Description | This article describes how to prevent the FortiGate login page from displaying for an unknown internet host. |
Scope | FortiGate. |
Solution |
If the trusted host on the admin or other system admin profile is configured but any unknown internet host tries to access the Public IP configured on the WAN interface, the unknown host is not able to access the firewall, but the login page will still display for that host. Make sure the configuration already has the HTTPS enabled on the external/WAN interface and has been configured with the trusted host for the respective system admin profile as follows:
config system interface edit "wan1" set vdom "root" next end edit "admin" set trusthost1 172.26.137.25 255.255.255.255 next end
Now login to the firewall only from a trusted host. However, any unknown host can make an attempt to login and the login page of the firewall will still appear for that unknown host.
config firewall local-in-policy edit 1 set uuid 86c752c8-b96c-51ec-df8e-9de1fa0fdfcb end
Now, a login page will display only for trusted hosts. If other unknown hosts try to attempt to access the firewall, the login page will not upload or display.
Note: This article's steps are valid when the trusted host is specified for all admin accounts in the FortiGate. For example, if the trusted host is only specified in Admin 1 and not in Admin 2, the login page will be displayed but only Admin 1 will be able to log in. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.