Good Morning,
is there a way to restrict firewall access over the internet to dns hosts?
Regards
Klaus
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
A redditor showed me the right way! Have tested it successfully.
Hey there,
what are you trying to archive exactly?
Regards
sudo apt-get-rekt
I have Fortigates in the network which I can only reach via a VPN tunnel. If the tunnel is disturbed, I can no longer access the box. I would now like to enable access via SSH or HTTPS, but only allow the connection of certain FQDN hosts.
afik its only possible to set IP adress/ranges as trusted hosts for admin users.
But there is a 2-factor authentication for admin users too, maybe this could help you
Regards
sudo apt-get-rekt
Created on 11-19-2021 01:42 AM Edited on 11-19-2021 01:43 AM
Hi,
You can do it using VIP with specific port forwarding (other than 22/443), then a Firewall Policy with restricted Sources (FQDN, IP, GeoLoc, ...), but I think it's unsafe to present your firewall SSH/HTTPS admin access to Internet
If the VPN tunnel is disturbed, the VIP access should be too ... :) won't be a good workaround
A redditor showed me the right way! Have tested it successfully.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.