Worker communication with FortiGuard
Individual workers need to be able to communicate with FortiGuard for anti virus updates, IPS updates, application control updates, FortiGuard web filtering lookups and other FortiGuard services. You can do this by adding a default route to the worker elbc-mgmt VDOM that points at the FortiController internal management interface. This causes each worker to route Internet-bound management traffic over the internal management network. The FortiController then forwards this traffic to the Internet using its default route.
When you add the default route to the primary worker elbc-mgmt VDOM it is synchronized to all of the workers in the cluster.
config vdom
edit elbc-mgmt
config router static
set device base-mgmt
set gateway 10.101.10.1
end
end
The gateway address is on the same subnet as the FortiController internal management network. If you change the FortiController internal management network you should also change the gateway for this default route. So the default gateway address for this route is 10.101.10.1. If you change the internal management network address to 20.202.20.0, then the gateway for this route would be 20.202.20.1.