12.03.2015 Views

FortiGate Administration Guide - FirewallShop.com

FortiGate Administration Guide - FirewallShop.com

FortiGate Administration Guide - FirewallShop.com

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

Operation mode and VDOM management access<br />

System Config<br />

Default Gateway<br />

Gateway Device<br />

Enter the default gateway required to reach other networks<br />

from the <strong>FortiGate</strong> unit.<br />

Select the interface to which the default gateway is<br />

connected.<br />

Management access<br />

You can configure management access on any interface in your VDOM. See “For<br />

a VDOM running in NAT/Route mode, you can control administrative access to the<br />

interfaces in that VDOM.” on page 94. In NAT/Route mode, the interface IP<br />

address is used for management access. In Transparent mode, you configure a<br />

single management IP address that applies to all interfaces in your VDOM that<br />

permit management access. The <strong>FortiGate</strong> also uses this IP address to connect to<br />

the FDN for virus and attack updates (see “FortiGuard Center” on page 186).<br />

The system administrator (admin) can access all VDOMs, and create regular<br />

administrator accounts. A regular administrator account can access only the<br />

VDOM to which it belongs. The management <strong>com</strong>puter must connect to an<br />

interface in that VDOM. It does not matter to which VDOM the interface belongs.<br />

In both cases, the management <strong>com</strong>puter must connect to an interface that<br />

permits management access and its IP address must be on the same network.<br />

Management access can be via HTTP, HTTPS, telnet, or SSH sessions if those<br />

services are enabled on the interface. HTTPS and SSH are preferred as they are<br />

more secure.<br />

You can allow remote administration of the <strong>FortiGate</strong> unit. However, allowing<br />

remote administration from the Internet could <strong>com</strong>promise the security of the<br />

<strong>FortiGate</strong> unit. You should avoid this unless it is required for your configuration. To<br />

improve the security of a <strong>FortiGate</strong> unit that allows remote administration from the<br />

Internet:<br />

• Use secure administrative user passwords.<br />

• Change these passwords regularly.<br />

• Enable secure administrative access to this interface using only HTTPS or<br />

SSH.<br />

• Use Trusted Hosts to limit where the remote access can originate from.<br />

• Do not change the system idle timeout from the default value of 5 minutes (see<br />

“Settings” on page 175).<br />

<strong>FortiGate</strong> Version 3.0 MR5 <strong>Administration</strong> <strong>Guide</strong><br />

160 01-30005-0203-20070830

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!