FortiBridge 4.0 Administration Guide

Introduction

FortiBridge enables you to add traffic monitoring and security devices to your network, without any loss in network integrity.

FortiBridge supports two normal modes of operation: inline mode and TAP mode. Inline mode supports network

configurations that require in-line monitoring/security devices. TAP mode supports various traffic TAP configurations, where the main network path is mirrored to the monitoring devices.

The FortiBridge product provides monitoring features to ensure that any inline or TAP devices do not impact network integrity and availability. For example, FortiBridge runs a heartbeat probe for in-line configurations, and automatically switches to Bypass mode if the heartbeat fails.

Bypass mode provides active and passive bypass circuitry. Active bypass restores the traffic path between network ports, if the monitoring path fails. If the FortiBridge suffers a catastrophic failure such as power loss, it automatically reverts to Passive Bypass mode, so that traffic flow is not interrupted.

Hardware Configurations

The FortiBridge consists of a host system (a 1U chassis), which houses up to three bypass modules.

A bypass module supports one or more network segments. A network segment provides one inline or bypass traffic path. Each segment provides two network ports (NET0 and NET1) and two monitoring ports (MON1 and MON2).

The following bypass modules are available:

  • 40G bypass module l Supports one bypass segment.
  • Supports 40G Single mode fiber (40GBase-SR4) network standards l Provides MPO/LC ports for the network ports.
  • Provides QSFP+ ports for the monitor ports.
  • Dual-rate 1/10G bypass module l Supports two bypass segments l Supports dual rate 1/10G Multimode Fiber (10GBase-SR , 1000Base-SX) network standards l Supports dual rate 1/10G Single mode fiber (10GBase-LR, 1000Base-LX) network standards l Provides MPO/LC Duplex ports for the network ports. l Provides SFP+ ports for the monitor ports.

The network ports have built-in transceivers. The monitor ports require plug-in optical transceivers. The correct transceivers are delivered (pre-installed) with your FortiBridge product.

Product Overview

Modes of Operation

Each FortiBridge segment operates in one of the following modes:

  • Inline mode l The system diverts all incoming network traffic to the monitoring ports. No traffic flows directly between the network ports.
  • The inline network element must bridge the traffic between the monitoring ports. l The system monitors the inline traffic path using a heartbeat probe.
  • In the event of a fault, the segment transitions to one of the bypass modes (Bypass, TAP or Fail-cutoff mode, depending on configuration values).
  • When the fault condition clears, the segment can automatically transition back to Inline mode (the exact behavior is defined by configuration values). The segment transitions to Inline mode only after it detects that the heartbeat probe is working again
  • TAP mode l The system sends traffic between the network ports, and incoming traffic is mirrored to the monitoring ports.
  • The system does not provide a heartbeat probe on the mirrored path (because the network path is the primary traffic path).
  • If the system loses power, the traffic path is maintained between the network ports (the segment transitions to passive bypass mode).
  • Bypass mode l The system sends traffic only between the network ports, and not to the monitoring ports.
  • Fail-cutoff mode l The system disables the links on the network ports, to simulate cable disconnection between the network devices.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website