Hello,
I have recently taken over a site that has a Pair of FortiGate 100F's (6.4.8). Looking at the GUI I see VDOMs are not enabled. When I query the Sys Global Full Config VDOM-MODE is set to NO-VDOM. However when I query the System Interfaces I see that the MGMT Port is not on the Root VDOM. I believe the prior person manually set this and setup IPs so he could manage each unit separately via the MGMT Port as each has it's own IP and HTTPS and Management enabled. Is there some documentation on setting this up or did he just do this himself. Is this a viable config or will there be possible issues to look for?
Solved! Go to Solution.
Dear Rich,
the dmgmt_vdom is a dedicated management vdom where interfaces with 'dedicated-to management' go into, same as vsys_hamgmt is is the dedicated HA management vdom.
Even with vdoms enabled, the vsys_hamgmt and dmgmt_vdom still technically exist and can't be deleted.
If you unset the 'dedicated-to management' option in the interface, it should return to root VDOM.
Hope this helps!
Seems to be turning on this feature:
Technical Tip: FortiGate dedicated-mgmt feature - Out-of-band Management
config system dedicated-mgmt
set status enable
set interface "mgmt2"
end
config system interface
edit "mgmt2"
set vdom "dmgmt-vdom"
set ip 10.6.30.90 255.255.255.0
set allowaccess ping https ssh fgfm
set type physical
set dedicated-to management
set role lan
next
end
Thanks
Kangming
Created on 01-07-2022 03:12 PM Edited on 01-07-2022 03:12 PM
I think the KB you referred to has an error. I checked 40F/60F with 6.2.9/6.2.10. But "config system dedicated-mgmt" doesn't seem to exist. I think it's still limited to above 100x models that has dedicated "mgmt" port.
I'm talking about the line below in the KB:
"All FortiGate models running FortiOS 6.2.5+ or 6.4.2+"
Toshi
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.