- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HA Reserved Management Interface question
Hi All,
May i know the purpose of "HA Reserved Management Interface" ? if i use interface "mgmt" and set ip 192.168.1.1 and gateway 192.168.1.254, what is the benfit on enabling this ? any help would be appreicated
piaakit
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
At least two merits:
1. That 192.168.1.0/24 doesn't show up, or is separated from, user networks. It doesn't show up in the regular routing table.
2. Each unit in the HA cluster has unique IP address, which is excluded from from HA config sync. Like unit-A has .1 and unit-B has .2 while both share the same GW .254.
Toshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
so in this case its in HA, if i enable HA Reserved Management Interface, how i can assign it to the secondary unit ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey piaakit,
you can either make the setting during initial configuration of HA (before the cluster is actually formed) and then the secondary will remain available on the reserved management interface.
If you already formed the cluster, you can do the setting via CLI:
1. Log into primary CLI
2. Run the command 'exe ha manage ?' to see the nodes and cluster member IDs
3. Run the command 'exe ha manage <ID>' to access the secondary's CLI
4. Provide admin credentials
5. Configure the reserved mgmt interface settings under 'config system ha'
You can find a more detailed guide here:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-HA-Reserved-Management-Interface/ta-p/1901...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @piaakit1210,
The purpose of HA Reserved Management Interface is allowing you to access the secondary unit GUI.
Regards,