Fortinet 215 FortiWeb 5.0 Patch 6 Administration Guide
Trus ted Host #1
Trus ted Host #2
Trus ted Host #3
Type the source IP address(es) and netmask from which the
administrator is allowed to log in to the FortiWeb appliance. If PING is
enabled, this is also a source IP address to which FortiWeb will
respond when it receives a ping or traceroute signal.
Trusted areas can be single hosts, subnets, or a mixture. For more
information, see “Trusted hosts” on page 51.
To allow logins only from one computer, enter its IP address and 32- or
128-bit netmask in all Trus ted Hos t fields:
192.0.2.2/32
2001:0db8:85a3:::8a2e:0370:7334/128
Caution: If you configure trusted hosts, do so for all administrator
accounts. Failure to do so means that all accounts are still exposed to
the risk of brute force login attacks. This is because if you leave even
one administrator account unrestricted (i.e. any of its Tru ste d Ho st
settings is 0.0.0.0/0.0.0.0), the FortiWeb appliance must allow
login attempts on all network interfaces where remote administrative
protocols are enabled, and wait until after a login attempt has been
received in order to check that user name’s trusted hosts list.
Tip: If you allow login from the Internet, set a longer and more complex
Password, and enable only secure administrative access protocols
(HTTPS and SSH) to minimize the security risk. For information on
administrative access protocols, see “Configuring the network
interfaces” on page 113. Also restrict trusted hosts to IPs in your
administrator’s geographical area.
Tip: For improved security, restrict all trusted host addresses to single
IP addresses of computer(s) from which only this administrator will log
in.
Setting name Description