Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sasad
New Contributor III

Access through IP should not be allowed for Firewall management only FQDN allowed.

Dear

 

We have Fortigate FG200E firewall, we need to access the Firewall through FQDN for that we have added the A records in our local and public DNS.

 

But now we need to stop the access direct from public IP, and the administrators must use the FQDN to access the Firewall management page.

 

Can anyone please help that how can I achieve this?

Asad
Asad
1 Solution
AEK

AEK
11 REPLIES 11
AEK
SuperUser
SuperUser

Hello Sasad

Since this is a field of http request, as far as I know this can be done if you have a WAF between clients and FG.

On the other hand may I ask why such requirement?

AEK
AEK
sasad
New Contributor III

We need it as we have multiple sites and our admins access them frequently and our certificate is on FQDN this is not support IP address, so the communication will not be encrypted in this case.

Asad
Asad
AEK

You still can issue one single certificate for both FQDN and IP address, so your communication will be secure if you use either FQDN or IP.

AEK
AEK
sasad
New Contributor III

I tried to generate the certificate from Fortigate with IP address and domain name but still it is showing certificate error. While the IP address is available in the Subject Alternate name.

Asad
Asad
sasad
New Contributor III

Also we have more than 30 firewalls with different public IPs, therefore we have generated the certificate *.mydomain.com and using it at each site.

Asad
Asad
AEK

Whe you add the IP in "Subject Alternative Name", you have to specify that it is a IP SAN. Like this:

IP:x.x.x.x

SAN_IP.png

AEK
AEK
sasad
New Contributor III

I tried this way but it showing invalid IP.

 

 

Screenshot 2024-02-11 091854.jpg

Asad
Asad
AEK

On your screenshot you are generating new certificates. That's not what you need. You need to generate a Certificate Signing Request (CSR) for your WebUI.

AEK
AEK
AEK

AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors