Network configuration

Configuring interfaces

 

 

You can also configure management access and add a ping server to the secondary

IP address.

set system interface <intf_str> config secallowaccess ping https ssh snmp http telnet

set system interface <intf_str> config secgwdetect enable

Adding a ping server to an interface

Add a ping server to an interface if you want the FortiGate unit to confirm connectivity with the next hop router on the network connected to the interface. Adding a ping server is required for routing failover. See “Adding destination-based routes to the routing table” on page 101.

To add a ping server to an interface

1Go to System > Network > Interface.

2Choose an interface and select Modify .

3Set Ping Server to the IP address of the next hop router on the network connected to the interface.

4Select the Enable check box.

The FortiGate unit uses dead gateway detection to ping the Ping Server IP address to make sure that the FortiGate unit can connect to this IP address. To configure dead gateway detection, see “Modifying the Dead Gateway Detection settings” on

page 123.

5Select OK to save the changes.

Controlling administrative access to an interface

For a FortiGate unit running in NAT/Route mode, you can control administrative access to an interface to control how administrators access the FortiGate unit and the FortiGate interfaces to which administrators can connect.

Controlling administrative access for an interface connected to the Internet allows remote administration of the FortiGate unit from any location on the Internet. However, allowing remote administration from the Internet could compromise the security of your FortiGate unit. You should avoid allowing administrative access for an interface connected to the Internet unless this is required for your configuration. To improve the security of a FortiGate unit that allows remote administration from the Internet:

Use secure administrative user passwords,

Change these passwords regularly,

Enable secure administrative access to this interface using only HTTPS or SSH,

Do not change the system idle timeout from the default value of 5 minutes (see “To set the system idle timeout” on page 122).

To configure administrative access in Transparent mode, see “Configuring the management interface in Transparent mode” on page 99.

To control administrative access to an interface

1 Go to System > Network > Interface.

FortiGate-50A Installation and Configuration Guide

97

Page 96 Page 98
Page 97
Image 97
Fortinet 50A user manual Adding a ping server to an interface, Controlling administrative access to an interface
Page 96 Page 98
Top Page Image Contents