Description
This article describes how to configure FortiGate HA Reserved Management Interface.
It provides a direct management access to each individual cluster unit by reserving a management interface as part of the HA configuration.
A different IP address and administrative access settings can be configured for this interface for each cluster unit.
This simplifies the use of external services such as SNMP to monitor and manage the cluster units.
Note.
It is not possible to use this interface to route traffic as it is an Out-Of-Band management interface for each individual cluster member.
Solution
1) The HA direct management interface can be configured from the GUI as follows:
Go to System -> HA, edit Master FortiGate -> Management Interface Reservation and enable this option.
Note.
The interface needs to be cleared from all configuration and references, 'Ref' need to be 0.
In this example, it is connected from a host 192.168.181.10/24 which is in the same subnet as port2 on the FortiGate cluster with IP 192.168.181.1, no gateway is used.
2) Issue the command '# get system HA status'. Use the HA cluster index of slave from the previous picture. Beware, as HA cluster index is different from HA operating index.
# config system interfaceAs a result of the previous configuration, it is possible to connect to the slave unit directly through the HA management IP address.
edit port 2 (used in this example as a HA management interface)
set ip <IP address> <subnet mask> <----- Set IP 192.168.181.2 255.255.255.0 here.
next
end
#config system ha
set ha-mgmt-status [enable|disable]
set ha-mgmt-interface <interface-name>
set ha-mgmt-interface-gateway <----- Skipped when ha-mgmt-interface is in DHCP/PPPOA
end
#config system interfaceFrom GUI.
edit xxx
set vdom xxx #skipped <----- If the current interface is ha-mgmt-interface.
next
end
#config system ha
set ha-mgmt-status enable
set ha-mgmt-interface port7
set ha-mgmt-interface-gateway 172.31.224.10
end
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.