| Description | This article describes how to prevent the FortiGate login page from displaying for an unknown internet host. |
| Scope | FortiGate. |
| Solution |
If the trusted host on the admin or other system admin profile is configured, but any unknown internet host tries to access the Public IP configured on the WAN interface, the unknown host is not able to access the firewall, but the login page will still display for that host. Make sure the configuration already has HTTPS enabled on the external/WAN interface and has been configured with the trusted host for the respective system admin profile as follows:
config system interface edit "wan1" set vdom "root" next end edit "admin" set trusthost1 172.26.137.25 255.255.255.255 next end
Via GUI:
Now login to the firewall only from a trusted host. However, any unknown host can make an attempt to login and the login page of the firewall will still appear for that unknown host.
config firewall local-in-policy edit 1 set uuid 86c752c8-b96c-51ec-df8e-9de1fa0fdfcb end
Now, a login page will only be for trusted hosts. If other unknown hosts try to attempt to access the firewall, the login page will not upload or display.
Note: Starting from v7.6.0, the Local-in-Policy can now also be configured in the GUI. Refer to this article: Technical Tip: Creating a Local-In policy (IPv4 and IPv6) on GUI.
Note: This article's steps are valid when the trusted host is specified for all admin accounts in the FortiGate. For example, if the trusted host is only specified in Admin 1 and not in Admin 2, the login page will be displayed, but only Admin 1 will be able to log in. |
