I've configured a Fortigate to Fortigate VPN, created a Loopback Address and assigned a Public IP.
The VPN uses BGP to advertise the Public IP and and receive the default route from the Hub.
The Spoke isn't able to connect to Central Management with this config (I've got Fortiguard connected and have also changed the source IP for DNS and confirmed DNS lookups are working)
I see there is supposed to be a command under config system central-management that would allow me to set a source IP, but this doesn't exist on my Firewall. Is this something that has been removed in v7.4 and is there another method I need to use for this? Or an I missing something that I need to enable for this?
These are the only options that I see:
(central-management) # set mode Central management mode. type Central management type. schedule-config-restore Enable/disable allowing the central management server to restore the configuration of this FortiGate. schedule-script-restore Enable/disable allowing the central management server to restore the scripts stored on this FortiGate. allow-push-configuration Enable/disable allowing the central management server to push configuration changes to this FortiGate. allow-push-firmware Enable/disable allowing the central management server to push firmware updates to this FortiGate. allow-remote-firmware-upgrade Enable/disable remotely upgrading the firmware on this FortiGate from the central management server. allow-monitor Enable/disable allowing the central management server to remotely monitor this FortiGate unit. local-cert Certificate to be used by FGFM protocol. vdom Virtual domain (VDOM) name to use when communicating with FortiManager. fmg-update-port Port used to communicate with FortiManager that is acting as a FortiGuard update server. enc-algorithm Encryption strength for communications between the FortiGate and central management.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.