Fortinet 5.0 Patch 6

Fortinet 117 FortiWeb 5.0 Patch 6 Administration Guide

To configure a network interface’s IPv4 address via the CLI

Enter the following commands:

config system interface

edit <interface_name>

set ip <address_ipv4mask> <netmask_ipv4mask>

set allowaccess {http https ping snmp ssh telnet}

end

where:

•<interface_name> is the name of a network interface

•<address_ipv4> is the IP address assigned to the network interface

•<netmask_ipv4mask> is its netmask in dotted decimal format

•{http https ping snmp ssh telnet} is a space-delimited list of zero or more

administrative protocols that you want to allow to access the FortiWeb appliance through

the network interface

If you were connected to the CLI through this network interface, you are now disconnected

from it.

To access the CLI again, in your terminal client, modify the address to match the new IP

address of the network interface. For example, if you configured the network interface with

the IP address 172.16.1.20, you would connect to that IP address.

If the new IP address is on a different subnet than the previous IP address, and your

computer is directly connected to the FortiWeb appliance, you may also need to modify the

IP address and subnet of your computer to match the FortiWeb appliance’s new IP address.

Adding VLAN subinterfaces

You can add a virtual local area network (VLAN) subinterface to a network interface or bridge on

the FortiWeb appliance.

Similar to a local area network (LAN), use a IEEE 802.1q VLAN to reduce the size of a broadcast

domain and thereby reduce the amount of broadcast traffic received by network hosts,

improving network performance.

Unlike physical LANs, VLANs do not require you to install separate hardware switches and

routers to achieve this effect. Instead, VLAN-compliant switches, such as FortiWeb appliances,

restrict broadcast traffic based upon whether its VLAN ID matches that of the destination

network. As such, VLAN trunks can be used to join physically distant broadcast domains as if

they were close.

The VLAN ID is part of the tag that is inserted into each Ethernet frame in order to identify traffic

for a specific VLAN. VLAN header addition is handled automatically by FortiWeb appliances,

and does not require that you adjust the maximum transmission unit (MTU). Depending on

HTTP and Telnet connections are not secure, and can be intercepted by a third party. If

possible, enable this option only for network interfaces connected to a trusted private

network, or directly to your management computer. Failure to restrict administrative access

through this protocol could compromise the security of your FortiWeb appliance.

VLANs are not designed to be a security measure, and should not be used where untrusted

devices and/or individuals outside of your organization have access to the equipment. VLAN

tags are not authenticated, and can be ignored or modified by attackers. VLAN tags rely on the

voluntary compliance of the receiving host or switch.