Description
This article describes how to enable remote management for FortiGate.
Scope
FortiGate 7.0 and 7.2v
Solution
1) Configure remote management access in the network interface options page of the FortiGate GUI Network - > Interfaces
Editing the interface that connects the hardware to the Internet.
Editing the interface that connects the hardware to the Internet.
2) Edit the interface and activate SSH and HTTPS, the most secure options for management access to the device.
Create an administrative account for the Support Engineer.
3) To add a admin account, go to System - > Administrators and selecting Create New
4) With the public IP the Support engineer is using, define a trusted host for this account. First enable Restrict login to trusted host and then enter the subnet and subnet mask for the IP address in question.
Access Conflicts
Depending on the configuration of inbound services on the FortiGate unit, HTTPS access may be in conflict.
For example, if a static NAT Virtual IP is configured to use the interface IP of your FortiGate unit, all data received on that IP is forwarded to the internal server. If this is the case explore shared, web-based remote access options.
If a port forward VIP using HTTPS or port 443 is in use, change the default HTTPS management port to another that is not in use.
System - > Settings - > Administration Settings
System - > Settings - > Administration Settings
Once changed, HTTPS access to the FortiGate web-based manager is managed with a colon and the new port. For example - https://192.168.1.99:4430.
Related KB Articles
Working with the Technical Assistance Center (TAC) - Remote Management Access
