Configuring management interface
The management interface should be used exclusively by the FortiADC administrator to manage the devices, physical or virtual, (such as configuring or debugging it). It should be an interface through which FortiADC's management traffic (such as license authenticating) can traverse at any time without affecting normal network traffic. It is especially useful for slave devices in HA active-passive mode. The management interface has the highest access permissions, and the FortiADC administrator should make sure that it is used for management traffic only, and avoid using it for normal traffic.
You can configure the management interface from either the GUI or the CLI. This section discusses how to configure the management interface from the GUI. For instructions on how to configure management interface using the CLI, see the section "Moving from 'Dedicated HA Management IP' to 'Management Interface'" at the end of this section.
- It must be noted that, because the management interface is a global configuration, it must and can only be configured from the "global" system interface and used by the "global" administrator. Therefore, the option is NOT available on any VDOM.
- This "management interface" is a virtual interface, which is quite different from the default, factory-set, "physical" management interface used to set up the appliance for the first time, as discussed in Step 2: Configure the management interface, Chapter 3: "Getting Started", of this Handbook.
To configure the management interface:
- From FortiADC's global interface, click Networking > Interface to open the interface configuration page.
- In the Management Interface section, click the edit button, the pencil, in the top right corner to enable the management interface. The fields for management interface configuration appear on the page.
- Make the desired selections and entries as described in Management interface configuration.
- Click Save when done.
"Dedicated HA Management IP" vs. "Management Interface"
In pre-FortiADC 4.8.1 releases, the GUI had an option in interface configuration (Networking > Interface > Add) which allows you to set an interface as the "Dedicated HA Management IP", which functions exactly the same as the "Management Interface" in 4.8.1. With the 4.8.1 release, that option is removed from the GUI (even though it is still available in the Console) is replaced by the "Management Interface". If you have a dedicated HA management IP configured on a pre-4.8.1 version of FortiADC, we highly recommend that you delete it, and then configure a management interface instead, after you've upgraded to 4.8.1. This will help streamline your interface configuration and make system management easier.
All this can be done through FortiADC's Console only. The following instructions show how to delete your old "Dedicated HA Management IP" and configure the "Management Interface" using the Console in FortiADC 4.8.1:
Step 1: Remove the "Dedicate HA Management IP"
Execute the following commands:
config system interface
set dedicate-to-mgmt disable
Step 2: Configure the "Management Interface":
Execute the following commands:
config system ha
set mgmt-status enable
set mgmt-interface port1
set mgmt-ip 10.106.129.120/24
set mgmt-ip-allowaccess https ping ssh snmp http telnet
set mgmt-mac-addr fe:02:98:41:93:f8