Hello Team,
We have a similar scenario explained in the Fortigate Admin guide - https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/647723/link-monitor-with-rou...
We have a requirement to monitor the static route with link monitoring so whenever the IP defined in the link monitor is unreachable, specified static will be removed from the Fortigate routing table.
However, in our datacenter, we are managing Fortigates from the Fortimanager so I am not sure how to achieve this.
I have checked FortiManager admin guide but it was not useful.
Could someone assist, please?
Link-monitor doesn't seem to be an "Object" in a policy package. So if you want to keep the config in sync when it changes, you probably need to use a CLI template to configure then apply to the device.
But if you don't have to/want to manage the routes, which might not change once configured, you can just get into the device via "CLI via SSH" from the FMG then configure the link-monitor at the device.
The change would be automatically retrieved to FMG so you'll have to re-install policy package and others, which went out of sync because of auto-retrieve.
It's up to your strategy "how much detail you want to manage by FMG". I tend to choose the latter.
Toshi
Thanks for your response. We want to manage the static route so when the link monitor attached to the static route mark the next hop/target IP down, it will remove the static route from the routing table.
Ok, then again you probably need to CLI templates.
https://docs.fortinet.com/document/fortimanager/6.4.5/administration-guide/759109/cli-templates
CLI templates are scripts that need to sync with the devices so when something get changed on the device you have to resync again from the FMG side. If you want to make those monitoring routes or even the gateway IP as valuables then change them per device, you want to use meta fields to plug the values in per device. Since it's not an object in a policy package you can't use "per-device object".
https://docs.fortinet.com/document/fortimanager/7.0.8/administration-guide/611929/meta-fields
But if you don't have multile FGTs with similar config and managed by the same FMG, I still don't see much reason to explicitly manage the content of link-monitor config with a CLI template.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.