Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
londonin
New Contributor

Connecting Fortiguard with ha-mgmt-interface.

Hello

 

I want to connect to fortiguard using ha-mgmt-interface.

 

Is it possible??

 

When I tested it, it went to the interface set to default routing rather than ha-mgmt-interface.

(I also enabled ha-direct.)

 

Please let me know if this is possible.

And if possible, please tell me how.

 

Thanks.

한겨레
한겨레
5 REPLIES 5
AEK
Honored Contributor

Hello

It should be possible but your routing has to be correct.

AEK
AEK
londonin
New Contributor

ha-mgmt-interface is not accept in static route.

 

ex)

config system ha

set ha-mgmt-status enable
config ha-mgmt-interfaces
edit 2
set interface "internal2"
set gateway x.x.x.x
next
end

 

config router static

edit 1

set gateway x.x.x.x

set device internal1 <-- internal2 Not applicable.

end

한겨레
한겨레
AEK
Honored Contributor

It looks strange but as per admin guide it seems that FortiGuard is not included.

 

The following management features will then use the HA reserved management interface:

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/313152/out-of-band-managemen...

 

 

AEK
AEK
pbangari
Staff
Staff

Hi,

Yes, you cannot use ha-mgmt-interface under the normal routing configuration.

gsekar
Staff
Staff

Hi,

When HA-direct is enabled, FortiGate uses the HA management interface to send log messages to FortiAnalyzer and remote syslog servers, sending SNMP traps, access to remote authentication servers (for example, RADIUS, LDAP), and connecting to FortiManager, FortiSandbox, or FortiCloud.

The Fortiguard updates will use the management vdom to download the updates. 
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Sending-messages-logs-SNMP-RADIUS-directly...

Top Kudoed Authors