| Description |
This article describes how to add the management interface to the FortiGate Policy. This is mainly used for routing when devices/servers are behind the MGMT interface and users cannot create a policy to reach those servers. |
| Scope | FortiGate. |
| Solution |
By default, the 'Dedicated Management Port' option in the MGMT port of FortiGate is enabled. This option allows the customer to add the 'Trusted Hosts' to access the FortiGate using the management IP address and gives the User the highest management access priority. Management port can be used to manage the HA units as well.
This Management Interface will not be visible in the Policy incoming/Outgoing Interface if the 'Dedicated Management Port' is enabled on the 'MGMT' port:
Once the 'Dedicated Management Port' is disabled from FortiGate GUI, adding the 'MGMT' interface to the Firewall policy is possible. config system interface edit mgmt
Also, check that the mgmt interface reservation was enabled. Remove the mgmt Interface first to be able to see the mgmt interface in the firewall policy. As shown in the screenshot below, go to System -> HA and change the port or disable HA Interface reservation.
As shown below, the mgmt interface appears as an option in a firewall policy.
|
