting up FortiBridge units Figure 9: FortiBridge- 1000 package contents FortiBridge-1000F Package contents The FortiBridge-1000F p ackage conta ins the following items: • the FortiBridge- 1000F unit • one RJ-45 to DB-9 serial cable (For[...]

  • Page 21

    Setting up FortiBridge units FortiBridge unit ba si c information FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 21 Technical specifications LED indicators T able 2: Fo rtiB ridge-1000 and 1000F tech nical sp ecifications Dimensions 8.63 x 6.13 x 1.38 in. (21.9 x 15.6 x 3.5 cm) Wei gh t 1.5 lb. (0.68 kg) Power Requirement s D[...]

  • Page 22

    FortiBridge Version 3.0 Administration Guide 22 09-30000-0163-20061 109 FortiBridge unit basic info rmation Setting up FortiBridge units Connectors Factory default configuration T able 5: FortiBridge-1000 connectors Connector T ype Speed Protocol Descrip tion INT 1 RJ-45 10/100/1000 Base-T Ethernet Copper gigabit ethernet connection to the internal[...]

  • Page 23

    Setting up FortiBridge units Connecting and turning on the FortiBridge uni t FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 23 Connecting and turning on the FortiBridge unit In most cases, you can connect the For tiBridge unit without making any configuration changes to your network or your FortiGate unit. All that is req uir[...]

  • Page 24

    FortiBridge Version 3.0 Administration Guide 24 09-30000-0163-20061 109 Connecting and tu rning on the FortiBridge unit Setting up FortiBridge u nits T o connect and turn on the FortiBridge-1000 unit 1 Connect the FortiBridge-1000 INT 2 interface to the FortiGate unit internal interface. 2 Connect the FortiBridge-10 00 EXT 2 interface to the FortiG[...]

  • Page 25

    Setting up FortiBridge units Connecting to the command line inte rface (CLI) FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 25 3 Connect the internal network to the FortiBridg e-1000F INT 1 interface. 4 Connect the FortiBridge-1000F EXT 1 inter face to the router . Connecting to the command line interface (CLI) Y ou configure[...]

  • Page 26

    FortiBridge Version 3.0 Administration Guide 26 09-30000-0163-20061 109 Completing the basic FortiBri dge configuration Setting up FortiBridge units 9 T ype the password for t his administra tor and pre ss Enter . The defa ult admin acco unt does n ot require a password. For improv ed security , you should add a p assword for this account as soon a[...]

  • Page 27

    Setting up FortiBridge units Completing the basic FortiBridge configu ration FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 27 • Adding an administrator p assword • Changing the management IP addres s • Changing DNS server IP addresses • Adding static routes • Allowing management access to the EXT 1 interface • Ch[...]

  • Page 28

    FortiBridge Version 3.0 Administration Guide 28 09-30000-0163-20061 109 Completing the basic FortiBri dge configuration Setting up FortiBridge units Changing DNS ser ver IP addresses Change the FortiBridge DNS server IP ad dresses to the IP addresses of your DNS servers. Th e correct DNS server configur ation is required for aler t email. T o chang[...]

  • Page 29

    Setting up FortiBridge units Completing the basic FortiBridge configu ration FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 29 Allowing management access to the EXT 1 interface By default no m anagement access is conf igu red for the EXT 1 interface. Use the following procedure to add management ac cess to this inte rface if [...]

  • Page 30

    FortiBridge Version 3.0 Administration Guide 30 09-30000-0163-20061 109 Resetting to the factory default conf iguration Setting up FortiBridge units config system admin edit <admin_name_str> set password <password> set accprofile prof_admin end For example : config system admin edit new_admin set password p8ssw0rd set accprofile prof_ad[...]

  • Page 31

    Setting up FortiBridge units Installing FortiBridge unit firmware FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 31 Upgrading to a new firmware version Y ou cannot use this procedure to re-inst all the current firmware or to revert to an older versio n of the firmw are. If you need to re-in stall the current firmwa re or reve[...]

  • Page 32

    FortiBridge Version 3.0 Administration Guide 32 09-30000-0163-20061 109 Installing FortiBridge unit firmware Setting up FortiBridge units Reverting to a previous firmware version This procedure revert s the FortiBridge unit to a previous firmware version and rests th e un it to its factory default co nfiguration. Before using this procedure you can[...]

