Hello. I'm trying to configure HA with 2 Fortigate 600D. I have some problem or misunderstanding regarding the MGMT interface. The HA itself is working correctly.
In the HA configuration, I have checked the "Reserve Management Port for Cluster Member" , selected MGMT1 and I have configured static IP address on this port on each fortigate (192.168.1.10 and 192.168.1.20). When I try to configure the MGMT2 with the IP address 192.168.1.1, I can't because this IP address is in the same subnet than MGMT1... I trying to follow the indications on this guide: http://docs.fortinet.com/...5/fortigate-ha-54.pdf. Scheme on page 175 uses IP addresses on the same subnet... My goal is to be able to reach the Master device from any VLAN (it is ok now, I must just enable HTTPS, SSH access on each desired the vlan interface) AND I want to be able to access to each unit with their reserved management IP (MGMT1) from ANOTHER VLAN. thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I don't think you can do that. Plus how would MGMT#2 interface know what gateway?
Take a look at the cli ha cmd output for
set ha-mgmt status interface interface-gateway
e.g
(cli cmd)
show full system ha
PCNSE
NSE
StrongSwan
Ok but what is the best practice when you setup HA for the management ? Do you don't think that it is important to be able to access to each fortigate individually too ? Of course, most of the time you want to access only to master unit...
Yes individually does helps if you don't want to "execute ha man <id> " to the 2nd unit . If you have a OOB network and want to do direct access and monitoring against the 2nd unit this is a great ideal also.
PCNSE
NSE
StrongSwan
Yes ok thank. But I permit to ask because my client has a Management VLAN (192.168.100.0/24) and it access all devices using this subnet. My first idea was to use 3 ip addresses in this range, for exemple the following:
[ul]
My question is : It is possible ?
Thank you
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.