Configuring administrative access to interfaces
You can configure the protocols that administrators can use to access interfaces on the FortiGate. This helps secure access to the FortiGate by restricting access to a limited number of protocols. It helps prevent users from accessing interfaces, especially public-facing ports, that you don’t want them to access.
As a best practice, you should configure administrative access when you're setting the IP address for a port.
To configure protocols for administrative access to interfaces - GUI
- Go to Network > Interfaces.
- Select the interface that you want to configure administrative access for and select Edit.
- In the Administrative Access section, select the protocols that you want to allow an administrator to use to access the FortiGate.
- Select OK.
To configure protocols for administrative access to interfaces - CLI
config system interface
edit <interface_name>
set allowaccess {ping https ssh snmp http telnet fgfm radius-acct probe-response capwap ftm}
next
end
where you can set the following protocols:
CLI option |
Description |
---|---|
|
PING access |
|
HTTPS access |
|
SSH access |
|
SNMP access |
|
HTTP access |
|
TELNET access |
|
FortiManager access |
|
RADIUS accounting access |
|
Probe access For more information, see Using server probes on interfaces. |
|
CAPWAP access |
|
FortiToken Mobile Push access |
When you add or remove a protocol, you must type the entire list of protocols again. For example, if the administrative access list is set to HTTPS and SSH and you want to add PING, you must type set allowaccess https ssh ping
. If you type set allowaccess ping
, only ping is added and HTTPS and SSH are removed.