Fortigate allows you to setup trusted hosts. Trusted hosts means you allow the admin to access the firewall from that IP. However, the Fortigate landing page is still available to a non-trusted host. So how do we avoid a “Brute force Attack” or attempts. Using a Local-in-Policy to deny access to the landing page altogether.
- Log onto the firewall.
- Go to system > feature visibility
- Enable “Local-in-policy”.
NOTE: You will need to configure this via CLI.
Run the following commands:
FORTIGATE #conf fire local (shortened version) <— Entering into the configuration mode
FORTIGATE # (local-in-policy) # edit 1 <—– Adding the rule
new entry ‘1’ added <—- confirms that the rule was added
FORTIGATE # set intf wan1 <— setting the source interface. You will have to create a rule for all the different WAN interfaces.
FORTIGATE # set srcaddr DeniedByLocation <—– I am using a Geo Group to deny. You can use IP, groups, ranges etc.
FORTIGATE # set schedule always <— this means the rule will always be on.
FORTIGATE # set dstaddr all <—– any destination
FORTIGATE # set comments “deny by location” <— noting what the rule is meant for.
FORTIGATE # set action deny <— action for the rule.
FORTIGATE # end <– complete adding the rule
Then run the following to show the policy added:
show firewall local-in-policy
This should deny any unwanted users or intruders from accessing the landing page of the firewall.
Leave a Reply