Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
psalian
Staff
Staff

Created on ‎09-29-2015 06:11 AM Edited on ‎07-02-2024 06:04 AM By Moderator

Article Id 189554

Technical Tip: Pointing the FortiGate to a new FortiManager IP

Description

 

This article describes how to change the FortiGate configuration to point to a new IP address for reaching FortiManager.

This could be useful either when:
  • Migrating over to a FortiManager running on a new model/platform.
  • During an HA fail-over of a FortiManager where the new primary FortiManager has a new public-facing IP (for example, geographic redundancy).

Other Considerations:
  • The new FortiManager can initiate the connection to the FortiGate provided the FortiGates are not behind other NAT devices and have FGFM enabled on the interface facing FortiManager.
  • It is possible (via the FortiGate CLI only) to preconfigure the FortiGate with BOTH the existing IP address and the new IP address to prepare for the migration/fail-over of the FortiManager (see Alternate Method below).


Solution

 

Basic Method (Single IP):
To be performed after the migration/fail-over of the FortiManager has occurred.
 
Use the CLI command 'set fmg' to change the IP address for the FortiManager:
 
config system central-management
    set fmg <IP2>
end
 
Where IP2 = the new public-facing IP address of the FortiManager.

Once the change has been made, make sure the FortiManager is reachable to the FortiGate on the new IP.  On auto-update, the IP address would change on the FortiManager for that specific FortiGate.
 
Alternate Method (Multiple IPs):
To be performed before migration or failover of the FortiManager.

Use the CLI command 'set fmg' to change the IP address for the FortiManager:
 
config system central-management
    set fmg <IP1 IP2>
end
 
For example, multiple FortiManagers could be configured as follows:

set fmg 1.1.1.1 2.2.2.2
 
Resulting entries in FortiGate configuration are enclosed in quotes:

set fmg "1.1.1.1" 2.2.2.2"
 
Where:
IP1 = the existing public-facing IP address of the FortiManager (before migration/fail-over).
IP2 = the new public-facing IP address of the FortiManager (after migration/fail-over).

If the FortiGate is unable to reestablish connectivity to IP1, the FortiGate will attempt to reach FortiManager using IP2.
 
Related Article:
15463
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.