Preventing The Public Fortigate Interface From Responding To Ping Requests - Fortinet FortiGate FortiGate-100A Install Manual

Preventing the public FortiGate interface from responding to ping requests

Preventing the public FortiGate interface from responding to
ping requests
32
Figure 6: FortiGate-100A in Transparent mode
Internet
The factory default configuration of your FortiGate unit allows the default public
interface to respond to ping requests. The default public interface is also called
the default external interface, and is the interface of the FortiGate unit that is
usually connected to the Internet.
For the most secure operation, you should change the configuration of the
external interface so that it does not respond to ping requests. Not responding to
ping requests makes it more difficult for a potential attacker to detect your
FortiGate unit from the Internet.
Depending on the FortiGate unit, the default public interface can be the external or
WAN1 interface.
A FortiGate unit responds to ping requests if ping administrative access is enabled
for that interface. You can use the following procedures to disable ping access for
the external interface of a FortiGate unit. You can use the same procedure for any
FortiGate interface in both NAT/Route or Transparent mode.
To disable ping administrative access from the web-based manager
1 Log into the FortiGate web-based manager.
2 Go to System > Network > Interface.
3 Choose the external interface and select Edit.
4 Clear the Ping Administrative Access check box.
5 Select OK to save the changes.
FortiGate-60 series and FortiGate-100A FortiOS 3.0 MR4 Install Guide
Hub or switch
DMZ
WAN1
Router
Internal
Hub or switch
Configuring the FortiGate unit
Web Server
Mail Server
Internal
network
01-30004-0266-20070831