Skip to main content
aagrafi
aagrafi
New Member
February 3, 2017
Question

config system dedicated-mgmt issues

  • February 3, 2017
  • 2 replies
  • 11060 views

Hello,

I have an FG-900D with mgmt1 and mgmt2 management ports. I want to dedicate mgmt2 port to out-of-band management, using the "config system dedicated-mgmt", according to http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD39809&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=22414958&stateId=1%200%2022416570. But I cannot execute the "set interface mgmt2" command:, with the following error message:

FG # config system dedicated-mgmt

FG (dedicated-mgmt) #

FG (dedicated-mgmt) # set status enable

FG (dedicated-mgmt) # set interface mgmt2

entry not found in datasource

value parse error before 'mgmt2'

Command fail. Return code -3

FG (dedicated-mgmt) #

 

The mgmt2 interface is set as follows:

    edit "mgmt2"

        set ip 192.168.2.99 255.255.255.0

        set allowaccess ping https ssh

        set type physical

        set dedicated-to management

        set role lan

        set snmp-index 2

    next

 

Do you have any idea why this command fails?

    2 replies

    vetterous
    vetterous
    New Member
    February 6, 2017

    Do you have any static routes set for the mgmt2 interface? I had this same issue, once I removed the routes, it would take the interface.

    aagrafi
    aagrafiAuthor
    New Member
    February 8, 2017

    I have a static route in mgmt1 interface, not mgmt2. I'm not sure if this can cause a similar problem to yours, but I'll try to remove it.

    vetterous
    vetterous
    New Member
    February 9, 2017

    So one other thing it could be, is DHCP. For some weird reason, DHCP server on the 1500D's is defaulted to on for the mgmt1 interface. We don't use DHCP here for the firewall, so I had to delete this to bind to the mgmt1 interface. What's painful is it doesn't;t show this under the interface setting in the cli, but it does show it in the gui (running the 5.4 code). For cli to check (again, 5.4 code):

    config system dhcp server

    show

    If it shows a setting bound to mgmt1, it won't let you assign it as the management interface. I deleted this setting using 'Delete 1' under the DHCP server menu, and this cleared my issue (and the route, but you said you didn't have one set).

    Terms & ConditionsAccessibility statement