psalian
Staff
Created on
09-29-2015
06:11 AM
Edited on
07-02-2024
06:04 AM
By
Jean-Philippe_P
Article Id
189554
Description
This article describes how to change the FortiGate configuration to point to a new IP address for reaching FortiManager.
This could be useful either when:
This could be useful either when:
- Migrating over to a FortiManager running on a new model/platform.
- During an HA fail-over of a FortiManager where the new primary FortiManager has a new public-facing IP (for example, geographic redundancy).
- The new FortiManager can initiate the connection to the FortiGate provided the FortiGates are not behind other NAT devices and have FGFM enabled on the interface facing FortiManager.
- It is possible (via the FortiGate CLI only) to preconfigure the FortiGate with BOTH the existing IP address and the new IP address to prepare for the migration/fail-over of the FortiManager (see Alternate Method below).
Solution
Basic Method (Single IP):
To be performed after the migration/fail-over of the FortiManager has occurred.
To be performed after the migration/fail-over of the FortiManager has occurred.
Use the CLI command 'set fmg' to change the IP address for the FortiManager:
config system central-management
set fmg <IP2>
end
set fmg <IP2>
end
Where IP2 = the new public-facing IP address of the FortiManager.
Once the change has been made, make sure the FortiManager is reachable to the FortiGate on the new IP. On auto-update, the IP address would change on the FortiManager for that specific FortiGate.
Once the change has been made, make sure the FortiManager is reachable to the FortiGate on the new IP. On auto-update, the IP address would change on the FortiManager for that specific FortiGate.
Alternate Method (Multiple IPs):
To be performed before migration or failover of the FortiManager.
To be performed before migration or failover of the FortiManager.
Use the CLI command 'set fmg' to change the IP address for the FortiManager:
config system central-management
set fmg <IP1 IP2>
end
end
For example, multiple FortiManagers could be configured as follows:
set fmg 1.1.1.1 2.2.2.2
Resulting entries in FortiGate configuration are enclosed in quotes:
set fmg "1.1.1.1" 2.2.2.2"
Where:
IP1 = the existing public-facing IP address of the FortiManager (before migration/fail-over).
IP2 = the new public-facing IP address of the FortiManager (after migration/fail-over).
If the FortiGate is unable to reestablish connectivity to IP1, the FortiGate will attempt to reach FortiManager using IP2.
If the FortiGate is unable to reestablish connectivity to IP1, the FortiGate will attempt to reach FortiManager using IP2.
Related Article:
Labels: