Skip to main content
roootccc
roootccc
New Member
June 1, 2016
Question

Find management IP of a Transparent VDOM

  • June 1, 2016
  • 1 reply
  • 7157 views

I have just took over a fortigate with multiple vdom. But i cant find the management IP of the transparent VDOM. 

    1 reply

    Kenundrum
    Kenundrum
    New Member
    June 1, 2016

    In the gui, it is located under the global section, VDOM -> VDOM. In there is the list of all VDOMs. Select the one you want and click edit. That will take you to the VDOM edit page and it will list the management IP.

     

    in the CLI, you would do

    config vdom

    edit [yourVDOMname]

    config system settings

    show

     

    the set manageip line would be management IP.

    roootccc
    roootcccAuthor
    New Member
    June 1, 2016

    didnt see it in the GUI but found it in CLI . thanks ! 

     

    another question 

    even though i found the management IP.

     

    my newly create subnet(10.1.1.0/24) cannot access GUI error: page cannot display, but old subnet(192.168.1.0/24) can.

     

    Is there any settings in fortigate can limit access ? dont see any policy blocking management access 

     

     

    Kenundrum
    Kenundrum
    New Member
    June 1, 2016

    that would be in 2 places. First, each interface can be set to allow/disallow management access on various protocols. In the interface configuration page, there are various checkboxes allowing management access via HTTP, HTTPS, SSH, etc... make sure the appropriate ones are checked.

    Second there is a list of trusted hosts per user (this is most likely your issue). Each admin user can be set up to only allow logins from set ip ranges. You need to go to the administrators page and select the user trying to connect. There should be a section in the administrator setup labeled "Restrict this Administrator Login from Trusted Hosts Only" with a checkbox and then a list of ip ranges. You may want to add the ip range to the allowed hosts.

    Also- if it's a brand new ip range, it's possible that the range has not been added to the routing table and the firewall simply can't get a route back to respond to the requests.

    It would help to know what model and firmware you are running since there are some slight differences between devices.

    Terms & ConditionsAccessibility statement