DescriptionThis article explains the 4 modes in which the FortiBridge can operate: Inline, Bypass, Tap and Failcutoff.
ScopeRelated FortiBridge-S with version 4.3 supported models:
FBG-3002S (short-range) and FBG-3002L (long-range)
FBG-3004S (short-range) and FBG-3004L (long-range)
FBG-3004SL (supports short-range and long-range)
FBG-3041S (short-range)
FBG-3042S (short-range)
SolutionNetwork device can be an existing FortiGate or other network device deployment.
The four available modes are:
Inline
All traffic passing trough the FortiBridge is sent to the FortiGate to be analyzed. If the FortiGate allows it, it will go back to the FortiBridge.
Bypass
The FortiBridge constantly probes (Heartbeats, Pings, HTTP) the FortiGate. If it does not answer back, the FortiBridge forwards the Traffic normally without sending it to the FortiGate.
Tap
The FortiBridge forwards the traffic normally and also sends it to the FortiGate to be analyzed. FortiGate is configured to take no actions and only analyzes the traffic.
Failcutoff
The FortiBridge constantly probes (Heartbeats, Pings, HTTP) the FortiGate. If it does not answer back, the FortiBridge may work in Bypass mode (as explained above) or in Failcutoff mode, where if one of its links fails all others also fail.
Using the CLI, a segment can be manually set into Inline, Bypass, TAP or Fail-cutoff mode. All probes must be disabled before the mode can be set.
1.) The following CLI commands can be used to disable all probes for the segment:
config probe probe-list heartbeat
set status disable
end
config probe probe-list ping
set status disable
end
config probe probe-list http
set status disable end
2.) The following CLI command can be used to switch the mode manually:
execute switch-mode <inline|bypass|tap|failcutoff>
