FGCP HA in-band management for management interfaces
The FortiGate-6000 and 7000 now support FGCP HA in-band management for FortiGate-6000 and 7000 management interfaces (mgmt, mgmt1, mgmt2, and mgmt3).
HA in-band management allows you to add a second management IP address to one or more FortiGate-6000 or 7000 management interfaces. The management IP address is accessible from the network that the interface is connected to. This setting is not synchronized, so each FortiGate-6000 or 7000 in the cluster can have their own in-band management IP addresses; providing management access to the secondary FortiGate-6000 or 7000.
|
FortiGate-6000 and 7000 does not support HA in-band management for data interfaces. |
FortiGate-6000 HA in-band management configuration:
config vdom
edit mgmt-vdom
config system interface
edit {1-mgmt1 | 1-mgmt2 | 1-mgmt3 | 2-mgmt1 | 2-mgmt2 | 2-mgmt3}
set management-ip <ip address>
end
FortiGate-7000E HA in-band management configuration:
config vdom
edit mgmt-vdom
config system interface
edit mgmt
set management-ip <ip address>
end
You can also remove individual mgmt interfaces from the FortiGate-7000E LAG and add an in-band management address to these interfaces.
FortiGate-7000F HA in-band management configuration.
config vdom
edit mgmt-vdom
config system interface
edit {1-mgmt1 | 1-mgmt2 | 2-mgmt1 | 2-mgmt2}
set management-ip <ip address>
end
The management-ip option is available only when HA is enabled.
To support HA in-band management, the FortiGate-6000 and 7000 now handle HA virtual MAC addresses in the same way as other FortiGates.