Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.9
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiWeb 7.6.9 CLI Reference
    7.6.9
    8.0.5
    8.0.4
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.9
    7.6.8
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    5.7.0
    5.6.1
    5.6.0

    system ha-mgmt-router-policy

    system ha-mgmt-router-policy

    Use this command to configure a policy route used exclusively by an individual high availability (HA) cluster member in Active-Passive (AP) or Standard Active-Active (AAS) mode.

    This command does not apply to High Volume Active-Active (AAH) mode. In an AAH cluster, network synchronization is disabled between the primary and secondary nodes to allow each member independent control over its network routing.

    For appliances in an AP or AAS HA group, configurations defined via config router policy and config router static synchronize across all group members. Conversely, configurations defined via config system ha-mgmt-router-static or config system ha-mgmt-router-policy apply solely to the specific local member. This local routing mechanism allows you to connect a specific cluster member to backend servers or management networks outside the shared server pool of the HA group.

    To use this command, your administrator account’s access control profile must have rw or w permission to the sysgrp area. For details, see Permissions.

    Syntax

    config system ha-mgmt-router-policy

    edit <policy_index>

    set iif "<incoming_interface_name>"

    set src "<source_ip>"

    set dst "<destination_ip>"

    set oif "<outgoing_interface_name>"

    set gateway "<router_ip>"

    set priority <priorty_int>

    next

    end

    Variable Description Default

    <policy_index>

    Enter the index number of the policy route.

    The valid range is 0–65,535.

    		 No default.

    "<incoming_interface_name>"

    		 Enter the name of the interface, such as port1, on which FortiWeb receives packets it applies this routing policy to. No default.

    src "<source_ip>"

    Enter the source IP address and netmask to match, separated with a space.

    FortiWeb routes matching traffic through the specified interface and gateway.

    		 0.0.0.0 0.0.0.0

    dst "<destination_ip>"

    Enter the destination IP address and netmask to match, separated with a space.

    FortiWeb routes matching traffic through the specified interface and gateway.

    		 0.0.0.0 0.0.0.0

    "<outgoing_interface_name>"

    		 Enter the name of the interface, such as port2, through which FortiWeb routes packets that match the specified IP address information. No default.

    gateway "<router_ip>"

    Enter the IP address of a next-hop router.

    A gateway address is not required for the particular routing policies used as static routes in an one-arm topology. Leave this blank for a one-arm network topology.

    		 0.0.0.0

    priority <priorty_int>

    		 Enter a value between 1 and 200 that specifies the priority of the route.

    When packets match more than one policy route, FortiWeb directs traffic to the route with the lowest value.    		 200
    Previous
    Next

    system ha-mgmt-router-policy

    system ha-mgmt-router-policy

    Use this command to configure a policy route used exclusively by an individual high availability (HA) cluster member in Active-Passive (AP) or Standard Active-Active (AAS) mode.

    This command does not apply to High Volume Active-Active (AAH) mode. In an AAH cluster, network synchronization is disabled between the primary and secondary nodes to allow each member independent control over its network routing.

    For appliances in an AP or AAS HA group, configurations defined via config router policy and config router static synchronize across all group members. Conversely, configurations defined via config system ha-mgmt-router-static or config system ha-mgmt-router-policy apply solely to the specific local member. This local routing mechanism allows you to connect a specific cluster member to backend servers or management networks outside the shared server pool of the HA group.

    To use this command, your administrator account’s access control profile must have rw or w permission to the sysgrp area. For details, see Permissions.

    Syntax

    config system ha-mgmt-router-policy

    edit <policy_index>

    set iif "<incoming_interface_name>"

    set src "<source_ip>"

    set dst "<destination_ip>"

    set oif "<outgoing_interface_name>"

    set gateway "<router_ip>"

    set priority <priorty_int>

    next

    end

    Variable Description Default

    <policy_index>

    Enter the index number of the policy route.

    The valid range is 0–65,535.

    		 No default.

    "<incoming_interface_name>"

    		 Enter the name of the interface, such as port1, on which FortiWeb receives packets it applies this routing policy to. No default.

    src "<source_ip>"

    Enter the source IP address and netmask to match, separated with a space.

    FortiWeb routes matching traffic through the specified interface and gateway.

    		 0.0.0.0 0.0.0.0

    dst "<destination_ip>"

    Enter the destination IP address and netmask to match, separated with a space.

    FortiWeb routes matching traffic through the specified interface and gateway.

    		 0.0.0.0 0.0.0.0

    "<outgoing_interface_name>"

    		 Enter the name of the interface, such as port2, through which FortiWeb routes packets that match the specified IP address information. No default.

    gateway "<router_ip>"

    Enter the IP address of a next-hop router.

    A gateway address is not required for the particular routing policies used as static routes in an one-arm topology. Leave this blank for a one-arm network topology.

    		 0.0.0.0

    priority <priorty_int>

    		 Enter a value between 1 and 200 that specifies the priority of the route.

    When packets match more than one policy route, FortiWeb directs traffic to the route with the lowest value.    		 200
    Previous
    Next