Since you cannot have two default routes with two different source interfaces...I hate that. How do I get my mgmt interfaces to be used to contact fortinet servers? Is there a range of destination IPs that I can set statics to via the mgmt interface?
You can specify as follows.
config system fortiguard
set interface-select-method specify
set interface mgmt
set source-ip x.x.x.x
But without a default route tied to the mgmt interface how does it know where to go?
Oh so you have SD-WAN?
Your solution then is to set mgmt interface as dedicated to management. The condition is to have no firewall policy with mgmt as source interface or destination interface.
config system interface
edit "mgmt"
set dedicated-to management
You will then be able to add default route through mgmt interface.
Already have the mgmt interface set to dedicated to mgmt. I do not have any policies at all at this point tied to mgmt but it does not let me add static default route.
Says you cannot have duplicate routes on sdwan and non sdwan interface.
Ok I admit I was wrong.
So your solution is to add a route to "Internet Service" > FortiGuard, via mgmt.
This does not seem to fix my fortigates not being able to talk to the fortiguard servers over my mgmt network.
So I summarize..
You forced FortiGuard local-out-routing through mgmt, like this:
config system fortiguard
set interface-select-method specify
set interface mgmt
set source-ip x.x.x.x
And you added a route towards "Internet Service" > FortiGuard, via mgmt through the gateway in front of mgmt.
Right?
So now you need to check with "diag sniffer" from where the FortiGuard traffic is flowing. You can run "exec update now" to generate traffic with FortiGuard.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.