Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
haryadi_sentoso1
New Contributor

Fortigate-HA Update FortiGuard via Mgmt port

Hai Guys

 

I am planning to update FortiGuard via Mgmt port, is that possible?
I use HA, the configuration is as follows:

 

Fortigate 401E Versi 6.4.6

Fortigate-01 (Master)
config system ha
   set ha-mgmt-status enable

   config ha-mgmt-interfaces
   edit 1
      set interface "mgmt"
      set gateway 192.168.5.1

 

Config system interface
   edit "mgmt"
      set vdom "root"
      set ip 192.168.5.50 255.255.255.0
      set allowaccess ping https ssh fgfm
      set type physical

 

config system dns
      set primary 8.8.8.8
      set secondary 8.8.4.4

 

Fortigate-02 (Slave)
Config system interface
   edit "mgmt"
      set vdom "root"
      set ip 192.168.5.51 255.255.255.0
      set allowaccess ping https ssh fgfm
      set type physical


I can ping 8.8.8.8 but ping to google unresolve hostname.
is there something wrong with my configuration?

 

Thank You

5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Hello Haryadi,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Haryadi,

 

I have found this document:

 

https://docs.fortinet.com/document/fortigate-6000/6.4.6/fortigate-6000-handbook/908009/ha-reserved-m...

 

Could you please tell me if it helps?

 

Regards,

Anthony-Fortinet Community Team.
vdralio
Staff
Staff

Hi @haryadi_sentoso1 ,

 

Give internet access after HA management port (mgmt), enable ha-direct in HA configuration and it is done. Please check the articles below:

 

https://docs.fortinet.com/document/fortigate/6.4.1/administration-guide/375961/routing-data-over-the...

https://community.fortinet.com/t5/FortiGate/Technical-Note-Sending-messages-logs-SNMP-RADIUS-directl...

 

Best Regards,

Vasil

xinleiwang
New Contributor II

"set ha-direct enable",can update FortiGuard via Mgmt port?

vdralio
Staff
Staff

@xinleiwang ,

 

You can change the configuration on HA settings, and add a management interface for HA then FortiGuard traffic will go through that interface. 

 

Do not forget that you need to know that from the management subnet we need to reach the internet.

Best Regards,

Vasil

 

Labels
Top Kudoed Authors