Skip to main content
ataro
ataro
Explorer II
November 10, 2022
Question

200F Dedicated Management Command Not Available

  • November 10, 2022
  • 2 replies
  • 3908 views

I have 200F single firewall, firmware is 7.2.2 Build 1255.

I am trying to set MGMT as OOB from CLI but the command "config system dedicated-mgmt " is not available. I was able to do the same on 401E firewall but on 200F firewall it's not available, please assist.

 

FW # config system
3g-modem Configure 3G modem.
accprofile Configure access profiles for system administrators.
acme Configure ACME client.
admin Configure admin users.
alias Configure alias command.
api-user Configure API users.
arp-table Configure ARP table.
auto-install Configure USB auto installation.
auto-script Configure auto script.
automation-action Action for automation stitches.
automation-destination Automation destinations.
automation-stitch Automation stitches.
automation-trigger Trigger for automation stitches.
autoupdate Configure automatic updates.
central-management Configure central management.
console Configure console.
csf Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
custom-language Configure custom languages.
ddns Configure DDNS.
dhcp Configure DHCP.
dhcp6 Configure DHCPv6.
dns Configure DNS.

2 replies

distillednetwork
distillednetwork
Explorer II
November 12, 2022

Are you trying to set this up with a standalone 200F or in HA setup?

 

ataro
ataroAuthor
Explorer II
November 12, 2022

Standalone, single firewall.

distillednetwork
distillednetwork
Explorer II
November 13, 2022

The 400E has an NP6 chipset in it while the 201F has an NP6X-Lite.  There are some different capabilities in the different chipsets.  According to the documents regarding the dedicated-mgmt setting "Using this command is not recommended and it is not available on all FortiGate models." 

https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/303733/system-dedicated-mgmt

 

If you are looking to have all fortigate services use the mgmt ports instead of the traffic ports, then I would look at split-task vdom.  This is the best way to seperate management and traffic interfaces/traffic.

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/758820/split-task-vdom-mode

 

Another option is to keep the set dedicated-to management option on the mgmt port and put it in a different vrf.  Then you can add route(s) for the mgmt port.

ataro
ataroAuthor
Explorer II
November 13, 2022

How to keep mgmt port it in a different vrf and add static routes for the mgmt port?  

distillednetwork
distillednetwork
Explorer II
November 13, 2022

config system interface

edit mgmt

set vrf ##.   << Pick a VRF number other than 0

end

 

Then any routes you create associated with mgmt port will be in that vrf.  You will see them when you do:

 

get router info routing-table all

Terms & ConditionsAccessibility statement