Fortinet Firewall Live!
Objective
Configure and secure remote access to the Fortinet firewall using HTTPS for GUI and SSH for CLI. Only specific internal devices (like Inside PC) should be allowed to access Fortinet admin services.
Scenario Overview
Inside network: 192.168.1.0/24
Inside PC IP: 192.168.1.10
We will:
● Enable HTTPS and SSH on port2 (internal interface)
● Create an admin access rule
● Restrict access to Inside PC only
Step 1. Enable Management Services on Internal Interface
From GUI:
1. Go to Network > Interfaces
2. Select port2 and click Edit
3. In the Administrative Access section, check:
✅ HTTPS
✅ SSH
(Uncheck others if not needed)
4. Click OK
From CLI:
Note: This allows HTTPS and SSH connections on the interface IP (192.168.1.1)
Step 2: Create an Address Object for Inside PC
From GUI:
1. Go to Policy & Objects > Addresses
2. Click Create New and select Address
● Name: Inside-PC
● Type: Subnet
● IP: 192.168.1.0/24
● Interface: Any
3. Click OK
From CLI:
Step 3: Create Local-In Policy (Optional but recommended for restriction)
Local-In policies are used to control access to Fortinet itself, not transit traffic.
From CLI:
Note: This step is optional unless you're managing stricter control. In most basic labs, enabling admin access on the interface is enough.
Step 4: Verification
From Inside PC:
1. Open a browser and go to: https://192.168.1.1
2. Accept the certificate warning → login to Fortinet GUI
Open command prompt:
You should be able to access the CLI if the credentials are correct
