Skip to main content
nativenoble
nativenoble
Visitor III
November 19, 2021
Solved

Firewall access only accept from known hosts

  • November 19, 2021
  • 2 replies
  • 4871 views

Good Morning,

 

is there a way to restrict firewall access over the internet to dns hosts?

 

Regards

Klaus

Best answer by nativenoble

A redditor showed me the right way! Have tested it successfully.

 

https://community.fortinet.com/t5/FortiGate/Technical-Note-Filter-ingress-traffic-going-to-the-FortiGate/ta-p/190268?externalID=FD33649 

2 replies

Hosemacht
Hosemacht
Explorer
November 19, 2021

Hey there,

 

what are you trying to archive exactly?

 

Regards

nativenoble
nativenobleAuthor
Visitor III
November 19, 2021

I have Fortigates in the network which I can only reach via a VPN tunnel. If the tunnel is disturbed, I can no longer access the box. I would now like to enable access via SSH or HTTPS, but only allow the connection of certain FQDN hosts.

Hosemacht
Hosemacht
Explorer
November 19, 2021

afik its only possible to set IP adress/ranges as trusted hosts for admin users.

But there is a 2-factor authentication for admin users too, maybe this could help you

 

Regards

nativenoble
nativenobleAuthorAnswer
Visitor III
November 19, 2021

A redditor showed me the right way! Have tested it successfully.

 

https://community.fortinet.com/t5/FortiGate/Technical-Note-Filter-ingress-traffic-going-to-the-FortiGate/ta-p/190268?externalID=FD33649 

Terms & ConditionsAccessibility statement