Topic Thread

Expand all | Collapse all

FG301E IPS mode

  • 1.  FG301E IPS mode

    Posted 21 days ago
    Hi all,

    I need to replace my current cisco ASA-IPS with FG301E Bundle with IPS service. I have multiple context on my current setup and I need to know if this device support fail-open on some interfaces? Anyone deployed this device as IPS?

    Thank you,

    Denilson

    ------------------------------
    Denilson [LastName] [Designation]
    Mr
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------


  • 2.  RE: FG301E IPS mode

     
    Posted 15 days ago
    Hello,

    What do you want to mean by "fail-open" on interfaces ? Could you please give more details about your context or problem ?

    Because "fail-open" is configurable but maybe we don't talk about the same.

    thanks a lot.

    Best regards,

    ------------------------------
    Yohann [LastName] [Designation]
    Ing?nieur syst?me / r?seaux
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 3.  RE: FG301E IPS mode

     
    Posted 15 days ago
    Edited by Deepak Kumar 15 days ago
    Hi,
    I hope it is global (Vdom) basis.

    ------------------------------
    Deepak Kumar
    First Option General Trading LLC
    Dubai
    ------------------------------



  • 4.  RE: FG301E IPS mode

    Posted 15 days ago
    Hi Deepak,

    Thank you for your comment and yes fail-open same as bypass traffic without inspect in case of failing.

    For context mode it is possible assign more than one interface for each context even if are working in cluster mode?

    I have two router's one brings internet signal and other brings Mpls. The reason of vdom is to accommodate both flows.

    For vdom-a(internet) I want to assign interface 1,2,3 and for vdom-b(mpls) assign interface 4,5,6.

    Vdom-a interface 1 is connected to internet router(up link) interface 2,3 connect to firewall for internet purpose(down link).

    Vdom-b interface 4 is connected to mpls router(up link) interface 5,6 connected to firewall for mpls purpose(down link).

    Can I setup like this?

    Thank you,






  • 5.  RE: FG301E IPS mode

     
    Posted 15 days ago
    Yes,
    Fail-open will work.
    https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/IPS/Configure%20IPS%20options.htm

    ------------------------------
    Deepak Kumar
    First Option General Trading LLC
    Dubai
    ------------------------------