Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
screenie
New Contributor

issues accessing ip configured with 'set management-ip'

I'm trying to access/monitor remote cluster nodes internally via VPN using the 'set management-ip' command. FW-Node-1: config system interface     edit "vsw.LinkAgg0"         set vdom "root"         set management-ip 172.28.28.2 255.255.255.0         set ip 172.28.28.1 255.255.255.0         set allowaccess ping https ssh snmp         set device-identification enable         set role lan         set snmp-index 14         set switch-controller-feature default-vlan         set interface "LinkAgg0"         set vlanid 1     next end FW-Node-2: config system interface     edit "vsw.LinkAgg0"         set vdom "root"         set management-ip 172.28.28.3 255.255.255.0         set ip 172.28.28.1 255.255.255.0         set allowaccess ping https ssh snmp         set device-identification enable         set role lan         set snmp-index 14         set switch-controller-feature default-vlan         set interface "LinkAgg0"         set vlanid 1     next end From remote via the VPN Tunnel i'm only able to reach the interface VIP .1 and  .2 from the active FW-Node. From an server in that VLAN i can access the interface VIP .1, .2 from the active FW-Node and .3 from the standby FW-Node. That's expected as per the documentation: https://docs.fortinet.com...230/in-band-management However, when i perform sourceNAT on the traffic from the VPN tunnel i'm still not able to access the .3 from the standby FW-Node. Even if i create an ippool .4 and translate the remote traffic to that one it's not working which i would expect to work as traffic originates from the same VLAN (as written in the documentation). It doesn't matter if the ippool is set as overload or one-to-one but when i run a permanent ping to .3 from remote with the ippool set to .4 as overload and ARP reply enabled and then change it from overload to one-to-one while the permanent ping is still running then i'm getting 5-6 replies back - but after that nothing anymore. Also if i ping from active FW-Node the .3 of the standby FW-Node there is no reply. When i ping form the standby FW-Node the .2 of the active FW-Node i do get a reply. That seems to be a bug

0 REPLIES 0
Labels
Top Kudoed Authors