Manage secondary firewall in HA pair independently of primary
We are configuring a two firewall HA pair using 2600-series and want to be able to log into each separately. This documentation appears to describe the configuration (https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/313152/out-of-band-managemen...), but when I go to System > HA > Primary Firewall, under the Management Interface Reservation, port17 isn't available to be selected, which is the management interface. It's on a different VRF than the other ports; however, I put another port into that particular VRF, and it shows up. I'm currently logged into the firewall using port17, so is that the problem? Could there be something else? Thank you.
Can you run "show | grep port17 -f", this will show if port17 is referenced in any other hierarchy other than "config system interface" and if it is referenced it cannot be configured as dedicated management interface.
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Thanks for your response srajeswaran. Does that include routes?
FTG2600 # show | grep port17 -f config system interface edit "port17" <--- set vdom "root" set vrf 1 set ip 10.2.66.115 255.255.255.0 set allowaccess ping https ssh snmp fgfm set type physical set mediatype sr set snmp-index 17 set speed 10000full next end config router static edit 67 set dst 172.16.0.0 255.255.0.0 set gateway 10.2.66.1 set device "port17" <--- next edit 22 set dst 10.5.19.20 255.255.255.255 set gateway 10.2.66.1 set device "port17" <--- next end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.