  • Page 33

    Setting up FortiBridge units Installing FortiBridge unit firmware FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 33 Installing firmware from a system reboot This procedure inst alls a specified firmware image and re se t s the FortiBridge unit to default settings. Y ou can use this procedure to upgrade to a new firmware versi[...]

  • Page 34

    FortiBridge Version 3.0 Administration Guide 34 09-30000-0163-20061 109 Installing FortiBridge unit firmware Setting up FortiBridge units The following message appears: Enter firmware image file [image.out]: 10 T ype the firmware image file na m e an d pr es s Ente r . The TFTP server uploads the firmwar e ima ge file to the FortiBridge unit and th[...]

  • Page 35

    Configuration and operating proc edu res Example network settings FortiBridge Version 3.0 Administration Guide 09-30000-0163-20061 109 35 Configuration and operating procedures This chapter describes ho w to configure a FortiBridge un it to provide fail open protection for a FortiGate unit operating in transp arent mode. This chapter also describes[...]

  • Page 36

    FortiBridge Version 3.0 Administration Guide 36 09-30000-0163-20061 109 Configuring FortiBridge probe s Confi guration and operating procedure s Figure 13: Example FortiBridge application Ta b l e 9 lists the internal network configuration . Ta b l e 1 0 lists the basic For tiBridge unit configuration settings. Configuring FortiBridge probes T o mo[...]

  • Page 37

    Configuration and operating procedu res Configuring FortiBridge probes FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 37 This section describes: • Probe settings • Enabling probes • V erifyi ng that probes are functioning • T uning the failure threshold and probe inte rval Probe settings Configure probe setting s to c[...]

  • Page 38

    FortiBridge Version 3.0 Administration Guide 38 09-30000-0163-20061 109 Configuring FortiBridge probe s Confi guration and operating procedure s 2 Configure probe settings. Enter: config probe setting set action_on_failure alertmail failopen snmp syslog set dynamic_ip_pattern 2.2.2.* set fgt_serial FGT8002803923050 end Enabling probes Enable probes[...]

  • Page 39

    Configuration and operating procedu res Configuring FortiBridge probes FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 39 3 Display ping probe settings, enter: get probe probe_list ping name : ping failure_threshold : 3 probe_interval : 1 status : enable 4 Enable the FTP prob e . Incr ea se the failu re thresh o ld to 5 an d t[...]

  • Page 40

    FortiBridge Version 3.0 Administration Guide 40 09-30000-0163-20061 109 Configuring FortiBridge alerts Conf igurati on and operating pr ocedures Figure 15: FortiGate Session li st showing Forti Bridge probe s This session list shows the following: • The FortiBridge dynamic prob e IP ad dresses are 2.2.2 .213 and 2.2.2.214. • IMAP probe packe ts[...]

  • Page 41

    Configuration and operating procedu res Configuring FortiBridge al erts FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 41 FortiBridge alert email If you set the probe action on failure to alertmail , yo u can configure alert em ail so that the FortiBridge unit sends an email message to up to three email addresses if the Forti[...]

  • Page 42

    FortiBridge Version 3.0 Administration Guide 42 09-30000-0163-20061 109 Configuring FortiBridge alerts Conf igurati on and operating pr ocedures 02-01-2005 8:21:27 Local7.Alert 172.20.120.13 date=2005-02- 01 time=15:26:59 device_id= log_id=0100020001 type=event subtype=system pri=alert msg="FortiBridge detect FortiGate failure: [failed time: T[...]

  • Page 43

    Configuration and o perating procedures Recovering from a FortiGa te failure FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 43 T o add and enable an SNMP community 1 Log into the CLI. 2 Add the first SNMP community and name it snmp1 . Enter: config system snmp community edit 1 set name snmp_1 end The new SNMP community is ena[...]

  • Page 44

    FortiBridge Version 3.0 Administration Guide 44 09-30000-0163-20061 109 Manually switching between F ortiBridge operatin g modes Configuration and operating procedures 2 Make the required changes to fix the pr oblem. Depending on the cause, this could mean re-connecting and rest arting the FortiGate unit, or diagnosing a pr oblem wi th the FortiG a[...]

