Administrative access

Administrative access

Interfaces, especially the public-facing ports can be potentially accessed by those who you may not want access to the FortiGate unit. When setting up the FortiGate unit, you can set the type of protocol an administrator must use to access the FortiGate unit. The options include:

  • HTTPS
  • HTTP
  • SSH
  • TELNET
  • SNMP
  • PING
  • FortiManager Access (FMG-Access)
  • FortiHeartBeat

 

You can select as many, or as few, even none, that are accessible by an administrator.

This example adds an IPv4 address 172.20.120.100 to the WAN1 interface as well as the administrative access to HTTPS and SSH. As a good practice, set the administrative access when you are setting the IP address for the port.

 

To add an IP address on the WAN1 interface – web-based manager

1. Go to System > Network > Interface.

2. Select the WAN1 interface row and select Edit.

3. Select the Addressing Mode of Manual.

4. Enter the IP address for the port of 172.20.120.100/24.

5. For Administrative Access, select HTTPS and SSH.

6. Select OK.

 

To create IP address on the WAN1 interface – CLI

config system interface

edit wan1

set ip 172.20.120.100/24 set allowaccess https ssh

end

 

When adding to, or removing a protocol, you must type the entire list again. For example, if you have an access list of HTTPS and SSH, and you want to add PING, typing:

set allowaccess ping

…only PING will be set. In this case, you must type…

set allowaccess https ssh ping

This entry was posted in FortiGate, FortiOS and tagged , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.