Fortinet black logo

FGCP HA in-band management for management interfaces

FGCP HA in-band management for management interfaces

The FortiGate-6000 and 7000 now support FGCP HA in-band management for FortiGate-6000 and 7000 management interfaces (mgmt, mgmt1, mgmt2, and mgmt3).

HA in-band management allows you to add a second management IP address to one or more FortiGate-6000 or 7000 management interfaces. The management IP address is accessible from the network that the interface is connected to. This setting is not synchronized, so each FortiGate-6000 or 7000 in the cluster can have their own in-band management IP addresses; providing management access to the secondary FortiGate-6000 or 7000.

Note

FortiGate-6000 and 7000 does not support HA in-band management for data interfaces.

FortiGate-6000 HA in-band management configuration:

config vdom

edit mgmt-vdom

config system interface

edit {1-mgmt1 | 1-mgmt2 | 1-mgmt3 | 2-mgmt1 | 2-mgmt2 | 2-mgmt3}

set management-ip <ip address>

end

FortiGate-7000E HA in-band management configuration:

config vdom

edit mgmt-vdom

config system interface

edit mgmt

set management-ip <ip address>

end

You can also remove individual mgmt interfaces from the FortiGate-7000E LAG and add an in-band management address to these interfaces.

FortiGate-7000F HA in-band management configuration.

config vdom

edit mgmt-vdom

config system interface

edit {1-mgmt1 | 1-mgmt2 | 2-mgmt1 | 2-mgmt2}

set management-ip <ip address>

end

The management-ip option is available only when HA is enabled.

To support HA in-band management, the FortiGate-6000 and 7000 now handle HA virtual MAC addresses in the same way as other FortiGates.

FGCP HA in-band management for management interfaces

The FortiGate-6000 and 7000 now support FGCP HA in-band management for FortiGate-6000 and 7000 management interfaces (mgmt, mgmt1, mgmt2, and mgmt3).

HA in-band management allows you to add a second management IP address to one or more FortiGate-6000 or 7000 management interfaces. The management IP address is accessible from the network that the interface is connected to. This setting is not synchronized, so each FortiGate-6000 or 7000 in the cluster can have their own in-band management IP addresses; providing management access to the secondary FortiGate-6000 or 7000.

Note

FortiGate-6000 and 7000 does not support HA in-band management for data interfaces.

FortiGate-6000 HA in-band management configuration:

config vdom

edit mgmt-vdom

config system interface

edit {1-mgmt1 | 1-mgmt2 | 1-mgmt3 | 2-mgmt1 | 2-mgmt2 | 2-mgmt3}

set management-ip <ip address>

end

FortiGate-7000E HA in-band management configuration:

config vdom

edit mgmt-vdom

config system interface

edit mgmt

set management-ip <ip address>

end

You can also remove individual mgmt interfaces from the FortiGate-7000E LAG and add an in-band management address to these interfaces.

FortiGate-7000F HA in-band management configuration.

config vdom

edit mgmt-vdom

config system interface

edit {1-mgmt1 | 1-mgmt2 | 2-mgmt1 | 2-mgmt2}

set management-ip <ip address>

end

The management-ip option is available only when HA is enabled.

To support HA in-band management, the FortiGate-6000 and 7000 now handle HA virtual MAC addresses in the same way as other FortiGates.