Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

DeniMota
New Contributor

Created on ‎12-26-2018 10:45 PM

FG301E IPS mode

Hi all,

I need to replace my current cisco ASA-IPS with FG301E Bundle with IPS service. I have multiple context on my current setup and I need to know if this device support fail-open on some interfaces? Anyone deployed this device as IPS?

Thank you,

Denilson

------------------------------
Denilson [LastName] [Designation]
Mr
[CompanyName]
[City] [State]
[Phone]
------------------------------
Labels:
452
0 Kudos
4 REPLIES 4
YohaDAVI
New Contributor

Created on ‎01-02-2019 02:24 AM

Hello,

What do you want to mean by "fail-open" on interfaces ? Could you please give more details about your context or problem ?

Because "fail-open" is configurable but maybe we don't talk about the same.

thanks a lot.

Best regards,

------------------------------
Yohann [LastName] [Designation]
Ing?nieur syst?me / r?seaux
[CompanyName]
[City] [State]
[Phone]
------------------------------
432
0 Kudos
DeepKuma2
Contributor
In response to YohaDAVI

Created on ‎01-02-2019 08:14 AM

Hi,
I hope it is global (Vdom) basis.

------------------------------
Deepak Kumar
First Option General Trading LLC
Dubai
------------------------------
-------------------------------------------
Original Message:
Sent: 01-02-2019 05:24
From: Yohann DAVID
Subject: FG301E IPS mode

Hello,

What do you want to mean by "fail-open" on interfaces ? Could you please give more details about your context or problem ?

Because "fail-open" is configurable but maybe we don't talk about the same.

thanks a lot.

Best regards,

------------------------------
Yohann [LastName] [Designation]
Ing?nieur syst?me / r?seaux
[CompanyName]
[City] [State]
[Phone]
------------------------------

Original Message:
Sent: 12-27-2018 01:44
From: Denilson Mota
Subject: FG301E IPS mode

Hi all,

I need to replace my current cisco ASA-IPS with FG301E Bundle with IPS service. I have multiple context on my current setup and I need to know if this device support fail-open on some interfaces? Anyone deployed this device as IPS?

Thank you,

Denilson

------------------------------
Denilson [LastName] [Designation]
Mr
[CompanyName]
[City] [State]
[Phone]
------------------------------
Deepak Kumar First Option General Trading LLC Dubai
Deepak Kumar First Option General Trading LLC Dubai
432
0 Kudos
DeniMota
New Contributor
In response to DeepKuma2

Created on ‎01-02-2019 11:02 AM

Hi Deepak,

Thank you for your comment and yes fail-open same as bypass traffic without inspect in case of failing.

For context mode it is possible assign more than one interface for each context even if are working in cluster mode?

I have two router's one brings internet signal and other brings Mpls. The reason of vdom is to accommodate both flows.

For vdom-a(internet) I want to assign interface 1,2,3 and for vdom-b(mpls) assign interface 4,5,6.

Vdom-a interface 1 is connected to internet router(up link) interface 2,3 connect to firewall for internet purpose(down link).

Vdom-b interface 4 is connected to mpls router(up link) interface 5,6 connected to firewall for mpls purpose(down link).

Can I setup like this?

Thank you,



------Original Message------

Hi,
I hope it is global (Vdom) basis.

------------------------------
Deepak Kumar
First Option General Trading LLC
Dubai
------------------------------
432
0 Kudos
DeepKuma2
Contributor

Created on ‎01-02-2019 08:17 AM

Yes,
Fail-open will work.
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/IPS/Configure%2...

------------------------------
Deepak Kumar
First Option General Trading LLC
Dubai
------------------------------
Deepak Kumar First Option General Trading LLC Dubai
Deepak Kumar First Option General Trading LLC Dubai
432
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.