This article describes configuring administrative access to a FortiGate interface on the CLI and the GUI.
Scope
FortiGate.
Solution
On the CLI the ‘allowaccess setting is used to configure administrative access. The command ‘set allowaccess’ can use the following arguments to allow different types of access:
ping PING access. https HTTPS access. ssh SSH access. snmp SNMP access. http HTTP access. telnet TELNET access. fgfm FortiManager access. radius-acct RADIUS accounting access. probe-response Probe access. fabric Security Fabric access. ftm FTM access. speed-test Speed test access.
For example:
config system interface edit "port1" set allowaccess ping https http telnet fgfm next end
This will allow ping, https, http, telnet, and fgfm access on the port1 interface.
Alternatively, if there are already administrative options configured, ‘append’ can be used instead of ‘set’. The ‘append’ command allows the updating of one or more options to an existing list.
In this example, using ‘append’ to add ‘ssh’ to the already configured options:
config system interface edit "port1" append allowaccess ssh next end
The result would be the interface port1 that would now be configured as:
config system interface edit "port1" set allowaccess ping https ssh http telnet fgfm next end
To configure administrative access on the GUI, navigate to Network > Interfaces, select the interface, and ‘Edit’. Select the check boxes for the desired administrative access and select ‘OK’ to save.
