Problem with HA and management IP concept

Forum|Forum|9 years ago
October 20, 2016
1 reply
6034 views

Hello. I'm trying to configure HA with 2 Fortigate 600D. I have some problem or misunderstanding regarding the MGMT interface. The HA itself is working correctly.

In the HA configuration, I have checked the "Reserve Management Port for Cluster Member" , selected MGMT1 and I have configured static IP address on this port on each fortigate (192.168.1.10 and 192.168.1.20). When I try to configure the MGMT2 with the IP address 192.168.1.1, I can't because this IP address is in the same subnet than MGMT1... I trying to follow the indications on this guide: http://docs.fortinet.com/...5/fortigate-ha-54.pdf. Scheme on page 175 uses IP addresses on the same subnet... My goal is to be able to reach the Master device from any VLAN (it is ok now, I must just enable HTTPS, SSH access on each desired the vlan interface) AND I want to be able to access to each unit with their reserved management IP (MGMT1) from ANOTHER VLAN. thanks

emnoc

New Member

I don't think you can do that. Plus how would MGMT#2 interface know what gateway?

Take a look at the cli ha cmd output for

set ha-mgmt status interface interface-gateway

e.g

(cli cmd)

show full system ha

fl0at0xffAuthor

New Member

Ok but what is the best practice when you setup HA for the management ? Do you don't think that it is important to be able to access to each fortigate individually too ? Of course, most of the time you want to access only to master unit...

emnoc

New Member

Yes individually does helps if you don't want to "execute ha man <id> " to the 2nd unit . If you have a OOB network and want to do direct access and monitoring against the 2nd unit this is a great ideal also.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded