Out of band management – Fortinet FortiGate 4000 User Manual
Page 149
Network configuration
Out of band management
FortiGate-4000 Installation and Configuration Guide
149
• Enable secure administrative access to this interface using only HTTPS or SSH,
• Do not change the system idle timeout from the default value of 5 minutes (see
set the system idle timeout” on page 176
).
To configure the management interface in Transparent mode
1
Go to System > Network > Management.
2
Change the Management IP and Netmask as required.
This must be a valid IP address for the network that you want to manage the FortiGate
unit from.
3
Add a default gateway IP address if the FortiGate unit must connect to a default
gateway to reach the management computer.
4
Select the administrative access methods for each interface.
5
Select Log for each interface that you want to record log messages whenever a
firewall policy accepts a connection to this interface.
6
Select Apply to save the changes.
Out of band management
Configure the out of band management interface to set the out of band management
IP address of the FortiGate-4000 unit. You can also change the default route for the
out of band management interface and control administrative access connect to the
out of band management interface.
The out of band management interface is available in NAT/Route mode and in
Transparent mode.
To configure the out of band management interface
1
Go to System > Network > OOB Management.
2
Change the IP and Netmask as required.
This must be a valid IP address for the network that you want to manage the FortiGate
unit from.
3
Add a default gateway IP address if one is required for your network.
4
Select the administrative access methods for the out of band management interface.
HTTPS
To allow secure HTTPS connections to the web-based manager through this
interface.
PING
If you want this interface to respond to pings. Use this setting to verify your
installation and for testing.
HTTP
To allow HTTP connections to the web-based manager through this interface.
HTTP connections are not secure and can be intercepted by a third party.
SSH
To allow SSH connections to the CLI through this interface.
SNMP
To allow a remote SNMP manager to request SNMP information by connecting to
this interface. See
“Configuring SNMP” on page 180
TELNET
To allow Telnet connections to the CLI through this interface. Telnet connections
are not secure and can be intercepted by a third party.