Fortinet/General

From r00tedvw.com wiki
Jump to: navigation, search

Contents

Reference Material

FOS cookbook
Fortinet CLI Reference

Connecting

All information about connecting was obtained from this site

MAC OSX

Requirements

  • USB to Serial adapter & software if needed (unless your MAC has a serial port)
  • Console Cable

Software

The one you need may be listed or you may have to find it yourself.
Keyspan
FTDI USB Serial
Prolific PL2303

Personal Use

I use the following equipment:

  • Macbook Pro 2011
  • Keyspan USA-19HS
  • Fortinet Console Cable
Macbook pro 15 inch (2011).jpg
Keyspan usa 19hs.jpg
Fortinet-Console-Cable1.jpg

Connection

After installing the appropriate USB to Serial Driver, plug in your USB to Serial device and then check to see if it is properly recognized.

Open Terminal
~$ ls /dev/cu.*
/dev/cu.Bluetooth-Incoming-Port	/dev/cu.KeySerial1
/dev/cu.Bluetooth-Modem		/dev/cu.USA19Hfa13P1.1

Look for something similar to USB, Serial, or the name of your device. In the case above, the correct selection is

/dev/cu.USA19Hfa13P1.1

Connect the console cable to the Fortigate device. Do not connect power yet.
Start the connection with:

~$ screen /dev/cu.USA19Hfa13P1.1 9600
(screen device baudrate)

Connect power to the Forigate device.
You may have to hit enter before the FGT login prompt appears
At this point you should see the following:

FGT-60XXXXXXXXXX login:

Disconnecting

If you disconnect by closing the terminal window, you'll need to unplug the USB to serial device and reconnect it as the hardware will still be dedicated to the old session.

Windows

Lost Admin Password

Information obtained from this site
Follow the steps to connect (Mac) as listed above.
Once connected and at the login screen, plug the power cable on the Fortigate Firewall and wait (10) seconds, then plug it back in. You should see something like this:

FGT-60XXXXXXXXXX login: FGT60 (11:24-04.25.2005)
Ver:04000000
Serial number:FGT-60XXXXXXXXXX
RAM activation
Total RAM: 128MB
Enabling cache...Done.
Scanning PCI bus...Done.
Allocating PCI resources...Done.
Enabling PCI resources...Done.
Zeroing IRQ settings...Done.
Verifying PIRQ tables...Done.
Boot up, boot device capacity: 30MB.
Press any key to display configuration menu...
......

Reading boot image 1340164 bytes.
Initializing firewall...
System is started.

Username is: maintainer
Password is: bcpb + serial number

ie. bcpbFGT60C3G10016011
ie. bcpbFTG-602505516011

The serial number has to be (13) characters. If it is only (12), you have to add a dash (-) like I did with the second example.
Also, the username/password MUST be entered in within 14 seconds of the login prompt. copy and paste is recommended.

Reset admin - no vdoms

Once logged in with the maintainer account, do the following

config system admin
edit admin
set password <psswrd>
end

Reset admin - vdoms

config global
config system admin
edit admin
set password <psswrd>
end

Maintainer Account

Information obtained from this site
Used for emergencies, can only be logged into within (14) seconds of boot up

Enable

Once logged in with an admin account:

config system global 
set admin-maintainer enable
end

Disable

Once logged in with an admin account:

config system global
set admin-maintainer disable
end
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Ubuntu
Oracle Linux
AWS
Windows
OpenVPN
Grafana
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
MetaSploit
Zoneminder
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Toolbox