|
Workspace mode provides the ability to make changes that can revert configurations if there is no commitment from the user to save the changes after the specified time. By default, it is set for 10 minutes. More information about workspace mode can be found in this section of the administration guide.
In this example, an attempt is made to access the FortiGate remotely over its WAN IP. Since an address change is being performed to the WAN IP, connectivity will typically be lost after trying to make the change. In this case, workspace mode can be used to revert the changes if the change is unsuccessful.
First, set the FortiGate into workspace mode and set the revert timeout to the desired time:
Go to System -> Settings -> Workflow management -> Configuration save mode 'Manual' -> Set the revert timeout.
Second, configure the static route and gateway for the new WAN IP. Make sure the distances for the old static route and new static route match or the route will otherwise not be active in the routing table and the GUI will be inaccessible:
config router static
edit 1
set dst 0.0.0.0 0.0.0.0
set gateway <New_Gateway_IP>
set distance 1 <- Administrative distance must be the same.
set device “port9" <- WAN interface.
next
end
Thirdly, edit the WAN interface for the new static IP:
config system interface
edit "port9"
set ip <New_Static_IP> <Subnet_Mask>
set allowaccess ping https ssh http telnet
set type physical
set alias "WAN1"
next
end
If the change is successful, the FortiGate should have connectivity and remotely accessing the FortiGate over it’s WAN IP will not be an issue. Save the commitment if it works.
If making the changes to the WAN interface causes the FortiGate to lose connectivity, the changes to the FortiGate we will be reverted after the specified time.
|
