Fortinet Version 3.0 دليل المستخدم

ملخص المحتوى في الصفحة رقم 1

Administration Guide
FortiBridge
Version 3.0
www.fortinet.com

ملخص المحتوى في الصفحة رقم 2

FortiBridge Administration Guide Version 3.0 9 November 2006 09-30000-0163-20061109 © Copyright 2006 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc. Trademarks ABACAS, APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient, FortiG

ملخص المحتوى في الصفحة رقم 3

Contents Contents Introduction ........................................................................................ 7 About FortiBridge.............................................................................................. 7 About this document......................................................................................... 7 Fortinet documentation..................................................................................... 8 Fortinet tools and documentation CD.......

ملخص المحتوى في الصفحة رقم 4

Contents Completing the basic FortiBridge configuration.......................................... 26 Adding an administrator password.............................................................. 27 Changing the management IP address ...................................................... 27 Changing DNS server IP addresses ........................................................... 28 Adding static routes .................................................................................... 28 All

ملخص المحتوى في الصفحة رقم 5

Contents system console................................................................................................ 61 system dns....................................................................................................... 62 get system status ............................................................................................ 63 system fail_close............................................................................................. 64 system global..................

ملخص المحتوى في الصفحة رقم 6

Contents FortiBridge Version 3.0 Administration Guide 6 09-30000-0163-20061109

ملخص المحتوى في الصفحة رقم 7

Introduction About FortiBridge Introduction This chapter introduces you to the FortiBridge-1000 and FortiBridge-1000F products that provide fail open protection for FortiGate Antivirus Firewalls operating in transparent mode. Fail open protection keeps network traffic flowing in the event of a FortiGate unit failure. This chapter contains the following topics: • About FortiBridge • About this document • Fortinet documentation • Customer service and technical support About FortiBridge The Fort

ملخص المحتوى في الصفحة رقم 8

Fortinet documentation Introduction • Using the CLI describes how to use the FortiBridge CLI. • config CLI commands is the FortiBridge config CLI command reference. • execute CLI commands is the FortiBridge execute CLI command reference. Fortinet documentation The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com. The following FortiBridge product documentation is a

ملخص المحتوى في الصفحة رقم 9

FortiBridge operating principles Example FortiBridge application FortiBridge operating principles This chapter describes a typical transparent mode FortiGate network and how to add a FortiBridge unit to this network to provide fail open protection. This chapter also contains detailed information about how FortiBridge units operate and concludes with descriptions of adding a FortiBridge unit to an HA cluster and connecting a FortiBridge unit other FortiGate interfaces. This chapter contains

ملخص المحتوى في الصفحة رقم 10

Example FortiBridge application FortiBridge operating principles The FortiGate unit acts as an extra layer of protection for your internal network. While it is operating, the FortiGate unit protects the internal network from threats originating on the Internet. All users on the internal network connect through the FortiGate unit to the Internet. This also means that if a failure or other interruption caused the FortiGate unit to stop functioning, users on the internal network would not be a

ملخص المحتوى في الصفحة رقم 11

FortiBridge operating principles Normal mode operation 1 Connect the FortiBridge-1000 INT 2 interface to the FortiGate internal interface. 2 Connect the FortiGate external interface to the FortiBridge-1000 EXT 2 interface. 3 Connect the internal network to the FortiBridge-1000 INT 1 interface. 4 Connect the FortiBridge-1000 EXT 1 interface to the router. Connecting the FortiBridge-1000F (fiber gigabit ethernet) The FortiBridge-1000F unit contains 4 multimode fiber optic gigabit interfaces that

ملخص المحتوى في الصفحة رقم 12

Normal mode operation FortiBridge operating principles Figure 5: FortiBridge unit operating in normal mode sending probe packets (Normal mode) Internal network INT 1 EXT 1 Internet Router EXT 2 INT 2 Internal External Probe packets (Transparent mode) You can enable ICMP (ping), HTTP, FTP, POP3, SMTP, and IMAP probes to test connectivity through the FortiGate unit for each of these protocols. The FortiBridge unit simultaneously tests connectivity through the FortiGate unit for each probe that

