| Description |
This article describes configuring administrative access to a FortiGate interface using the CLI and the GUI. |
| Scope | FortiGate. |
| Solution |
On the CLI the allowaccess setting is used to configure administrative access. The command 'set allowaccess' can use the following arguments to allow different types of access:
ping PING access. https HTTPS access. ssh SSH access. snmp SNMP access. http HTTP access. telnet TELNET access. fgfm FortiManager access. radius-acct RADIUS accounting access. probe-response Probe access. fabric Security Fabric access. ftm FTM access. speed-test Speed test access.
For example:
config system interface edit "port1" set allowaccess ping https http telnet fgfm next end
This will allow ping, https, http, telnet, and fgfm access on the port1 interface. Alternatively, if there are already administrative options configured, 'append' can be used instead of 'set'. The 'append' command allows the updating of one or more options to an existing list.
In this example, the 'append' command is used to add 'ssh' to the already configured options:
config system interface edit "port1" append allowaccess ssh next end
The result is that the interface port1 will now show that 'ssh' has been added to the 'allowaccess' list:
config system interface edit "port1" set allowaccess ping https ssh http telnet fgfm next end
To configure administrative access on the GUI, navigate to Network -> Interfaces, select the interface, and select 'Edit'. Select the check boxes for the desired administrative access and select 'OK' to save.
Security Enhancements for Administrative Access:
GUI:
CLI:
config system global set admin-https-redirect enable
For more information on interface settings, see the following documentation: Interface settings.
Related articles: |
