Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dsnelson
New Contributor

FGFM and trusted hosts

I am due to change the IP of my FortiManager and I need to know if this will require a change in our FortiGate trusted hosts configuration?

 

I expect that the tunnel may continue to work without updating trusted hosts but does this mean that only the FortiGate will be able to bring up the FGFM tunnel, or will FortiManager be able to bring up the tunnel also, even if it does not appear in the Fortigate's trusted hosts?

3 REPLIES 3
skyhigh
New Contributor

When FortiManager attempts to establish a new FGFM tunnel with the FortiGate, FortiGate will first check whether the FortiManager serial # is already known as trusted.  If not, FortiManager will need to provide admin credentials.  In that latter scenario, trust host restriction would come into play.

 

So although I don't believe trusted host restrictions would apply for the first scenario (where the serial # is known), tto be safe I would add the new FortiManager serial # to your trusted host list.  This could be particularly important for FortiManager HA clusters.

Fortinet Technical Support
Fortinet Technical Support
brazz_FTNT
Staff
Staff

Hello, 

Tell us more about  the network topology, FGTs are NATed ? If you have the basic connectivity and the SN of FMG has been added on the FGT's "config system central-management" this should be fine. 

Thanks

 

 

dsnelson

Hi, We are an MSP so there are a few hundred FortiGates with a wide variety of different connectivity scenarios. I believe our FortiManager add's it's own serial number when it connected so they should all be able to authenticate, the question is just whether or not the trusthosts will permit the FGFM tunnel to connect in the first place. So far my tests on version 6.0 have successfully connected without  a trusthosts entry but I don't know if this will also apply to older firmware versions.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors