Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jshanks
New Contributor

Created on ‎06-14-2023 09:46 AM

Transparent Mode VDOM with no Management IP Address

Working with a FortiGate 70F with firmware v7.0.12 build0523

 

I've read the documentation, and looked at all of the examples of transparent mode configuration and they all say a management IP address is needed.  But, I can't access either side of that particular VDOM from any station from which I manage my firewalls.   So the question is:

Is a management IP address required for a VDOM transparent mode when there's no way to manage the unit from that particular VDOM?   I have another VDOM on the firewall that I use for management, configuration and VPN.

Labels:
1801
0 Kudos
2 REPLIES 2
srajeswaran
Staff
Staff

Created on ‎06-14-2023 10:52 PM

We cannot apply the configuration without the management IP, I understand that you will not be able to manage that VDOM from that VDOM, but is there any challenge in configuring a random IP as manageip ? We can use the other VDOM to manage this VDOM (you just need to be an admin for both VDOMS)

 

FGT-02 # config vdom

FGT-02 (vdom) # edit T-VDOM
current vf=T-VDOM:3

FGT-02 (T-VDOM) # config system settings

FGT-02 (settings) # set opmode transparent

FGT-02 (settings) # set status enable

FGT-02 (settings) # end
node_check_object fail! for manageip
Attribute 'manageip' MUST be set.
Command fail. Return code -651

 

 

FGT-02 (T-VDOM) # config system settings
FGT-02 (settings) # set opmode transparent
FGT-02 (settings) # set status enable
FGT-02 (settings) # set manageip 8.8.8.8/24
FGT-02 (settings) # end
Changing to TP mode

 

FGT-02 (T-VDOM) # end

FGT-02 # config vdom
FGT-02 (vdom) # edit
<vdom> Virtual Domain Name
T-VDOM
root
FGT-02 (vdom) #

 

Note: I have not tested this, but I don't see any challenges as such other than you cannot manage the VDOM directly and you need to get access to the VDOM via the other VDOMs.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1776
0 Kudos
jshanks
New Contributor

Created on ‎06-15-2023 06:17 AM

The only issue in adding the management IP is that I don't have any IP addresses available in the range that I have to use.   I did just put in a dummy IP address, outside of the range, and It worked for configuration purposes, but it seems wrong to me.   In any case, it is working.

1754
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.