- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Firewall access only accept from known hosts
Good Morning,
is there a way to restrict firewall access over the internet to dns hosts?
Regards
Klaus
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A redditor showed me the right way! Have tested it successfully.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey there,
what are you trying to archive exactly?
Regards
sudo apt-get-rekt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have Fortigates in the network which I can only reach via a VPN tunnel. If the tunnel is disturbed, I can no longer access the box. I would now like to enable access via SSH or HTTPS, but only allow the connection of certain FQDN hosts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
afik its only possible to set IP adress/ranges as trusted hosts for admin users.
But there is a 2-factor authentication for admin users too, maybe this could help you
Regards
sudo apt-get-rekt
Created on 11-19-2021 01:42 AM Edited on 11-19-2021 01:43 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You can do it using VIP with specific port forwarding (other than 22/443), then a Firewall Policy with restricted Sources (FQDN, IP, GeoLoc, ...), but I think it's unsafe to present your firewall SSH/HTTPS admin access to Internet
If the VPN tunnel is disturbed, the VIP access should be too ... :) won't be a good workaround
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A redditor showed me the right way! Have tested it successfully.