Fortinet black logo

FortiGate-6000 Handbook

Using data interfaces for management traffic

Using data interfaces for management traffic

Normally, all management traffic connects with the FortiGate-6000 through the MGMT1, MGMT2, and MGMT3 interfaces. The FortiGate-6000 does also support management traffic connections to the FortiGate-6000 data interfaces (port1 to port28). To enable management connections to these interfaces you must configure the VDOM that the data interfaces are included in to allow traffic forwarding to the management board. By default, the root VDOM includes all of the data interfaces. To allow management communication between the root VDOM and the management board, edit the root VDOM from the CLI and use the following command:

config vdom

edit root

config system settings

set motherboard-traffic-forwarding {icmp | admin}

end

The icmp option, enabled by default, allows you to log into the management board from one of the MGMT interfaces and use the execute ping command to ping an address through one of the data interfaces. The interface used depends on the routing configuration.

The admin option allows Telnet, SSH, HTTP, and HTTPS administrator connections from a management PC to a data interface in the VDOM. You cannot configure data interfaces to accept management connections using non-standard ports.

Note Currently, the admin setting is in development and not recommended.

Using data interfaces for management traffic

Normally, all management traffic connects with the FortiGate-6000 through the MGMT1, MGMT2, and MGMT3 interfaces. The FortiGate-6000 does also support management traffic connections to the FortiGate-6000 data interfaces (port1 to port28). To enable management connections to these interfaces you must configure the VDOM that the data interfaces are included in to allow traffic forwarding to the management board. By default, the root VDOM includes all of the data interfaces. To allow management communication between the root VDOM and the management board, edit the root VDOM from the CLI and use the following command:

config vdom

edit root

config system settings

set motherboard-traffic-forwarding {icmp | admin}

end

The icmp option, enabled by default, allows you to log into the management board from one of the MGMT interfaces and use the execute ping command to ping an address through one of the data interfaces. The interface used depends on the routing configuration.

The admin option allows Telnet, SSH, HTTP, and HTTPS administrator connections from a management PC to a data interface in the VDOM. You cannot configure data interfaces to accept management connections using non-standard ports.

Note Currently, the admin setting is in development and not recommended.