When building the following configuration in transparent mode, administrative access to Fortigate is not possible from PC1.
Do you know the solution?
PC1:192.168.10.1(vlan10)
PC2:192.168.30.1(vlan30)
Fortigate:192.168.20.1(vlan20)
PC1---vlan10---Fortigate---vlan10---L3SW---PC2
| |
vlan20 vlan20
|----------------------|
I want to perform management access to Fortigate by routing from PC1 (vlan10) via L3SW.
Ping/SSH/HTTPS are all possible from PC2 to Fortigate.
Ping is possible from PC1 to Fortigate, but SSH/HTTPS is not possible.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello taka12012,
Thanks for reaching out.
Please go through this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-management-IP-in-transpar...
I am sure this will help.
Thanks
Thank you for answering.
Does this mean that the configuration described is not possible without using vdom?
I believe it can be done without defining VDOM. Everything will be considered one "VDOM" if you don't define any.
Created on 12-03-2023 03:53 PM Edited on 12-03-2023 04:37 PM
When I built the VDOM without defining it, the following event occurred.
------------------
Ping is possible from PC1 to Fortigate, but SSH/HTTPS is not possible.
------------------
Hi @taka12012,
When you ping from PC1, what is the interface reply to that traffic on FortiGate. Please also refer to this document for FortiGate config in transparent mode https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/5aa37c8a-1a11-11e9-9685-f8bc12...
Regards,
Minh
It's a bit tricky to set management access on FGT Transparent Mode.
You may want to check docs send by Minh for more detailed deployment.
Usually when you have multiple VLAN going through FGT, you need to define forward domain.
So the traffic will not be broadcasted to other segment.
When you assign management IP on FGT TP mode, FGT basically listening on every interface.
It's simpler if you can enable multi VDOM.
1 NAT vdom for management access and 1 TP VDOM for the data.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.