How to register and manage a Fortigate Device behind a dsl router with dynamic ip address?
Fortimanager is in LAN private network of a Fortigate behind a dsl router with static public ip.
FMG(priv ip)-->FortiGate-->(NAT)-->dsl-router(static ip)-->internet
and
FGT-->(NAT)-->dsl-router(dynamic ip)-->internet
Solved! Go to Solution.
I recommend to manage it over IPsec.
FGT --------------------- Dial-up IPsec -------------------- FGT --- FMG
I recommend to manage it over IPsec.
FGT --------------------- Dial-up IPsec -------------------- FGT --- FMG
How secure is to forward tcp 541 to Fortimanger behind Fortigate ?
Please remind me what 541 TCP used for.
Can you provide more explanation on what you want to achieve?
the case is i want to replace about 60 branch routers with fortigate appliances.
everything is behind a nated dsl modem with isp's dynamic addresses.
The same for the headquarters Fortigate but with static ip's.
I try to find something as zero touch configuration of the branch devices, and also a safe management of them either through ipsec or fortimanager virtual ip
Please check this link.
I didn't do it before but I'm sure it will help.
Regarding management, again I think it is safer to manage through IPsec.
@AEK 541/TCP is used for/by the FGFM Protocol used for communication between FMG and FGT.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.