Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mlacomb-Lucid
New Contributor

Limit access by ip

All:

 

I understand the admin access restrictions - but I don't want anyone to even see that the device is a Fortigate on the WAN.  How to do this simply?  And - if it's involving CLI mangling of the local policy - is this something on target to be usable in the GUI in the future?

 

Thanks!

1 Solution
mlacomb-Lucid

Right - so worked with a colleague on this, trusted networks have to be applied to every System Administrator - or else the system will show the page to other addresses.  My mistake for not checking that - thanks for all the help!

Also - we use trusted networks as well for interior management sources (i.e. not allowing certain subnets on the LAN to come in either.)

View solution in original post

3 REPLIES 3
AEK
Honored Contributor

Then the best thing to do is always disable any management access (ping as well) on WAN interface.

AEK
AEK
JonasV
New Contributor III

Agree with @AEK 
Disable any allowaccess on the WAN facing interfaces, I.E WAN1 & WAN2.
If you do need remote management access, you could lock it down to trusted networks with local in policies.

Kind regards
Kind regards
mlacomb-Lucid

Right - so worked with a colleague on this, trusted networks have to be applied to every System Administrator - or else the system will show the page to other addresses.  My mistake for not checking that - thanks for all the help!

Also - we use trusted networks as well for interior management sources (i.e. not allowing certain subnets on the LAN to come in either.)

Labels
Top Kudoed Authors