Configuring a bypass MAC address list
In a deployment with a bypass switch such as FortiBridge, the bypass switch passes heartbeat packets to test the health of the FortiDDoS traffic interfaces. If the heartbeats packets are not passed, bypass mode is triggered.
You must configure an address list that allows heartbeat packets from the bypass switches to be passed through the FortiDDoS interfaces. The heartbeats are Layer 2 packets, so the system allows traffic based on the MAC addresses you configure.
Every FortiDDoS link pair can be connected via a FortiBridge link pair. For example, you can use a FortiBridge link to bridge the Port 1/Port 2 link pair and another FortiBridge link to bridge the Port 3/Port 4 link pair. Each link pair is associated with a pair of MAC addresses. Therefore, if you are using two links, you configure four MAC addresses.
You can add up to 16 MAC addresses to the bypass list. (Only 8 for FortiDDoS 200B, which has only 4 pairs of network interfaces.)
Before you begin:
• You must know the MAC addresses for the bypass switch.
• You must have Read-Write permission for Global Settings.
To configure a bypass MAC address list:
1. Go to Global Settings > Bypass MAC > Bypass MAC.
2. Click Add to display the configuration editor.
3. Complete the configuration as described in
Table 26.
4. Save the configuration.
Table 26: Bypass MAC address list configuration
Settings | Guidelines |
Name | Configuration name. Must not contain spaces. |
MAC address | Specify the MAC address. Note: You can view MAC addresses for FortiBridge on its status page. If the bypass switches are from the same vendor, the most significant 24-bits of their MAC addresses are the same. |