You can edit an HA cluster and configure one or more of the interfaces in the
mgmt-vdom VDOM (mgmt1, mgmt2, and mgmt3) to be HA reserved management interfaces. You can then log into each FortiGate-6000 in the cluster and configure its reserved management interfaces with IP addresses and other custom interface settings as required. You can also configure routing for each reserved management interface. The result is that each FortiGate-6000 in the cluster has its own management interface or interfaces and each of these interfaces has its own IP address that is not synchronized to the other FortiGate-6000 in the cluster.
To configure an HA reserved management interface from the GUI, go to System > HA and enable Management Interface Reservation. Select one or more interfaces to be HA reserved management interfaces. Optionally configure routing for each reserved management interface. This routing configuration is not synchronized and can be configured separately for each FortiGate-6000 in the cluster.
To configure an HA reserved management interface from the CLI:
config system ha
set mode a-p
set ha-mgmt-status enable
set ha-direct enable
set interface <interface>
set dst <destination-ip>
set gateway <gateway-ip>
set gateway6 <gateway-ipv6-ip>
ha-direct from the CLI is required if you plan to use the HA reserved management interface for SNMP, remote logging, or communicating with FortiSandbox. Enabling
ha-direct is also required for some types of remote authentication, but is not required for RADIUS remote authentication.
<interface> can be
mgmt3. You can only select an interface if it has not been used in another configuration.
For more information, see Out-of-band management.