| Description |
This article describes what should be the Port Status during manual Fail-Open Mode.
|
| Scope | FortiDDOS. |
| Solution |
In FortiDDOS, fail-open mode is enabled by default.
This can be triggered automatically if there is a reboot/hardware failure. Basically in this mode the traffic from one side directly reaches the other side without passing through data plane interfaces, so there is no Monitoring or Prevention task involved during this phase.
It is possible to achieve the bypass manually also by using the below command:
execute bypass-traffic {enable | disable}
This will force the FortiDDOS interfaces to enter a Fail-Open state.
During this state, if seeing the network interface level then the Link status of the Bypassed ports will show down. All data ports are down because all traffic does not go through these ports, it is like a short-circuit for all data flow.
Ports Status below:
Another thing to note is that LEDs will also show RED light means these data ports are not working, they are not receiving nor transmitting Layer2 traffic for FDD to process, they are just forwarding traffic to the other side via some line directly connecting the pair ports such as port5-port6 for 1500F. This is the expected output if encountering this during the time applied this command.
Related document: |
