- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Connecting Fortiguard with ha-mgmt-interface.
Hello
I want to connect to fortiguard using ha-mgmt-interface.
Is it possible??
When I tested it, it went to the interface set to default routing rather than ha-mgmt-interface.
(I also enabled ha-direct.)
Please let me know if this is possible.
And if possible, please tell me how.
Thanks.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
It should be possible but your routing has to be correct.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ha-mgmt-interface is not accept in static route.
ex)
config system ha
set ha-mgmt-status enable
config ha-mgmt-interfaces
edit 2
set interface "internal2"
set gateway x.x.x.x
next
end
config router static
edit 1
set gateway x.x.x.x
set device internal1 <-- internal2 Not applicable.
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It looks strange but as per admin guide it seems that FortiGuard is not included.
The following management features will then use the HA reserved management interface:
Remote logging, including syslog, FortiAnalyzer, and FortiCloud
Remote authentication and certificate verification
Communication with FortiSandbox
Netflow and sflow, see Routing NetFlow data over the HA management interface for information.
SNMP queries and traps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Yes, you cannot use ha-mgmt-interface under the normal routing configuration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
When HA-direct is enabled, FortiGate uses the HA management interface to send log messages to FortiAnalyzer and remote syslog servers, sending SNMP traps, access to remote authentication servers (for example, RADIUS, LDAP), and connecting to FortiManager, FortiSandbox, or FortiCloud.
The Fortiguard updates will use the management vdom to download the updates.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Sending-messages-logs-SNMP-RADIUS-directly...
