Transparent Mode VDOM with no Management IP Address
Working with a FortiGate 70F with firmware v7.0.12 build0523
I've read the documentation, and looked at all of the examples of transparent mode configuration and they all say a management IP address is needed. But, I can't access either side of that particular VDOM from any station from which I manage my firewalls. So the question is:
Is a management IP address required for a VDOM transparent mode when there's no way to manage the unit from that particular VDOM? I have another VDOM on the firewall that I use for management, configuration and VPN.
We cannot apply the configuration without the management IP, I understand that you will not be able to manage that VDOM from that VDOM, but is there any challenge in configuring a random IP as manageip ? We can use the other VDOM to manage this VDOM (you just need to be an admin for both VDOMS)
FGT-02 # config vdom
FGT-02 (vdom) # edit T-VDOM current vf=T-VDOM:3
FGT-02 (T-VDOM) # config system settings
FGT-02 (settings) # set opmode transparent
FGT-02 (settings) # set status enable
FGT-02 (settings) # end node_check_object fail! for manageip Attribute 'manageip' MUST be set. Command fail. Return code -651
FGT-02 (T-VDOM) # config system settings FGT-02 (settings) # set opmode transparent FGT-02 (settings) # set status enable FGT-02 (settings) # set manageip 220.127.116.11/24 FGT-02 (settings) # end Changing to TP mode
The only issue in adding the management IP is that I don't have any IP addresses available in the range that I have to use. I did just put in a dummy IP address, outside of the range, and It worked for configuration purposes, but it seems wrong to me. In any case, it is working.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.