fortigate register & management from a Fortimanager

Chris_k · ‎06-13-2024

How to register and manage a Fortigate Device behind a dsl router with dynamic ip address?

Fortimanager is in LAN private network of a Fortigate behind a dsl router with static public ip.

FMG(priv ip)-->FortiGate-->(NAT)-->dsl-router(static ip)-->internet

and

FGT-->(NAT)-->dsl-router(dynamic ip)-->internet

AEK · ‎06-13-2024

I recommend to manage it over IPsec.

FGT --------------------- Dial-up IPsec -------------------- FGT --- FMG

AEK

View solution in original post

AEK · ‎06-13-2024

I recommend to manage it over IPsec.

FGT --------------------- Dial-up IPsec -------------------- FGT --- FMG

AEK

Chris_k · ‎07-02-2024

How secure is to forward tcp 541 to Fortimanger behind Fortigate ?

AEK · ‎07-02-2024

Please remind me what 541 TCP used for.

Can you provide more explanation on what you want to achieve?

AEK

Chris_k · ‎07-08-2024

the case is i want to replace about 60 branch routers with fortigate appliances.

everything is behind a nated dsl modem with isp's dynamic addresses.

The same for the headquarters Fortigate but with static ip's.

I try to find something as zero touch configuration of the branch devices, and also a safe management of them either through ipsec or fortimanager virtual ip

AEK · ‎07-09-2024

Please check this link.

https://docs.fortinet.com/document/fortimanager/7.4.3/administration-guide/227089/ipsec-tunnel-templ...

I didn't do it before but I'm sure it will help.

Regarding management, again I think it is safer to manage through IPsec.

AEK

sw2090 · ‎07-08-2024

@AEK 541/TCP is used for/by the FGFM Protocol used for communication between FMG and FGT.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

fortigate register & management from a Fortimanager

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website