FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 256884
Description This article describes some information about issues while setting up source-ip for FortiManager in Central-mgmt.
Scope FortiGate, all firmware.

When trying to set source-ip for FortiManager in the Central-mgmt settings of FortiGate gives the below error:


config sys central-management

    set fmg-source-ip does not match any interface ip in vdom root.

    node_check_object fail! for fmg-source-ip


value parse error before ''

Command fail. Return code -8


Upon checking the VDOM on that interface does not show any, however, can see for other interfaces to be set as ‘root’.


config system interface

    edit "mgmt"

        set ip

        set allowaccess ping https fgfm

        set type physical

        set alias "Management"

        set snmp-index 3





That is because this interface is being used as management-interface for HA and in the background, FortiGate creates a hidden VDOM called vsys_hamgmt for this interface which means it cannot belong to any other VDOM. That explains that the IP address of the interface being used for HA management cannot be used as source-IP in any configuration.


The solution would be to either set a different source-IP for FortiManager or use a different interface as ha-mgmt.


Related article: