Fortinet Discovery Protocol in Transparent Mode

• All FortiGate units running FortiOS 3.0.

Configuring a secondary IP address for FDP in Transparent mode

The Fortinet Discovery Protocol (FDP) communicates with a FortiAnalyzer unit on an interface using two IP addresses, enabling both user traffic and communication with the FortiAnalyzer unit to occur simultaneously. In Transparent mode, there is only one IP address, and it allows either FDP communication or network traffic, not both.

You can configure the FortiGate unit to use a second IP address on the interface that uses FDP using the CLI.

To configure a secondary IP address for FDP in Transparent mode

1. Log into the CLI.
2. Enter the following commands:

    config sys fortianalyzer
     set status {enable|disable}
      set address-mode {autodiscovery|static}
     set fdp-device <SERIAL_NUMBER>
     set fdp-interface {interface1|interface2|interface3...}
    end

Example

 config sys fortianalyzer
  set status enable
   set address-mode autodiscovery
  set fdp-device FLG4000852000002
  set fdp-interface dmz
 end

Note: Ensure you configure the secondary IP address before selecting the FDP feature in Transparent mode. In the web-based manager, a message similar to the following appears after enabling the FDP option:

Warning: You are about to dedicate the selected interface to FortiAnalyzer communication. The interface will become unable to handle other user traffic. Do you want to continue?

If you select OK without configuring a second IP address for that interface, the FortiGate unit no longer carries traffic on that interface.