System network
Zone
FortiGate-500A Administration Guide
01-28006-0100-20041105
57
Controlling administrative access for an interface connected to the Internet allows
remote administration of the FortiGate unit from any location on the Internet. However,
allowing remote administration from the Internet could compromise the security of
your FortiGate unit. You should avoid allowing administrative access for an interface
connected to the Internet unless this is required for your configuration. To improve the
security of a FortiGate unit that allows remote administration from the Internet:
• Use secure administrative user passwords,
• Change these passwords regularly,
• Enable secure administrative access to this interface using only HTTPS or SSH,
• Do not change the system idle timeout from the default value of 5 minutes (see
“To
set the system idle timeout” on page 83
).
To configure administrative access in Transparent mode, see
“To configure the
management interface” on page 60
.
1
Go to
System > Network > Interface
.
2
Choose an interface and select Edit.
3
Select the Administrative Access methods for the interface.
4
Select OK to save the changes.
To change the MTU size of the packets leaving an interface
1
Go to
System > Network > Interface
.
2
Choose an interface and select Edit.
3
Select Override default MTU value (1500).
4
Set the MTU size.
To configure traffic logging for connections to an interface
1
Go to
System > Network > Interface
.
2
Choose an interface and select Edit.
3
Select the Log check box to record log messages whenever a firewall policy accepts a
connection to this interface.
4
Select OK to save the changes.
Zone
You can use zones to group related interfaces and VLAN subinterfaces. Grouping
interfaces and VLAN subinterfaces into zones simplifies policy creation. If you group
interfaces and VLAN subinterfaces into a zone, you can configure policies for
connections to and from this zone, rather than to and from each interface and VLAN
subinterface.
Note:
You cannot set the MTU of a VLAN larger than the MTU of its physical interface. Nor can
you set the MTU of a physical interface smaller than the MTU of any VLAN on that interface.
Summary of Contents for FortiGate FortiGate-500A
Page 24: ...24 01 28006 0100 20041105 Fortinet Inc Customer service and technical support Introduction...
Page 46: ...46 01 28006 0100 20041105 Fortinet Inc Changing the FortiGate firmware System status...
Page 72: ...72 01 28006 0100 20041105 Fortinet Inc FortiGate IPv6 support System network...
Page 80: ...80 01 28006 0100 20041105 Fortinet Inc Dynamic IP System DHCP...
Page 110: ...110 01 28006 0100 20041105 Fortinet Inc FortiManager System config...
Page 116: ...116 01 28006 0100 20041105 Fortinet Inc Access profiles System administration...
Page 134: ...134 01 28006 0100 20041105 Fortinet Inc Shutdown System maintenance...
Page 248: ...248 01 28006 0100 20041105 Fortinet Inc CLI configuration Users and authentication...
Page 324: ...324 01 28006 0100 20041105 Fortinet Inc CLI configuration Antivirus...
Page 386: ...386 01 28006 0100 20041105 Fortinet Inc Glossary...
Page 394: ...394 01 28006 0100 20041105 Fortinet Inc Index...