Hot!Mgmt Access to 500D

Author
Sleiman
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/07/19 23:10:20
  • Status: offline
2019/07/21 21:03:01 (permalink)
0

Mgmt Access to 500D

Hello, I'm setting up a new pair of 500Ds. I first tried to setup mgmt access through the mgmt interface but I couldn't find where to set the default gateway for the mgmt port. I was able to access the Fortigate from the the same subnet but not from anywhere else.
 
I then assigned an interface to the inside interface and put it on a vlan on my distribution. I also added a static route for the 192.168.0.0/16 through the inside interface (port4). I still wasn't able to access the fortigate from a different subnet. I tried to debug but nothing showed up. I added a permit any on top and I still wasn't able to access. Can someone point me in the right direction to what I could be missing here?
 
Thanks
#1

4 Replies Related Threads

    hubertzw
    Gold Member
    • Total Posts : 192
    • Scores: 5
    • Reward points: 0
    • Joined: 2018/04/16 13:29:04
    • Status: offline
    Re: Mgmt Access to 500D 2019/07/21 22:19:10 (permalink)
    0
    You need https enabled on the interface which belongs to the network segment you initiate the connection from.
    #2
    Toshi Esumi
    Expert Member
    • Total Posts : 1652
    • Scores: 139
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Mgmt Access to 500D 2019/07/22 08:35:58 (permalink)
    0
    Are you setting up two 500Ds in HA? Then the GW for "dedicated-to management" port is configured in HA config. Because the network is separated from the regular user ("root") network.
    https://docs.fortinet.com/document/fortigate/6.0.6/handbook/234765/out-of-band-management
     
    #3
    Sleiman
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/07/19 23:10:20
    • Status: offline
    Re: Mgmt Access to 500D 2019/07/22 14:33:10 (permalink)
    0
    Hello, https is actually enabled on the firewall. I'm thinking this is purely routing or access. This will be configure in HA but I haven't done the HA config. Do you recommend doing the HA config and configuring the mgmt gateway from there? 
     
    Thanks 
    #4
    Toshi Esumi
    Expert Member
    • Total Posts : 1652
    • Scores: 139
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Mgmt Access to 500D 2019/07/22 16:27:40 (permalink)
    0
    I think,... when you configure HA you have to use HA config to set the GW for management network, although there is a config section "config system dedicated-mgmt" as below:
    https://help.fortinet.com/cli/fos60hlp/60/Content/FortiOS/fortiOS-cli-ref/config/system/dedicated-mgmt.htm
    This doc has cryptic message "not recommended". But I'm assuming it's only "specifying interface" in this config section is not recommended.
    If you don't configure HA, you probably need to specify the GW in this config section after doing "set status ena". I haven't done without HA before so not 100% sure.
    #5
    Jump to:
    © 2019 APG vNext Commercial Version 5.5