Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.6.0 Administration Guide
    7.6.0
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Configuring the management address

    Configuring the management address

    Configure the management address setting on a FortiManager that is behind a NAT device so the FortiGate can initiate a connection to the FortiManager. By configuring the management address setting in the CLI, FortiManager knows the public IP and can configure it on the FortiGate.

    When a FortiGate is discovered by a FortiManager that is behind a NAT device, the FortiManager does not automatically set the IP Address on the FortiGate. This prevents the FortiGate from pointing to the FortiManager's private IP address and initiating the FortiGate-FortiManager (FGFM) tunnel to the FortiManager.

    You can use the CLI to configure the management address when the NAT device in front of the FortiManager has a static 1:1 NAT rule.

    To configure the management address:

    In the FortiManager CLI, enter the following command to define either the management IP address or FQDN.

    config systems admin setting

    set mgmt-addr <string>

    set mgmt-fqdn <string>

    Configuring multiple management addresses

    Multiple IP addresses or FQDNs can be configured for FortiManager. When multiple addresses are listed, the FortiGate will attempt to establish the FGFM tunnel using the first IP/FQDN listed, and if it is unreachable will try each subsequent IP/FQDN until the tunnel is established. Only one address is ever used to establish the FGFM tunnel at a time.

    In FortiManager-HA, when listing multiple management addresses, the first address defines the Primary device and the second address is the Secondary device.

    To configure multiple management addresses:
    1. In the FortiManager CLI, enter the following commands.

      config system admin setting

      set mgmt-fqdn <FQDN/IP 1> <FQDN/IP 2> ...

      Note

      The set mgmt-fqdn command can be used with FQDNs and IP addresses.

    2. FortiManager automatically pushes the configuration to FortiGate, and on the FortiGate you can see both management addresses listed:

      config system central-management

      set type fortimanager

      set fmg <FQDN/IP 1> <FQDN/IP 2> ...

      end

      Alternatively, you can configure these settings directly on FortiGate devices.

    Previous
    Next

    Configuring the management address

    Configuring the management address

    Configure the management address setting on a FortiManager that is behind a NAT device so the FortiGate can initiate a connection to the FortiManager. By configuring the management address setting in the CLI, FortiManager knows the public IP and can configure it on the FortiGate.

    When a FortiGate is discovered by a FortiManager that is behind a NAT device, the FortiManager does not automatically set the IP Address on the FortiGate. This prevents the FortiGate from pointing to the FortiManager's private IP address and initiating the FortiGate-FortiManager (FGFM) tunnel to the FortiManager.

    You can use the CLI to configure the management address when the NAT device in front of the FortiManager has a static 1:1 NAT rule.

    To configure the management address:

    In the FortiManager CLI, enter the following command to define either the management IP address or FQDN.

    config systems admin setting

    set mgmt-addr <string>

    set mgmt-fqdn <string>

    Configuring multiple management addresses

    Multiple IP addresses or FQDNs can be configured for FortiManager. When multiple addresses are listed, the FortiGate will attempt to establish the FGFM tunnel using the first IP/FQDN listed, and if it is unreachable will try each subsequent IP/FQDN until the tunnel is established. Only one address is ever used to establish the FGFM tunnel at a time.

    In FortiManager-HA, when listing multiple management addresses, the first address defines the Primary device and the second address is the Secondary device.

    To configure multiple management addresses:
    1. In the FortiManager CLI, enter the following commands.

      config system admin setting

      set mgmt-fqdn <FQDN/IP 1> <FQDN/IP 2> ...

      Note

      The set mgmt-fqdn command can be used with FQDNs and IP addresses.

    2. FortiManager automatically pushes the configuration to FortiGate, and on the FortiGate you can see both management addresses listed:

      config system central-management

      set type fortimanager

      set fmg <FQDN/IP 1> <FQDN/IP 2> ...

      end

      Alternatively, you can configure these settings directly on FortiGate devices.

    Previous
    Next