Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
scheuri
Contributor

Splitting up a Cluster in Azure (VMs) and preserve HA-mgmt-Port settings?

Hello all

 

We have a fortigate vm cluster in Azure which we like to split up into two standalone vm's.

Reason: Some restrictions in cluster config that can be solved using standalone vms.

 

I have managment connection via port4 and a dedicated IP (in the same subnet and a gateway in said subnet) to each of the vms in order to manage them.
Those information are in "config system ha".

 

When switching the HA configuration from "active/passive" to "standalone" I (obviously) lose the configuration of the HA Managementand Interface in "config system ha" and also the IP address in "config interface port 4" and therefore I lose the possibility to manage the vm over port4

 

While I know how to add the IP again to port 4 I am not sure how to add that specific gateway to that port4-subnet which was added by "config system ha - config ha-mgmt-interfaces - set gateway".

 

Does anyone know to do that so I can preserve port4 as my (now standalone) VM management port?

 

Much appreciated

1 Solution
abarushka
Staff
Staff

Hello,

 

In case of HA external and management interfaces have Internet connection. You may consider to configure 2 default routes via external and management (management interface with higher priority value for ingress traffic)

 

https://community.fortinet.com/t5/FortiGate/Technical-Note-Routing-behavior-depending-on-distance-an...

FortiGate

View solution in original post

5 REPLIES 5
abarushka
Staff
Staff

Hello,

 

Could you please specify which configuration you are referring to?

 

In Azure there is console connection available:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-access-the-FortiGate-VM-console-in-...

FortiGate
abarushka

Hello,

 

It is possible to tune which objects are synchronized. Please find the details by following the link below:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-HA-FortiGate-configurations-that-will-sync...

FortiGate
scheuri

Hello abarushka

 

My apologies:
I was refereing to the "out of band Management" IP addresses which are (partially) configured in "system ha".

 

Those are not mentioned in the documentation when you are having a single box (those are only mentioned in the fortigate documentation when using cluster). So I guess it is not possible to have "out of band management" when using a single box in Azure with its own port and default gateway on that port ("management interface reserveration" in "system ha").

 

(https://docs.fortinet.com/document/fortigate-public-cloud/6.4.0/azure-administration-guide/983245 - the second and third picture with "management" port)

abarushka
Staff
Staff

Hello,

 

In case of HA external and management interfaces have Internet connection. You may consider to configure 2 default routes via external and management (management interface with higher priority value for ingress traffic)

 

https://community.fortinet.com/t5/FortiGate/Technical-Note-Routing-behavior-depending-on-distance-an...

FortiGate
scheuri

Thank you for the information - that should indeed work. Much appreciated.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors