FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
msolanki
Staff
Staff
Description This article describes how to hide or not display the FortiGate login page from an unknown internet host.
Scope Fortigate
Solution

If the trusted host on the admin or other system admin profile is configured but still, any unknown internet host tries to access the Public IP configured on the WAN interface however, the unknown host is not able to access the firewall but the login page still displays to that host.

If the configuration already has the HTTPS enabled on the external/WAN interface and has been configured with the trusted host for the respective system admin profile as follows:

 

# config system interface

edit "wan1"

set vdom "root"
set ip 10.5.21.122 255.255.240.0
set allowaccess https ssh

next

end

# config system admin

edit "admin"

set trusthost1 172.26.137.25 255.255.255.255
set accprofile "super_admin"
set vdom "root"

next

end

 

Now login into firewall only from trusted host but if any unknown host can make attempt for login and that login page of firewall still display or visible for that unknown host.
Creating a local-in-policy can hide or stop the display of the firewall login page.

 

# config firewall local-in-policy

edit 1

set uuid 86c752c8-b96c-51ec-df8e-9de1fa0fdfcb
set intf "wan1"
set srcaddr "Trusted_Host_IP" <---[Same ip as the system admin trusted host IP or pool]
set dstaddr "Wan-IP" login <---[WAN or external interface IP through which trusted host]
set action accept
set service "HTTPS"
set schedule "always"

end

 

Now a login page will display for only trusted hosts and if other unknown hosts try to attempt to access the login page will not upload or display.

Contributors