Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Omoyeleola
New Contributor II

Created on ‎03-16-2025 07:45 AM

Management Of Fortigate Firewall Via The Out Of Band Management Port

I have Setup Diagram2.jpgchallenge concerning the setup diagram provided below. In this diagram, VLAN 30 is designated as the out-of-band (OOB) management VLAN, with the corresponding OOB management network IP address being 192.168.30.0/24. Each device intended for management via the OOB network is connected to the management VLAN ports of the Forti-switch through their respective physical management ports, as illustrated in the diagram. My objective is to manage the Fortigate firewall B using its IP address, 192.168.30.10, which is configured on the physical management port. In pursuit of this objective, I attempted to configure the static route outlined below. However, I encountered an issue where the command SET DEVICE MGMT was not accepted, even after I had removed the management port from being designated as a dedicated port. Could you please advise on the most effective method to achieve my goal of managing the Fortigate firewall B through its management port?

 

config router static

edit 12

set dst 192.168.209.0/26

set gateway 192.168.30.1

set device mgmt

Labels:
981
1 Solution
ebrlima
Staff
Staff

Created on ‎03-17-2025 07:43 AM

Hello @Omoyeleola 

 

This is the guide to achieve out of band mgmt ip reservation for each member in HA cluster:

 

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/313152/out-of-band-managemen...

 

See, that when you have reserved interfaces to manage each box, connecting to the mgmt interface is managed by a different routing table.

 

When you make this configuration, port8(based on the example) cannot be referenced anywhere else, it is dedicated to management.

This should be simple, as long as you have a gateway for the management network.

 

Your mgmt port is on a vdom that you can reach directly or you need to go from one vdom to another? 

Is the pc you using to reach the mgmt interface of fortigate in the same subnet as the mgmt interface, or there's routing involved?

 

 

config system ha
    set ha-mgmt-status enable
    config ha-mgmt-interfaces
        edit 1
            set interface port8
            set gateway 10.11.101.2
        next
    end
en

 

 

Eudes Lima

View solution in original post

943
0 Kudos
2 REPLIES 2
ebrlima
Staff
Staff

Created on ‎03-17-2025 07:43 AM

Hello @Omoyeleola 

 

This is the guide to achieve out of band mgmt ip reservation for each member in HA cluster:

 

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/313152/out-of-band-managemen...

 

See, that when you have reserved interfaces to manage each box, connecting to the mgmt interface is managed by a different routing table.

 

When you make this configuration, port8(based on the example) cannot be referenced anywhere else, it is dedicated to management.

This should be simple, as long as you have a gateway for the management network.

 

Your mgmt port is on a vdom that you can reach directly or you need to go from one vdom to another? 

Is the pc you using to reach the mgmt interface of fortigate in the same subnet as the mgmt interface, or there's routing involved?

 

 

config system ha
    set ha-mgmt-status enable
    config ha-mgmt-interfaces
        edit 1
            set interface port8
            set gateway 10.11.101.2
        next
    end
en

 

 

Eudes Lima
944
0 Kudos
Omoyeleola
New Contributor II
In response to ebrlima

Created on ‎03-19-2025 05:07 PM

Thanks for the solution. 

909
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.