FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jlim11
Staff
Staff
Article Id 323242
Description This article will explain options for restricting admin access to the FortiGate VM deployed on Azure. Restricting admin access to the FortiGate-VM deployed on Azure has the same options as a FortiGate on-Prem.
FortiGate-VM deployed on Azure will be more likely to be accessed on the external interface of the FortiGate-VM by an Administrator, but some user setup may require not allowing the FortiGate admin login page to be accessed publicly.
Scope FortiGate-VM on Azure.
Solution

To Restrict HTTPS/GUI access, Possible options are:

  1. Configuring a trusted host (For HTTPS/GUI access, It may still show the FortiGate admin login page).
  2. Configuring Local-in Policy (Traffic will hit the FortiGate-VM's NIC but the configured policy can block specific Sources accessing the FortiGate for admin access. This will not show the FortiGate HTTPS admin login page).
  3. Another option for FortiGate-VM deployed on Azure is configuring the Network Security Group rule applied on the NIC of the VM. (Using this option, Traffic will not reach the FortiGate-VM's interface. This will also not show the FortiGate admin login page).

 

4..PNG

 

https inbound.PNG

 

 

 

NSG.PNG

 

Rearrange the order of the NSG rule just like how the Firewall Policy on FortiGate works.

 

For this example, The first rule is set to deny HTTPS Inbound to the FortiGate. Any source from the Public Internet will not have access and will not see the FortiGate admin login page. The second rule will still allow other admin access such as SSH, Telnet, etc.
It is possible also to be more specific according to the requirements.


Related articles:
Technical Tip: System administrator best practices

Technical Tip: Use local-in policy to restrict unauthorized login attempts to administrative access ...

Contributors