Fortinet black logo

FortiGate-7000 Release Notes

Special management port numbers

Special management port numbers

You may want to connect to individual FPCs to view status information or perform a maintenance task, such as installing firmware or performing a restart. You can connect to the GUI or CLI of individual FPCs (or the management board) using the MGMT1 interface IP address with a special port number.

Note

You can use the config load-balance setting slbc-mgmt-intf command to change the management interface used. The default is mgmt1 and it can be changed to mgmt2, or mgmt3.

To enable using the special management port numbers to connect to individual FPCs, set slbc-mgmt-intf to an interface that is connected to a network, has a valid IP address, and has management or administrative access enabled. To block access to the special management port numbers you can set slbc-mgmt-intf to an interface that is not connected to a network, does not have a valid IP address, or has management or administrative access disabled.

For example, if the MGMT1 interface IP address is 192.168.1.99 you can connect to the GUI of the first FPC (the FPC in slot 1) by browsing to :

https://192.168.1.99:44301

The special port number (in this case, 44301) is a combination of the service port (for HTTPS, the service port is 443) and the FPC slot number (in this example, 01).

You can view the special HTTPS management port number for and log in to the GUI of an FPC from the Configuration Sync Monitor.

The following table lists the special ports you can use to connect to individual FPCs or the management board using common management protocols. The FortiGate-6300F and 6301F have 7 slots (0 to 6) and the FortiGate-6500F and 6501F have 11 slots (0 to 10). Slot 0 is the management board (MBD) slot. Slots 1 to 10 are FPC slots.

Note

You can't change the special management port numbers. Changing configurable management port numbers, for example the HTTPS management port number (which you might change to support SSL VPN), does not affect the special management port numbers.

FortiGate-6000 special management port numbers
Slot Address HTTP (80) HTTPS (443) Telnet (23) SSH (22) SNMP (161)
Slot 0, (MBD) 8000 44300 2300 2200 16100
Slot 1 (FPC01) 8001 44301 2301 2201 16101
Slot 2 (FPC02) 8002 44302 2302 2202 16102
Slot 3 (FPC03) 8003 44303 2303 2203 16103
Slot 4 (FPC04) 8004 44304 2304 2204 16104
Slot 5 (FPC05) 8005 44305 2305 2205 16105
Slot 6 (FPC06) 8006 44306 2306 2206 16106
Slot 7 (FPC07) 8007 44307 2307 2207 16107
Slot 8 (FPC08) 8008 44308 2308 2208 16108
Slot 9 (FPC09) 8009 44309 2309 2209 16109
Slot 10 (FPC10) 8010 44310 2310 2210 16110

For example, to connect to the CLI of the FPC in slot 3 using SSH, you would connect to ssh://192.168.1.99:2203.

To verify which slot you have logged into, the GUI header banner and the CLI prompt shows the current hostname. The System Information dashboard widget also shows the host name and serial number. The CLI prompt also shows slot address in the format <hostname> [<slot address>] #.

Logging in to different FPCs allows you to use the FortiView or Monitor GUI pages to view the activity on that FPC. You can also restart the FPC from its GUI or CLI. Even though you can log in to different FPCs, you can only make configuration changes from the management board.

Special management port numbers

You may want to connect to individual FPCs to view status information or perform a maintenance task, such as installing firmware or performing a restart. You can connect to the GUI or CLI of individual FPCs (or the management board) using the MGMT1 interface IP address with a special port number.

Note

You can use the config load-balance setting slbc-mgmt-intf command to change the management interface used. The default is mgmt1 and it can be changed to mgmt2, or mgmt3.

To enable using the special management port numbers to connect to individual FPCs, set slbc-mgmt-intf to an interface that is connected to a network, has a valid IP address, and has management or administrative access enabled. To block access to the special management port numbers you can set slbc-mgmt-intf to an interface that is not connected to a network, does not have a valid IP address, or has management or administrative access disabled.

For example, if the MGMT1 interface IP address is 192.168.1.99 you can connect to the GUI of the first FPC (the FPC in slot 1) by browsing to :

https://192.168.1.99:44301

The special port number (in this case, 44301) is a combination of the service port (for HTTPS, the service port is 443) and the FPC slot number (in this example, 01).

You can view the special HTTPS management port number for and log in to the GUI of an FPC from the Configuration Sync Monitor.

The following table lists the special ports you can use to connect to individual FPCs or the management board using common management protocols. The FortiGate-6300F and 6301F have 7 slots (0 to 6) and the FortiGate-6500F and 6501F have 11 slots (0 to 10). Slot 0 is the management board (MBD) slot. Slots 1 to 10 are FPC slots.

Note

You can't change the special management port numbers. Changing configurable management port numbers, for example the HTTPS management port number (which you might change to support SSL VPN), does not affect the special management port numbers.

FortiGate-6000 special management port numbers
Slot Address HTTP (80) HTTPS (443) Telnet (23) SSH (22) SNMP (161)
Slot 0, (MBD) 8000 44300 2300 2200 16100
Slot 1 (FPC01) 8001 44301 2301 2201 16101
Slot 2 (FPC02) 8002 44302 2302 2202 16102
Slot 3 (FPC03) 8003 44303 2303 2203 16103
Slot 4 (FPC04) 8004 44304 2304 2204 16104
Slot 5 (FPC05) 8005 44305 2305 2205 16105
Slot 6 (FPC06) 8006 44306 2306 2206 16106
Slot 7 (FPC07) 8007 44307 2307 2207 16107
Slot 8 (FPC08) 8008 44308 2308 2208 16108
Slot 9 (FPC09) 8009 44309 2309 2209 16109
Slot 10 (FPC10) 8010 44310 2310 2210 16110

For example, to connect to the CLI of the FPC in slot 3 using SSH, you would connect to ssh://192.168.1.99:2203.

To verify which slot you have logged into, the GUI header banner and the CLI prompt shows the current hostname. The System Information dashboard widget also shows the host name and serial number. The CLI prompt also shows slot address in the format <hostname> [<slot address>] #.

Logging in to different FPCs allows you to use the FortiView or Monitor GUI pages to view the activity on that FPC. You can also restart the FPC from its GUI or CLI. Even though you can log in to different FPCs, you can only make configuration changes from the management board.