ملخص المحتوى في الصفحة رقم 13

FortiBridge operating principles Normal mode operation Table 1: FortiBridge probes and FortiGate firewall policy requirements (Continued) FortiGate Firewall policy Probe Description Direction Service POP3 POP3 packets are sent from a POP3 client Internal -> External POP3 or ANY at the INT 2 interface to a POP3 server at the EXT 2 interface. The POP3 server sends a response from the EXT 2 interface to the INT 2 interface. SMTP SMTP packets are sent from an SMTP Internal -> External SMTP or ANY

ملخص المحتوى في الصفحة رقم 14

Bypass mode operation FortiBridge operating principles Bypass mode operation When the FortiBridge unit operates in bypass mode, the FortiBridge INT 1 and EXT 1 interfaces are directly connected. All traffic between the internal and external network segments flows, whether or not the FortiGate unit is operating normally. Because the INT 1 and EXT 1 interfaces are directly connected, you cannot use Telnet or SSH to connect to the FortiBridge CLI. Instead you must use a console connection. T

ملخص المحتوى في الصفحة رقم 15

FortiBridge operating principles Example FortiGate HA cluster FortiBridge application Example FortiGate HA cluster FortiBridge application A FortiBridge unit can provide fail open protection for a FortiGate HA cluster operating in transparent mode in much the same way as for a standalone FortiGate unit. To provide fail open protection for an HA cluster, connect the FortiBridge unit to the switches that connect the internal and external interfaces of the cluster. Use the following steps to co

ملخص المحتوى في الصفحة رقم 16

Example configuration with other FortiGate interfaces FortiBridge operating principles 1 Connect the FortiBridge-1000 INT 2 interface to the switch connected to the HA cluster internal interface. 2 Connect the switch connected to the HA cluster external interface to the FortiBridge-1000 EXT 2 interface. 3 Connect the internal network to the FortiBridge-1000 INT 1 interface. 4 Connect the FortiBridge-1000 EXT 1 interface to the router. Connecting the FortiBridge-1000F (fiber gigabit ethernet) T

ملخص المحتوى في الصفحة رقم 17

FortiBridge operating principles Example configuration with other FortiGate interfaces 3 Connect the internal network to the FortiBridge-1000 INT 1 interface. 4 Connect the FortiBridge-1000 EXT 1 interface to the router. You must add port 5-> port 6 firewall policies to the FortiGate-500A unit configuration. FortiBridge Version 3.0 Administration Guide 09-30000-0163-20061109 17

ملخص المحتوى في الصفحة رقم 18

Example configuration with other FortiGate interfaces FortiBridge operating principles FortiBridge Version 3.0 Administration Guide 18 09-30000-0163-20061109

ملخص المحتوى في الصفحة رقم 19

Setting up FortiBridge units FortiBridge unit basic information Setting up FortiBridge units This chapter contains the information you need to unpack, connect, and configure your FortiBridge unit: • FortiBridge unit basic information • Connecting and turning on the FortiBridge unit • Connecting to the command line interface (CLI) • Completing the basic FortiBridge configuration • Resetting to the factory default configuration • Installing FortiBridge unit firmware When you complete the procedur

ملخص المحتوى في الصفحة رقم 20

FortiBridge unit basic information Setting up FortiBridge units Figure 9: FortiBridge-1000 package contents Bypass Change Front Mode Mode 2 Orange Crossover Ethernet Cables INT 1 EXT 1 PWR STATUS BYPASS MODE MODE FACTORY RESET Esc Enter NORMAL PWR FortiGate INT 2 EXT 2 Power INT 1 EXT 1 Normal Factory INT 2 EXT 2 Mode Reset Power Cable Power Supply Back RJ-45 to TO FORTIGATE DC+5V DB-9 Serial Cable PWR CONSOLE EXT 2 INT 2 EXT 1 INT 1 FortiBridge-1000 INT 1 EXT 1 Esc Enter BYPASS MODE MODE FACTOR