AMC Bridge Module Commands

• All FortiGate units that have a single-width AMC card slot.
• FortiGate-ASM-CX4 and FortiGate-ASM-FX2 bridge modules

The FortiGate ASM-FX2 and ASM-CX4 provide fail open protection for FortiGate units that have a single-width AMC slot. The Bridge functions as a pass-through device to detect traffic failures in the FortiGate unit. Should this occur, the traffic bypasses the FortiGate unit to make sure that the network can continue processing. Note that FortiGate services, such as firewall policies, antispam and antivirus, are not applied when the modules bypasses traffic.

Note: The bypass modules are not supported when the FortiGate unit is running in HA mode.

You can manually enable bypass mode by two methods:

• Using a small instrument, such as a pen or paperclip, press the Bypass Mode button on the module.
• Use the CLI command execute amc bypass-mode <enable | disable>

The bridge module includes a monitoring system, to continually verify that traffic is flowing through the FortiGate unit. When configured, the bridge module will monitor traffic on the FortiGate unit. Should traffic stop flowing, for example if the FortiGate unit fails, the bridge module will trigger to ensure the flow of traffic.

To configure the traffic monitoring, enter the commands:

config system amc
set bypass-watchdog <enable | disable>
set bypass-timeout <1 | 10 | 60>
end

The bypass-timeout is the number of seconds that traffic has not traversed the FortiGate unit. For example, if you set the bypass command to 10 seconds (set bypass-timeout 10)if not traffic has gone through in 10 seconds, enable the bypass mode.

You can also use the command get system amc bypass-status to see the current bypass information.