Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jfcelda
New Contributor

Created on ‎02-09-2015 06:09 AM

way of communication between Fortimanager and Fortigate?

Hello,

 

I want to be sure, the fortimanager communicate with the fortigate ( TCP 541), but is the fortigate communicate with Fortimanager too? Or Can i put the Fortimanager in a DMZ that the public network can't reached? ( only the Fortimanager can reach the public network not the opposit)

 

Thanks,

 

JF

7497
0 Kudos
1 Solution
scao_FTNT
Staff
Staff

Created on ‎02-09-2015 11:28 AM

Or Can i put the Fortimanager in a DMZ that the public network can't reached? ( only the Fortimanager can reach the public network not the opposit)

   -- for your case, yes, you can do this and let FMG add FGT public IP. after FMG/FGT tunnel setup, later traffic is through tunnel

 

Thanks

 

Simon

View solution in original post

2262
0 Kudos
6 REPLIES 6
scao_FTNT
Staff
Staff

Created on ‎02-09-2015 11:25 AM

Hi, JF, both FMG and FGT may use TCP 541 to connect, based on topology

 

When FMG is behind NAT and no VIP access, when FMG adding device, need to connect to FGT TCP 541 to setup tunnel

When FGT is behind NAT and no VIP access, then FMG can not directly add device by that IP and you need to config FMG IP in FGT admin settings page - "Central Management" to let FGT connect to FMG to setup tunnel, then you will see FGT in FMG unregistered device list and then you can promote/add FGT from unregistered device list to device manager

 

Thanks

 

Simon

 

 

2215
0 Kudos
scao_FTNT
Staff
Staff

Created on ‎02-09-2015 11:28 AM

Or Can i put the Fortimanager in a DMZ that the public network can't reached? ( only the Fortimanager can reach the public network not the opposit)

   -- for your case, yes, you can do this and let FMG add FGT public IP. after FMG/FGT tunnel setup, later traffic is through tunnel

 

Thanks

 

Simon

2263
0 Kudos
jfcelda
New Contributor

Created on ‎02-09-2015 10:58 PM

Ok, thank you,

So i can let the FMG in a DMZ that public network can't reach and let the FMG connect to the Fortigates , who have a public IP adress

 

JF

2215
0 Kudos
scao_FTNT
Staff
Staff

Created on ‎02-10-2015 09:30 AM

So i can let the FMG in a DMZ that public network can't reach and let the FMG connect to the Fortigates , who have a public IP adress

   -- yes

 

Thanks

 

Simon

2215
0 Kudos
scao_FTNT
Staff
Staff

Created on ‎02-10-2015 09:32 AM

forgot to say, this is for config management between FMG and FGT

 

if you want to use FGT to send log to FMG (for FMG side logging function), then you still need to let FMG IP be accessible by FGT

 

Thanks

 

Simon

2215
0 Kudos
Sam_S1
New Contributor
In response to scao_FTNT

Created on ‎08-24-2017 01:27 AM

scao_FTNT wrote:

if you want to use FGT to send log to FMG (for FMG side logging function), then you still need to let FMG IP be accessible by FGT

 

Would you also need to open the logging ports if the FGM is in a DMZ? Or is the communication achieved by the management tunnel? 

 

2215
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.