Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jskrivan_FTNT
Staff
Staff

Created on ‎09-06-2013 01:51 AM

Article Id 196428

Test Report: FortiGate unit with Interface Masters External Bypass

Article

Test Description: Compatibility testing between Interface Master Niagara Bypass and FortiGate unit

This report shows the compatibility testing between Interface Master Niagara Bypass and FortiGate unit.
The DUT is the FortiGate-3600C and Interface Master Niagara 2818.

The following test scenarios have been tested with the result captured by screenshot:
- Fail open test based on the FortiGate failure.
- Fail open test based on the link failure.
- Fail open test based on the FortiGate software failure.

Below is the test architecture that has been set up to test the above scenarios. In this test case, FG3600C unit that is running in layer 2 mode with IPS turned on connects to Interface Master Niagara External Bypass, and the bypass will then connect to 2 different switches, and each of them has a laptop connected to it. A continuous PING will be executed from 172.16.1.100 to 172.16.1.99 to test the fail open.

FD34493_IMG01.jpg

Test Result

The following tests have been simulated in the Lab to test the external bypass fail open capability:

1)  Fail open test based on FortiGate failure.
In this test, we have simulated FortiGate’s failure by unplugging the power cable of FortiGate.

2)  Fail open test based on link failure.
In this test, we have simulated FortiGate’s link failure by unplugging the 10GE link.

3)  Fail open test based on FortiGate software failure.
In this test, we have simulated FortiGate’s software failure by shutting down firewall by using a command.

Based on the simulation tests carried out above, Interface Master external bypass has successfully failed opened without any issue. As shown below, all 3 test scenarios produced the same result and there was no downtime when the Interface Master external bypass failed open or vice versa from the PING result (see command prompt below).

 
FD34493_IMG02.jpg

Summary

In summary, FortiGate firewall can interoperate with Interface Master Niagara External Bypass to provide fail open capabilities. The firewall will fail open when the following scenarios happen:

1)  FortiGate firewall hardware failure.
2)  FortiGate firewall link failure.
3)  FortiGate firewall software failure.

 


1809
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.