Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

FortiGate-6000 and FortiGate-7000 Release Notes

Download PDF
Copy Link

HA reserved management interface support

FortiOS 6.2.4 for FortiGate-6000 and 7000 supports HA reserved management interfaces.

  • For the FortiGate-6000 you can configure mgmt1, mgmt2, and mgmt3 to be HA reserved management interfaces.
  • For the FortiGate-7000 you can add one or more VLAN interfaces to the management LAG and configure these VLAN interfaces to be HA reserved management interfaces.

This feature allows you to select one or more interfaces in the mgmt-vdom VDOM to be HA reserved management interfaces. Once the interfaces are configured to be reserved management interfaces, you can log into each FortiGate-6000 or 7000 in the HA cluster and configure the reserved management interface with individual IP addresses and other settings as required. You can also configure routing for each reserved management interface. The result is that each FortiGate-6000 or 7000 in the cluster has its own management interface or interfaces and each of these interfaces has its own IP address that is not synchronized to the other FortiGate-6000 or 7000 in the cluster.

To configure an HA reserved management interface from the GUI go to System > HA and enable Management Interface Reservation. Select one or more interfaces to be HA reserved management interfaces. Optionally configure routing for each reserved management interface. This routing configuration is not synchronized and can be configured separately for each device in the cluster.

To configure an HA reserved management interface from the CLI:

config system ha

set mode a-p

set ha-mgmt-status enable

set ha-direct enable

config ha-mgmt-interfaces

edit 0

set interface <interface>

set dst <destination-ip>

set gateway <gateway-ip>

set gateway6 <gateway-ipv6-ip>

end

end

Enabling ha-direct from the CLI is required if you plan to use the HA reserved management interface for SNMP, remote logging, or communicating with FortiSandbox. Enabling ha-direct is also required for some types of remote authentication, but is not required for RADIUS remote authentication.

For the FortiGate-6000, <interface> can be mgmt1, mgmt2, or mgmt3. You can only select an interface if it has not been used in another configuration.

For the FortiGate-7000, <interface> can be any VLAN interface that you have added to the FortiGate-7000 management interface (mgmt). Note that FortiGate-7000 management interface is a static lag and should not be changed.

For more information about this feature, see Out-of-band management.

HA reserved management interface support

FortiOS 6.2.4 for FortiGate-6000 and 7000 supports HA reserved management interfaces.

  • For the FortiGate-6000 you can configure mgmt1, mgmt2, and mgmt3 to be HA reserved management interfaces.
  • For the FortiGate-7000 you can add one or more VLAN interfaces to the management LAG and configure these VLAN interfaces to be HA reserved management interfaces.

This feature allows you to select one or more interfaces in the mgmt-vdom VDOM to be HA reserved management interfaces. Once the interfaces are configured to be reserved management interfaces, you can log into each FortiGate-6000 or 7000 in the HA cluster and configure the reserved management interface with individual IP addresses and other settings as required. You can also configure routing for each reserved management interface. The result is that each FortiGate-6000 or 7000 in the cluster has its own management interface or interfaces and each of these interfaces has its own IP address that is not synchronized to the other FortiGate-6000 or 7000 in the cluster.

To configure an HA reserved management interface from the GUI go to System > HA and enable Management Interface Reservation. Select one or more interfaces to be HA reserved management interfaces. Optionally configure routing for each reserved management interface. This routing configuration is not synchronized and can be configured separately for each device in the cluster.

To configure an HA reserved management interface from the CLI:

config system ha

set mode a-p

set ha-mgmt-status enable

set ha-direct enable

config ha-mgmt-interfaces

edit 0

set interface <interface>

set dst <destination-ip>

set gateway <gateway-ip>

set gateway6 <gateway-ipv6-ip>

end

end

Enabling ha-direct from the CLI is required if you plan to use the HA reserved management interface for SNMP, remote logging, or communicating with FortiSandbox. Enabling ha-direct is also required for some types of remote authentication, but is not required for RADIUS remote authentication.

For the FortiGate-6000, <interface> can be mgmt1, mgmt2, or mgmt3. You can only select an interface if it has not been used in another configuration.

For the FortiGate-7000, <interface> can be any VLAN interface that you have added to the FortiGate-7000 management interface (mgmt). Note that FortiGate-7000 management interface is a static lag and should not be changed.

For more information about this feature, see Out-of-band management.