Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vune
New Contributor

Created on ‎02-24-2025 05:34 AM

Trouble with the access to my Forti web interface

Hi everyone,

I'm having a problem when I'm trying to access my Forti web interface through my network. It's accessible when I'm connected localy and the gear under it can be pinged and accessible through the network. My managment interface is situated in a VLAN reserved for every managment access in my network. Also I have two forti101E in HA mode active/passive, and therefore only one address for my mgmt interface. The ping, http and https are activated in my configuration. If you need any other info for troubleshooting, please feel free to ask me.

Thanks in advance for your answers

Labels:
186
0 Kudos
3 REPLIES 3
funkylicious
SuperUser
SuperUser

Created on ‎02-24-2025 05:49 AM Edited on ‎02-24-2025 05:50 AM

hi,

maybe, https://community.fortinet.com/t5/FortiGate/Technical-Tip-Default-route-via-HA-reserved-management-I... will help.

also, if you have the local defined Administators defined with trusted hosts, make sure the IP or network from which you are trying is defined in it.

"jack of all trades, master of none"
"jack of all trades, master of none"
180
vune
New Contributor

Created on ‎02-28-2025 05:42 AM

Hi !

I have tried to change the address of my mgmt interface so it is not in any of my subnet anymore. I still cannot access it but the material below is still pingable from my network (the cloud image). I hope the scheme will help you understand my problem a bit more, I tried to use the dedicated management interface reservation but it doesn't seem to change anything. I also tried to use the diagnose sniffer packet command and it seems that I receive request but doesn't send a reply.

Thanks in advance

Capture.PNG

146
0 Kudos
funkylicious
SuperUser
SuperUser
In response to vune

Created on ‎02-28-2025 05:48 AM Edited on ‎02-28-2025 05:50 AM

can you share some output/commands for more info ?

 

diagnose debug enable

diagnose debug flow filter saddr SRCIP

diagnose debug flow filter daddr MGMTIP

diagnose debug flow show function-name enable

diagnose debug flow trace start 100

 

to stop:

diagnose debug flow trace stop

diag debug disable

 

start those and try to connect to it, then post the output here, please.

 

also:

get router info routing-table details SRCIP

and the firewall policy for: srcintf LAG(port15-16) and dstintf mgmt 

show firewall policy ID

"jack of all trades, master of none"
"jack of all trades, master of none"
134
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.