This article describes how to check the routes configured using the Technical Tip: HA Reserved Management Interface on the FortiGate HA setup.

The HA direct management interface and the route can be configured from the GUI as follows:

Go to System -> HA, edit Master FortiGate -> Management Interface Reservation, and enable this option.

In this example, a 0.0.0.0/0 route has been configured via the reserved interface, but when checking the routing table under Technical Tip: HA Reserved Management Interface's hidden VDOM (vsys_hamgmt VDOM) VDOM, this will not be visible. As it is possible to see in the output below, the routing table will only show the connected route for the reserved management interface and not any other routes specified under the Destination Subnet.

To access vsys_hamgmt, use the following command:

execute enter vsys_hamgmt

This is expected behavior, and it is necessary to use 'get router info kernel' to view the routes active via the reserved management interface.

Verify the MAC Address of the switch by running 'get sys arp' while on the vsys_hamgmt.

In case the switch's MAC Address is not visible, perform a ping to it by running execute ping <IP address of the switch/gateway> to prompt the FortiGate to send an ARP query.

In case an IPv6 IP is assigned on the reserved management interface, use 'get router info6 kernel' to view the routes active via the reserved management interface.

If multi-vdom is enabled, the vsys_hamgmt VDOM 'get' commands will only be accessible if executing the command 'execute enter vsys_hamgmt' from another VDOM except global, as the commands are not available from global.

config vdom

    edit root

execute enter vsys_hamgmt

get router info routing-table all

get sys arp

Note:
To exit the vsys_hamgmt VDOM:

execute enter root