FortiGuard 100D

Forum|Forum|9 years ago
March 8, 2017
1 reply
4021 views

All I am new to fortinet, however I want to block access to the admim web gui from all external ips addresses to my LAN,

Any idea on how this is completed?

ede_pfau

SuperUser

Hi,

and welcome to the forums.

Admin access is governed by the 'Trusted Hosts' setting in each admin user setup. Though it's a whitelist: you can specify the subnet from which you allow access but you cannot specify which subnets you disallow.

As long as any of the 3 subnet fields contains '0.0.0.0/0' access from anywhere is granted.

Enjoy!

mickgaffneyAuthor

New Member

Is there not a way to totally block access to the web gui from the INternet, othere than updating admin accounts to remove the 0.0.0.0 address range?

ede_pfau

SuperUser

Ah yes, if you want to totally disable admin access for the WAN interface, go into the interface settings and un-check all 'Allow access' boxes (default: HTTPS, SSH, ping).

You might think twice about disabling ping. It isn't bad in itself but can help a ton.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded