I have FortiGate firewall in HA mode.
I need to enable private data encryption on both the firewalls and for that I will need to break the HA and proceed further.
How can I take the GUI access of the firewall incase of unable to take the console access.
1) If I want to access the secondary firewall, can I access it directly with the console cable or do I have to remove the HA cable first and then take the console access.
2) Any other ways to take the console access of secondary firewall other than reserve management IP process?
Also let me know when to remove the HA cable to take the secondary firewall access
Go to Solution.
You can access the secondary firewall console without breaking HA.
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
View solution in original post
Can you confirm the FortiOS version? As per the below document we don't have to split the cluster in newer versions 6.4.2 and above.
As updated, you do not required break the HA for Enable private data encryption.
If you need access the SSH for slave device, 'execute ha manage' command can connect to the CLI of other cluster units .
Using a direct console connection you can log into any cluster unit .
I know that I can take thew CLI access using the above command.
But to enable private data encryption, It is recommended to enable it seperately.
Firewall version is 7.0.9. But as per the KB it is mentioned that units should be separated.
and then enable private data encryption seperately on both units
Looks like the article needs some formatting, the suggestion given are for versions below 6.2.5 or 6.4.2 and that's why the permanent fix says upgrade to "6.2.5 or newer versions".
I just need the clarification that how can I access the firewalls separately through console or GUI?
Also let me know if I have to break the HA first to take the secondary access?
You cannot access the secondary/backup node GUI without "reserve management" interface.
To access via console, you need to plugin the console cable to the backup node directly.
If I have to take the console access of the secondary firewall, do I have to break the HA first or directly I can access the secondary firewall without breaking the HA?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.