Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vbandha
Staff
Staff

Created on ‎09-08-2024 11:38 PM Edited on ‎09-08-2024 11:38 PM By Community Manager

Article Id 339782

Troubleshooting Tip: Use Loopback interface to secure GUI admin login to FortiGate

Description This article describes how to secure GUI admin login to FortiGate by using the Loopback interface to provide additional security.
Scope FortiGate v6.4+.
Solution
  1. Create a loopback interface by navigating to Network -> Interfaces, select 'Create New' -> Interface. Here, select the Type as Loopback Interface and give it the appropriate name and configure an IP address here and enable the HTTPS option under Administrative Access:

 

1.JPG

 

Select 'Ok; at the bottom when finished.

 

  1. Check the port that is being used for HTTPS access by navigating to System -> Settings. Go to Administrative settings and check the number under ‘HTTPS Port’. This is the port number used for HTTPS access.

After this, create a Virtual IP to forward the request coming at the Fortigate interface to the loopback interface by navigate to Policy & Objects -> Virtual IP, select 'Create New' -> Virtual IP, and give a name to the Virtual IP. In the External IP Address field, enter the FortiGate Interface IP where the request will be received. In the Map to IPv4 address field, enter the loopback interface IP that was created earlier.
After that port forwarding is enabled, In the external Port, enter any port number to send the request to FortiGate for HTTPS access.
In the Map to IPv4 Port field, enter the HTTPS Port number that was found in the previous step under System-> Settings:

 2.JPG

 

After that, select 'Ok' at the bottom.

 

  1. Create a firewall policy to control this traffic by navigatin to Policy & Objects -> Firewall Policy, select 'Create New' In 'Incoming Interface', choose the FortiGate interface where the request will be received from the user who needs to login to Fortigate GUI. In the 'Outgoing Interface' choose the Loopback interface that was created earlier. Here, there are multiple options to restrict and secure this access:
  • Specify the Source IPs.
  • In the Destination, choose the 'Virtual IP' object that was created earlier:

 

3.JPG

 

It is also possible to create a Schedule, so this policy is active only during certain hours and days and access is not allowed after those hours. After that, select 'Ok' at the bottom to create the policy.

 

It is also possible to create a Deny policy for this access to prevent access from certain sources. There is the option to use an external threat feed for this as per requirement. If restricting the source IP, this will not be necessary:
External Block List (Threat Feed) – Policy
Labels:
577
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.