Fortinet 50A Adding a ping server to an interface, Controlling administrative access to an interface

Network configuration Configuring interfaces

FortiGate-50A Installation and Configuration Guide 97

You can also configure management access and add a ping server to the secondary

IP address.

set system interface <intf_str> config secallowaccess ping

https ssh snmp http telnet

set system interface <intf_str> config secgwdetect enable

Adding a ping server to an interface

Add a ping server to an interface if you want the FortiGate unit to confirm connectivity

with the next hop router on the network connected to the interface. Adding a ping

server is required for routing failover. See “Adding destination-based routes to the

routing table” on page 101.

To add a ping server to an interface

1Go to System > Network > Interface.

2Choose an interface and select Modify .

3Set Ping Server to the IP address of the next hop router on the network connected to

the interface.

4Select the Enable check box.

The FortiGate unit uses dead gateway detection to ping the Ping Server IP address to

make sure that the FortiGate unit can connect to this IP address. To configure dead

gateway detection, see “Modifying the Dead Gateway Detection settings” on

page 123.

5Select OK to save the changes.

Controlling administrative access to an interface

For a FortiGate unit running in NAT/Route mode, you can control administrative

access to an interface to control how administrators access the FortiGate unit and the

FortiGate interfaces to which administrators can connect.

Controlling administrative access for an interface connected to the Internet allows

remote administration of the FortiGate unit from any location on the Internet. However,

allowing remote administration from the Internet could compromise the security of

your FortiGate unit. You should avoid allowing administrative access for an interface

connected to the Internet unless this is required for your configuration. To improve the

security of a FortiGate unit that allows remote administration from the Internet:

• Use secure administrative user passwords,

• Change these passwords regularly,

• Enable secure administrative access to this interface using only HTTPS or SSH,

• Do not change the system idle timeout from the default value of 5 minutes (see “To

set the system idle timeout” on page 122).

To configure administrative access in Transparent mode, see “Configuring the

management interface in Transparent mode” on page99.

To control administrative access to an interface

1Go to System > Network > Interface.