|
- When configuring FortiGate to be added to FortiManager, first check which route it takes to reach the FortiManagervia the FortiGate CLI command:
# get router info routing-table details <fmg-ip>
- From the output of this command, it will show the name of the VPN tunnel the FortiGate uses to reach the FortiManager.
- It would also help to use the interface IP of the local network subnet in the VPN configuration, for example, if in the VPN tunnel config it is allowed to have the subnet under port1 of the FortiGate to be allowed in the VPN tunnel interesting traffic, then use the port1 interface IP as the 'fmg-source-ip' so that the FortiGate use that as a source IP to reach the FortiManager (as long as the FortiManager could of course, communicate to this IP over the VPN tunnel).
- Then continue and configure the system central management:
# config system central-management
set interface-select-method specify
set interface <VPN-Tunnel-Interface-Name>
set fmg-source-ip <interface-ip-local-subnet-interesting-traffic> <----- Optional.
end
OR
- FortiGate was upgraded from FortiManager.
- Then FortiGate lost connection with FortiManager after it did the reboot
get router info routing-table details <fmg-ip>.
- If it shows many routes, set the best route using the following commands on FortiGate CLI:
# config system central-management
set interface-select-method specify
set interface <interface_name>
end
Options for interface-select-method are:
FortiGate(central-management) # set interface-select-method
auto <----- Set outgoing interface automatically.
sdwan <----- Set outgoing interface by SD-WAN or policy routing rules.
specify <----- Set outgoing interface manually.
Use the interface returned from the get router info routing-table output as the interface name in the set interface command
- Once this is done, FortiManager should be able to see FortiGate as online.
Related Article:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Functionality-of-set-interface-select-meth...
|
