Fortinet/General
(→Connection) |
|||
(12 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
+ | ==Reference Material== | ||
+ | [http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/cb_intro.html FOS cookbook]<br> | ||
+ | [http://docs-legacy.fortinet.com/fweb/5-1-2/cli/index.html#page/FortiWeb%20CLI%20Reference/system_global.html Fortinet CLI Reference] | ||
==Connecting== | ==Connecting== | ||
+ | All information about connecting was obtained from [http://pbxbook.com/other/mac-tty.html this site] | ||
===MAC OSX=== | ===MAC OSX=== | ||
====Requirements==== | ====Requirements==== | ||
Line 5: | Line 9: | ||
*Console Cable | *Console Cable | ||
====Software==== | ====Software==== | ||
+ | The one you need may be listed or you may have to find it yourself. <br> | ||
[[:File:USA-19HS-Driver-v4-Mac-OS-X-10.9-10.10.zip|Keyspan]]<br> | [[:File:USA-19HS-Driver-v4-Mac-OS-X-10.9-10.10.zip|Keyspan]]<br> | ||
[[:File:FTDI MacOSX v2.2.18.zip|FTDI USB Serial]]<br> | [[:File:FTDI MacOSX v2.2.18.zip|FTDI USB Serial]]<br> | ||
[[:File:PL2303 MacOSX v1 5 1.zip|Prolific PL2303]]<br> | [[:File:PL2303 MacOSX v1 5 1.zip|Prolific PL2303]]<br> | ||
+ | |||
====Personal Use==== | ====Personal Use==== | ||
I use the following equipment: | I use the following equipment: | ||
Line 27: | Line 33: | ||
Look for something similar to USB, Serial, or the name of your device. In the case above, the correct selection is | Look for something similar to USB, Serial, or the name of your device. In the case above, the correct selection is | ||
/dev/cu.USA19Hfa13P1.1 | /dev/cu.USA19Hfa13P1.1 | ||
+ | Connect the console cable to the Fortigate device. Do not connect power yet.<br> | ||
Start the connection with: | Start the connection with: | ||
~$ screen /dev/cu.USA19Hfa13P1.1 9600 | ~$ screen /dev/cu.USA19Hfa13P1.1 9600 | ||
(screen device baudrate) | (screen device baudrate) | ||
+ | Connect power to the Forigate device.<br> | ||
''You may have to hit enter'' before the FGT login prompt appears<br> | ''You may have to hit enter'' before the FGT login prompt appears<br> | ||
At this point you should see the following: | At this point you should see the following: | ||
− | FGT- | + | FGT-60XXXXXXXXXX login: |
+ | |||
====Disconnecting==== | ====Disconnecting==== | ||
If you disconnect by closing the terminal window, you'll need to unplug the USB to serial device and reconnect it as the hardware will still be dedicated to the old session. | If you disconnect by closing the terminal window, you'll need to unplug the USB to serial device and reconnect it as the hardware will still be dedicated to the old session. | ||
===Windows=== | ===Windows=== | ||
==Lost Admin Password== | ==Lost Admin Password== | ||
− | Follow the steps to connect ([[Fortinet/General#Connection|Mac]]) as listed above. | + | Information obtained from [http://docs.fortinet.com/uploaded/files/1708/Resetting_a_lost_admin_password.pdf this site]<br> |
+ | Follow the steps to connect ([[Fortinet/General#Connection|Mac]]) as listed above.<br> | ||
+ | Once connected and at the login screen, plug the power cable on the Fortigate Firewall and wait (10) seconds, then plug it back in. You should see something like this: | ||
+ | FGT-60XXXXXXXXXX login: FGT60 (11:24-04.25.2005) | ||
+ | Ver:04000000 | ||
+ | Serial number:FGT-60XXXXXXXXXX | ||
+ | RAM activation | ||
+ | Total RAM: 128MB | ||
+ | Enabling cache...Done. | ||
+ | Scanning PCI bus...Done. | ||
+ | Allocating PCI resources...Done. | ||
+ | Enabling PCI resources...Done. | ||
+ | Zeroing IRQ settings...Done. | ||
+ | Verifying PIRQ tables...Done. | ||
+ | Boot up, boot device capacity: 30MB. | ||
+ | Press any key to display configuration menu... | ||
+ | ...... | ||
+ | |||
+ | Reading boot image 1340164 bytes. | ||
+ | Initializing firewall... | ||
+ | System is started. | ||
+ | Username is: '''maintainer'''<br> | ||
+ | Password is: '''bcpb + serial number''' | ||
+ | ie. bcpbFGT60C3G10016011 | ||
+ | ie. bcpbFTG-602505516011 | ||
+ | The serial number has to be (13) characters. If it is only (12), you have to add a dash (-) like I did with the second example.<br> | ||
+ | Also, the username/password '''MUST''' be entered in within 14 seconds of the login prompt. copy and paste is recommended. | ||
+ | ===Reset admin - no vdoms=== | ||
+ | Once logged in with the maintainer account, do the following | ||
+ | config system admin | ||
+ | edit admin | ||
+ | set password <psswrd> | ||
+ | end | ||
+ | ===Reset admin - vdoms=== | ||
+ | config global | ||
+ | config system admin | ||
+ | edit admin | ||
+ | set password <psswrd> | ||
+ | end | ||
+ | |||
+ | ==Maintainer Account== | ||
+ | Information obtained from [http://docs.fortinet.com/uploaded/files/1708/Resetting_a_lost_admin_password.pdf this site]<br> | ||
+ | Used for emergencies, can only be logged into within (14) seconds of boot up<br> | ||
+ | ===Enable=== | ||
+ | Once logged in with an admin account: | ||
+ | config system global | ||
+ | set admin-maintainer enable | ||
+ | end | ||
+ | |||
+ | ===Disable=== | ||
+ | Once logged in with an admin account: | ||
+ | config system global | ||
+ | set admin-maintainer disable | ||
+ | end |
Latest revision as of 16:47, 26 December 2015
Contents |
[edit] Reference Material
FOS cookbook
Fortinet CLI Reference
[edit] Connecting
All information about connecting was obtained from this site
[edit] MAC OSX
[edit] Requirements
- USB to Serial adapter & software if needed (unless your MAC has a serial port)
- Console Cable
[edit] Software
The one you need may be listed or you may have to find it yourself.
Keyspan
FTDI USB Serial
Prolific PL2303
[edit] Personal Use
I use the following equipment:
|
[edit] Connection
After installing the appropriate USB to Serial Driver, plug in your USB to Serial device and then check to see if it is properly recognized.
Open Terminal ~$ ls /dev/cu.* /dev/cu.Bluetooth-Incoming-Port /dev/cu.KeySerial1 /dev/cu.Bluetooth-Modem /dev/cu.USA19Hfa13P1.1
Look for something similar to USB, Serial, or the name of your device. In the case above, the correct selection is
/dev/cu.USA19Hfa13P1.1
Connect the console cable to the Fortigate device. Do not connect power yet.
Start the connection with:
~$ screen /dev/cu.USA19Hfa13P1.1 9600 (screen device baudrate)
Connect power to the Forigate device.
You may have to hit enter before the FGT login prompt appears
At this point you should see the following:
FGT-60XXXXXXXXXX login:
[edit] Disconnecting
If you disconnect by closing the terminal window, you'll need to unplug the USB to serial device and reconnect it as the hardware will still be dedicated to the old session.
[edit] Windows
[edit] Lost Admin Password
Information obtained from this site
Follow the steps to connect (Mac) as listed above.
Once connected and at the login screen, plug the power cable on the Fortigate Firewall and wait (10) seconds, then plug it back in. You should see something like this:
FGT-60XXXXXXXXXX login: FGT60 (11:24-04.25.2005) Ver:04000000 Serial number:FGT-60XXXXXXXXXX RAM activation Total RAM: 128MB Enabling cache...Done. Scanning PCI bus...Done. Allocating PCI resources...Done. Enabling PCI resources...Done. Zeroing IRQ settings...Done. Verifying PIRQ tables...Done. Boot up, boot device capacity: 30MB. Press any key to display configuration menu... ...... Reading boot image 1340164 bytes. Initializing firewall... System is started.
Username is: maintainer
Password is: bcpb + serial number
ie. bcpbFGT60C3G10016011 ie. bcpbFTG-602505516011
The serial number has to be (13) characters. If it is only (12), you have to add a dash (-) like I did with the second example.
Also, the username/password MUST be entered in within 14 seconds of the login prompt. copy and paste is recommended.
[edit] Reset admin - no vdoms
Once logged in with the maintainer account, do the following
config system admin edit admin set password <psswrd> end
[edit] Reset admin - vdoms
config global config system admin edit admin set password <psswrd> end
[edit] Maintainer Account
Information obtained from this site
Used for emergencies, can only be logged into within (14) seconds of boot up
[edit] Enable
Once logged in with an admin account:
config system global set admin-maintainer enable end
[edit] Disable
Once logged in with an admin account:
config system global set admin-maintainer disable end