Fortinet Document Library

Version:

7.2.0
7.0.0
6.4.0

Version:

6.2.0
6.0.0

Table of Contents

Best Practices

7.0.0
7.2.0
7.0.0
6.4.0
6.2.0
6.0.0
Download PDF
Copy Link

Management network

There are many benefits to using a management network for administrative access to your network devices:

  • Reliability:

    When management traffic is independent from production or business traffic, it does not have to compete for resources and management access can be maintained when reconfiguring the production network.

  • Simpler policies:

    Using a management interface allows for policy separation of the management and production traffic. Policies with specific purposes are easier to understand and troubleshoot.

  • Security:

    It is more difficult to access network devices on the production network when their management access is on a separate network.

A single interface or VLAN interface in the management network should be dedicated for all administrative access. Administrative access should be disabled on all other interfaces.

Caution

Avoid using the WAN interface, or a publicly exposed interface, for management, as it will be subject to constant attacks.

Management network

There are many benefits to using a management network for administrative access to your network devices:

  • Reliability:

    When management traffic is independent from production or business traffic, it does not have to compete for resources and management access can be maintained when reconfiguring the production network.

  • Simpler policies:

    Using a management interface allows for policy separation of the management and production traffic. Policies with specific purposes are easier to understand and troubleshoot.

  • Security:

    It is more difficult to access network devices on the production network when their management access is on a separate network.

A single interface or VLAN interface in the management network should be dedicated for all administrative access. Administrative access should be disabled on all other interfaces.

Caution

Avoid using the WAN interface, or a publicly exposed interface, for management, as it will be subject to constant attacks.