Created on 07-29-2005 12:00 AM
Description | Preventing the public FortiGate interface from responding to ping requests. |
Components |
|
Steps or Commands |
The factory default configuration of your FortiGate unit allows the default public interface to respond to ping requests. The default public interface is also called the default external interface, and is the interface of the FortiGate unit that is usually connected to the Internet. Depending on the model of your FortiGate unit the actual name of this interface will vary. For the most secure operation, you should change the configuration of the external interface so that it does not respond to ping requests. Not responding to ping requests makes it more difficult for a potential attacker to detect your FortiGate unit from the Internet. One such potential threat are Denial of Service (DoS) attacks, such as a smurf attack, that is designed to overwhelm your network systems. Depending on the FortiGate unit, the default public interface can be the external or WAN1 interface. In some FortiGate models the default external interface has a port number, such as Port 2. See the FortiGate QuickStart Guide or the FortiGate Installation Guide for your FortiGate model if you are not sure which interface is the default external interface. A FortiGate unit responds to ping requests if ping administrative access is enabled for that interface. You can use the following procedures to disable ping access for the external interface of a FortiGate unit. You can use the same procedures for any FortiGate interface. You can also use the same procedure in NAT/Route or Transparent mode. To disable ping administrative access from the web-based manager
To disable ping administrative access from the FortiGate CLI (Note: Only HTTPS access will be enabled.)
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.