The factory default configuration of your FortiGate unit allows the default external interface to respond to ping requests. Depending on the model of your FortiGate unit the actual name of this interface will vary. For the most secure operation, you should change the configuration of the external interface so that it does not respond to ping requests. Not responding to ping requests makes it more difficult for a potential attacker to detect your FortiGate unit from the Internet. One such potential threat are Denial of Service (DoS) attacks.
A FortiGate unit responds to ping requests if ping administrative access is enabled for that interface.
To disable ping administrative access - web-based manager
- Go to System > Network > Interface.
- Choose the external interface and select Edit.
- Clear the Ping Administrative Access check box.
- Select OK.
In the CLI, when setting the allowaccess settings, by selecting the access types and not including the PING option, that option is then not selected. In this example, only HTTPS is selected.
To disable ping administrative access - CLI
config system interface
set allowaccess https