Skip to main content
1ryan1
1ryan1
Explorer II
August 8, 2022
Solved

Create out of band management - FortiManager

  • August 8, 2022
  • 2 replies
  • 2122 views

What is the best approach to set a port on the Fortigate for remote management by a FortiManager appliance? I am in a situation where if I make a change via FM, I will lose remote connectivity. For example, I am trying to get SD-WAN policy working but in order to do so, have to change the default route and move my interfaces out of the zone they are in.

 

Is there a way to configure the FGs remotely so that when a network change is needed, you can still manage them without losing access?

Best answer by Zhuo

Hi 1ryan1.

The FMG delivers the configuration to the FGT. If it is found that the FGT cannot connect to the FMG because of the configuration delivered this time, the FGT automatically rolls back to the previous configuration after 15 minutes.

2 replies

Yurisk
SuperUser
Yurisk
SuperUser
August 8, 2022

Not an elegant or recommended by someone solution, but when the risk is high, I do changes on the local Fortigate, then, having made sure all works fine, sync/import the changes to the Fortimanager. 

Zhuo
ZhuoAnswer
Explorer
August 9, 2022

Hi 1ryan1.

The FMG delivers the configuration to the FGT. If it is found that the FGT cannot connect to the FMG because of the configuration delivered this time, the FGT automatically rolls back to the previous configuration after 15 minutes.

1ryan1
1ryan1Author
Explorer II
August 9, 2022

I tested this by removing the default route via FMG and it did restore access shortly afterwards.

Terms & ConditionsAccessibility statement