Skip to main content
martyyy
martyyy
Explorer III
November 11, 2024
Solved

Need guidance on how to create dedicated HA management port for HA cluster memebers

  • November 11, 2024
  • 2 replies
  • 2422 views

Hi,

 

I was trying to create dedicated HA management port for the firewall cluster but "mgmt" wasn't listed as option under HA config. Could you please advice if i have missed any configuration here.

# show
config system interface
edit "mgmt"
set vdom "root"
set ip x.x.x.x x.x.x.x
set allowaccess ping https ssh snmp fgfm
set type physical
set dedicated-to management
set role lan
set snmp-index 2
next
end

FW01 (mgmt) # end
FW01 (global) # config system ha
FW01 (ha) # set ha-mgmt-status enable
FW01 (ha) # config ha-mgmt-interfaces
FW01 (ha-mgmt-interfaces) # edit 1
new entry '1' added

# set interface
<string> please input string value
ha interface
npu0_vlink0 interface
npu0_vlink1 interface
port1 interface
port2 interface
port3 interface
port4 interface
port5 interface
port6 interface
port7 interface
port8 interface
port9 interface
port10 interface
port11 interface
port12 interface
x1 interface
x2 interface

# set interface mgmt
node_check_object fail! for interface mgmt


Appreciate your response. TIA :) 

Best answer by dingjerry_FTNT

Hi @martyyy ,

 

The "mgmt" interface must be used somewhere. 

 

You may backup the FGT config and open it using. like Notepad++, then search with "mgmt".  Yes, with the double quotation marks.

2 replies

kwcheng__FTNT
Staff
kwcheng__FTNT
Staff
November 11, 2024

Hi

 

I would think the configuration sequence is not correct.

Try to configure or reset the configuration of mgmt port the same as the rest of the ports like port1-12.

Consider to add the "dedicated" option after you successfully use it under HA config.

 

Regards

Patrick

 

    martyyy
    martyyyAuthor
    Explorer III
    November 12, 2024

    Hi @kwcheng__FTNT ,

    Thanks for the information shared.Interface was used in static route and after I removed it from that static routes , the interface was appeared  as an option.Just to confirm, if we are creating a direct management access to each individual cluster unit, we need a separate/unused interface , is that correct ?

    Thank you!

    dingjerry_FTNT
    Staff
    dingjerry_FTNT
    Staff
    November 12, 2024

    Hi @martyyy ,

     

    Correct, the interface has to be unused if you want to use it for the HA management interface.

      dingjerry_FTNT
      Staff
      dingjerry_FTNTAnswer
      Staff
      November 11, 2024

      Hi @martyyy ,

       

      The "mgmt" interface must be used somewhere. 

       

      You may backup the FGT config and open it using. like Notepad++, then search with "mgmt".  Yes, with the double quotation marks.

        martyyy
        martyyyAuthor
        Explorer III
        November 12, 2024

        Hi @dingjerry_FTNT 

        Thanks for the information shared.Interface was used in static route and after I removed it from that static routes , the interface was appeared  as an option.Just to confirm, if we are creating a direct management access to each individual cluster unit, we need a separate/unused interface , is that correct ?

        Thank you!

        Terms & ConditionsAccessibility statement