Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Arye_R
New Contributor

Created on ‎01-04-2024 01:30 PM Edited on ‎02-26-2024 05:07 AM By Community Manager

How to configure the management interface (http&https) to be accessible to the world on the WAN por

Hello to you

I want to set my WAN port to be accessible for the firewall management interface, so that I can access the firewall with its external address, but only from a specific external address. How can I do this?
I thought using acl but the rule there only says to block and not to open to a specific address

Thank you

Labels:
4019
0 Kudos
1 Solution
AEK
SuperUser
SuperUser

Created on ‎01-04-2024 01:45 PM Edited on ‎01-04-2024 01:46 PM

Hello

First, use this command to configure which 2 policies.

config firewall local-in-policy

  • The first policy to allow your specific public IP to access your FGT's HTTPS service
  • The second is to deny any other IP from this access

And then enable HTTPS access on your WAN interface.

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/363127/local-in-policy

 

PS:  For security I prefer never do that. Instead I'd use VPN client then connect to FGT's management.

AEK

View solution in original post

AEK
4014
3 REPLIES 3
AEK
SuperUser
SuperUser

Created on ‎01-04-2024 01:45 PM Edited on ‎01-04-2024 01:46 PM

Hello

First, use this command to configure which 2 policies.

config firewall local-in-policy

  • The first policy to allow your specific public IP to access your FGT's HTTPS service
  • The second is to deny any other IP from this access

And then enable HTTPS access on your WAN interface.

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/363127/local-in-policy

 

PS:  For security I prefer never do that. Instead I'd use VPN client then connect to FGT's management.

AEK
AEK
4015
Arye_R
New Contributor
In response to AEK

Created on ‎01-04-2024 01:53 PM

You are absolutely correct in your security thinking and I agree with that, but I am asking the question in general.
How do I define a block at the WAN level because in FIREWALL POLICY everything refers to an internal incoming interface...

In any case, I did not find how to edit the policy found in the local policy in the interface. can you help me with this

 

 

 

4007
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎01-04-2024 02:10 PM

Local-in-policies are not editable from GUI. Only from CLI.

AEK
AEK
3997
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.