Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hrahuman_FTNT
Staff & Editor
Staff & Editor

Created on ‎01-29-2018 12:36 AM Edited on ‎09-09-2025 09:10 AM By Moderator

Article Id 197972

Technical Tip: Sending messages (logs, SNMP) directly from the HA management interface

Description

 

This article describes that when HA-direct is enabled, FortiGate uses the HA management interface to send log messages to FortiAnalyzer and remote syslog servers, sending SNMP traps or connecting to FortiSandbox or FortiCloud.


Scope

 

FortiGate: logging, management interface.


Solution

 

HA management interface is required before enabling HA-direct:
 
config system ha
set ha-mgmt-status enable

config ha-mgmt-interface

            edit <x>

                set interface <interface name>

                set gateway <xxx.xxx.xxx.xxx> 

            next

        end

 

Related article:
 
Afterwards, enable HA-direct globally:
 
config system ha
    set ha-direct enable
end

The default value of the 'ha-direct' is set to 'disable' under the HA system configuration in the CLI. In many cases, HA-direct can also be enabled only for appropriate features. For example, in SNMPv3:

 

config system snmp user
    edit snmpv3-user
        set ha-direct enable
    next
end
 
Ha-direct can also be enabled for SNMPv2.
 
config system snmp community
    edit 1
        config hosts
            edit 1
                set ha-direct enable
        end
end
 

Note:

  • This setting alters the traffic flow. Enabling it may cause timeouts to occur due to an unresponsive FortiGate. This occurs because the response to a request is sent on a different interface, where the packet may not be routed back to the requester, resulting in a request timeout.
  • If the ha-direct is enabled for the Syslogs Server, the FortiGate will use the MGMT interface to communicate with the Syslog Server, and in the FortiGate, it is not possible to specify the Source IP in the Syslog configuration.
  • When ha-direct is disabled, FortiGate uses the routing table to determine the source interface and source IP to send log to FortiAnalyzer; when ha-direct is enabled, FortiGate uses the reserved management interface and associated IP to send the log. For this to work after changing the setting from 'disable' to 'enable', it requires both routes to the firewall policy to be in place. 

See Technical Tip: When 'ha-direct' is enabled, the 'source-ip' setting will not work on the syslog conf....

 

If the Firewall is set to run SNMP from the MGMT interface but should also send logs to the Syslog server, HA-direct must be enabled under the SNMP community configuration, but disabled under the HA settings. Otherwise, syslog traffic might not work.

30756
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.