Fortinet black logo

Best Practices

Home FortiManager 6.2.0 Best Practices

NAT considerations

6.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
6.0.0
5.6.0
Copy Link
Copy Doc ID ed540d89-57e0-11e9-81a4-00505692583a:699411
Download PDF

NAT considerations

Configure the management address setting on a FortiManager that is behind a NAT device so the FortiGate can initiate a connection to the FortiManager.

When a FortiGate is discovered by a FortiManager that is behind a NAT device, the FortiManager does NOT automatically set the IP Address on the FortiGate. This prevents the FortiGate from pointing to the FortiManager's private IP address and initiating the FortiGate-FortiManager (FGFM) tunnel to the FortiManager.

By configuring the management address setting in the CLI, FortiManager knows the public IP and can configure it on the FortiGate.

You can use the CLI to configure the management address when the NAT device in front of the FortiManager has a static 1:1 NAT rule

To configure the management address with the CLI:

config system admin setting

set mgmt-addr "x.x.x.x"

** Detail **

Previous
Next

NAT considerations

Configure the management address setting on a FortiManager that is behind a NAT device so the FortiGate can initiate a connection to the FortiManager.

When a FortiGate is discovered by a FortiManager that is behind a NAT device, the FortiManager does NOT automatically set the IP Address on the FortiGate. This prevents the FortiGate from pointing to the FortiManager's private IP address and initiating the FortiGate-FortiManager (FGFM) tunnel to the FortiManager.

By configuring the management address setting in the CLI, FortiManager knows the public IP and can configure it on the FortiGate.

You can use the CLI to configure the management address when the NAT device in front of the FortiManager has a static 1:1 NAT rule

To configure the management address with the CLI:

config system admin setting

set mgmt-addr "x.x.x.x"

** Detail **

Previous
Next