I'm trying to access/monitor remote cluster nodes internally via VPN using the 'set management-ip' command. FW-Node-1: config system interface edit "vsw.LinkAgg0" set vdom "root" set management-ip 172.28.28.2 255.255.255.0 set ip 172.28.28.1 255.255.255.0 set allowaccess ping https ssh snmp set device-identification enable set role lan set snmp-index 14 set switch-controller-feature default-vlan set interface "LinkAgg0" set vlanid 1 next end FW-Node-2: config system interface edit "vsw.LinkAgg0" set vdom "root" set management-ip 172.28.28.3 255.255.255.0 set ip 172.28.28.1 255.255.255.0 set allowaccess ping https ssh snmp set device-identification enable set role lan set snmp-index 14 set switch-controller-feature default-vlan set interface "LinkAgg0" set vlanid 1 next end From remote via the VPN Tunnel i'm only able to reach the interface VIP .1 and .2 from the active FW-Node. From an server in that VLAN i can access the interface VIP .1, .2 from the active FW-Node and .3 from the standby FW-Node. That's expected as per the documentation: https://docs.fortinet.com...230/in-band-management However, when i perform sourceNAT on the traffic from the VPN tunnel i'm still not able to access the .3 from the standby FW-Node. Even if i create an ippool .4 and translate the remote traffic to that one it's not working which i would expect to work as traffic originates from the same VLAN (as written in the documentation). It doesn't matter if the ippool is set as overload or one-to-one but when i run a permanent ping to .3 from remote with the ippool set to .4 as overload and ARP reply enabled and then change it from overload to one-to-one while the permanent ping is still running then i'm getting 5-6 replies back - but after that nothing anymore. Also if i ping from active FW-Node the .3 of the standby FW-Node there is no reply. When i ping form the standby FW-Node the .2 of the active FW-Node i do get a reply. That seems to be a bug
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1529 | |
1027 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.