A company wants to ensure that administrative access to FortiGate is only allowed from the internal trusted network (192.168.1.0/24) and that all other access attempts are blocked. Which CLI command should the administrator configure first?
Trap 1: config system interface; edit port1; set allowaccess ping https…
This grants access from any source, not restricting to 192.168.1.0/24.
Trap 2: config system global; set admin-http-redirect enable; end
This enables HTTP redirect, not restriction.
Trap 3: set admin-sport 443
This only changes the port, does not restrict access.
- A
config system admin; edit admin; set trusthost 192.168.1.0 255.255.255.0; end
Trusted hosts restrict administrative access to specified source IPs.
- B
config system interface; edit port1; set allowaccess ping https ssh; end
Why wrong: This grants access from any source, not restricting to 192.168.1.0/24.
- C
config system global; set admin-http-redirect enable; end
Why wrong: This enables HTTP redirect, not restriction.
- D
set admin-sport 443
Why wrong: This only changes the port, does not restrict access.