Created on 02-19-2024 09:37 AM Edited on 02-26-2024 03:02 AM By Kate_M
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Limit access by ip
All:
I understand the admin access restrictions - but I don't want anyone to even see that the device is a Fortigate on the WAN. How to do this simply? And - if it's involving CLI mangling of the local policy - is this something on target to be usable in the GUI in the future?
Thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Right - so worked with a colleague on this, trusted networks have to be applied to every System Administrator - or else the system will show the page to other addresses. My mistake for not checking that - thanks for all the help!
Also - we use trusted networks as well for interior management sources (i.e. not allowing certain subnets on the LAN to come in either.)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Then the best thing to do is always disable any management access (ping as well) on WAN interface.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Agree with @AEK
Disable any allowaccess on the WAN facing interfaces, I.E WAN1 & WAN2.
If you do need remote management access, you could lock it down to trusted networks with local in policies.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Right - so worked with a colleague on this, trusted networks have to be applied to every System Administrator - or else the system will show the page to other addresses. My mistake for not checking that - thanks for all the help!
Also - we use trusted networks as well for interior management sources (i.e. not allowing certain subnets on the LAN to come in either.)