FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
aionescu
Staff
Staff
Article Id 195677

Description

 

This article describes how to configure the 'poweroff-bypass' and 'bypass-watchdog' feature on the FortiGate-80F/81F Bypass.

Some FortiGates have special hardware that help organizations avoid network communication interruption due to units faults and improve network reliability.
On the FortiGate-80F/81F Bypass model, the WAN1 and Internal1 interfaces form a copper bypass pair.
The SFP1 interface is not part of the bypass pair.


Related document.
https://docs.fortinet.com/document/fortigate/6.2.0/hardware-acceleration/300792/fortigate-80f-81f-an...

Scope

 

For FortiGate-80/81F Bypass.


Solution

 

To use this feature, the unit needs to be operating in transparent mode.

FortiGate-80F-Bypass # config system bypass
FortiGate-80F-Bypass set poweroff-bypass enable --set interface bypass state in power off
FortiGate-80F-Bypass set bypass-watchdog enable --watchdog to bypass interfaces in case of software/hardware failure
FortiGate-80F-Bypass end

In case of FortiGate 80F/81F Bypass, the default timeout value for 'bypass-watchdog' is 8 seconds. This value is hardcoded and cannot be modified.
The bypass mode can be used also in a VDOM configuration, if that particular VDOM is operating in transparent mode and ports WAN1 and Internal1 are both connected to the same VDOM.

The setting is available in the global VDOM:

FortiGate-80F-Bypass # config global
FortiGate-80F-Bypass (global) # config system bypass