DescriptionThis article describes the new command to configure reserved HA management interface in the GUI in FortiOS v6
ScopeThe HA Reserved Management Interface provides a direct management access
to all cluster units by reserving a management interface as part of the
HA configuration.
SolutionA different IP address and administrative access settings can be configured for this interface for each cluster unit.
From the CLI you can also configure IPv4 and IPv6 default routes that are only used by the reserved management interface.
- Log into the CLI of any cluster unit.
- Enter the following command to enable the reserved management interface, set port8 as the reserved interface, and add an IPv4 default route of 10.11.101.2 and an IPv6 default route of 2001:db8:0:2::20 for the reserved management interface.
config system ha
set ha-mgmt-status enable
config ha-mgmt-interfaces
edit 1
set interface port8
set gateway 10.11.101.2 <--- IP for secondary unit
set gateway6 2001:db8:0:2::20
end
The reserved management interface default route is not synchronized to other cluster units.config system interface
edit port8
set ip 10.11.101.101/24
set allowaccess https ping ssh snmp
end
From secondary unit:
- Connect to the primary unit CLI and use the execute ha manage command to connect to a subordinate unit CLI.
You can identify the subordinate unit from is serial number or host name. The host name appears in the CLI prompt.
- Enter the following command to change the port8 IP address to 10.11.101.102 and set management access to HTTPS, ping, SSH, and SNMP.
config system interface
edit port8
set ip 10.11.101.102/24
set allowaccess https ping ssh snmp
end
Log into the subordinate unit GUI by browsing to https://10.11.101.102. You can also log into this subordinate unit CLI by using an SSH client to connect to 10.11.101.102.
