Tag Archives: firewall local in policies

Hardening Administrative Access in FortiOS 7.4.2

You absolutely MUST harden administrative access on your FortiGate if you want to remain secure and prepared. There are a lot of ways to help reduce the attack surface and make things as secure as possible.

  1. Remove Administrative Access from any interface that absolutely is NOT necessary.
  2. Remove the default admin account and create non-standard ones
  3. Add Trusted Hosts to your administrative accounts
  4. Add multi-factor authentication to your admin accounts
  5. Utilize Local-In-Policy configurations to shrink your attack surface

 

Firewall local-in policies are supported for the dedicated HA management interface

Firewall local-in policies are supported for the dedicated HA management interface

To add local in polices for the dedicated management interface, enable ha-mgmt-inft-only and set intf to any. Enabling ha-mgmt-intf-only means the local-in policy applies only to the VDOM that contains the dedicated HA management interface.

config firewall local-in-policy

edit 0

set ha-mgmt-intf-only enable

set intf any

etc…

end