  • Page 45

    Configuration and o perating procedures Backing up and restoring the FortiBridg e co nfiguration FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 45 3 Restore the system configuration from a text file on the TFT P serv er . Enter: execute restore config <filename_str> <tftp-server_ipv4> The config file is copied fro[...]

  • Page 46

    FortiBridge Version 3.0 Administration Guide 46 09-30000-0163-20061 109 Backing up and restoring the FortiBridge conf i guration Configuration and operating procedures[...]

  • Page 47

    Using the CLI CLI basics FortiBridge Version 3.0 Administration Guide 09-30000-0163-20061 109 47 Using the CLI This chapter explains how to connect to the command line inter face (CLI) and contains some ba sic information about using the CLI. Y ou us e CLI comma nds to view all system information and to change all system configuration settings. Thi[...]

  • Page 48

    FortiBridge Version 3.0 Administration Guide 48 09-30000-0163-20061 109 Connecting to the FortiBridge CLI using SSH or T elnet Using the CLI For example, to configure the inter nal in terface to accept SSH connections, enter: config system interface edit internal set allowaccess ssh end 3 Use the following command to configure an interface to accep[...]

  • Page 49

    Using the CLI Connecting to the FortiBridge CLI using SSH or T elnet FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 49 T o connect to the CLI using SSH 1 Install and st art an SSH client. 2 Connect to a FortiBridge in terface that is configured for SSH connections. 3 T y pe a valid administrato r name and press Enter . 4 T y [...]

  • Page 50

    FortiBridge Version 3.0 Administration Guide 50 09-30000-0163-20061 109 Connecting to the FortiBridge CLI using SSH or T elnet Using the CLI[...]

  • Page 51

    config CLI commands FortiBridge Version 3.0 Administration Guide 09-30000-0163-20061 109 51 config CLI commands alertemail setting log syslogd setting probe probe_list {ping | h ttp | ft p | pop3 | smtp | imap} probe setting system accprofile system admin system console system dns get system status system fail_close system global system interface {[...]

  • Page 52

    FortiBridge Version 3.0 Administration Guide 52 09-30000-0163-20061 109 alertemail setting config CLI commands alertemail setting Use this command to configure the FortiBridg e unit to send alert email to up to three recipient s when action on failure is set to send a alert email message. Command syntax pattern config alertemail setting set <key[...]

  • Page 53

    config CLI commands alertemail setti ng FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 53 Related Commands • probe setting[...]

  • Page 54

    FortiBridge Version 3.0 Administration Guide 54 09-30000-0163-20061 109 log syslogd setting config CLI commands log syslogd setting Use this command to configure the FortiBridg e unit to send a syslog message to a remote syslog server when action on failure is set to send a syslog message. Command syntax pattern config log syslogd setting set <k[...]

  • Page 55

    config CLI commands probe probe_list {ping | http | ftp | pop3 | smtp | imap} FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 55 probe probe_list {ping | http | f tp | pop3 | smtp | imap} Use this command to configur e probes for ping, HTTP , FTP , POP3, SMTP , and IMAP traffic. Probes monitor different types of traffic. For e[...]

  • Page 56

    FortiBridge Version 3.0 Administration Guide 56 09-30000-0163-20061 109 probe setting config CLI commands probe setting Use this command to configure how the For tiBridge unit responds when a p robe determines that the FortiGate unit has failed. Y ou can also configu re the dynamic IP pattern used by prob es and add the FortiGate serial number , wh[...]

  • Page 57

    config CLI commands system accprofile FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 57 system accprofile Use this command to add access pr ofiles that control ad ministra tor access to FortiBridge features. Each administra to r ac co un t mu st inc lud e an acc ess profile. Y ou can create ac ces s profile s th at de n y acc[...]

  • Page 58

    FortiBridge Version 3.0 Administration Guide 58 09-30000-0163-20061 109 system accprofile config CLI commands Example Use the following commands to add a new access profile named policy_profile that allows read and write access system shut down. An administrator account with this access profile can shut down the system and upgrade firm ware. config[...]

