beautypg.com

Controlling administrative access to an interface, For informat – Fortinet FortiGate 4000 User Manual

Page 147

background image

Network configuration

Configuring interfaces

FortiGate-4000 Installation and Configuration Guide

147

Controlling administrative access to an interface

For a FortiGate unit running in NAT/Route mode, you can control administrative
access to an interface to control how administrators access the FortiGate unit and the
FortiGate interfaces to which administrators can connect.

Controlling administrative access for an interface connected to the Internet allows
remote administration of the FortiGate unit from any location on the Internet. However,
allowing remote administration from the Internet could compromise the security of
your FortiGate unit. You should avoid allowing administrative access for an interface
connected to the Internet unless this is required for your configuration. To improve the
security of a FortiGate unit that allows remote administration from the Internet:

• Use secure administrative user passwords,
• Change these passwords regularly,
• Enable secure administrative access to this interface using only HTTPS or SSH,
• Do not change the system idle timeout from the default value of 5 minutes (see

“To

set the system idle timeout” on page 176

).

To configure administrative access in Transparent mode, see

“Configuring the

management interface in Transparent mode” on page 148

.

To control administrative access to an interface

1

Go to System > Network > Interface.

2

Choose an interface and select Modify

.

3

Select the Administrative Access methods for the interface.

4

Select OK to save the changes.

HTTPS

To allow secure HTTPS connections to the web-based manager through this

interface.

PING

If you want this interface to respond to pings. Use this setting to verify your

installation and for testing.

HTTP

To allow HTTP connections to the web-based manager through this interface.

HTTP connections are not secure and can be intercepted by a third party.

SSH

To allow SSH connections to the CLI through this interface.

SNMP

To allow a remote SNMP manager to request SNMP information by connecting to

this interface. See

“Configuring SNMP” on page 180

.

TELNET

To allow Telnet connections to the CLI through this interface. Telnet connections

are not secure and can be intercepted by a third party.