Fortinet black logo

FortiGate-6000 Handbook

Home FortiGate-6000 6.0.4 FortiGate-6000 Handbook

Using data interfaces for management traffic

6.0.4
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.16
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.2.3
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
5.4.10
Copy Link
Copy Doc ID 25038b48-5585-11e9-81a4-00505692583a:661728
Download PDF

Using data interfaces for management traffic

The FortiGate-6000 supports basic management communication through the FortiGate-6000 data interfaces (port1 to port28). To enable management connections to these interfaces, configure the VDOM that the data interfaces are included in to allow traffic forwarding to the management board.

For example, to allow management communication for interfaces in the root VDOM, edit the root VDOM from the CLI and use the following command:

config vdom

edit root

config system settings

set motherboard-traffic-forwarding icmp admin

end

The icmp option, enabled by default, allows you to log into the management board from one of the MGMT interfaces and use the execute ping command to ping an address through one of the data interfaces. The interface used depends on the routing configuration.

The admin option allows Telnet, SSH, HTTP, and HTTPS management connections a data interface in the VDOM. You cannot configure data interfaces to accept management connections using non-standard ports.

You can enable both icmp and admin traffic forwarding or just one or the other.

note icon Currently, the admin option is in development and not recommended.
Previous
Next

Using data interfaces for management traffic

The FortiGate-6000 supports basic management communication through the FortiGate-6000 data interfaces (port1 to port28). To enable management connections to these interfaces, configure the VDOM that the data interfaces are included in to allow traffic forwarding to the management board.

For example, to allow management communication for interfaces in the root VDOM, edit the root VDOM from the CLI and use the following command:

config vdom

edit root

config system settings

set motherboard-traffic-forwarding icmp admin

end

The icmp option, enabled by default, allows you to log into the management board from one of the MGMT interfaces and use the execute ping command to ping an address through one of the data interfaces. The interface used depends on the routing configuration.

The admin option allows Telnet, SSH, HTTP, and HTTPS management connections a data interface in the VDOM. You cannot configure data interfaces to accept management connections using non-standard ports.

You can enable both icmp and admin traffic forwarding or just one or the other.

note icon Currently, the admin option is in development and not recommended.
Previous
Next