Skip to content
Menu
vernon.wenberg.net
vernon.wenberg.net
February 5, 2025

FortiManager Local-In Policy

Local-In policies for FortiManager limits the IPs or IP ranges that can access the FortiManager. However, Local-In policies for FortiManager are rather rudimentary compared to Local-In policies for other device types like FortiGate. Local-In only affects inbound connections. It is therefore recommended to use other means to limit access to FortiManager.

By default, all connections are accepted by FortiManager if there are no Local-In policies. The Local-In policies below are for FortiManager (7.4.6) and can only be configured through FortiManager CLI. The policies do two things.

  • Whitelist a range of IPs and ports they are allowed on.
  • The last two policies set the ports that are allowed which automatically sets all other options to ‘default’. If an option is set to default, it is dropped.
config system local-in-policy
    edit 1
        set action accept
        set dport 443
        set src 10.200.0.0 255.255.224.0
    next
    edit 2
        set action accept
        set dport 80
        set src 10.200.0.0 255.255.224.0
    next
    edit 3
        set action accept
        set dport 443
        set src 10.149.0.0 255.255.0.0
    next
    edit 4
        set action accept
        set dport 80
        set src 10.149.0.0 255.255.0.0
    next
    edit 5
        set action accept
        set dport 443
        set src 172.25.4.0 255.255.252.0
    next
    edit 6
        set action accept
        set dport 80
        set src 172.25.4.0 255.255.252.0
    next
    edit 7
        set action accept
        set dport 443
        set src 172.26.4.0 255.255.252.0
    next
    edit 8
        set action accept
        set dport 80
        set src 172.26.4.0 255.255.252.0
    next
    edit 9
        set dport 443
    next
    edit 10
        set dport 80
    next
end

Share this:

  • Click to share on X (Opens in new window) X
  • Click to share on Facebook (Opens in new window) Facebook
  • Click to print (Opens in new window) Print
  • Click to share on Pocket (Opens in new window) Pocket
  • Click to share on Reddit (Opens in new window) Reddit
  • Click to share on LinkedIn (Opens in new window) LinkedIn

Like this:

Like Loading...

Related

Disclaimer

These posts are notes for me. These are not guides and you should not use these instructions as step-by-step instructions without knowing what they do.

Recent Posts

  • HPE Aruba-CX Notes
  • Docker Reference
  • Useful Commands for Windows Subsystem for Linux
  • FortiManager Local-In Policy
  • Mount Google Drive in Linux using rclone

Mastodon

  1. Loading Mastodon feed...

©2025 vernon.wenberg.net | Powered by WordPress and Superb Themes!
%d