Created on 12-15-2010 06:18 AM
Besides changing admin ports from ssh 22 and https 443 try this if you have and available public ip.
Create a new interface on your firewall making it a loopback interface. Use a private ip /32 host. Example 172.16.1.1/32 or 192.168.1.1. Allow https and ssh access on this loop back interface. Now creat a VIP pointing to the loop back ip using a public ip. Example 123.234.245.267 nat to loopback ip you used. Now you can create a firewall policy allowing Outside/Wan to this VIP on https ssh or whatever ports you need. But now you can specify a source. You can even use a GEO ip to only allow inbound access to your firewall from a certain country. Create a deny policy below this to log attempted logins. Test access using new public ip before disabling https and ssh on your current outside wan interface.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.