Fortinet 50A Configuring the management interface in Transparent mode

Network configuration Configuring interfaces

FortiGate-50A Installation and Configuration Guide 99

Configuring the management interface in Transparent mode

Configure the management interface in Transparent mode to set the management IP

address of the FortiGate unit. Administrators connect to this IP address to administer

the FortiGate unit. The FortiGate also uses this IP address to connect to the FDN for

virus and attack updates (see “Updating antivirus and attack definitions” on page73).

You can also configure the management interface to control how administrators

connect to the FortiGate unit for administration and the FortiGate interfaces to which

administrators can connect.

Controlling administrative access to a FortiGate interface connected to the Internet

allows remote administration of the FortiGate unit from any location on the Internet.

However, allowing remote administration from the Internet could compromise the

security of the FortiGate unit. You should avoid allowing administrative access for an

interface connected to the Internet unless this is required for your configuration. To

improve the security of a FortiGate unit that allows remote administration from the

Internet:

• Use secure administrative user passwords,

• Change these passwords regularly,

• Enable secure administrative access to this interface using only HTTPS or SSH,

• Do not change the system idle timeout from the default value of 5 minutes (see “To

set the system idle timeout” on page 122).

To configure the management interface in Transparent mode

1Go to System > Network > Management.

2Change the Management IP and Netmask as required.

This must be a valid IP address for the network that you want to manage the FortiGate

unit from.

3Add a default gateway IP address if the FortiGate unit must connect to a default

gateway to reach the management computer.

4Select the administrative access methods for each interface.

5Select Log for each interface that you want to record log messages whenever a

firewall policy accepts a connection to this interface.

6Select Apply to save the changes.

HTTPS To allow secure HTTPS connections to the web-based manager through this

interface.

PING If you want this interface to respond to pings. Use this setting to verify your

installation and for testing.

HTTP To allow HTTP connections to the web-based manager through this interface.

HTTP connections are not secure and can be intercepted by a third party.

SSH To allow SSH connections to the CLI through this interface.

SNMP To allow a remote SNMP manager to request SNMP information by connecting to

this interface. See “Configuring SNMP” on page 125.

TELNET To allow Telnet connections to the CLI through this interface. Telnet connections

are not secure and can be intercepted by a third party.