Network configuration Configuring interfaces
FortiGate-400 Installation and Configuration Guide 137
Controlling management access to an interface
1 Go to System > Network > Interface.
2 Select Modify for the interface for which to configure management access.
3 Select the management Access methods for the interface.
Configuring management access for an interface connected to the Internet allows
remote administration of the FortiGate unit from any location on the Internet. Allowing
management access from the Internet could compromise the security of your
FortiGate unit. You should avoid allowing management access for an interface
connected to the Internet unless this is required for your configuration. To improve the
security of a FortiGate unit that allows remote management from the Internet, add
secure administrative user passwords, change these passwords regularly, and only
enable secure management access using HTTPS or SSH.
4 Select OK to save your changes.
Configuring traffic logging for connections to an interface
1 Go to System > Network > Interface.
2 Select Modify for the interface for which to configure logging.
3 Select Log to record log messages whenever a firewall policy accepts a connection to
this interface.
4 Select OK to save your changes.
Changing the MTU size to improve network performance
You can change the maximum transmission unit (MTU) size for port1, port2, port3,
and port4/ha (if it is not configured for HA). To improve the performance of your
network connection, you can adjust the MTU of the packets that the FortiGate unit
transmits from its interfaces. Ideally, this MTU should be the same as the smallest
MTU of all the networks between the FortiGate unit and the destination of the packets.
If the packets that the FortiGate sends are larger, they are broken up or fragmented,
which slows down transmission speeds.
To change the MTU size:
1 Go to System > Network > Interface.
2 Choose an interface and select Modify .
3 Select Fragment outgoing packets greater than MTU.
HTTPS To allow secure HTTPS connections to the web-based manager through this
interface.
PING If you want this interface to respond to pings. Use this setting to verify your
installation and for testing.
HTTP To allow HTTP connections to the web-based manager through this interface.
HTTP connections are not secure and can be intercepted by a third party.
SSH To allow SSH connections to the CLI through this interface.
SNMP To allow a remote SNMP manager to request SNMP information by connecting to
this interface. See “Configuring SNMP” on page 162.
TELNET To allow Telnet connections to the CLI through this interface. Telnet connections
are not secure and can be intercepted by a third party.
