Fortinet black logo

FortiGate-7000 Handbook

Using data interfaces for management traffic

Copy Link
Copy Doc ID 9f4efde9-e60f-11e9-8977-00505692583a:561013
Download PDF

Using data interfaces for management traffic

Normally, all management traffic connects with the FortiGate-7000 through the FIM MGMT1, MGMT2, MGMT3, and MGMT4 interfaces. The FortiGate-7000 does also support management traffic connections to the FIM data interfaces. To enable management connections to these interfaces you must configure the VDOM that the data interfaces are included in to allow traffic forwarding to the primary FIM. By default, the root VDOM includes all of the data interfaces. To allow management communication between the root VDOM and the primary FIM, edit the root VDOM from the CLI and use the following command:

config vdom

edit root

config system settings

set motherboard-traffic-forwarding {icmp | admin}

end

The icmp option, enabled by default, allows you to log into the primary FIM from one of the MGMT interfaces and use the execute ping command to ping an address through one of the FIM data interfaces. The interface used depends on the routing configuration.

The admin option allows Telnet, SSH, HTTP, and HTTPS administrator connections from a management PC to a data interface. You cannot configure data interfaces to accept management connections using non-standard ports.

Note Currently, the admin setting is in development and not recommended.

Using data interfaces for management traffic

Normally, all management traffic connects with the FortiGate-7000 through the FIM MGMT1, MGMT2, MGMT3, and MGMT4 interfaces. The FortiGate-7000 does also support management traffic connections to the FIM data interfaces. To enable management connections to these interfaces you must configure the VDOM that the data interfaces are included in to allow traffic forwarding to the primary FIM. By default, the root VDOM includes all of the data interfaces. To allow management communication between the root VDOM and the primary FIM, edit the root VDOM from the CLI and use the following command:

config vdom

edit root

config system settings

set motherboard-traffic-forwarding {icmp | admin}

end

The icmp option, enabled by default, allows you to log into the primary FIM from one of the MGMT interfaces and use the execute ping command to ping an address through one of the FIM data interfaces. The interface used depends on the routing configuration.

The admin option allows Telnet, SSH, HTTP, and HTTPS administrator connections from a management PC to a data interface. You cannot configure data interfaces to accept management connections using non-standard ports.

Note Currently, the admin setting is in development and not recommended.