Fortinet black logo

Administration Guide

Home FortiManager 7.2.3 Administration Guide

Configuring the management address

7.2.3
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0
Copy Link
Copy Doc ID cfaf9627-fe32-11ed-8e6d-fa163e15d75b:522489
Download PDF

Configuring the management address

Configure the management address setting on a FortiManager that is behind a NAT device so the FortiGate can initiate a connection to the FortiManager. By configuring the management address setting in the CLI, FortiManager knows the public IP and can configure it on the FortiGate.

When a FortiGate is discovered by a FortiManager that is behind a NAT device, the FortiManager does not automatically set the IP Address on the FortiGate. This prevents the FortiGate from pointing to the FortiManager's private IP address and initiating the FortiGate-FortiManager (FGFM) tunnel to the FortiManager.

You can use the CLI to configure the management address when the NAT device in front of the FortiManager has a static 1:1 NAT rule.

To configure the management address:

In the FortiManager CLI, enter the following command to define either the management IP address or FQDN.

config systems admin setting

set mgmt-addr <string>

set mgmt-fqdn <string>

Configuring multiple management addresses

Multiple IP addresses or FQDNs can be configured for FortiManager. When multiple addresses are listed, the FortiGate will attempt to establish the FGFM tunnel using the first IP/FQDN listed, and if it is unreachable will try each subsequent IP/FQDN until the tunnel is established. Only one address is ever used to establish the FGFM tunnel at a time.

In FortiManager-HA, when listing multiple management addresses, the first address defines the Primary device and the second address is the Secondary device.

To configure multiple management addresses:
  1. In the FortiManager CLI, enter the following commands.

    config system admin setting

    set mgmt-fqdn <FQDN/IP 1> <FQDN/IP 2> ...

    Note

    The set mgmt-fqdn command can be used with FQDNs and IP addresses.

  2. FortiManager automatically pushes the configuration to FortiGate, and on the FortiGate you can see both management addresses listed:

    config system central-management

    set type fortimanager

    set fmg <FQDN/IP 1> <FQDN/IP 2> ...

    end

    Alternatively, you can configure these settings directly on FortiGate devices.

Previous
Next

Configuring the management address

Configure the management address setting on a FortiManager that is behind a NAT device so the FortiGate can initiate a connection to the FortiManager. By configuring the management address setting in the CLI, FortiManager knows the public IP and can configure it on the FortiGate.

When a FortiGate is discovered by a FortiManager that is behind a NAT device, the FortiManager does not automatically set the IP Address on the FortiGate. This prevents the FortiGate from pointing to the FortiManager's private IP address and initiating the FortiGate-FortiManager (FGFM) tunnel to the FortiManager.

You can use the CLI to configure the management address when the NAT device in front of the FortiManager has a static 1:1 NAT rule.

To configure the management address:

In the FortiManager CLI, enter the following command to define either the management IP address or FQDN.

config systems admin setting

set mgmt-addr <string>

set mgmt-fqdn <string>

Configuring multiple management addresses

Multiple IP addresses or FQDNs can be configured for FortiManager. When multiple addresses are listed, the FortiGate will attempt to establish the FGFM tunnel using the first IP/FQDN listed, and if it is unreachable will try each subsequent IP/FQDN until the tunnel is established. Only one address is ever used to establish the FGFM tunnel at a time.

In FortiManager-HA, when listing multiple management addresses, the first address defines the Primary device and the second address is the Secondary device.

To configure multiple management addresses:
  1. In the FortiManager CLI, enter the following commands.

    config system admin setting

    set mgmt-fqdn <FQDN/IP 1> <FQDN/IP 2> ...

    Note

    The set mgmt-fqdn command can be used with FQDNs and IP addresses.

  2. FortiManager automatically pushes the configuration to FortiGate, and on the FortiGate you can see both management addresses listed:

    config system central-management

    set type fortimanager

    set fmg <FQDN/IP 1> <FQDN/IP 2> ...

    end

    Alternatively, you can configure these settings directly on FortiGate devices.

Previous
Next