beautypg.com

Configuring the – Fortinet FortiGate 50A User Manual

Page 99

background image

Network configuration

Configuring interfaces

FortiGate-50A Installation and Configuration Guide

99

Configuring the management interface in Transparent mode

Configure the management interface in Transparent mode to set the management IP
address of the FortiGate unit. Administrators connect to this IP address to administer
the FortiGate unit. The FortiGate also uses this IP address to connect to the FDN for
virus and attack updates (see

“Updating antivirus and attack definitions” on page 73

).

You can also configure the management interface to control how administrators
connect to the FortiGate unit for administration and the FortiGate interfaces to which
administrators can connect.

Controlling administrative access to a FortiGate interface connected to the Internet
allows remote administration of the FortiGate unit from any location on the Internet.
However, allowing remote administration from the Internet could compromise the
security of the FortiGate unit. You should avoid allowing administrative access for an
interface connected to the Internet unless this is required for your configuration. To
improve the security of a FortiGate unit that allows remote administration from the
Internet:

• Use secure administrative user passwords,
• Change these passwords regularly,
• Enable secure administrative access to this interface using only HTTPS or SSH,
• Do not change the system idle timeout from the default value of 5 minutes (see

“To

set the system idle timeout” on page 122

).

To configure the management interface in Transparent mode

1

Go to System > Network > Management.

2

Change the Management IP and Netmask as required.
This must be a valid IP address for the network that you want to manage the FortiGate
unit from.

3

Add a default gateway IP address if the FortiGate unit must connect to a default
gateway to reach the management computer.

4

Select the administrative access methods for each interface.

5

Select Log for each interface that you want to record log messages whenever a
firewall policy accepts a connection to this interface.

6

Select Apply to save the changes.

HTTPS

To allow secure HTTPS connections to the web-based manager through this

interface.

PING

If you want this interface to respond to pings. Use this setting to verify your

installation and for testing.

HTTP

To allow HTTP connections to the web-based manager through this interface.

HTTP connections are not secure and can be intercepted by a third party.

SSH

To allow SSH connections to the CLI through this interface.

SNMP

To allow a remote SNMP manager to request SNMP information by connecting to

this interface. See

“Configuring SNMP” on page 125

.

TELNET

To allow Telnet connections to the CLI through this interface. Telnet connections

are not secure and can be intercepted by a third party.

See also other documents in the category Fortinet Hardware: