Skip to main content
chrisp
chrisp
New Member
December 14, 2016
Question

routing to HA management interface

  • December 14, 2016
  • 1 reply
  • 7107 views

Hi,

 

I am quite new to Fortigate and I have a design/best practice/config issue.

I have a FGVM cluster in Active-Passive HA mode. I did setup a specific IP for each member. 

Now I have a station connected to port1 LAN.

 

I would like to connect FGVM GUI from that station. Basically that is what is detailed in the drawing attached.

any clue?

 

thank you for your support

chris

1 reply

Ralph1973
Ralph1973
New Member
December 30, 2016

Hi, so you have configured a dedicated mgmt port on each ha member?

Edit the settings of that port so that you can connect via https (or http if you have an evaluation vm) by checking the box next to https.

Then, under administrators, make sure that, if you have 'trusted ip's' enabled (this is not the default), that the ip you connect from is on that list.

Now you should be able to connect via the gui.

 

Regards,

Ralph

 

MikePruett
MikePruett
New Member
December 30, 2016

Ralph covers it pretty well here. Regardless of what interface you are trying to use, that interface you are accessing it by will need to allow the administrative access you are wanting. (https, ssh, telnet, ping, etc)

 

Chances are, unless you created a true OOBM network you will need to have the inside interface accessible.

chrisp
chrispAuthor
New Member
February 3, 2017

yep, thanks for your replies guys.

 

Main issue as I discovered was that the Cluster Management Interface is in a sort of Null mode, not even root. I reckon my diagram isn't clear, but in clear text from any hosts connected to any interfaces on a Firewall, there is no option you can reach the Firewall HA interface through the same Firewall.

 

It has to be routed to another L3 device.

Terms & ConditionsAccessibility statement