Skip to main content
Dubos
Dubos
Explorer II
December 24, 2021
Question

accidentally rewrote the interface

  • December 24, 2021
  • 1 reply
  • 6744 views

I was setting up SNMP and it was written in the instructions that "if you have a HA cluster, then you need to reset the interface" but I indicated the one that was connected. And the second device from the cluster is unavailable because it is Active-Passive. (Fortigate 600D-LENC, firmware version 5.4.0)
How do I regain access to the device?
If I connect via COM port, what should I write?
Should I write the same way as when I replaced it, just specify the previous address?


1 reply

Debbie_FTNT
Staff & Editor
Debbie_FTNT
Staff & Editor
December 25, 2021

Hey Dubos,

 

I would suggest you connect via console, and then navigate to the interface you accidentally reset (I don't know what settings exactly you removed from it) then set the following:

#config system interface

#set mode static/dhcp <- whatever is appropriate
#set ip <x.x.x.x a.a.a.a> <- if mode is static

#show

-> is allowaccess configured with ping/ssh/https?
-> if not:
#set allowaccess ping ssh https
#end

 

Then check your routing:
#config router static
#show
-> make sure the default route or a route to your management subnet is present and correct
-> if not, configure it:
#config router static
#edit 0
#set gateway x.x.x.x
#set device <interface from above>
#set dst <default or mgmt subnet>
#end

With routing and the interface in place, you should have access to GUI again to reconfigure what else you might need.

    Dubos
    DubosAuthor
    Explorer II
    December 25, 2021

    Thank you very much. I'll try to do it.
    For greater clarity of the situation, here is what I entered last:

    # config system ha
    set ha-mgmt-status enable
    set ha-mgmt-interface "port 11"
    set ha-mgmt-interface-gateway 10.33.69.46
    end

    Yes, a very strange situation has come out, that's why you can't make decisions on a tired stupid head. It was in the instructions to clear the interface, but before that I was setting up a different type of device and a little confused in the concepts, I thought that now I'm just going to write the address where the monitoring data will be sent.

    Debbie_FTNT
    Staff & Editor
    Debbie_FTNT
    Staff & Editor
    December 25, 2021

    Hey Dubos,

     

    ah, if you edited your HA interface, the interface settings I outlined above still apply, but the static route does not, HA interface is separate from regular routing and access.
    just make sure that the interface gateway in HA settings is correct; that provides an implicit default route from the HA interface.
    If you want to test that the HA interface can reach its gateway or your local subnet, you can ping from it as follows:
    #execute enter vsys_hamgmt
    #execute ping 10.33.69.46 (or any other IP)

    Hope this helps!
    If you find you're somehow not able to revert the changes you made yesterday, you can just configure an interface and static route to regain GUI access, restore a previous good configuration, and then re-do whatever changes you made yesterday properly :)

      Terms & ConditionsAccessibility statement