Fortigate HA interface Reservation

si111 · ‎02-28-2021

Hello Guys I want to have delicate ip add for the management with HA active-passive setup on my mgmt port, i have multiple vdom setup and root as management. However on my HA setting for the management interface reservation i cannot see mgmt port appear on the selection. Anyone facing the same situation before.

Toshi_Esumi · ‎02-28-2021

The "dedicated-to management" port(s) won't be in root vdom. If it was in, both active and passive units would have the same interface IP by HA syncing. The mgmt ports are separated from those vdoms and the config is excluded from syncing so that you can get in each specific unit with its unique IP.

si111 · ‎02-28-2021

Hi Toshi is there any way to move it out from root vdom, because it auto assign to root vdom when root was create and selected as vdom.

Toshi Esumi

Expert Member

Total Posts : 2452Scores: 237Reward points: 0Joined: 11/7/2014Status: offline[/ul]

Re: Fortigate HA interface Reservation 3 hours ago (permalink) 0 The "dedicated-to management" port(s) won't be in root vdom. If it was in, both active and passive units would have the same interface IP by HA syncing. The mgmt ports are separated from those vdoms and the config is excluded from syncing so that you can get in each specific unit with its unique IP. Answer Helpful Report Abuse Forward Quote #2 si111

Quick Reply: (Open Full Version) Paragraph Font Family Font Size

Path: p

Submit Post Home » All Forums » [link=https://forum.fortinet.com/tt.aspx?forumid=119][Other FortiGate and FortiOS Topics][/link] » System settings » Fortigate HA interface Reservation

Jump to: Jump to - - - - - - - - - - [FortiGate / FortiOS UTM features] - - - - AntiVirus - - - - Application Control - - - - Data Leak Prevention (DLP) - - - - Email filtering (AntiSPAM) - - - - Former Content Management Forum - - - - Intrusion Detection & Prevention - - - - Web Filtering [Other FortiGate and FortiOS Topics] - - - - Firewall - - - - Log & Report - - - - Miscellaneous -- FortiOS and FortiGate - - - - New Features -- FortiOS - - - - Routing and Transparent Mode - - - - System settings - - - - User and Authentication - - - - VPN [Other Fortinet Products] - - - - AscenLink - - - - AV Engine - - - - Coyote Point - - - - FortiADC - - - - FortiAI - - - - FortiAnalyzer - - - - FortiAP - - - - FortiAuthenticator - - - - FortiBalancer - - - - FortiBridge - - - - FortiCache - - - - FortiCamera & FortiRecorder - - - - FortiCarrier - - - - FortiCASB - - - - FortiClient - - - - FortiCloud - - - - FortiConnect - - - - FortiController - - - - FortiConverter - - - - FortiCore - - - - FortiCWB - - - - FortiDB - - - - FortiDDOS - - - - FortiDeceptor - - - - FortiDirector - - - - FortiDNS - - - - FortiEDR - - - - FortiExplorer - - - - FortiExtender - - - - FortiFone - - - - FortiGuard - - - - FortiGSLB - - - - FortiHypervisor - - - - FortiInsight - - - - FortiIsolator - - - - FortiMail - - - - FortiManager - - - - FortiMonitor - - - - FortiNAC - - - - Fortinet Security Fabric - - - - FortiPlanner - - - - FortiPortal - - - - FortiPresence - - - - FortiProxy - - - - FortiRecorder - - - - FortiRPS - - - - FortiSandbox - - - - FortiScan - - - - FortiSIEM - - - - FortiSOAR - - - - FortiSwitch - - - - FortiTester - - - - FortiToken - - - - FortiTap - - - - FortiVoice - - - - FortiWAN - - - - FortiWeb - - - - FortiWeb Cloud - - - - FortiWiFi - - - - Wireless Infrastructure (FortiWLC, FortiWLM, Meru) - - - - IPS Engine [Forum Information & Miscellaneous Topics] - - - - Forum News - - - - Ideas for Forum Site - - - - Fortinet Cookbook - - - - Knowledge Base - - - - Technical -- non-FortiOS - - - - Miscellaneous -- non-technical © 2021 APG vNext Commercial Version 5.5 Latest Posts Re: SDWAN links keep failing on Ping6 health check

Static source NAT fails for outgoing through different gateways with SDWAN

Unable to establish connection to strongswan server

Date|time column format

Re: Fortigate HA interface Reservation

Re: Message "This FortiGate has taken over for the original master" does not disappear

Fortigate HA interface Reservation

Re: Server seems to reject credentials when reentering.

Malware hash external list.

Re: Join AD with Fortigate 40-F, DNS Problems

[/ul] Active Posts Message "This FortiGate has taken over for the original master" does not disappear

Join AD with Fortigate 40-F, DNS Problems

FSSO missing user logon events in DC agent mode - "Too much request in the queue"

VIPs with multiple WANs or external IPs

FGT100F 10Gb Uplink to HPE SN2100M Switch through 100Gb to 4x25Gb Breakout Cable possible?

Fortigate 30E - WAN port led blinking amber on speed

Disable SSLVPN webportal page

6.4.5/40F NP6XLITE errors

Connection reset

Problem with blocking emails from only one e-mail address

[/ul] All FAQs There is no record available at this moment[/ul] Toshi

si111 · ‎02-28-2021

The main issues was i cannot select mgmt port to be reserve

Toshi_Esumi · ‎03-01-2021

It should be automatic if you configure it in ha like below:

config system hp

config ha-mgmt-interfaces edit 1 set interface "mgmt1" set gateway x.x.x.x next end end

Then mgmt1 should get "set dedicated-to management" and vdom is removed.

config system interface edit "mgmt1" set ip x.x.x.x 255.255.255.xxx set allowaccess ping https ssh fgfm set type physical set dedicated-to management set snmp-index 1 set defaultgw disable next end