Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
taka12012
New Contributor

About management IP settings in transparent mode

 

When building the following configuration in transparent mode, administrative access to Fortigate is not possible from PC1.

Do you know the solution?

 

PC1:192.168.10.1(vlan10)

PC2:192.168.30.1(vlan30)

Fortigate:192.168.20.1(vlan20)

 

PC1---vlan10---Fortigate---vlan10---L3SW---PC2

                           |                             | 

                     vlan20                       vlan20   

                           |----------------------| 


I want to perform management access to Fortigate by routing from PC1 (vlan10) via L3SW.

 

Ping/SSH/HTTPS are all possible from PC2 to Fortigate.

Ping is possible from PC1 to Fortigate, but SSH/HTTPS is not possible.

6 REPLIES 6
lgupta
Staff
Staff

Hello taka12012,

 

Thanks for reaching out.

 

Please go through this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-management-IP-in-transpar...

 

I am sure this will help.

 

Thanks

Best regards,

-lgupta



If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.
taka12012

Thank you for answering.
Does this mean that the configuration described is not possible without using vdom?

dbu

I believe it can be done without defining VDOM. Everything will be considered one "VDOM" if you don't define any. 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
taka12012
New Contributor

When I built the VDOM without defining it, the following event occurred.

------------------

Ping is possible from PC1 to Fortigate, but SSH/HTTPS is not possible.
------------------

mle2802
Staff
Staff

Hi @taka12012,

When you ping from PC1, what is the interface reply to that traffic on FortiGate. Please also refer to this document for FortiGate config in transparent mode https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/5aa37c8a-1a11-11e9-9685-f8bc12...

Regards,
Minh

darisandy
Staff
Staff

It's a bit tricky to set management access on FGT Transparent Mode.

You may want to check docs send by Minh for more detailed deployment.

 

Usually when you have multiple VLAN going through FGT, you need to define forward domain.

So the traffic will not be broadcasted to other segment.

 

When you assign management IP on FGT TP mode, FGT basically listening on every interface.

It's simpler if you can enable multi VDOM.

1 NAT vdom for management access and 1 TP VDOM for the data.

Top Kudoed Authors