Technical Tip: Security fabric audit check on unsecured protocol
Description
This article describes the steps to configure FortiGate in order to avoid security audit check fail related to unsecured protocol.
Solution
Security fabric audit checks are based on current network configuration, using real time monitoring.
Security audit provides the suggestion/recommendation for current running network configuration to avoid vulnerabilities and to improve the overall security.
Unsecured Protocol: HTTP, Telnet.
IP access are exposed on unsecured protocol.
Security audit will not run on unsecured protocol, if interfaces are not classified.
All interfaces are classified as either LAN, WAN, or DMZ.
For mentioning the role of interface, run the following command:
This article describes the steps to configure FortiGate in order to avoid security audit check fail related to unsecured protocol.
Solution
Security fabric audit checks are based on current network configuration, using real time monitoring.
Security audit provides the suggestion/recommendation for current running network configuration to avoid vulnerabilities and to improve the overall security.
Unsecured Protocol: HTTP, Telnet.
IP access are exposed on unsecured protocol.
Security audit will not run on unsecured protocol, if interfaces are not classified.
All interfaces are classified as either LAN, WAN, or DMZ.
For mentioning the role of interface, run the following command:
# config system interface
edit <name> <----- Type interface name.
set role < > <----- Specify role. ex: LAN, WAN, DMZ.
end
Disable http and telnet on interface
config system interface
edit <name> <----- Type interface name .
unselect allowaccess http telnet <----- Remove HTTP telnet from allow access list .
end