Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Arye_R
New Contributor

How to configure the management interface (http&https) to be accessible to the world on the WAN por

Hello to you

I want to set my WAN port to be accessible for the firewall management interface, so that I can access the firewall with its external address, but only from a specific external address. How can I do this?
I thought using acl but the rule there only says to block and not to open to a specific address

Thank you

1 Solution
AEK
Honored Contributor

Hello

First, use this command to configure which 2 policies.

config firewall local-in-policy

  • The first policy to allow your specific public IP to access your FGT's HTTPS service
  • The second is to deny any other IP from this access

And then enable HTTPS access on your WAN interface.

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/363127/local-in-policy

 

PS:  For security I prefer never do that. Instead I'd use VPN client then connect to FGT's management.

AEK

View solution in original post

AEK
3 REPLIES 3
AEK
Honored Contributor

Hello

First, use this command to configure which 2 policies.

config firewall local-in-policy

  • The first policy to allow your specific public IP to access your FGT's HTTPS service
  • The second is to deny any other IP from this access

And then enable HTTPS access on your WAN interface.

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/363127/local-in-policy

 

PS:  For security I prefer never do that. Instead I'd use VPN client then connect to FGT's management.

AEK
AEK
Arye_R
New Contributor

You are absolutely correct in your security thinking and I agree with that, but I am asking the question in general.
How do I define a block at the WAN level because in FIREWALL POLICY everything refers to an internal incoming interface...

In any case, I did not find how to edit the policy found in the local policy in the interface. can you help me with this

 

 

 

AEK
Honored Contributor

Local-in-policies are not editable from GUI. Only from CLI.

AEK
AEK
Labels
Top Kudoed Authors