Fortinet black logo

Handbook

Step 2: Configure the management interface

Step 2: Configure the management interface

You use the management port for administrator access. It is also used for management traffic (such as SNMP or syslog). If your appliance has a dedicated management port, that is the port you configure as the management interface; otherwise, it is the convention to use port1 for the management interface.

You configure the following basic settings to get started so that you can access the web UI from a remote location (like your desk):

  • Static route—Specify the gateway router for the management subnet so you can access the web UI from a host on your subnet.
  • IP address—You typically assign a static IP address for the management interface. The IP address is the host portion of the web UI URL. For example, the default IP address for the management interface is 192.168.1.99 and the default URL for the web UI is https://192.168.1.99.
  • Access—Services for administrative access. We recommend HTTPS, SSH, SNMP, PING.

Before you begin:

  • You must know the IP address for the default gateway of the management subnet and the IP address that you plan to assign the management interface.
  • You need access to the machine room in which a physical appliance has been installed. With physical appliances, you must connect a cable to the management port to get started.
  • You need a laptop with an RJ-45 Ethernet network port, a crossover Ethernet cable, and a web browser (a recent version of Chrome or Firefox).
  • Configure the laptop Ethernet port with the static IP address 192.168.1.2 and a netmask of 255.255.255.0. These settings enable you to access the FortiADC web UI as if from the same subnet as the FortiADC in its factory configuration state.
To connect to the web UI:
  1. Use the crossover cable to connect the laptop Ethernet port to the FortiADC management port.
  2. On your laptop, open the following URL in your web browser:
  3. https://192.168.1.99/

    The system presents a self-signed security certificate, which it presents to clients whenever they initiate an HTTPS connection to it.

  4. Verify and accept the certificate, and acknowledge any warnings about self-signed certificates.
  5. The system displays the administrator login page. See Login page.

    Login page

  6. Enter the username admin and set up a new password.

The system displays the dashboard. See Dashboard after initial login.

Dashboard after initial login

To complete the procedures in this section using the CLI:
  1. Use an SSH client such as PuTTY to make an SSH connection to 192.168.1.99 (port 22).
  2. Acknowledge any warnings and verify and accept the FortiADC SSH key.
  3. Enter the username admin and create a new password.
  4. Use the following command sequence to configure the static route:
  5. config router static

    edit 1

    set gateway <gateway_ipv4>

    end

    end

  6. Use the following command sequence to configure the management interface:

    config system interface

    edit <interface_name>

    set ip <ip&netmask>

    set allowaccess {http https ping snmp ssh telnet}

    end

    end

    The system processes the update and disconnects your SSH session because the interface has a new IP address. At this point, you should be able to connect to the CLI from a host on the management subnet you just configured. You can verify the configuration remotely.

Step 2: Configure the management interface

You use the management port for administrator access. It is also used for management traffic (such as SNMP or syslog). If your appliance has a dedicated management port, that is the port you configure as the management interface; otherwise, it is the convention to use port1 for the management interface.

You configure the following basic settings to get started so that you can access the web UI from a remote location (like your desk):

  • Static route—Specify the gateway router for the management subnet so you can access the web UI from a host on your subnet.
  • IP address—You typically assign a static IP address for the management interface. The IP address is the host portion of the web UI URL. For example, the default IP address for the management interface is 192.168.1.99 and the default URL for the web UI is https://192.168.1.99.
  • Access—Services for administrative access. We recommend HTTPS, SSH, SNMP, PING.

Before you begin:

  • You must know the IP address for the default gateway of the management subnet and the IP address that you plan to assign the management interface.
  • You need access to the machine room in which a physical appliance has been installed. With physical appliances, you must connect a cable to the management port to get started.
  • You need a laptop with an RJ-45 Ethernet network port, a crossover Ethernet cable, and a web browser (a recent version of Chrome or Firefox).
  • Configure the laptop Ethernet port with the static IP address 192.168.1.2 and a netmask of 255.255.255.0. These settings enable you to access the FortiADC web UI as if from the same subnet as the FortiADC in its factory configuration state.
To connect to the web UI:
  1. Use the crossover cable to connect the laptop Ethernet port to the FortiADC management port.
  2. On your laptop, open the following URL in your web browser:
  3. https://192.168.1.99/

    The system presents a self-signed security certificate, which it presents to clients whenever they initiate an HTTPS connection to it.

  4. Verify and accept the certificate, and acknowledge any warnings about self-signed certificates.
  5. The system displays the administrator login page. See Login page.

    Login page

  6. Enter the username admin and set up a new password.

The system displays the dashboard. See Dashboard after initial login.

Dashboard after initial login

To complete the procedures in this section using the CLI:
  1. Use an SSH client such as PuTTY to make an SSH connection to 192.168.1.99 (port 22).
  2. Acknowledge any warnings and verify and accept the FortiADC SSH key.
  3. Enter the username admin and create a new password.
  4. Use the following command sequence to configure the static route:
  5. config router static

    edit 1

    set gateway <gateway_ipv4>

    end

    end

  6. Use the following command sequence to configure the management interface:

    config system interface

    edit <interface_name>

    set ip <ip&netmask>

    set allowaccess {http https ping snmp ssh telnet}

    end

    end

    The system processes the update and disconnects your SSH session because the interface has a new IP address. At this point, you should be able to connect to the CLI from a host on the management subnet you just configured. You can verify the configuration remotely.