Access to Management port from LAN

Forum|Forum|9 years ago
September 26, 2016
1 reply
10133 views

Hi

I have 2 new 200D configured in HA. have configured mgt ports on 10.10.1.x/24 subnet.

Lan configured on port1 on 10.10.2.x/24 subnet

I cannot access the mgt IP of the firewalls from the lan. If I plug a laptop on the 10.10.1.x/24 subnet switch, no problems.

the admin user can access from everywhere. I tried to add a policy rule from lan to mgt, but mgt does not show as an interface choice.

I can still administer the firewalls from the lan using the IP of the firewall on the 10.10.2.x/24 subnet, but because the firewalls are in HA, I cannot access each firewall separately.

What do I need to setup to be able to access the mgt ports from the lan?

Alternatively, is there a way to assign an IP from the lan subnet to the mgt port?

Thanks

ede_pfau

SuperUser

Your second thought is the easiest way to go: you can assign an IP address to a mgmt port even if that subnet is already assigned to another port (e.g. 'internal'). That's how I configure HA cluster members. The mgmt port address is not replicated/synchronized across the cluster.

v20100Author

New Member

Hi

unfortunately, it does not seem to work. When I enter the IP address (ie 10.10.2.50/255.255.255.0) is tells "Conflicts with port1 subnet'

I tried to select and unselect 'Dedicated Management Port', but it does not make any difference.

Any other ideas?

Thanks

ede_pfau

SuperUser

The duplicate address feature will only work with dedicated mgmt ports. Maybe you have to reboot the FGT after switching the option.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded