Using data interfaces for management traffic
Normally, all management traffic connects with the FortiGate-7000 through the FIM MGMT1, MGMT2, MGMT3, and MGMT4 interfaces. The FortiGate-7000 does also support management traffic connections to the FIM data interfaces. To enable management connections to these interfaces you must configure the VDOM that the data interfaces are included in to allow traffic forwarding to the primary FIM. By default, the root VDOM includes all of the data interfaces. To allow management communication between the root VDOM and the primary FIM, edit the root VDOM from the CLI and use the following command:
config vdom
edit root
config system settings
set motherboard-traffic-forwarding {icmp | admin}
end
The icmp
option, enabled by default, allows you to log into the primary FIM from one of the MGMT interfaces and use the execute ping
command to ping an address through one of the FIM data interfaces. The interface used depends on the routing configuration.
The admin
option allows Telnet, SSH, HTTP, and HTTPS administrator connections from a management PC to a data interface. You cannot configure data interfaces to accept management connections using non-standard ports.
Currently, the admin setting is in development and not recommended. |