Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
1ryan1
New Contributor II

Create out of band management - FortiManager

What is the best approach to set a port on the Fortigate for remote management by a FortiManager appliance? I am in a situation where if I make a change via FM, I will lose remote connectivity. For example, I am trying to get SD-WAN policy working but in order to do so, have to change the default route and move my interfaces out of the zone they are in.

 

Is there a way to configure the FGs remotely so that when a network change is needed, you can still manage them without losing access?

1 Solution
Zhuo
New Contributor III

Hi 1ryan1.

The FMG delivers the configuration to the FGT. If it is found that the FGT cannot connect to the FMG because of the configuration delivered this time, the FGT automatically rolls back to the previous configuration after 15 minutes.

View solution in original post

3 REPLIES 3
Yurisk
Valued Contributor

Not an elegant or recommended by someone solution, but when the risk is high, I do changes on the local Fortigate, then, having made sure all works fine, sync/import the changes to the Fortimanager. 

Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.


All opinions are mine only.
Zhuo
New Contributor III

Hi 1ryan1.

The FMG delivers the configuration to the FGT. If it is found that the FGT cannot connect to the FMG because of the configuration delivered this time, the FGT automatically rolls back to the previous configuration after 15 minutes.

1ryan1
New Contributor II

I tested this by removing the default route via FMG and it did restore access shortly afterwards.