Fortinet black logo

FortiGate-7000 Handbook

Setting up HA management connections

Copy Link
Copy Doc ID 42931b88-172e-11ec-8c53-00505692583a:59477
Download PDF

Setting up HA management connections

Fortinet recommends the following configurations for redundant management connections to a FortiGate-7000 HA configuration.

  • Single management connections to each of the FIMs.
  • Redundant management connections to each of the FIMs.

These management connections involve connecting the static redundant management interfaces (MGMT1 to MGMT4) of each FIM in the HA configuration to one or more switches. You do not have to change the FortiGate-7000 configuration to set up redundant management connections. However, specific switch configurations are required for each of these configurations as described below.

Note LACP is not supported for the mgmt aggregate interface.

Setting up single management connections to each of the FIMs

The simplest way to provide redundant management connections to a FortiGate-7000 HA configuration involves connecting the MGMT1 interface of each of the FIMs to four ports on a switch. On the switch you must add the four switch ports to the same VLAN. Then connect the switch to your management network and allow traffic from the VLAN to the management network.

Note A FortiGate-7030E HA configuration only has two FIMs so would only require two switch ports.
Example FortiGate-7000 HA redundant management connections

Setting up redundant management connections to each of the FIMs

You can enhance redundancy by setting up two redundant management connections to each FIM. To support this configuration, on the switch you must create a port channel for each FIM interface. Create a total of four port channels, one for each FIM and add each of the port channels to the same VLAN. Then connect the switch to your management network and allow traffic from the VLAN to the management network.

If you use two switches, the VLAN should span across both switches.

Note A FortiGate-7030E HA configuration only has two FIMs so would only require two port channels.
Example FortiGate-7000 HA redundant management connections with redundant connections to each FIM

Setting up HA management connections

Fortinet recommends the following configurations for redundant management connections to a FortiGate-7000 HA configuration.

  • Single management connections to each of the FIMs.
  • Redundant management connections to each of the FIMs.

These management connections involve connecting the static redundant management interfaces (MGMT1 to MGMT4) of each FIM in the HA configuration to one or more switches. You do not have to change the FortiGate-7000 configuration to set up redundant management connections. However, specific switch configurations are required for each of these configurations as described below.

Note LACP is not supported for the mgmt aggregate interface.

Setting up single management connections to each of the FIMs

The simplest way to provide redundant management connections to a FortiGate-7000 HA configuration involves connecting the MGMT1 interface of each of the FIMs to four ports on a switch. On the switch you must add the four switch ports to the same VLAN. Then connect the switch to your management network and allow traffic from the VLAN to the management network.

Note A FortiGate-7030E HA configuration only has two FIMs so would only require two switch ports.
Example FortiGate-7000 HA redundant management connections

Setting up redundant management connections to each of the FIMs

You can enhance redundancy by setting up two redundant management connections to each FIM. To support this configuration, on the switch you must create a port channel for each FIM interface. Create a total of four port channels, one for each FIM and add each of the port channels to the same VLAN. Then connect the switch to your management network and allow traffic from the VLAN to the management network.

If you use two switches, the VLAN should span across both switches.

Note A FortiGate-7030E HA configuration only has two FIMs so would only require two port channels.
Example FortiGate-7000 HA redundant management connections with redundant connections to each FIM