Technical Tip: FortiOS v6 - Configure reserved HA management interface
Description
This article describes the new command to configure reserved HA management interface in the GUI in FortiOS v6
Scope
The HA Reserved Management Interface provides a direct management access to all cluster units by reserving a management interface as part of the HA configuration.
Solution
A different IP address and administrative access settings can be configured for this interface for each cluster unit.
From the CLI you can also configure IPv4 and IPv6 default routes that are only used by the reserved management interface.
- Log into the CLI of any cluster unit.
- Enter the following command to enable the reserved management interface, set port8 as the reserved interface, and add an IPv4 default route of 10.11.101.2 and an IPv6 default route of 2001:db8:0:2::20 for the reserved management interface.
- Connect to the primary unit CLI and use the execute ha manage command to connect to a subordinate unit CLI.
You can identify the subordinate unit from is serial number or host name. The host name appears in the CLI prompt.
- Enter the following command to change the port8 IP address to 10.11.101.102 and set management access to HTTPS, ping, SSH, and SNMP.
This article describes the new command to configure reserved HA management interface in the GUI in FortiOS v6
Scope
The HA Reserved Management Interface provides a direct management access to all cluster units by reserving a management interface as part of the HA configuration.
Solution
A different IP address and administrative access settings can be configured for this interface for each cluster unit.
From the CLI you can also configure IPv4 and IPv6 default routes that are only used by the reserved management interface.
- Log into the CLI of any cluster unit.
- Enter the following command to enable the reserved management interface, set port8 as the reserved interface, and add an IPv4 default route of 10.11.101.2 and an IPv6 default route of 2001:db8:0:2::20 for the reserved management interface.
config system haThe reserved management interface default route is not synchronized to other cluster units.
set ha-mgmt-status enable
config ha-mgmt-interfaces
edit 1
set interface port8
set gateway 10.11.101.2 <--- IP for secondary unit
set gateway6 2001:db8:0:2::20
end
config system interfaceFrom secondary unit:
edit port8
set ip 10.11.101.101/24
set allowaccess https ping ssh snmp
end
- Connect to the primary unit CLI and use the execute ha manage command to connect to a subordinate unit CLI.
You can identify the subordinate unit from is serial number or host name. The host name appears in the CLI prompt.
- Enter the following command to change the port8 IP address to 10.11.101.102 and set management access to HTTPS, ping, SSH, and SNMP.
config system interfaceLog into the subordinate unit GUI by browsing to https://10.11.101.102. You can also log into this subordinate unit CLI by using an SSH client to connect to 10.11.101.102.
edit port8
set ip 10.11.101.102/24
set allowaccess https ping ssh snmp
end