In a branch office where there are few users with just one IP subnet used , I need to configure Fortigate Management interface in the same subnet of LAN. By default, FortiGate doesn’t permit such configurations and if you still try to configure, you get an error “Conflicts with LAN subnet“.
Management Interface = 10.10.10.5
LAN Interface = 10.10.10.254
To override this default behaviour, login to CLI and execute these 2 commands.
# config system settings (settings) # set allow-subnet-overlap enable
Now you can configure your Management interface.
Important Note: Management interface Role should never be the same as your LAN Role, then you will face weird routing and reachability issues.
In the Trusted Hosts setting, you can limit the IP address of hosts from which Fortigate GUI/console can be accessed.
Leave a Reply