Administrative access

Administrative access

Interfaces, especially the public-facing ports can be potentially accessed by those who you may not want access to the FortiGate unit. When setting up the FortiGate unit, you can set the type of protocol an administrator must use to access the FortiGate unit. The options include:

  • HTTP
  • SSH
  • SNMP
  • PING
  • FortiManager Access (FMG-Access)
  • FortiHeartBeat


You can select as many, or as few, even none, that are accessible by an administrator.

This example adds an IPv4 address to the WAN1 interface as well as the administrative access to HTTPS and SSH. As a good practice, set the administrative access when you are setting the IP address for the port.


To add an IP address on the WAN1 interface – web-based manager

1. Go to System > Network > Interface.

2. Select the WAN1 interface row and select Edit.

3. Select the Addressing Mode of Manual.

4. Enter the IP address for the port of

5. For Administrative Access, select HTTPS and SSH.

6. Select OK.


To create IP address on the WAN1 interface – CLI

config system interface

edit wan1

set ip set allowaccess https ssh



When adding to, or removing a protocol, you must type the entire list again. For example, if you have an access list of HTTPS and SSH, and you want to add PING, typing:

set allowaccess ping

…only PING will be set. In this case, you must type…

set allowaccess https ssh ping

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos

Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos