Skip to main content
BensonLEI
BensonLEI
New Member
February 8, 2021
Question

problem in "management-ip in physical mgmt interface"

  • February 8, 2021
  • 1 reply
  • 3871 views

Hi, guys,

 

I got a problem for "set management-ip" in physical mgmt interface, my configurations in Forti600e HA-pair.

 

 

Problem 1 ( with FortiOS v6.4.4; can not get mac add of the gateway ) :

======================================================

 

Forti600E_03 # show sys ha config system ha set group-id 17 set group-name "HA" set mode a-a set hbdev "ha" 301 "port1" 100 set override disable set priority 200 end

Forti600E_03 # sh sys int mgmt config system interface edit "mgmt" set vdom "root" set management-ip 10.101.1.39 255.255.255.0 set ip 10.101.1.40 255.255.255.0 set allowaccess ping https ssh snmp fgfm ftm set type physical set device-identification enable set snmp-index 2 next end

 

 

Forti600E_03 # exe ping 10.101.1.39 PING 10.101.1.39 (10.101.1.39): 56 data bytes 64 bytes from 10.101.1.39: icmp_seq=0 ttl=255 time=0.0 ms 64 bytes from 10.101.1.39: icmp_seq=1 ttl=255 time=0.0 ms ^C --- 10.101.1.39 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.0/0.0/0.0 ms

 

Forti600E_03 # exe ping 10.101.1.40 PING 10.101.1.40 (10.101.1.40): 56 data bytes 64 bytes from 10.101.1.40: icmp_seq=0 ttl=255 time=0.0 ms 64 bytes from 10.101.1.40: icmp_seq=1 ttl=255 time=0.0 ms 64 bytes from 10.101.1.40: icmp_seq=2 ttl=255 time=0.0 ms 64 bytes from 10.101.1.40: icmp_seq=3 ttl=255 time=0.0 ms 64 bytes from 10.101.1.40: icmp_seq=4 ttl=255 time=0.0 ms

--- 10.101.1.40 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0.0/0.0/0.0 ms

 

Forti600E_03 # exe ping 10.101.1.254 ^CPING 10.101.1.254 (10.101.1.254): 56 data bytes

--- 10.101.1.254 ping statistics --- 3 packets transmitted, 0 packets received, 100% packet loss

 

====can not get mgmt (gateway) mac adddress ( modified) ======

Forti600E_03 # diag ip arp list index=10 ifname=port2 10.0.0.246 f0:00:00:00:00:46 state=00000002 use=11 confirm=0 update=27723 ref=68 index=28 ifname=root 0.0.0.0 00:00:00:00:00:00 state=00000040 use=1605 confirm=11 update=513397 ref=7 index=3 ifname=mgmt 10.101.1.254 state=00000001 use=4 confirm=2877 update=4 ref=4 index=4 ifname=ha 169.254.0.2 e0:00:00:00:00:c5 state=00000080 use=27768406 confirm=513701 update=513701 ref=0

Forti600E_03 #

 

 

 

 

 

 

 

 

 

Any advice and recommendation ?

 

many thanks

 

 

 

 

 

 

 

    1 reply

    BensonLEI
    BensonLEIAuthor
    New Member
    February 8, 2021

    Fixed, thanks

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    February 8, 2021

    how then? let us participate from you progress, please.

    I noticed there is no "config management" section in your HA setup...has that been changed in v6.4?

    BensonLEI
    BensonLEIAuthor
    New Member
    February 11, 2021

    Hi, Ede,

     

    Physical mgmt interface can be used for HA mgmt interface ; no "HA management  interface Reservation" is requirement, basic documents refer to the following:

     

    FortiGate HA Cluster Management IP - In Band Method v6 - (fullradius.com)

    Fortigate Management Interface in HA Mode – UNIX fu

     

    But the documents are not exactly working for V6.4.4 ; two problems I am still studying:

    1. I have to assign two subnets both for interface IP and management-IP 

    2. Could not view the physical mac add of the management-IP

     

    ( my findings might be wrong, I am still studying them )

     

    Cheers

     

     

    Terms & ConditionsAccessibility statement