Fortigate Management Interface in HA Mode

If you create a Fortigate HA Cluster, you got an option “Reserve Management Port for Cluster Member” which you can activate. If active you can select an interface for this option.

This is a nice feature.

Like that you can assign an IP address to an interface, which is not synchronized. Every machine got it’s own IP address. This is very helpful, if you got virtual clusters with different masters. It also helps to monitor the CPU and memory of a subordinate device.

Again, there is much more you can do on the command line, then on the guy:

First you activate the feature:

config system ha
     set ha-mgmt-status enable
     set ha-mgmt-interface wan2
     set ha-mgmt-interface-gateway 10.11.101.100
end

Then you assign an individual IP address to every node in the cluster:

config system interface
	edit wan2
	set ip 10.11.101.101/24
	set allow access https ping ssh snmp
end
config system interface
	edit wan2
	set ip 10.11.101.102/24
	set allow access https ping ssh snmp
end

That’s it. Now you can easily access every single machine in the cluster.

Close Menu