Re: Fortinet 101F - Management Interface
and welcome to the forums.
I will try to give you hints as far as I've understood your questions. As you come from a different vendor your expectations as well as terminology might cause some confusion. But, in reality it's quite simple.
you can only assign one subnet (address + mask) to one port. You cannot assign any other address from that subnet to any other port on the FGT.
FortiOS will automatically create a static route to this interface for this subnet (look it up in Monitor > Routing monitor).
the only exception to this is the management interface (if present in hardware) or one port "dedicated to management" (all models). This is meant so that you can access all members of a cluster because this setting will not be synchronized across all cluster members. This means that you can access passive or slave members on their own local interface while the cluster itself carries a different address from the same subnet.
rule 2 leads to the idea that you don't HAVE to use the management port to manage the FGT. You can choose any port and allow access via HTTPS or SSH. I personally wouldn't allow that on WAN ports but there are cases where this comes in handy.
Next question about VPN:
yes, you can terminate an IPsec VPN on any port, using any address. My advice: do not use the VPN wizard but build your phase1 and phase2 by hand. You'll encounter all relevant parameters and find the spot where you specify the outbound port and address.
If you specify the 'remote address' the FGT of course needs a valid route to that address.
Question about gateway:
hmm, maybe you are looking for a way to create routes? Network > Static routes.
If your FGT features a switch (a compound of interfaces internally connected by a switch hardware) then only one port will carry an address & netmask.
Maybe I didn't understand your questions fully, then please continue to ask.
Ede " Kernel panic: Aiee, killing interrupt handler!"