Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
omkam
New Contributor II

Query related to GUI access of secondary firewall

I have FortiGate firewall in HA mode.

 

I need to enable private data encryption on both the firewalls and for that I will need to break the HA and proceed further.

How can I take the GUI access of the firewall incase of unable to take the console access.

1) If I want to access the secondary firewall, can I access it directly with the console cable or do I have to remove the HA cable first and then take the console access.

2) Any other ways to take the console access of secondary firewall other than reserve management IP process?

Also let me know when to remove the HA cable to take the secondary firewall access

Omkar
1 Solution
srajeswaran

You can access the secondary firewall console without breaking HA.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

9 REPLIES 9
srajeswaran
Staff
Staff

Can you confirm the FortiOS version? As per the below document we don't have to split the cluster in newer versions 6.4.2 and above.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enable-private-data-encryption-in-HA-clust...

 

 

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

jhussain_FTNT

Hi,

 

As updated, you do not required break the HA for Enable private data encryption.

If you need access the SSH for slave device,  'execute ha manage' command can connect to the CLI of other cluster units .

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Managing-individual-cluster-units-with-the...

Using a direct console connection you can log into any cluster unit .

 

Regards

Jamal

omkam
New Contributor II

Hello Hussain,

 

I know that I can take thew CLI access using the above command.

But to enable private data encryption, It is recommended to enable it seperately.Screenshot (1269).png

Omkar
omkam
New Contributor II

Firewall version is 7.0.9. But as per the KB it is mentioned that units should be separated.

and then enable private data encryption seperately on both unitsScreenshot (1269).png

Omkar
srajeswaran

Looks like the article needs some formatting, the suggestion given are for versions below 6.2.5 or 6.4.2 and that's why the permanent fix says upgrade to "6.2.5 or newer versions".

 

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

omkam
New Contributor II

I just need the clarification that how can I access the firewalls separately through console or GUI?

Also let me know if I have to break the HA first to take the secondary access?

Omkar
srajeswaran

You cannot access the secondary/backup node GUI without "reserve management" interface.

 

To access via console, you need to plugin the console cable to the backup node directly.

 

 

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

omkam
New Contributor II

Hello Rajeswaran,

 

If I have to take the console access of the secondary firewall, do I have to break the HA first or directly I can access the secondary firewall without breaking the HA?

Omkar
srajeswaran

You can access the secondary firewall console without breaking HA.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Top Kudoed Authors