  • Page 59

    config CLI commands system admin FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 59 system admin Use this command to add, edit, and delete administrator account s. Use the admin account or an account with system configuration read and write privileges to add new administrato r accounts and co ntrol their per mission levels. Ea[...]

  • Page 60

    FortiBridge Version 3.0 Administration Guide 60 09-30000-0163-20061 109 system admin config CLI commands Example Use the following commands to add a new ad ministrator account named new_admin with the password set to p8ssw0rd and that includes an access profile named policy_profile . Administrators that log in to this account will have administrato[...]

  • Page 61

    config CLI commands system console FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 61 system console Use this command to set the cons o le command mode and outp ut setting. Command syntax pattern config system console set <keyword> <variable> end config system console unset <keyword> end get system console sh[...]

  • Page 62

    FortiBridge Version 3.0 Administration Guide 62 09-30000-0163-20061 109 system dns config CLI commands system dns Use this command to set th e DNS ser ve r addr e sse s. Sev eral FortiBridge fu nct ion s, includ in g sen d ing email alerts and URL blocking, use DNS. On models numbered 100 and lower , you can use this command to set up DNS forward i[...]

  • Page 63

    config CLI commands get system status FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 63 get system st atus Use this command to display syste m status information. This comma nd displays: • FortiBridge un it firm wa re vers ion an d bu ild num be r • FortiBridge un it ho st na m e • FortiBridge unit operation mode (norm [...]

  • Page 64

    FortiBridge Version 3.0 Administration Guide 64 09-30000-0163-20061 109 system fail_close config CLI commands system fail_close Use this com mand to con figure the fail close feature. Command syntax pattern config system fail_close set <keyword> <variable> end config system fail_close unset <keyword> end get system fail_close show[...]

  • Page 65

    config CLI commands system fail_close FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 65 Example This example shows how to enable the Fort iBridge fail_ close feature, and set the threshold time to five seconds. config system fail_close set status fail_close set threshold 5 end This example sh ows how to disp lay th e co nfig [...]

  • Page 66

    FortiBridge Version 3.0 Administration Guide 66 09-30000-0163-20061 109 system global config CLI commands system global Use this command to configure global se ttings that affect various FortiBridge systems and configurat ions. Command syntax pattern config system global set <keyword> <variable> end config system global unset <keywor[...]

  • Page 67

    config CLI commands system global FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 67 Example This examp le shows how to set the Fort iBridge system t imezone, ad d the IP addr ess of an NTP server , and enable synchronization with the NTP server . The IP address of the NTP server is 192.168.20.1. config system global set timez[...]

  • Page 68

    FortiBridge Version 3.0 Administration Guide 68 09-30000-0163-20061 109 system interface {internal | external} config CLI commands system interface {internal | external} Use this command to configure managemen t access to the FortiBridge internal or external interface. The internal interface in the INT 1 interface. The external interface is the EXT[...]

  • Page 69

    config CLI commands system manageip FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 69 system manageip Configure the FortiBridge management IP addr es s. Use the ma nagement IP address fo r management access to the FortiBridge unit. Command syntax pattern config system manageip set <keyword> <variable> end config s[...]

  • Page 70

    FortiBridge Version 3.0 Administration Guide 70 09-30000-0163-20061 109 system route config CLI commands system route Use this command to add or edit FortiBridge static routes. Command syntax pattern config system route edit <sequence_integer> set <keyword> <variable> end config router static unset <keyword> get system route[...]

  • Page 71

    config CLI commands system snmp community FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 71 system snmp community Use this command to configur e SNMP communities. Add SNMP communities so that the FortiBridge unit can send SNMP v1 and v2c trap s to SNMP manage rs when action on failur e is set to send SNMP traps. Y ou can add [...]

  • Page 72

    FortiBridge Version 3.0 Administration Guide 72 09-30000-0163-20061 109 system snmp community config CLI commands Command syntax pattern config hosts edit <id_integer> set <keyword> <variable> end config hosts edit <id_integer> unset <keyword> end config hosts delete <id_integer> end get system snmp community [&l[...]

  • Page 73

    execute CLI commands FortiBridge Version 3.0 Administration Guide 09-30000-0163-20061 109 73 execute CLI commands backup date factoryr eset ping reboot restore switch-mode time[...]

