Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jomfra
New Contributor

Unabe to log into the standby fortigate in Active/passive mode (HA)

Hello Expert,

 

I have to two fortigate 400e in HA setup, but I am unable to connect to standby one when I use the Management port on the device,

How can I log into the device when it is standby mode?.

 

Thank you

 

Regards

1 Solution
funkylicious
SuperUser
SuperUser

Hi,

One option would be to login on the active one and do something like, execute ha manage <ID> <username> .

 

Did you do something similar like described in this article : https://community.fortinet.com/t5/FortiGate/Technical-Tip-HA-Reserved-Management-Interface/ta-p/1901... ? 

"jack of all trades, master of none"

View solution in original post

"jack of all trades, master of none"
3 REPLIES 3
funkylicious
SuperUser
SuperUser

Hi,

One option would be to login on the active one and do something like, execute ha manage <ID> <username> .

 

Did you do something similar like described in this article : https://community.fortinet.com/t5/FortiGate/Technical-Tip-HA-Reserved-Management-Interface/ta-p/1901... ? 

"jack of all trades, master of none"
"jack of all trades, master of none"
mle2802
Staff
Staff
Toshi_Esumi
SuperUser
SuperUser

Based on your description, I assume you're looking for a way to access the secondary unit's MGMT port directly via GUI. And further assume you want to do this via GUI as well.

 

First check how you configured HA at the primary (it probably reflects how you did at the secondary as well) then you might need to adjust.

What you want to do is to reserve the MGMT(mgmt) interface for management only (keep it outside of HA sync) and set the gateway IP in the management subnet, then set one IP from the subnet on the mgmt interface.
You need to do the same but with a different IP from the same subet on the secondary. You probably need to separate HQ to access the secondary via GUI. But I assume you know how to do it safely already.

Then the rest is obviously you need to set up the management network with a switch(es) to be able to route your access via a gateway device so that you can access both unit directly and simultaneously.

If you can do this via CLI (there are some document available) you don't have to break HA to configure the secondary but follow what @funkylicious  and @mle2802 posted. Just expect you might get kicked out when you save the change in "config sys ha"

Below is from our primary 1000D/7.0.13 under System->HA and Network->interface->mgmt1. The secondary has x.x.x.59/29 on mgmt1.

<HA config>

HAconf.png

 

<mgmt1 config>

MGMT1conf.png

Toshi

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors