Skip to main content
A
Anonymous_User
Contributor
October 12, 2004
Question

10.0.0.1 and 10.0.0.2

  • October 12, 2004
  • 2 replies
  • 7681 views
Does anyone know if these 2 IP addresses are used by the Fortinet internally? My session list under system | status | session shows traffic to/from these IP' s on TCP port 702 and 23. - iris over beep and telnet

    2 replies

    UkWizard
    UkWizard
    New Member
    October 13, 2004
    No they are not, You are seeing the telnet connection, that you were probably using to connect to the firewall to administer it.
    A
    Anonymous_UserAuthor
    Contributor
    October 13, 2004
    I' m using HTTPS on 443 to connect to the fortigate. I also have the console cable connected to it. I removed the console cable and I' m still seeing 702 and 23 from / to 10.0.0.1/10.0.0.2. 23 comes and goes, 702 tends to be pretty consistent traffic 0 expiry times out and a new expiry of 120 seconds appears. The expiry between each connection is exactly 60 seconds apart as well. Ie: 10.0.0.1 from port 2195 to 10.0.0.2 at 120 sec, the next 10.0.0.1 from port 2194 to 10.0.0.2 at 60 sec. Responding side is identical except for from ports of 2263 and 2264 which is pretty standard since it' s just grabbing a high port to start, seems though that there are 2 ports in use bidirectionally. I am not routing/using 10.0.0 on my network.
    A
    Anonymous_UserAuthor
    Contributor
    October 13, 2004
    Ok, found out that it is the HA option that uses 10.0.0.1 and 10.0.0.2 - I turned down the HA port and it immediately dropped off the session list. Mystery solved. Interesting as well since 10.10.20/24 is the network being used by the HA service, but since it' s cross-cabled it doesn' t need to route, so it grabs that network as default - good to know.
    A
    Anonymous_UserAuthor
    Contributor
    October 19, 2004
    Matt, this is default behaviour and well-documented in the manuals ;) This is not VRRP but some Cisco-like clustering mechanism. The only way to know which FGT is the active one (in an active-passive situation) is by checking the hostname in the GUI... By the way: you can just reboot the second FGT to make the first one active again - you don' t have to bring down anything! - Zedd
    Terms & ConditionsAccessibility statement