1- you manage ALL of the FGT stuff on the cluster's address, via GUI or CLI. There is no need to know where the cluster management puts a certain VDOM, onto the primary or secondary unit. In fact, configuring the secondary would force the FGT cluster to synchronize 'in reverse', from slave to master.
Luckily, that works.
But, it's not best practice.
2- GUI access to a secondary FGT is a fair reason to configure a 'dedicated management' port. On some FGTs, this works as advertised. On several others, the GUI wouldn't let me specify a second IP address from an already used range. GUI access is nice if you want to reboot the secondary but not the primary, or watch it's CPU or memory load. Or change it's HA parameters (which I would always prefer to do in the CLI - quite a few parameters here are CLI-only).
3- the label 'MGMT' on a port does not enable special features magically; configuration does. It might be that MGMT1 already is set to 'dedicated to management'; I doubt (but never tried) that a FGT can have more than one of these.
"Kernel panic: Aiee, killing interrupt handler!"