Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSwitch 7.0.8 Administration Guide
    7.0.8
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.11
    6.4.6
    6.4.5
    6.4.3
    6.4.2
    6.4.0
    6.2.5
    6.2.2
    6.2.1
    6.2.0

    Bidirectional forwarding detection

    Bidirectional forwarding detection

    FortiSwitchOS v3.4.2 and later supports static bidirectional forwarding detection (BFD), a point-to-point protocol to detect faults in the datapath between the endpoints of an IETF-defined tunnel (such as IP, IP-in-IP, GRE, and MPLS LSP/PW).

    BFD defines demand mode and asynchronous mode operation. The FortiSwitch unit supports asynchronous mode. In this mode, the systems periodically send BFD control packets to one another, and if a number of those packets in a row are not received by the other system, the session is declared to be down.

    BFD packets are transported using UDP/IP encapsulation and BFD control packets are identified using well-known UDP destination port 3784 (NOTE: BFD echo packets are identified using 3785).

    BFD packets are not visible to the intermediate nodes and are generated and processed by the tunnel end systems only.

    Configuring BFD

    Use the following steps to configure BFD:

    1. Configure the following values in the system interface:
      • Enable BFD: Set to enable or set to global to inherit the global configuration value.
      • Desired min TX interval: This is the minimum interval that the local system would like to use between transmission of BFD control packets. Value range is 200 ms – 30,000 ms. Default value is 250.
      • Required min RX interval: This is the minimum interval that the local system can support between receipt of BFD control packets. If you set this value to zero, the remote system will not transmit BFD control packets. The value range is 200 ms – 30000 ms. The default value is 250.
      • Detect multi: This is the detection time multiplier. The negotiated transmit interval multiplied by this value is the Detection Time for the receiving system. The value range is 1 – 20. The default is 3.
    2. Enable BFD in the static router configuration.
    Using the CLI:

    config system interface

    edit <system interface name>

    set bfd {enable| disable | global}

    set bfd–desired-min-tx <number of ms>

    set bfd-required-min-rx <number of ms>

    set bfd-detect-multi [1…20]

    next

    config router static

    edit 1

    set bfd enable

    set status enable

    Viewing the BFD configuration

    Using the GUI:

    Go to Router > Monitor > BFD Neighbor.

    Using the CLI:

    To display the status of BFD sessions:

    get router info bfd neighbor [ <IP address of neighbor>]

    OurAddr         NeighAddr       LD/RD   State   Int
    192.168.15.2    192.168.15.1    1/4     UP      vlan2000
    192.168.16.2    192.168.16.1    2/2     UP      vlan2001

    To filter the command output:

    get router info bfd neighbor [<BFD_local_IPv4_address>] [<BFD_peer_interface>]

    Previous
    Next

    Bidirectional forwarding detection

    Bidirectional forwarding detection

    FortiSwitchOS v3.4.2 and later supports static bidirectional forwarding detection (BFD), a point-to-point protocol to detect faults in the datapath between the endpoints of an IETF-defined tunnel (such as IP, IP-in-IP, GRE, and MPLS LSP/PW).

    BFD defines demand mode and asynchronous mode operation. The FortiSwitch unit supports asynchronous mode. In this mode, the systems periodically send BFD control packets to one another, and if a number of those packets in a row are not received by the other system, the session is declared to be down.

    BFD packets are transported using UDP/IP encapsulation and BFD control packets are identified using well-known UDP destination port 3784 (NOTE: BFD echo packets are identified using 3785).

    BFD packets are not visible to the intermediate nodes and are generated and processed by the tunnel end systems only.

    Configuring BFD

    Use the following steps to configure BFD:

    1. Configure the following values in the system interface:
      • Enable BFD: Set to enable or set to global to inherit the global configuration value.
      • Desired min TX interval: This is the minimum interval that the local system would like to use between transmission of BFD control packets. Value range is 200 ms – 30,000 ms. Default value is 250.
      • Required min RX interval: This is the minimum interval that the local system can support between receipt of BFD control packets. If you set this value to zero, the remote system will not transmit BFD control packets. The value range is 200 ms – 30000 ms. The default value is 250.
      • Detect multi: This is the detection time multiplier. The negotiated transmit interval multiplied by this value is the Detection Time for the receiving system. The value range is 1 – 20. The default is 3.
    2. Enable BFD in the static router configuration.
    Using the CLI:

    config system interface

    edit <system interface name>

    set bfd {enable| disable | global}

    set bfd–desired-min-tx <number of ms>

    set bfd-required-min-rx <number of ms>

    set bfd-detect-multi [1…20]

    next

    config router static

    edit 1

    set bfd enable

    set status enable

    Viewing the BFD configuration

    Using the GUI:

    Go to Router > Monitor > BFD Neighbor.

    Using the CLI:

    To display the status of BFD sessions:

    get router info bfd neighbor [ <IP address of neighbor>]

    OurAddr         NeighAddr       LD/RD   State   Int
    192.168.15.2    192.168.15.1    1/4     UP      vlan2000
    192.168.16.2    192.168.16.1    2/2     UP      vlan2001

    To filter the command output:

    get router info bfd neighbor [<BFD_local_IPv4_address>] [<BFD_peer_interface>]

    Previous
    Next