FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
adecottignies_FTNT
Article Id 333032
Description This article clarifies certain aspects of the 'mgmt' aggregate for the FortiGate-7000E.
Scope FortiGate 7000E series
Solution
  • The management interface of a FortiGate-7000E consists of an 802.3 static aggregate of physical interfaces MGMT1 to MGMT4 of the FIM(s). This interface is named mgmt.
  • Depending on the model of the FortiGate-7000E and especially the number of FIM(s) the mgmt aggregate is configured as follows:
  • 1 FIM: 1-mgmt1 1-mgmt2 1-mgmt3 1-mgmt4
  • 2 FIM: 1-mgmt1 1-mgmt2 1-mgmt3 1-mgmt4 2-mgmt1 2-mgmt2 2-mgmt3 2-mgmt4

 

It is not possible to remove or add another physical interface to this mgmt aggregate. It is not possible to change the LACP mode (Static)

 

  • On the switch side, the LAG must be set to static
  • By default, the IP address is 192.168.1.99. This interface is accessible through HTTPS or SSH to log into the FortiGate with an 'admin' account. No password is needed, but it is mandatory to create one after the first connection.
  • Accessing the mgmt interface always brings to the Master FIM, in the mgmt-vdom.
  • One MGMTx interface per FIM is enough to use the mgmt interface. It is highly recommended to have two or more MGMTx interfaces in the aggregate for redundancy.