Limiting SSH access from certain IPs

Forum|Forum|12 years ago
May 3, 2014
3 replies
25240 views

Hey, Is there a way to limit the SSH access to the unit from certain IPs? Thanks!

New Member

Depending on what you have in mind, you need to configure the Administrative Access for the Interface in question then go into the Admin settings to enable " Restrict this Admin Login from Trusted Hosts Only" then set the IP address(es). You can also set the actual port access for SSH from 22 to some other port under " system>Admin>Settings>Administration Settings>SSH Port" . (For something non-standard or fancy (not advisable) may be look at " config firewall local-in-policy" .)

Us54227.gif

gilfalkoAuthor

New Member

Thanks for the reply dave! This might just work out for me. I have a handful of admin accounts. I guess I' ll have to limit them all then. Thanks alot!

Dave_Hall

New Member

I mentioned the local-in-policy thing because one of our clients requested that we block an entire country from attempting to connect to the their fgt, but personally I don' t like putting something like that in because a setting like that may be easily missed in troubleshot admin connection issues.

Db86286.jpg

gilfalkoAuthor

New Member

Dave, in my case I need to grant access for our Nagios server from outside in order to run some Event Handler scripts on the forti unit. I' d like to grant just this user the access and specifically from the Nagios server address. But this might come in handy someday afterall. btw, Is " China-Country" a pre-saved variable?

rickards

New Member

It is and Firewall Adress that is based on GEO IP with China as country with an arbitrary name.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded