Fortinet/General

From r00tedvw.com wiki
(Difference between revisions)
Jump to: navigation, search
(Connection)
 
(31 intermediate revisions by one user not shown)
Line 1: Line 1:
 +
==Reference Material==
 +
[http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/cb_intro.html FOS cookbook]<br>
 +
[http://docs-legacy.fortinet.com/fweb/5-1-2/cli/index.html#page/FortiWeb%20CLI%20Reference/system_global.html Fortinet CLI Reference]
 
==Connecting==
 
==Connecting==
 +
All information about connecting was obtained from [http://pbxbook.com/other/mac-tty.html this site]
 
===MAC OSX===
 
===MAC OSX===
 
====Requirements====
 
====Requirements====
*USB to Serial adapter (unless your MAC has a serial port)
+
*USB to Serial adapter & software if needed (unless your MAC has a serial port)
 
*Console Cable
 
*Console Cable
 +
====Software====
 +
The one you need may be listed or you may have to find it yourself.  <br>
 +
[[:File:USA-19HS-Driver-v4-Mac-OS-X-10.9-10.10.zip|Keyspan]]<br>
 +
[[:File:FTDI MacOSX v2.2.18.zip|FTDI USB Serial]]<br>
 +
[[:File:PL2303 MacOSX v1 5 1.zip|Prolific PL2303]]<br>
  
 
====Personal Use====
 
====Personal Use====
 
I use the following equipment:
 
I use the following equipment:
*Macbook Pro 2011 [[File:Macbook pro 15 inch (2011).jpg|thumb|right]]
+
{|
*Keyspan USA-19HS [[File:Keyspan_usa_19hs.jpg|thumb|right]]
+
|
*Fortinet Console Cable [[File:Fortinet-Console-Cable1.jpg|thumb|right]]
+
*Macbook Pro 2011  
 +
*Keyspan USA-19HS
 +
*Fortinet Console Cable
 +
|[[File:Macbook pro 15 inch (2011).jpg|thumb]]
 +
|[[File:Keyspan_usa_19hs.jpg|thumb]]
 +
|[[File:Fortinet-Console-Cable1.jpg|thumb]]
 +
|}
 +
====Connection====
 +
After installing the appropriate USB to Serial Driver, plug in your USB to Serial device and then check to see if it is properly recognized.
 +
Open Terminal
 +
~$ ls /dev/cu.*
 +
/dev/cu.Bluetooth-Incoming-Port /dev/cu.KeySerial1
 +
/dev/cu.Bluetooth-Modem /dev/cu.USA19Hfa13P1.1
 +
Look for something similar to USB, Serial, or the name of your device.  In the case above, the correct selection is
 +
/dev/cu.USA19Hfa13P1.1
 +
Connect the console cable to the Fortigate device.  Do not connect power yet.<br>
 +
Start the connection with:
 +
~$ screen /dev/cu.USA19Hfa13P1.1 9600
 +
(screen device baudrate)
 +
Connect power to the Forigate device.<br>
 +
''You may have to hit enter'' before the FGT login prompt appears<br>
 +
At this point you should see the following:
 +
FGT-60XXXXXXXXXX login:
 +
 
 +
====Disconnecting====
 +
If you disconnect by closing the terminal window, you'll need to unplug the USB to serial device and reconnect it as the hardware will still be dedicated to the old session.
 +
===Windows===
 +
==Lost Admin Password==
 +
Information obtained from [http://docs.fortinet.com/uploaded/files/1708/Resetting_a_lost_admin_password.pdf this site]<br>
 +
Follow the steps to connect ([[Fortinet/General#Connection|Mac]]) as listed above.<br>
 +
Once connected and at the login screen, plug the power cable on the Fortigate Firewall and wait (10) seconds, then plug it back in.  You should see something like this:
 +
FGT-60XXXXXXXXXX login: FGT60 (11:24-04.25.2005)
 +
Ver:04000000
 +
Serial number:FGT-60XXXXXXXXXX
 +
RAM activation
 +
Total RAM: 128MB
 +
Enabling cache...Done.
 +
Scanning PCI bus...Done.
 +
Allocating PCI resources...Done.
 +
Enabling PCI resources...Done.
 +
Zeroing IRQ settings...Done.
 +
Verifying PIRQ tables...Done.
 +
Boot up, boot device capacity: 30MB.
 +
Press any key to display configuration menu...
 +
......
 +
 +
Reading boot image 1340164 bytes.
 +
Initializing firewall...
 +
System is started.
 +
Username is: '''maintainer'''<br>
 +
Password is: '''bcpb + serial number'''
 +
ie. bcpbFGT60C3G10016011
 +
ie. bcpbFTG-602505516011
 +
The serial number has to be (13) characters.  If it is only (12), you have to add a dash (-) like I did with the second example.<br>
 +
Also, the username/password '''MUST''' be entered in within 14 seconds of the login prompt.  copy and paste is recommended.
 +
===Reset admin - no vdoms===
 +
Once logged in with the maintainer account, do the following
 +
config system admin
 +
edit admin
 +
set password <psswrd>
 +
end
 +
===Reset admin - vdoms===
 +
config global
 +
config system admin
 +
edit admin
 +
set password <psswrd>
 +
end
 +
 
