Hello everyone,
I would like to know your opinion as to whether my approach was correct.
Scenario:
We have Site-A, where our FortiManager (7.4.3) is located and we have Site-B, which has had a FortiGate 200F (7.2.8) since yesterday. Both sites are connected via IPSec. As the IP range of Site-B in Site-A is already assigned, we have to work with NAT.
Site-B has the Internal network 192.168.200.0/24 but is changed to 192.168.201.0/24 via SNAT and is also in the IPSec SA's in Site-A and Site-B with this address.
The SNAT works great, but the interface address of Site-B is not translated, which is why the FortiGate now tries to reach the FortiManager via 192.168.200.x - which of course does not work.
I first tried to solve this via the CLI:
config system central-management
set fmg-source-ip 192.168.201.x
However, this failed because there is no interface with this IP address.
My solution was to give the interface with the IP 192.168.200.x a secondary IP: 192.168.201.x/32, so I could then use this IP as the source IP.
Is there a better solution to the problem or was this the best way?
Kind Regards
Marc
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You may have to dedicate 1 IP for Fortimanager and use it under fortimanager admin settings
config systems admin setting
set mgmt-addr <FMG_VIP>
Sure it works, however there's a little quirk - try logging to the GUI, go to Fabric settings, open FortiManager and just press okay. It shows a popup telling about authorization request sent and after this try if it still gets stuck at 5% when authorizing in the FMG https://mobdro.bio/ .
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.