  • Page 74

    FortiBridge Version 3.0 Administration Guide 74 09-30000-0163-20061 109 backup execute CLI commands backup Backup the FortiBridge configurat ion to a file on a TFTP server . Command syntax execute backup config <filename_str> <tftp-server_ipv4> Example This example shows how to backup a system configur ation file from the For tiBridge u[...]

  • Page 75

    execute CLI commands date FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 75 date Get or set the system date. Command syntax execute date [<date_str>] date_str has th e form mm/dd/yyyy , where • mm is the mont h and can be 01 to 12 • dd is the day o f the mont h and can be 01 to 31 • yyyy is the year and can be 200[...]

  • Page 76

    FortiBridge Version 3.0 Administration Guide 76 09-30000-0163-20061 109 factoryreset execute CLI commands factoryreset Reset the FortiBr idge configuratio n to factory de fault settings. Command syntax execute factoryreset ! Caution: This procedure deletes all changes tha t you have made to the FortiBridge configuration and reverts the system to it[...]

  • Page 77

    execute CLI commands ping FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 77 ping Send five ICMP ec ho requests (pings) to test the network connectio n between the For tiBridge unit and another network device. Command syntax execute ping {<address_ipv4> | <host-name_str>} Example This examp le shows how to ping a h[...]

  • Page 78

    FortiBridge Version 3.0 Administration Guide 78 09-30000-0163-20061 109 reboot execute CLI commands reboot Rest art the FortiBridge unit. Command syntax execute reboot[...]

  • Page 79

    execute CLI commands restore FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 79 restore Use this command to restore a backup confi guration and to change the FortiBridge firmware. Command syntax execute restore config <filename_str> <tftp-server_ipv4> execute restore image <filename_str> <tftp-server_ipv4&[...]

  • Page 80

    FortiBridge Version 3.0 Administration Guide 80 09-30000-0163-20061 109 switch-mode execute CLI commands switch-mode Use this command to switch between byp ass and normal mode. Command syntax execute switch-mode[...]

  • Page 81

    execute CLI commands time FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 81 time Get or set the system time. Command syntax execute time [<time_str>] time_str has the form hh:mm:ss , where • hh is the hour and can be 00 to 23 • mm is the minutes and can be 00 to 59 • ss is the seconds and can be 00 to 59 If you do[...]

  • Page 82

    FortiBridge Version 3.0 Administration Guide 82 09-30000-0163-20061 109 time execute CLI commands[...]

  • Page 83

    Index FortiBridge Version 3.0 Administration Guide 09-30000-0163-20061 109 83 Index A accprofile 59 action on failure fail open 37 probe 37 send alertmail 37 SNMP trap 37 syslog 37 action_on_failure 56 admingrp 57 administr ative access for SSH or Telnet 47 administrator adding a password 27 administrator accounts adding 29 admintimeout 66 alert em[...]

  • Page 84

    FortiBridge Version 3.0 Administration Guide 84 09-30000-0163-20061 109 Index HA cluster 15 other FortiGate interfaces 16 execute CLI commands 73 switch-mode 44 execute switch-mode 14 EXT 1 management access 29 F facility 54 factory default configuration 22 resetting 30 factoryres et 76 fail bypass 64 fail close 64 fail bypass 64 threshold 64 fail [...]

  • Page 85

    Index FortiBridge V ersion 3.0 Administration Guide 09-30000-0163-20061 109 85 monitor FortiGate unit 11 mounting instructions 20 N name 71 new version FortiBridge firmware 31 normal mode 10, 11 monitoring the FortiGate unit 11 probe 11 resuming from bypass mode 43 switching to 14 switching to bypass mode 14 traffic flow 11 ntpserver 66 ntpsync {di[...]

  • Page 86

    FortiBridge Version 3.0 Administration Guide 86 09-30000-0163-20061 109 Index v2c 42 snmp action_on_failure 56 SSH access to CLI 47 standalon e FortiGate unit 9 static ro ute adding 28 status 5 4 status {disable | enable} 54, 55, 71 switch switching between modes 14 switching between operating modes 44 switch-mode 14, 80 execute 44 syncinterval 67 [...]

  • Page 87

    www.fortinet.com[...]

  • Page 88

    www.fortinet.com[...]