Interfaces, especially the public-facing ports can be potentially accessed by those who you may not want access to the FortiGate unit. When setting up the FortiGate unit, you can set the type of protocol an administrator must use to access the FortiGate unit. The options include:
- FortiManager Access (FMG-Access)
You can select as many, or as few, even none, that are accessible by an administrator.
This example adds an IPv4 address 172.20.120.100 to the WAN1 interface as well as the administrative access to HTTPS and SSH. As a good practice, set the administrative access when you are setting the IP address for the port.
To add an IP address on the WAN1 interface – web-based manager
1. Go to System > Network > Interface.
2. Select the WAN1 interface row and select Edit.
3. Select the Addressing Mode of Manual.
4. Enter the IP address for the port of 172.20.120.100/24.
5. For Administrative Access, select HTTPS and SSH.
6. Select OK.
To create IP address on the WAN1 interface – CLI
config system interface
set ip 172.20.120.100/24 set allowaccess https ssh
When adding to, or removing a protocol, you must type the entire list again. For example, if you have an access list of HTTPS and SSH, and you want to add PING, typing:
set allowaccess ping
…only PING will be set. In this case, you must type…
set allowaccess https ssh ping
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!