|
Prerequisites:
- HTTPS access must be enabled on the WAN interface.
config system interface
edit "WAN"
set vdom "root"
set ip 10.15.15.1 255.255.255.0
set allowaccess https<-
set type physical
next
end
- Determine which port is being used for HTTPS:
In the GUI:
Go to System -> Settings -> Administration Settings -> HTTPS port.
On CLI:
show full system global | grep admin-sport
set admin-sport 16443
- Have access to FortiGate from the LAN interface or using a console cable.
How to configure:
- Configure a firewall address to permit a specific country.
In the GUI:
Go to Policy & Objects -> Addresses -> Create new:
Select the Geography type and select OK.
In the CLI:
config firewall address
edit "Allow-Country"
set type geography
set country "CO"
next
end
- Configure a custom HTTPS port
In the GUI:
Go to Policy & Objects -> Services -> Create new:
On CLI:
config firewall service custom
edit "Custom-HTTPS"
set tcp-portrange 16443
next
end
3. Create a local-in policy:
Starting in v7.6, local-in policies can be configured in the Web GUI or via the CLI (refer to Technical Tip: Creating a Local-In policy (IPv4 and IPv6). In v7.4 and earlier, local-in policies can only be configured via the CLI.
For CLI config, use the following commands:
config firewall local-in-policy
edit 1
set intf "wan1"
set srcaddr "Allow-Country"
set dstaddr "all"
set action accept
set service "Custom-HTTPS"
set schedule "always"
next
edit 2
set intf "wan1"
set srcaddr "all"
set dstaddr "all"
set service "Custom-HTTPS"
set schedule "always"
next
end
|
