Technical Tip: Access the FortiGate via the Loopback Interface

• Configure a loopback interface with an IP address not used in the Network:

config system interface

    edit "MGMT-LO"

        set vdom "root"

        set ip 172.16.1.1 255.255.255.0

        set allowaccess https ssh

        set type loopback

        set role lan

        set snmp-index 15

    next

end

• Configure the WAN interface, Port 1 in this case is acting as the WAN Interface.

config system interface

    edit "port1"

        set vdom "root"

        set ip 10.191.21.15 255.255.240.0

        set allowaccess ping https ssh http telnet

        set type physical

        set snmp-index 1

    next

end

• Configure a VIP from Port 1 -> MGMT-LO for external port 10443 -> 443.

config firewall vip

    edit "mgmt-lo-vip"

        set uuid 383740ea-b60f-51ee-f91a-bb56173ab47c

        set extip 10.191.21.15

        set mappedip "172.16.1.1"

        set extintf "any"

        set portforward enable

        set extport 10443

        set mappedport 443

    next

end

• Configure a Firewall Policy in the FortiGate. 

config firewall policy

    edit 1

        set name "Access-Mgmt-Lo"

        set uuid 5c08d9e8-b60f-51ee-7585-7c63bae0531a

        set srcintf "port1"

        set dstintf "MGMT-LO"

        set action accept

        set srcaddr "all"

        set dstaddr "mgmt-lo-vip"

        set schedule "always"

        set service "HTTPS"

    next

end

• The admin can log in to the FortiGate using port 10443 and port 443.