WAN Management for specific public IP only

Forum|Forum|5 years ago
April 21, 2021
1 reply
11292 views

Hello,

I need to open for a short period of time, WAN management to my Fortigate, I know that customer connecting from specific public network subnet let say this is 64.x.x.x/24, how should I configure my Fortigate to allow management on my WAN but only with source from this public subnet?

I know that there is trusted host settings in admin setings page, but I think this is rather Firewall Policy Settings?

Markus

New Member

Hello,

Trusted host setting is "the easy way". If you want to block not only the login, but the gui, this is possible with local-in policies https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/363127/local-in-policies.

Yurisk

SuperUser

AS @Markus said the Trusted Hosts for System -> Admin is the way to go.

And if you don't have substantial experience with Fortigate & CLI, I'd advise AGAINST playing with Local-in policy - you may lock yourself from management very easily, and in Fortigate there is no "undo" button :)

nicerobot_FTNT

Staff

Second vote for "restrict login to trusted hosts" in admin settings. LocalIn policies can only restrict srcaddr from CLI and it can get you in to trouble with a lockout. Recommended to have console access available when you start changing LocalIn. You may have to do some LocalIn restrictions during the course of an audit, but you can burn that bridge when you cross it ...

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded