How to configure FortiOS/management GUI access from a management VLAN?

Question

Hi all. I'm in a new company just starting up and have borrowed a Fortigate 600D which I'm currently setting up at home on my internal lan.

The fortigate has taken a 192.168.0.77 address on my network and I am able to access that from a wireless PC on my home network. Effectively outside my network.

I'm made a softwareswitch (IP 10.0.1.1) of a range of ports in order to have multiple distributed switches be connected to the same VLAN configuration. I've made half a dozen VLANs and one of those is for managing network devices (VLAN50 10.0.50.1) That VLAN works fine on the distributed switches as when I connect a computer to an untagged port for VLAN50 it gets an IP 10.0.50.10 and it can also access the internet.

My problem is that I want this computer to be able to manage the fortigate on 10.0.1.1 and although I've put a policy in to allow traffic from VLAN50 to the SoftwareSwitch I am unable to open the management GUI. I can ping 10.0.1.1 but I can't open the GUI. VLAN1 and VLAN50 also both have HTTP/HTTPS and Fortigate manager all ticked. Has anyone any suggestions? Do you need more info?

I will utlimately have this device plugged into our business leased line and I'm not sure how safe it is to have management access from external devices? Some advice on that too would be great.

Thank you

Paul

Toshi_Esumi · Accepted Answer

Check if "trusted Hosts" (trusthost1-10 in CLI) are configured for admin users.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded