Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiBranchSASE 7.6.5 CLI Reference
    7.6.5
    7.6.5
    7.6.4
    7.6.2
    7.6.0

    SSH access

    SSH access

    You can establish SSH access to the CLI by connecting your computer to the FortiBranchSASE using one of its network ports, either directly using a peer connection between the two or through any intermediary network.

    SSH must be enabled on the network interface that is associated with the physical network port that is being used.

    If your computer is not connected either directly or through a switch to the FortiBranchSASE, you must also configure the FortiBranchSASE using a static route that can forward packets from the FortiBranchSASE to the computer. This can be done using a local console connection or in the GUI.

    To connect to the FortiBranchSASE using SSH, you need:
    • A computer with an available serial communications (COM) port and an RJ-45 port
    • An appropriate console cable
    • A network cable
    • Terminal emulation software
    • Prior configuration of the operating mode, network interface, and static route.

    Enable SSH access to the CLI using a local console connection:

    1. Using the network cable, connect the FortiBranchSASE network port either directly to the network port on your computer or to a network through which your computer can reach the FortiBranchSASE.
    2. Note down the port number of the physical network port.
    3. Using the direct console connection, connect and log into the CLI.
    4. Enter the following command:
      config system interface
  edit <interface_str>
    set allowaccess ssh
  next 
end

      where <interface_str> is the name of the network interface associated with the physical network port, such as port4.

    5. Confirm the configuration using the following commands to show the interface settings, for example:

      config system interface
edit port4
    set type physical
    set status up
    set mode static
    set ip
    set gateway
    set mtu-override disable
    set distance 51
    set vrrp-virtual-mac enable
    config vrrp
        set status disable
    end
    set allowaccess ssh
next

    Access the FortiBranchSASE CLI using SSH

    Once the FortiBranchSASE is configured to accept SSH connections, use an SSH client on your management computer to connect to the CLI.

    The following instructions use PuTTy. The steps may vary in other terminal emulators.

    To connect to the CLI using SSH:
    1. On your management computer, start PuTTy.
    2. In the Host Name (or IP address) field, enter the IP address of the FortiBranchSASE network interface that you are connected to and has SSH access enabled.
    3. Set the port number to 22, if it is not automatically set.
    4. Set the connection type to SSH.

    5. Click Open.

      The SSH client starts to connect to the FortiBranchSASE.

      6. Note

      The SSH client may display a warning if this is the first time that you are connecting to the FortiBranchSASE and its SSH key is not yet recognized by the SSH client, or if you previously connected to the FortiBranchSASE using a different IP address or SSH key. This is normal if the management computer is directly connected to the FortiBranchSASE with no network hosts in between.
    6. Click Yes to accept the FortiBranchSASE's SSH key.

      7. The CLI will display the login prompt.

    7. Enter the administrator account name, such as admin, and press Enter.
    8. Enter the administrator account password and press Enter.

      9. The CLI console shows the command prompt (the FortiBranchSASE hostname followed by #). You can now enter CLI commands.

    Previous
    Next

    SSH access

    SSH access

    You can establish SSH access to the CLI by connecting your computer to the FortiBranchSASE using one of its network ports, either directly using a peer connection between the two or through any intermediary network.

    SSH must be enabled on the network interface that is associated with the physical network port that is being used.

    If your computer is not connected either directly or through a switch to the FortiBranchSASE, you must also configure the FortiBranchSASE using a static route that can forward packets from the FortiBranchSASE to the computer. This can be done using a local console connection or in the GUI.

    To connect to the FortiBranchSASE using SSH, you need:
    • A computer with an available serial communications (COM) port and an RJ-45 port
    • An appropriate console cable
    • A network cable
    • Terminal emulation software
    • Prior configuration of the operating mode, network interface, and static route.

    Enable SSH access to the CLI using a local console connection:

    1. Using the network cable, connect the FortiBranchSASE network port either directly to the network port on your computer or to a network through which your computer can reach the FortiBranchSASE.
    2. Note down the port number of the physical network port.
    3. Using the direct console connection, connect and log into the CLI.
    4. Enter the following command:
      config system interface
  edit <interface_str>
    set allowaccess ssh
  next 
end

      where <interface_str> is the name of the network interface associated with the physical network port, such as port4.

    5. Confirm the configuration using the following commands to show the interface settings, for example:

      config system interface
edit port4
    set type physical
    set status up
    set mode static
    set ip
    set gateway
    set mtu-override disable
    set distance 51
    set vrrp-virtual-mac enable
    config vrrp
        set status disable
    end
    set allowaccess ssh
next

    Access the FortiBranchSASE CLI using SSH

    Once the FortiBranchSASE is configured to accept SSH connections, use an SSH client on your management computer to connect to the CLI.

    The following instructions use PuTTy. The steps may vary in other terminal emulators.

    To connect to the CLI using SSH:
    1. On your management computer, start PuTTy.
    2. In the Host Name (or IP address) field, enter the IP address of the FortiBranchSASE network interface that you are connected to and has SSH access enabled.
    3. Set the port number to 22, if it is not automatically set.
    4. Set the connection type to SSH.

    5. Click Open.

      The SSH client starts to connect to the FortiBranchSASE.

      6. Note

      The SSH client may display a warning if this is the first time that you are connecting to the FortiBranchSASE and its SSH key is not yet recognized by the SSH client, or if you previously connected to the FortiBranchSASE using a different IP address or SSH key. This is normal if the management computer is directly connected to the FortiBranchSASE with no network hosts in between.
    6. Click Yes to accept the FortiBranchSASE's SSH key.

      7. The CLI will display the login prompt.

    7. Enter the administrator account name, such as admin, and press Enter.
    8. Enter the administrator account password and press Enter.

      9. The CLI console shows the command prompt (the FortiBranchSASE hostname followed by #). You can now enter CLI commands.

    Previous
    Next