| Description | This article describes how to use dedicated-management interface for FortiGuard communication. |
| Scope |
FortiGate, FortiGuard.
Scenario: 'Mgmt' interface is the only interface with internet access. |
| Solution |
System interface management config:
FortiGate-100D # show system interface mgmt
System DNS config:
FortiGate-100D # show system dns
Router static:
FortiGate-100D # show router static
Ping test to these 3 FQDNs to see if system DNS works well:
* service.fortiguard.net * update.fortiguard.net * guard.fortinet.net
FortiGate-100D # execute ping service.fortiguard.net PING guard.fortinet.net (208.184.237.61): 56 data bytes 64 bytes from 208.184.237.61: icmp_seq=0 ttl=56 time=146.1 ms 64 bytes from 208.184.237.61: icmp_seq=1 ttl=56 time=146.0 ms ^C --- guard.fortinet.net ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 146.0/146.0/146.1 ms
FortiGate-100D # execute ping update.fortiguard.net PING fds1.fortinet.com (173.243.138.67): 56 data bytes 64 bytes from 173.243.138.67: icmp_seq=0 ttl=54 time=156.2 ms 64 bytes from 173.243.138.67: icmp_seq=1 ttl=54 time=156.2 ms ^C --- fds1.fortinet.com ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 156.2/156.2/156.2 ms
FortiGate-100D # execute ping guard.fortinet.net PING guard.fortinet.net (209.222.147.36): 56 data bytes 64 bytes from 209.222.147.36: icmp_seq=0 ttl=53 time=89.0 ms 64 bytes from 209.222.147.36: icmp_seq=1 ttl=53 time=89.0 ms ^C --- guard.fortinet.net ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 89.0/89.0/89.0 ms
FortiGuard status shows 'UP'.
 
Related articles: https://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-dedicate-an-interface-to-managemen... https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/222079/using-a-trusted-host-optional |
