Hello all
We have a fortigate vm cluster in Azure which we like to split up into two standalone vm's.
Reason: Some restrictions in cluster config that can be solved using standalone vms.
I have managment connection via port4 and a dedicated IP (in the same subnet and a gateway in said subnet) to each of the vms in order to manage them.
Those information are in "config system ha".
When switching the HA configuration from "active/passive" to "standalone" I (obviously) lose the configuration of the HA Managementand Interface in "config system ha" and also the IP address in "config interface port 4" and therefore I lose the possibility to manage the vm over port4
While I know how to add the IP again to port 4 I am not sure how to add that specific gateway to that port4-subnet which was added by "config system ha - config ha-mgmt-interfaces - set gateway".
Does anyone know to do that so I can preserve port4 as my (now standalone) VM management port?
Much appreciated
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
In case of HA external and management interfaces have Internet connection. You may consider to configure 2 default routes via external and management (management interface with higher priority value for ingress traffic)
Hello,
Could you please specify which configuration you are referring to?
In Azure there is console connection available:
Hello,
It is possible to tune which objects are synchronized. Please find the details by following the link below:
Hello abarushka
My apologies:
I was refereing to the "out of band Management" IP addresses which are (partially) configured in "system ha".
Those are not mentioned in the documentation when you are having a single box (those are only mentioned in the fortigate documentation when using cluster). So I guess it is not possible to have "out of band management" when using a single box in Azure with its own port and default gateway on that port ("management interface reserveration" in "system ha").
(https://docs.fortinet.com/document/fortigate-public-cloud/6.4.0/azure-administration-guide/983245 - the second and third picture with "management" port)
Hello,
In case of HA external and management interfaces have Internet connection. You may consider to configure 2 default routes via external and management (management interface with higher priority value for ingress traffic)
Thank you for the information - that should indeed work. Much appreciated.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1561 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.