How to use HA Reserved Management Interface as source to External Services (such as FortiGuard)

TPS-Services · ‎03-17-2023

Hi All,

I have some objective to POC, I would like to explain follow this

Goal : use HA Reserved Management Interface as source to FortiGuard Service

I have many tasks follow this

- I have 2 FGTs, Config HA and HA Reserved Management Interface (use interface mgmt) complete, I can access 2 FGTs with separate ip address.

- I just have 3 Interface in this topology, 2 HA heartbeat interface for connected each other, and 1 mgmt interface to gateway VLAN MGMT, not have any interface for another traffic right now.

- I access to hidden vdom ("vsys_hamgmt") and can prove that RMI can go the internet (ping ip address and name on internet) and not any service block to access internet.

- I have config "set ha-direct enable" already

Issue : I found that 2 FGTs unable to connect FortiGuard Server and Status on FortiCare is "pending" always

Anthony_E · ‎03-19-2023

Hello,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

srajeswaran · ‎03-19-2023

Communication to Fortiguard is initiated from root/management VDOM only and thats why the connection to fortiguard is not working even though you have routes/reachability.

Ref: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Unable-to-connect-to-FortiGuard-serv...

Is there any reason for using 2 interfaces for heartbeats instead of 1 and then using the other one for the traffic?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

How to use HA Reserved Management Interface as source to External Services (such as FortiGuard)

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website