Hi, guys,
I am confused to Fortigate HA cluster mgmt interface.
I have two Fortigate 600E devices and form a HA-pair; an IP address for their OOB mgmt interface individually, as the following requirement (no mgmt VDOM, and the following configuration through root VDOM) :
1. 192.168.100.10 ( for the OOB "mgmt" interface of the primary Fortigate) 2. 192.168.100.20 ( for the OOB "mgmt" interface of the secondary Fortigate) 3. 192.168.100.100 (for the cluster IP = always towards the master unit)
4. How I can configure the above requirement
5. The above IP addresses should not be overlapped
any advice and recommendation, many many thanks.
Solved! Go to Solution.
The exact steps depend on the FOS version installed, but for v6 I recommend:
- do not configure the port you want to use for mgmt at all
- in System / HA, select a dedicated port for management, select "mgmt"
- then in Network / Interfaces, put in the IP address, mask and any other detail
The special quirk of HA mgmt ports is that their address can overlap with that of an other port, e.g. LAN. And secondly, that the configuration (esp. the address) is not synchronized across the cluster.
In the past, I've had some trouble getting this to work when I started with the port config first, HA config later.
If you need to, you can specify a gateway address for the HA mgmt in the CLI.
FOS version?
There are too many places where this is configured...
config system haThis is from a FG-200E running v6.0.11.
set mode a-p
set ha-mgmt-status enable
config ha-mgmt-interfaces
edit 1
set interface "mgmt"
next
end
end
config system interface
edit "mgmt"
set ip 10.20.0.3 255.255.254.0
set allowaccess ping https ssh
set type physical
set dedicated-to management
set role lan
set snmp-index 1
set ap-discover disable
next
end
Are there any references on port "mgmt"? Network / Interfaces, column "ref.".
If so, which ones?
What does the config on port "mgmt" look like?
Glad I could point you into the right direction.
You've DOWNvoted my post 3 times=6 points...I know this was not your intention. Would you please UPvote it again 3 times with 5 stars? 1 star= -2 points, 3 stars = +- 0 points, 5 stars = +2 points
The exact steps depend on the FOS version installed, but for v6 I recommend:
- do not configure the port you want to use for mgmt at all
- in System / HA, select a dedicated port for management, select "mgmt"
- then in Network / Interfaces, put in the IP address, mask and any other detail
The special quirk of HA mgmt ports is that their address can overlap with that of an other port, e.g. LAN. And secondly, that the configuration (esp. the address) is not synchronized across the cluster.
In the past, I've had some trouble getting this to work when I started with the port config first, HA config later.
If you need to, you can specify a gateway address for the HA mgmt in the CLI.
Hi, Ede,
I tried to the following configuration, but got problem, any recommendation, thx :
Forti600E_04 # config sys dedicated-mgmt
Forti600E_04 (dedicated-mgmt) # set status enable
Forti600E_04 (dedicated-mgmt) # set int "mgmt" node_check_object fail! for interface mgmt
value parse error before 'mgmt' Command fail. Return code -23
Forti600E_04 (dedicated-mgmt) #
Many thanks
FOS version?
There are too many places where this is configured...
config system haThis is from a FG-200E running v6.0.11.
set mode a-p
set ha-mgmt-status enable
config ha-mgmt-interfaces
edit 1
set interface "mgmt"
next
end
end
config system interface
edit "mgmt"
set ip 10.20.0.3 255.255.254.0
set allowaccess ping https ssh
set type physical
set dedicated-to management
set role lan
set snmp-index 1
set ap-discover disable
next
end
Hi, Ede,
I am now using the FortiOS v.6.4.4; and get the same problem:
Forti600E_04 # config sys ha
Forti600E_04 (ha) # set ha-mgmt-status enable
Forti600E_04 (ha) # config ha-mgmt-interfaces
Forti600E_04 (ha-mgmt-interfaces) # edit 1 new entry '1' added
Forti600E_04 (1) # set interface "mgmt" node_check_object fail! for interface mgmt
value parse error before 'mgmt' Command fail. Return code -23
Forti600E_04 (1) #
any advice, thx ?
Are there any references on port "mgmt"? Network / Interfaces, column "ref.".
If so, which ones?
What does the config on port "mgmt" look like?
Hi, Ede,
All old configurations of the "mgmt" were removed, and then succeeded in configuring the ha-mgmt-interface "mgmt":
Forti600E_03 # config system ha Forti600E_03 (ha) # set ha-mgmt-status enable Forti600E_03 (ha) #config ha-mgmt-interfaces Forti600E_03 (ha-mgmt-interfaces) #edit 1 new entry '1' added
Forti600E_03 (1) #set interface "mgmt" Forti600E_03 (1) # next Forti600E_03 (ha-mgmt-interfaces) # end Forti600E_03 (ha) # end
Forti600E_03 # config system int Forti600E_03 (interface) # edit mgmt Forti600E_03 (mgmt) # set dedicated-to management Forti600E_03 (mgmt) # Forti600E_03 (mgmt) # end Forti600E_03 # exit
many many thanks
Sorry Ede,
Made wrong marks to you...very very sorry
Glad I could point you into the right direction.
You've DOWNvoted my post 3 times=6 points...I know this was not your intention. Would you please UPvote it again 3 times with 5 stars? 1 star= -2 points, 3 stars = +- 0 points, 5 stars = +2 points
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1742 | |
1110 | |
758 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.