Fortinet black logo

Handbook

6.3.3
7.0.0
6.6.3
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.1

Step 2: Configure the management interface

Step 2: Configure the management interface

You use the management port for remote administrator access from the web user interface (web UI) or command line interface (CLI).

Web UI

You configure the following basic settings to get started so that you can access the web UI from a remote location (like your desk):

  • Static route—Specify the gateway router for the management subnet so you can access the web UI from a host on your subnet.
  • IP address—Assign a static IP address for the management interface. The IP address is the host portion of the web UI URL. For example, the default IP address for the management interface is 192.168.1.99 and the default URL for the web UI is https://192.168.1.99.
  • Access—Services for administrative access. We recommend HTTPS, SSH, SNMP, PING.

Before you begin the management interface configuration:

  • You must know the IP address for the default gateway of the management subnet and the IP address you plan to assign the management interface.
  • For your initial setup, you must have access to the machine room in which the physical appliance has been installed. You must connect a cable to the management port to get started.
  • You need a laptop with an RJ-45 Ethernet network port, a crossover Ethernet cable, and a web browser (Microsoft Internet Explorer 8.0 or newer, or Mozilla Firefox 20 or newer). To minimize scrolling, the monitor resolution should be 1280 x 1024 or better.
  • Configure the laptop Ethernet port with the static IP address 192.168.1.2 and a netmask of 255.255.255.0. These settings enable you to access the web UI as if from the same subnet as the FortiDDoS in its factory configuration state.
  • Use the crossover cable to connect the laptop Ethernet port to the management port.
To connect to the web UI:
  1. On your laptop, open the following URL in your web browser:
    https://192.168.1.99/
    The system presents a self-signed security certificate, which it presents to clients whenever they initiate an HTTPS connection to it.
  2. Verify and accept the certificate, and acknowledge any warnings about self-signed certificates.

    3. The system displays the administrator login page.

  3. Enter the username admin and password fortinet.

The system displays the dashboard.

Note: It is not recommended to use Internet Explorer version 9 and 10. If you login to FortiDDoS GUI on Internet Explorer 11 from Windows 10 system, perform the following actions on IE 11 browser settings:

  1. Go to Settings > Internet options.
  2. Click Settings under Browsing history.
  3. Select 'Every time I visit the webpage' option under 'Check for newer versions of stored pages:'.
To configure a static route:
To configure the IP address and access services:
  1. Go to System > Network > Interface.
  2. Double-click the row for mgmt1 to display the configuration editor.
  3. Use CIDR notation to specify the IP address/netmask, and enable services related to administrative access.
  4. Save the configuration.

The system processes the update and disconnects your HTTP session because the interface has a new IP address and therefore the web UI has a new URL. At this point, you should be able to connect to the web UI from a host on the management subnet you just configured. You can go back to your desk to verify connectivity by attempting to open the web UI at the new address. You could see the status of configuration and link under Configured Status and Link Status column.

For more details, refer to Configuring network interfaces.

To complete the procedures in this section using the CLI:
  1. Use an SSH client such as PuTTY to make an SSH connection to 192.168.1.99 (port 22).
  2. Acknowledge any warnings and verify and accept the SSH key.

    3. The system displays the administrator login prompt.

  3. Enter the username admin and no password.
  4. Use the following command sequence to configure the static route:

    5. config system default-gateway

    edit 1

    set gateway 172.30.153.254

    end

  5. Use the following command sequence to configure the management interface:

config system interface

edit mgmt1

set ip <address/mask>

set allowaccess {https ping ssh snmp http telnet sql}

end

The system processes the update and disconnects your SSH session because the interface has a new IP address. At this point, you should be able to connect to the CLI from a host on the management subnet you just configured. You can go back to your desk to verify the configuration.

Previous
Next

Step 2: Configure the management interface

You use the management port for remote administrator access from the web user interface (web UI) or command line interface (CLI).

Web UI

You configure the following basic settings to get started so that you can access the web UI from a remote location (like your desk):

  • Static route—Specify the gateway router for the management subnet so you can access the web UI from a host on your subnet.
  • IP address—Assign a static IP address for the management interface. The IP address is the host portion of the web UI URL. For example, the default IP address for the management interface is 192.168.1.99 and the default URL for the web UI is https://192.168.1.99.
  • Access—Services for administrative access. We recommend HTTPS, SSH, SNMP, PING.

Before you begin the management interface configuration:

  • You must know the IP address for the default gateway of the management subnet and the IP address you plan to assign the management interface.
  • For your initial setup, you must have access to the machine room in which the physical appliance has been installed. You must connect a cable to the management port to get started.
  • You need a laptop with an RJ-45 Ethernet network port, a crossover Ethernet cable, and a web browser (Microsoft Internet Explorer 8.0 or newer, or Mozilla Firefox 20 or newer). To minimize scrolling, the monitor resolution should be 1280 x 1024 or better.
  • Configure the laptop Ethernet port with the static IP address 192.168.1.2 and a netmask of 255.255.255.0. These settings enable you to access the web UI as if from the same subnet as the FortiDDoS in its factory configuration state.
  • Use the crossover cable to connect the laptop Ethernet port to the management port.
To connect to the web UI:
  1. On your laptop, open the following URL in your web browser:
    https://192.168.1.99/
    The system presents a self-signed security certificate, which it presents to clients whenever they initiate an HTTPS connection to it.
  2. Verify and accept the certificate, and acknowledge any warnings about self-signed certificates.

    3. The system displays the administrator login page.

  3. Enter the username admin and password fortinet.

The system displays the dashboard.

Note: It is not recommended to use Internet Explorer version 9 and 10. If you login to FortiDDoS GUI on Internet Explorer 11 from Windows 10 system, perform the following actions on IE 11 browser settings:

  1. Go to Settings > Internet options.
  2. Click Settings under Browsing history.
  3. Select 'Every time I visit the webpage' option under 'Check for newer versions of stored pages:'.
To configure a static route:
To configure the IP address and access services:
  1. Go to System > Network > Interface.
  2. Double-click the row for mgmt1 to display the configuration editor.
  3. Use CIDR notation to specify the IP address/netmask, and enable services related to administrative access.
  4. Save the configuration.

The system processes the update and disconnects your HTTP session because the interface has a new IP address and therefore the web UI has a new URL. At this point, you should be able to connect to the web UI from a host on the management subnet you just configured. You can go back to your desk to verify connectivity by attempting to open the web UI at the new address. You could see the status of configuration and link under Configured Status and Link Status column.

For more details, refer to Configuring network interfaces.

To complete the procedures in this section using the CLI:
  1. Use an SSH client such as PuTTY to make an SSH connection to 192.168.1.99 (port 22).
  2. Acknowledge any warnings and verify and accept the SSH key.

    3. The system displays the administrator login prompt.

  3. Enter the username admin and no password.
  4. Use the following command sequence to configure the static route:

    5. config system default-gateway

    edit 1

    set gateway 172.30.153.254

    end

  5. Use the following command sequence to configure the management interface:

config system interface

edit mgmt1

set ip <address/mask>

set allowaccess {https ping ssh snmp http telnet sql}

end

The system processes the update and disconnects your SSH session because the interface has a new IP address. At this point, you should be able to connect to the CLI from a host on the management subnet you just configured. You can go back to your desk to verify the configuration.

Previous
Next