Hi all,
FortiManager: v7.2.0 b1124 220411 (GA)
Fortifgate 200F (2 devices, HA Cluster Configured) - FortiOS v6.4.8 build1914 (GA)
Two Fortigate devices are configured, up and running, A-P HA mode, 2 VDOM. If I add cluster devices to FortiManager using Add Model HA Cluster, devices are visible but almost all configured information are N/A
Host Name FG200F*****
Serial Number FG200F*****
IP Address 10.73.0.1
System Time - Fri Jun 17 02:01:41 2022 PDT
Uptime - N/A
Firmware Version - FortiGate 6.4,build1950
Hardware Status - N/A
Operation Mode -NAT
VDOM - VDOM Disabled
If I try to import configuration it only import default policy section. Device Interface no entry found.
Additional information:
If I try to add device using Discover Device, all information are available and update. Import configuration is fine.
Any additional information with adding HA devices to FortiManager and import their configuration?
Thanks.
Solved! Go to Solution.
Hey jcegar,
the point of 'Add model device' is to be able to set up a policy package and system configuration before the FortiGate is even added to FortiManager.
The goal is usually deployment:
- a policy package, interface settings etc are all set up in advance
- the actual FortiGate the model is for is connected
- installation can happen immediately, and FortiGate is ready to operate
The model device is essentially a dummy entry with no FortiGate behind it at first; it starts with the default configuration a FortiGate of that model would have, including default policies. Importing from a model device will just pull the default policy from that default config.
After you have linked the model device to the actual physical device and ensured the config is in sync, would the policy import reflect policies existing on the real device.
Hey jcegar,
not quite; if you want to add an already configured HA cluster, you do not add it as a model device, but simply go through the device discovery process. The FortiManager should speak to primary FortiGate and discover that it is a cluster automatically.
It should create the Device Database entry, and then you can import policies; there is no real difference in how FortiManager treats FortiGate clusters or standalone units.
Created on 06-19-2022 07:12 PM
Hello @jcegar ,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Fortinet Community Team
Hey jcegar,
the point of 'Add model device' is to be able to set up a policy package and system configuration before the FortiGate is even added to FortiManager.
The goal is usually deployment:
- a policy package, interface settings etc are all set up in advance
- the actual FortiGate the model is for is connected
- installation can happen immediately, and FortiGate is ready to operate
The model device is essentially a dummy entry with no FortiGate behind it at first; it starts with the default configuration a FortiGate of that model would have, including default policies. Importing from a model device will just pull the default policy from that default config.
After you have linked the model device to the actual physical device and ensured the config is in sync, would the policy import reflect policies existing on the real device.
Thank you Debbie for answers.
So, you mean there is no way to add already configured HA Cluster with two Fortigate devices and import polices from previously configured HA devices?
BR
Hey jcegar,
not quite; if you want to add an already configured HA cluster, you do not add it as a model device, but simply go through the device discovery process. The FortiManager should speak to primary FortiGate and discover that it is a cluster automatically.
It should create the Device Database entry, and then you can import policies; there is no real difference in how FortiManager treats FortiGate clusters or standalone units.
Yes, I think that I already tried that and I have also tried import policies with success. But I didn't see that it show HA Status. I have tried it again and looked carefully and now I see that there is HA status.
Thanks a lot Debbie, it is clear now.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.