Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
FortiKoala
Staff
Staff

Created on ‎03-09-2018 02:36 AM Edited on ‎02-02-2025 09:31 PM By Community Manager

Article Id 190186

Technical Tip: FortiGate v7.0 and v7.2 Remote Management Access

Description


This article describes how to enable remote management for FortiGate.

 

Scope

 

FortiGate v7.0 and v7.2.

Solution

 

  1. Configure remote management access in the network interface options page of the FortiGate GUI Network -> Interfaces.
    Editing the interface that connects the hardware to the Internet.
 
jsevigny_1-1662563435301.png
 
Edit the interface and activate SSH and HTTPS, the most secure options for management access to the device.
 
jsevigny_2-1662563506779.png
 
 
Create an administrative account for the Support Engineer. To disable the administrative access :
  • Go to Network-> Interfaces.
  • Select the interface, and choose 'edit'.
  • Uncheck the admin access example 'HTTPS, HTTP, SSH, TELNET'

 

1.png

 

Below example port2:

 

2-1.png

 

Choose 'OK' to save changes after changes https, http, ssh disabled on the interface.

 

4.png

 

Using CLI.

Enable the admin access:

 

config system interface

    edit <external-interface-name>

    set allowaccess ping https http ssh telnet      <---- The setting will only allow admin access to the interface.

end

 

Disable the Admin access:

 

config system interface

    edit <external-interface-name>

    set allowaccess ping      <----- The setting will only allow pings to the interface.

end

 

  1. To add an admin account, go to System -> Administrators and select Create New.
     
    jsevigny_3-1662563553187.png
     
     
  2. With the public IP the Support engineer is using, define a trusted host for this account. First, enable Restrict login to trusted host and then enter the subnet and subnet mask for the IP address in question.
     
 
jsevigny_4-1662563629680.png
 
Note:

  • For remote access only: The trusted host subnet should be set to the public IP address of the client’s connection, not the private IP address of the computer.

  • For both remote and local access: The trusted host subnet should include both the local IP address (used within your network) and the public IP address (used for external connections).

 
Access Conflicts.

Depending on the configuration of inbound services on the FortiGate unit, HTTPS access may be in conflict.

For example, if a static NAT Virtual IP is configured to use the interface IP of your FortiGate unit, all data received on that IP is forwarded to the internal server. If this is the case explore shared, web-based remote access options.

If a port forward VIP using HTTPS or port 443 is in use, change the default HTTPS management port to another that is not in use.

Go under System -> Settings -> Administration Settings.
 
jsevigny_5-1662563671462.png

 

Once changed, HTTPS access to the FortiGate web-based manager is managed with a colon and the new port. For example: https://192.168.1.99:4430.

 

Related article:

Working with the Technical Assistance Center (TAC) - Remote Management Access

11857
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.