Configuring The Management Interface In Transparent Mode - Fortinet FortiGate 50A Installation And Configuration Manual

Network configuration

Configuring the management interface in Transparent mode

FortiGate-50A Installation and Configuration Guide
Configure the management interface in Transparent mode to set the management IP
address of the FortiGate unit. Administrators connect to this IP address to administer
the FortiGate unit. The FortiGate also uses this IP address to connect to the FDN for
virus and attack updates (see
You can also configure the management interface to control how administrators
connect to the FortiGate unit for administration and the FortiGate interfaces to which
administrators can connect.
Controlling administrative access to a FortiGate interface connected to the Internet
allows remote administration of the FortiGate unit from any location on the Internet.
However, allowing remote administration from the Internet could compromise the
security of the FortiGate unit. You should avoid allowing administrative access for an
interface connected to the Internet unless this is required for your configuration. To
improve the security of a FortiGate unit that allows remote administration from the
Internet:
• Use secure administrative user passwords,
• Change these passwords regularly,
• Enable secure administrative access to this interface using only HTTPS or SSH,
• Do not change the system idle timeout from the default value of 5 minutes (see
set the system idle timeout" on page
To configure the management interface in Transparent mode
1 Go to System > Network > Management.
2 Change the Management IP and Netmask as required.
This must be a valid IP address for the network that you want to manage the FortiGate
unit from.
3 Add a default gateway IP address if the FortiGate unit must connect to a default
gateway to reach the management computer.
4 Select the administrative access methods for each interface.
HTTPS To allow secure HTTPS connections to the web-based manager through this
interface.
PING If you want this interface to respond to pings. Use this setting to verify your
installation and for testing.
HTTP To allow HTTP connections to the web-based manager through this interface.
HTTP connections are not secure and can be intercepted by a third party.
SSH To allow SSH connections to the CLI through this interface.
SNMP To allow a remote SNMP manager to request SNMP information by connecting to
this interface. See
TELNET To allow Telnet connections to the CLI through this interface. Telnet connections
are not secure and can be intercepted by a third party.
5 Select Log for each interface that you want to record log messages whenever a
firewall policy accepts a connection to this interface.
6 Select Apply to save the changes.
"Updating antivirus and attack definitions" on page
122).
"Configuring SNMP" on page
Configuring interfaces
125.
73).
"To
99