Network configuration | Configuring interfaces |
|
|
Controlling administrative access to an interface
For a FortiGate unit running in NAT/Route mode, you can control administrative access to an interface to control how administrators access the FortiGate unit and the FortiGate interfaces to which administrators can connect.
Controlling administrative access for an interface connected to the Internet allows remote administration of the FortiGate unit from any location on the Internet. However, allowing remote administration from the Internet could compromise the security of your FortiGate unit. You should avoid allowing administrative access for an interface connected to the Internet unless this is required for your configuration. To improve the security of a FortiGate unit that allows remote administration from the Internet:
•Use secure administrative user passwords,
•Change these passwords regularly,
•Enable secure administrative access to this interface using only HTTPS or SSH,
•Do not change the system idle timeout from the default value of 5 minutes (see “To set the system idle timeout” on page 170).
To configure administrative access in Transparent mode, see “Configuring the management interface in Transparent mode” on page 144.
To control administrative access to an interface
1Go to System > Network > Interface.
2Choose an interface and select Modify .
3Select the Administrative Access methods for the interface.
HTTPS To allow secure HTTPS connections to the
PING If you want this interface to respond to pings. Use this setting to verify your installation and for testing.
HTTP To allow HTTP connections to the
SSH To allow SSH connections to the CLI through this interface.
SNMP To allow a remote SNMP manager to request SNMP information by connecting to this interface. See “Configuring SNMP” on page 173.
TELNET To allow Telnet connections to the CLI through this interface. Telnet connections are not secure and can be intercepted by a third party.
4Select OK to save the changes.
143 |