Skip to main content
Nur
Staff
Nur
Staff
December 5, 2024

Troubleshooting Tip: How to include more than one source IP for EMS connector

  • December 5, 2024
  • 0 replies
  • 424 views
Description

This article describes how to include more than one source IP for EMS connector

 

set name "FortiEMS"
set server "fortiems.XXX.XXX"
set source-ip 172.21.16.1 <----- Source IP different with another FortiGate.
set pull-malware-hash disable
set capabilities fabric-auth silent-approval websocket websocket-malware push-ca-certs common-tags-api tenant-id
set status enable
set serial-number "FCTEMSXXXXXX"
set tenant-id "00000000000000000000000000000000"
set ca-cn-info "C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = Certificate Authority, CN = support, emailAddress = support@fortinet.comFCTEMS8824XXXXXX"

end
Scope FortiManager, EMS and FortiGate.
Solution

As FortiManager uses one connector and shares with all FortiGate, the configuration needs to be the same from the connector.

However,  if the source IP Address is different when performing an installation, the FortiManager will overwrite the other source IP from another FortiGate.

 

To ensure the FortiManager acknowledges both source IPs from different FortiGate, create a meta variable under Policy&Object -> advanced -> Create New and assign per-device Mapping.

 

Screenshot 2024-12-05 114453.png

 

Go under Policy&Object -> Security Fabric -> Select 1 -> Advanced options -> source-ip and add the meta variable.

 

Screenshot 2024-12-05 115010.png
    Terms & ConditionsAccessibility statement