FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home > Online Help

> Chapter 11 - Hardening > Hardening your FortiGate > Only allow administrative access to the external interface when needed

Only allow administrative access to the external interface when needed

When possible, don’t allow administration access on the external interface and use internal access methods such as IPsec VPN or SSL VPN.

To disable administrative access on the external interface, go to System > Network > Interfaces, edit the external interface and disable HTTPS, PING, HTTP, SSH, and TELNET under Administrative Access.

This can also be done with CLI using following commands:

config system interface

edit <external_interface_name>

unset allowaccess

end

 

Please note that this will disable all services on the external interface including CAPWAP, FMG-Access, SNMP, and FCT-Access. If you need some of these services enabled on your external interface, for example CAPWAP and FMG-Access to ensure connectivity between FortiGate unit and respectively FortiAP and FortiManager, then you need to use following CLI command:

config system interface

edit <external_interface_name>

set allowaccess capwap fgfm

end