Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pureocean
New Contributor

Accessing Fortigate FG100D Gateway

Hi 

I would need some help on this configuration, previously the system administrator configured the FD 100D to be accessible by 1 assigned laptop only ( not sure what type of the configuration) and other unassigned machines (pc/laptop) when entering the FD100D's  IP, its returned with error and "Not found". That's also meaning only "assigned" laptops are allowed to access the gateway.

 

May I know what type of configuration was configured, also I have checked the entry for access list but couldn't find anything neither the Mac address for "assigned" laptop 

 

many thanks in advance 

 

 

 

5 REPLIES 5
Toshi_Esumi
Esteemed Contributor III

The first option to limit admin access is "trusthost" config in "config sys admin".

The second option would be "local-in policy" under "config firewall local-in-policy".

Check those places.

pureocean

toshiesumi wrote:

The first option to limit admin access is "trusthost" config in "config sys admin".

The second option would be "local-in policy" under "config firewall local-in-policy".

Check those places.

Hi Toshi san,

As I check on both trust host and local in policy basically I cannot find any settings have configured to blocked the "assigned" machines.

 

For trusthost -> Under System -> admin -> administrators -> username ( double click ) -> no check on Restrict this administrator login from trusted Hosts only

 

For local-in policy, maybe can you elaborate more on as I don't find any signification settings on these issues or maybe I might be overlooked. Hope you can give me some guidelines.

Toshi_Esumi
Esteemed Contributor III

GUI would probably confuse you to look at local-in policy because those pre-defined ones are all "accept" except for the default one.

Go to CLI, then use "show firewall local-in-policy". If nothing specifically configured, it doesn't show anything. Only additionally configured ones would show up.

pureocean

toshiesumi wrote:

GUI would probably confuse you to look at local-in policy because those pre-defined ones are all "accept" except for the default one.

Go to CLI, then use "show firewall local-in-policy". If nothing specifically configured, it doesn't show anything. Only additionally configured ones would show up.

Hi Toshi San,

 

I tried the Command line - "show firewall local-in-policy", it doesn't show anything and with a single word of "end".

 

Apart from using trust host and local-in-policy are there any other ways configuring "assigned" laptop to connect to Gateway 

Toshi_Esumi
Esteemed Contributor III

As long as both two machines are connected through the same interface, those are the only options I know of to block one of them while accept the other.

Labels
Top Kudoed Authors