- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- OOB mgmt interface for HA cluster mgmt interface
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OOB mgmt interface for HA cluster mgmt interface
Hi, guys,
I am confused to Fortigate HA cluster mgmt interface.
I have two Fortigate 600E devices and form a HA-pair; an IP address for their OOB mgmt interface individually, as the following requirement (no mgmt VDOM, and the following configuration through root VDOM) :
1. 192.168.100.10 ( for the OOB "mgmt" interface of the primary Fortigate) 2. 192.168.100.20 ( for the OOB "mgmt" interface of the secondary Fortigate) 3. 192.168.100.100 (for the cluster IP = always towards the master unit)
4. How I can configure the above requirement
5. The above IP addresses should not be overlapped
any advice and recommendation, many many thanks.
Solved! Go to Solution.
4 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The exact steps depend on the FOS version installed, but for v6 I recommend:
- do not configure the port you want to use for mgmt at all
- in System / HA, select a dedicated port for management, select "mgmt"
- then in Network / Interfaces, put in the IP address, mask and any other detail
The special quirk of HA mgmt ports is that their address can overlap with that of an other port, e.g. LAN. And secondly, that the configuration (esp. the address) is not synchronized across the cluster.
In the past, I've had some trouble getting this to work when I started with the port config first, HA config later.
If you need to, you can specify a gateway address for the HA mgmt in the CLI.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FOS version?
There are too many places where this is configured...
config system haThis is from a FG-200E running v6.0.11.
set mode a-p
set ha-mgmt-status enable
config ha-mgmt-interfaces
edit 1
set interface "mgmt"
next
end
end
config system interface
edit "mgmt"
set ip 10.20.0.3 255.255.254.0
set allowaccess ping https ssh
set type physical
set dedicated-to management
set role lan
set snmp-index 1
set ap-discover disable
next
end
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are there any references on port "mgmt"? Network / Interfaces, column "ref.".
If so, which ones?
What does the config on port "mgmt" look like?
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Glad I could point you into the right direction.
You've DOWNvoted my post 3 times=6 points...I know this was not your intention. Would you please UPvote it again 3 times with 5 stars? 1 star= -2 points, 3 stars = +- 0 points, 5 stars = +2 points
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The exact steps depend on the FOS version installed, but for v6 I recommend:
- do not configure the port you want to use for mgmt at all
- in System / HA, select a dedicated port for management, select "mgmt"
- then in Network / Interfaces, put in the IP address, mask and any other detail
The special quirk of HA mgmt ports is that their address can overlap with that of an other port, e.g. LAN. And secondly, that the configuration (esp. the address) is not synchronized across the cluster.
In the past, I've had some trouble getting this to work when I started with the port config first, HA config later.
If you need to, you can specify a gateway address for the HA mgmt in the CLI.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Ede,
I tried to the following configuration, but got problem, any recommendation, thx :
Forti600E_04 # config sys dedicated-mgmt
Forti600E_04 (dedicated-mgmt) # set status enable
Forti600E_04 (dedicated-mgmt) # set int "mgmt" node_check_object fail! for interface mgmt
value parse error before 'mgmt' Command fail. Return code -23
Forti600E_04 (dedicated-mgmt) #
Many thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FOS version?
There are too many places where this is configured...
config system haThis is from a FG-200E running v6.0.11.
set mode a-p
set ha-mgmt-status enable
config ha-mgmt-interfaces
edit 1
set interface "mgmt"
next
end
end
config system interface
edit "mgmt"
set ip 10.20.0.3 255.255.254.0
set allowaccess ping https ssh
set type physical
set dedicated-to management
set role lan
set snmp-index 1
set ap-discover disable
next
end
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Ede,
I am now using the FortiOS v.6.4.4; and get the same problem:
Forti600E_04 # config sys ha
Forti600E_04 (ha) # set ha-mgmt-status enable
Forti600E_04 (ha) # config ha-mgmt-interfaces
Forti600E_04 (ha-mgmt-interfaces) # edit 1 new entry '1' added
Forti600E_04 (1) # set interface "mgmt" node_check_object fail! for interface mgmt
value parse error before 'mgmt' Command fail. Return code -23
Forti600E_04 (1) #
any advice, thx ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are there any references on port "mgmt"? Network / Interfaces, column "ref.".
If so, which ones?
What does the config on port "mgmt" look like?
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Ede,
All old configurations of the "mgmt" were removed, and then succeeded in configuring the ha-mgmt-interface "mgmt":
Forti600E_03 # config system ha Forti600E_03 (ha) # set ha-mgmt-status enable Forti600E_03 (ha) #config ha-mgmt-interfaces Forti600E_03 (ha-mgmt-interfaces) #edit 1 new entry '1' added
Forti600E_03 (1) #set interface "mgmt" Forti600E_03 (1) # next Forti600E_03 (ha-mgmt-interfaces) # end Forti600E_03 (ha) # end
Forti600E_03 # config system int Forti600E_03 (interface) # edit mgmt Forti600E_03 (mgmt) # set dedicated-to management Forti600E_03 (mgmt) # Forti600E_03 (mgmt) # end Forti600E_03 # exit
many many thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry Ede,
Made wrong marks to you...very very sorry
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Glad I could point you into the right direction.
You've DOWNvoted my post 3 times=6 points...I know this was not your intention. Would you please UPvote it again 3 times with 5 stars? 1 star= -2 points, 3 stars = +- 0 points, 5 stars = +2 points
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Related Posts
- L2 Traffic Forwarding 48 Views
- FortiManager Hyper-V VM 7.2.5 unable to... 75 Views
- FortiClient disconnects when opening up applications 144 Views
- Virtual IP for npm breaks my... 272 Views
- how fortigate SD-WAN ensure both sites... 180 Views
Labels
-
FortiGate
6,652 -
FortiClient
1,326 -
5.2
801 -
5.4
639 -
FortiManager
576 -
FortiAnalyzer
420 -
6.0
416 -
5.6
362 -
FortiSwitch
341 -
FortiAP
339 -
FortiClient EMS
270 -
FortiMail
252 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
157 -
6.4
128 -
FortiNAC
109 -
FortiGuard
106 -
FortiSIEM
91 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
76 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
65 -
4.0MR3
64 -
Wireless Controller
58 -
FortiProxy
46 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
40 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
29 -
Firewall policy
29 -
SD-WAN
29 -
FortiConnect
24 -
High Availability
23 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
FortiAuthenticator
20 -
ZTNA
19 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
Interface
13 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
Logging
12 -
LDAP
11 -
VDOM
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
fortilink
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
SSO
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
4.0MR1
1 -
Users
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.