Dedicated Management Interface Routing Traffic Issue

Forum|Forum|10 years ago
March 19, 2016
2 replies
5132 views

Hi Folks,

I have 2 FG's 70D at different locations. IPsec Site-to-Site is configured and working fine. Along with the 70D at one of the locations there's a Domain Controller. I've have configured an AD sync between the FG and 70D at the same location.

The issue is when I'm trying to configure the AD sync at the second location, this time via the tunnel, the FG is trying to send the 389 syn request via the local dedicated management port even if is disabled. The only way to fix it was to setup the mgmt port to 0.0.0.0/0.0.0.0.

Had anyone of you similar issues ?

Cheers,

Tony

Kenundrum

New Member

i opened a ticket for a similar problem on a 500D. I was told that even with the dedicated management port option checked, those ports will still participate in the routing of traffic if they have an IP assigned. So if you have your management port in the same subnet as ports that are running traffic, the device will begin with multiple path routing algorithms which at some point resort to lowest port number... and the management ports are usually the lowest on most boxes. I was told this is by design and that they recommend using the dedicated management ports in a different subnet from the rest of the system. This isn't possible in some setups. My fix was to create a new VDOM with just the management port in it and that fixed the problem.

asgsplAuthor

New Member

Found the issue. I've added a source ip(ip of the internal lan) under the LDAP CLI settings and my request it's been sent through the tunnel.

Cheers,

TC

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded