| Description | This article describes how to implement In-Band Management interface for HA cluster along with normal traffic. |
| Scope | FortiGate 6.4.10v. |
| Solution |
Assign the same subnet IP to normal traffic interface (in this case '172.16.10.254').
Note: When configuring High Availability (HA) settings, refrain from enabling 'Management Interface Reservation' for inline management on the same port. Enabling this option may lead to unintended consequences, particularly concerning the visibility of the 'set management-ip' option. If the same port is selected for both functions, the 'set management-ip' option will not be accessible.
This KB article is a continuation of Technical Tip: Implement In-Band Management IP for HA Cluster.
Simple diagram – HA cluster is in active-passive mode:
IP address list: Client -- 192.168.16.2 FortiGate1 management-ip – 172.16.10.1 FortiGate2 management-ip – 172.16.10.2 FortiGate1 & FortiGate2 port4 (normal traffic interface) – 172.16.10.254 Router interface as client gateway – 192.168.16.1 Router interface to HA cluster – 172.16.10.3
To simplify the setting and let FortiGate choose the active path – Set to route the traffic to 172.16.10.254, so the traffic will be automatically redirected to active firewall.
Our router static route setting:
Example HA cluster interface setting:
Example HA cluster static route setting:
Simulation traffic from client to internet:
FortiGate1 as primary: Traffic from client to internet will go via FortiGate1.
FortiGate2 as primary: Traffic from client to internet will go via FortiGate2.
Conclusion:
Fortinet documentation: |