 +
==Maintainer Account==
 +
Information obtained from [http://docs.fortinet.com/uploaded/files/1708/Resetting_a_lost_admin_password.pdf this site]<br>
 +
Used for emergencies, can only be logged into within (14) seconds of boot up<br>
 +
===Enable===
 +
Once logged in with an admin account:
 +
config system global
 +
set admin-maintainer enable
 +
end
 +
 
 +
===Disable===
 +
Once logged in with an admin account:
 +
config system global
 +
set admin-maintainer disable
 +
end

Latest revision as of 16:47, 26 December 2015

Contents

[edit] Reference Material

FOS cookbook
Fortinet CLI Reference

[edit] Connecting

All information about connecting was obtained from this site

[edit] MAC OSX

[edit] Requirements

  • USB to Serial adapter & software if needed (unless your MAC has a serial port)
  • Console Cable

[edit] Software

The one you need may be listed or you may have to find it yourself.
Keyspan
FTDI USB Serial
Prolific PL2303

[edit] Personal Use

I use the following equipment:

  • Macbook Pro 2011
  • Keyspan USA-19HS
  • Fortinet Console Cable
Macbook pro 15 inch (2011).jpg
Keyspan usa 19hs.jpg
Fortinet-Console-Cable1.jpg

[edit] Connection

After installing the appropriate USB to Serial Driver, plug in your USB to Serial device and then check to see if it is properly recognized. 

Open Terminal
~$ ls /dev/cu.*
/dev/cu.Bluetooth-Incoming-Port	/dev/cu.KeySerial1
/dev/cu.Bluetooth-Modem		/dev/cu.USA19Hfa13P1.1

Look for something similar to USB, Serial, or the name of your device. In the case above, the correct selection is 

/dev/cu.USA19Hfa13P1.1

Connect the console cable to the Fortigate device. Do not connect power yet.
Start the connection with: 

~$ screen /dev/cu.USA19Hfa13P1.1 9600
(screen device baudrate)

Connect power to the Forigate device.
You may have to hit enter before the FGT login prompt appears
At this point you should see the following: 

FGT-60XXXXXXXXXX login:

[edit] Disconnecting

If you disconnect by closing the terminal window, you'll need to unplug the USB to serial device and reconnect it as the hardware will still be dedicated to the old session.

[edit] Windows

[edit] Lost Admin Password

Information obtained from this site
Follow the steps to connect (Mac) as listed above.
Once connected and at the login screen, plug the power cable on the Fortigate Firewall and wait (10) seconds, then plug it back in. You should see something like this: 

FGT-60XXXXXXXXXX login: FGT60 (11:24-04.25.2005)
Ver:04000000
Serial number:FGT-60XXXXXXXXXX
RAM activation
Total RAM: 128MB
Enabling cache...Done.
Scanning PCI bus...Done.
Allocating PCI resources...Done.
Enabling PCI resources...Done.
Zeroing IRQ settings...Done.
Verifying PIRQ tables...Done.
Boot up, boot device capacity: 30MB.
Press any key to display configuration menu...
......

Reading boot image 1340164 bytes.
Initializing firewall...
System is started.

Username is: maintainer
Password is: bcpb + serial number 

ie. bcpbFGT60C3G10016011
ie. bcpbFTG-602505516011

The serial number has to be (13) characters. If it is only (12), you have to add a dash (-) like I did with the second example.
Also, the username/password MUST be entered in within 14 seconds of the login prompt. copy and paste is recommended.

[edit] Reset admin - no vdoms

Once logged in with the maintainer account, do the following 

config system admin
edit admin
set password <psswrd>
end

[edit] Reset admin - vdoms

config global
config system admin
edit admin
set password <psswrd>
end

[edit] Maintainer Account

Information obtained from this site
Used for emergencies, can only be logged into within (14) seconds of boot up

[edit] Enable

Once logged in with an admin account: 

config system global 
set admin-maintainer enable
end

[edit] Disable

Once logged in with an admin account: 

config system global
set admin-maintainer disable
end
Retrieved from "https://wiki.r00tedvw.com/index.php?title=Fortinet/General&oldid=1133"
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
2020 Election
Volkswagen
Covid
NCDMV
Toolbox