Fortinet black logo

Administration Guide

Administrative access

Administrative access

Administrative access is enabled by default on port 1. Using the GUI, you can enable administrative access on other ports if necessary.

To add administrative access to an interface:
  1. Go to System > Network > Interfaces and select the interface you need to add administrative access to. See Network for more information.
  2. Under Access Rights, for Admin access, select the types of access to allow.
  3. Select OK.

GUI access

To use the GUI, point your browser to the IP address of port 1 (192.168.1.99 by default). For example, enter the following in the URL box:

https://192.168.1.99

Enter admin as the User Name and leave the Password field blank.

HTTP access is not enabled by default. To enable access, use the set ha-mgmt-access command in the CLI (see CLI commands), or enable HTTP access on the interface in the GUI (see Network).

For security reasons, the host or domain names that the GUI responds to are restricted. The list of trusted hosts is automatically generated from the following:

  • Configured hostname.
  • Configured DNS domain name.
  • Network interface IP addresses that have HTTP or HTTPS enabled.
  • HA management IP addresses.

Additional IP addresses and host or domain names that the GUI responded to can be defined in the GUI Access settings. See System access for more information.

Telnet

CLI access is available using telnet to the port1 interface IP address (192.168.1.99 by default). Use the telnet -K option so that telnet does not attempt to log on using your user ID. For example:

$ telnet -K 192.168.1.99

At the FortiAuthenticator login prompt, enter admin. By default there is no password. When you are finished, use the exit command to end the telnet session.

CLI access using Telnet is not enabled by default. To enable access, use the set ha-mgmt-access command in the CLI (see CLI commands), or enable Telnet access on the interface in the GUI (see Network).

SSH

SSH provides secure access to the CLI. Connect to the port1 interface IP address (192.168.1.99 by default). Specify the user name admin or SSH will attempt to log on with your user name. For example:

$ ssh admin@192.168.1.99

By default there is no password. When you are finished, use the exit command to end the session.

Note that, after three failed login attempts, the interface/connection will reset, and that SSH timeout is set to 60 seconds following an incomplete login or broken session.

Administrative access

Administrative access is enabled by default on port 1. Using the GUI, you can enable administrative access on other ports if necessary.

To add administrative access to an interface:
  1. Go to System > Network > Interfaces and select the interface you need to add administrative access to. See Network for more information.
  2. Under Access Rights, for Admin access, select the types of access to allow.
  3. Select OK.

GUI access

To use the GUI, point your browser to the IP address of port 1 (192.168.1.99 by default). For example, enter the following in the URL box:

https://192.168.1.99

Enter admin as the User Name and leave the Password field blank.

HTTP access is not enabled by default. To enable access, use the set ha-mgmt-access command in the CLI (see CLI commands), or enable HTTP access on the interface in the GUI (see Network).

For security reasons, the host or domain names that the GUI responds to are restricted. The list of trusted hosts is automatically generated from the following:

  • Configured hostname.
  • Configured DNS domain name.
  • Network interface IP addresses that have HTTP or HTTPS enabled.
  • HA management IP addresses.

Additional IP addresses and host or domain names that the GUI responded to can be defined in the GUI Access settings. See System access for more information.

Telnet

CLI access is available using telnet to the port1 interface IP address (192.168.1.99 by default). Use the telnet -K option so that telnet does not attempt to log on using your user ID. For example:

$ telnet -K 192.168.1.99

At the FortiAuthenticator login prompt, enter admin. By default there is no password. When you are finished, use the exit command to end the telnet session.

CLI access using Telnet is not enabled by default. To enable access, use the set ha-mgmt-access command in the CLI (see CLI commands), or enable Telnet access on the interface in the GUI (see Network).

SSH

SSH provides secure access to the CLI. Connect to the port1 interface IP address (192.168.1.99 by default). Specify the user name admin or SSH will attempt to log on with your user name. For example:

$ ssh admin@192.168.1.99

By default there is no password. When you are finished, use the exit command to end the session.

Note that, after three failed login attempts, the interface/connection will reset, and that SSH timeout is set to 60 seconds following an incomplete login or broken session.