If you create a Fortigate HA Cluster, you got an option “Reserve Management Port for Cluster Member” which you can activate. If active you can select an interface for this option.
This is a nice feature.
Like that you can assign an IP address to an interface, which is not synchronized. Every machine got it’s own IP address. This is very helpful, if you got virtual clusters with different masters. It also helps to monitor the CPU and memory of a subordinate device.
Again, there is much more you can do on the command line, then on the GUI:
First you activate the feature:
config system ha set ha-mgmt-status enable set ha-mgmt-interface wan2 set ha-mgmt-interface-gateway 10.11.101.100 end
Do not forget to set a default gateway. This interface is isolated and requires its own routing.
Then you assign an individual IP address to every node in the cluster:
config system interface edit wan2 set ip 10.11.101.101/24 set allow access https ping ssh snmp end
config system interface edit wan2 set ip 10.11.101.102/24 set allow access https ping ssh snmp end
That’s it. Now you can easily access every single machine in the cluster.