12.03.2015 Views

FortiGate Administration Guide - FirewallShop.com

FortiGate Administration Guide - FirewallShop.com

FortiGate Administration Guide - FirewallShop.com

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

Operation mode and VDOM management access<br />

System Config<br />

Default Gateway<br />

Gateway Device<br />

Enter the default gateway required to reach other networks<br />

from the <strong>FortiGate</strong> unit.<br />

Select the interface to which the default gateway is<br />

connected.<br />

Management access<br />

You can configure management access on any interface in your VDOM. See “For<br />

a VDOM running in NAT/Route mode, you can control administrative access to the<br />

interfaces in that VDOM.” on page 94. In NAT/Route mode, the interface IP<br />

address is used for management access. In Transparent mode, you configure a<br />

single management IP address that applies to all interfaces in your VDOM that<br />

permit management access. The <strong>FortiGate</strong> also uses this IP address to connect to<br />

the FDN for virus and attack updates (see “FortiGuard Center” on page 186).<br />

The system administrator (admin) can access all VDOMs, and create regular<br />

administrator accounts. A regular administrator account can access only the<br />

VDOM to which it belongs. The management <strong>com</strong>puter must connect to an<br />

interface in that VDOM. It does not matter to which VDOM the interface belongs.<br />

In both cases, the management <strong>com</strong>puter must connect to an interface that<br />

permits management access and its IP address must be on the same network.<br />

Management access can be via HTTP, HTTPS, telnet, or SSH sessions if those<br />

services are enabled on the interface. HTTPS and SSH are preferred as they are<br />

more secure.<br />

You can allow remote administration of the <strong>FortiGate</strong> unit. However, allowing<br />

remote administration from the Internet could <strong>com</strong>promise the security of the<br />

<strong>FortiGate</strong> unit. You should avoid this unless it is required for your configuration. To<br />

improve the security of a <strong>FortiGate</strong> unit that allows remote administration from the<br />

Internet:<br />

• Use secure administrative user passwords.<br />

• Change these passwords regularly.<br />

• Enable secure administrative access to this interface using only HTTPS or<br />

SSH.<br />

• Use Trusted Hosts to limit where the remote access can originate from.<br />

• Do not change the system idle timeout from the default value of 5 minutes (see<br />

“Settings” on page 175).<br />

<strong>FortiGate</strong> Version 3.0 MR5 <strong>Administration</strong> <strong>Guide</strong><br />

160 01-30005-0203-20070830

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!