Tap Mode deployments
FortiDDoS can be deployed out-of-path, listening to mirrored traffic it receives FortiBridge in a Tap Mode deployment. In an out-of-path deployment, FortiDDoS can build the traffic history it uses to establish thresholds, and it can detect rate anomalies, but it cannot detect TCP state anomalies, and it does not take actions, like dropping traffic, blocking identified source attackers, or aggressively aging connections.
Figure 140 shows a deployment with FortiBridge. FortiDDoS receives a mirrored copy of inbound traffic from the tap device, but it does not forward it. Likewise, it receives a copy of outbound traffic from the tap device, but it does not forward it.
FortiBridge must be deployed and configured to forward traffic along the data path and send mirrored traffic to the FortiDDoS.
Functionally, when you enable FortiDDoS Tap Mode, the appliance turns off the transmit (Tx) component of its network interface cards, which prevents packets from egressing. This causes FortiBridge health probes to fail and FortiBridge to enter FortiBridge Tap Mode.
Check with your Fortinet sales contact for recommended FortiBridge appliances and details about Tap Mode deployments.
Before you begin:
• Set up FortiBridge in Inline Mode, with fail to Tap Mode.
In FortiBridge Inline Mode, it sends heartbeats from its monitor interfaces through a path that includes FortiDDoS. You must add the FortiBridge monitor interface MAC addresses to FortiDDoS so that the packets are passed through.
To configure bypass MAC addresses:
1. Go to Global Settings > Bypass MAC > Bypass MAC.
2. Click Add, and then enter a name for the MAC address and the address.
3. Save the configuration.
You can use the FortiDDoS Tap Mode setting to shut off egress transmission, causing FortiBridge to health probes to fail, and FortiBridge to transition to FortiBridge Tap Mode.
To enable FortiDDoS Tap Mode:
1. Go to Global Settings > Settings.
2. Enable Tap Mode.
3. Save the configuration.
