Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DashingCodyRhodes
New Contributor II

Created on ‎01-04-2026 10:04 PM

Is it possible to access the console webpage through the MGMT Port?

Hi,

 

Good day, here's my scenario.

 

I have an existing FG100F in my infrastructure that's connected to the production environment. I have another FG100F that's connected to 2x stacked C9300 that I'll introduce to my network (main reason for this change is the replacement of old C3560 to C9300 with SFPs as well). 

 

See diagram below

 

 

2 Firewalls.png

 

FG100F-1 is the Prod firewall that I have access to. Its connected to FG100F-2 on the mgmt port (mgmt-mgmt). 

 

I can access FG100F-2 via CLI (thus I can also ssh towards the 2 C9300 switches) although I would really love it if I can access the console webpage of FG100F-2 so I can compare the firewall rules from the 2 firewalls.

 

So is there a way to access the 2nd firewall thru mgmt? Should I have connected it to a different interface besides mgmt? I'm wary doing too many changes on the 1st firewall since its in Prod but I'll make the necessary changes to access the web console of the 2nd firewall.

 

Thanks

96
0 Kudos
2 REPLIES 2
AEH
New Contributor III

Created on ‎01-05-2026 01:59 AM Edited on ‎01-05-2026 01:59 AM

Hello @DashingCodyRhodes ,

Please confirm that by “console,” you are referring to the GUI.

If that’s the case, then yes - you can access it by enabling HTTPS access on both the mgmt interface on FGT2 and the prod FortiGate policy that allows you to reach FGT2 mgmt.

Your source (either your PC or FG100F-1) must be able to reach the management IP. Since you can already access FG100F-2 via CLI (SSH), I assume connectivity is possible.

 

 

Best regards.

 

AEH.
AEH.
69
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎01-05-2026 08:51 AM

FG100F's mgmt port is configured as "set dedicated-to managment" by default. With that config, your FG1 wouldn't "route" your GUI access traffic to FGT2's mgmt interface IP. You at least need to remove it by "set dedicated-to none" on FGT1.
But there might be some other issues if you use mgmt interface for routing regular traffic through it. We never use it other than direct access to it from outside of the FGT. If I were you I would connect a different regular port on FGT1 side to connect to FG2's mgmt port instead. I would guess there are many ports available on the 100F. 

Toshi

50
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.