We have a Fortigate 600C. At the moment you can get to our Firewall admin page through https from the internet. What is the best way to lock down this access to only allow access from specific IP's? So, we would still like access to the admin page and to get logged in from the internet, but only from specific IP addresses.
Thanks in advance. New to Fortinet and need all the assistance I can get.
Hi Steven,
there is a feature called "Trusted Hosts" explicitely for this situation.
In the Web GUI, go to "System" > "Admin" > "Administrators" > "edit".
Now if you check the option "Restrict this Admin Login from Trusted Hosts Only" you get 3 input fields where you can enter host addresses and netmasks. You can specify a single host like "1.2.3.4/32" or a subnet like "10.11.12.0/28".
Beware that as long as ANY admin allows all hosts you can always access the FGT from any address. So make it tight.
edit: I'm sorry. This was easily the longest post on the forums ever. Either I'm too dumb just pasting in a screenshot, or the forum software doesn't really cut it. I had seen the screenshot OK in the preview. Why can't I attach a .png??
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
