Fortinet white logo
Fortinet white logo

Configuring access to FortiWeb’s web UI & CLI

Configuring access to FortiWeb’s web UI & CLI

For hypervisor deployments, after the virtual appliance is powered on, you log in to the FortiWeb-VM command line interface (CLI) via the console and configure basic network settings so that you can connect to the appliance’s web UI, CLI, or both through your management computer’s network connection.

To configure basic network settings for FortiWeb-VM deployed on a hypervisor
  1. On your management computer, start the following according to the VM environment in which you have deployed FortiWeb-VM:
  • KVM Virtual Machine Manager (virt-manager)
  • Log in to the VM server.
  • Open the console of the FortiWeb-VM virtual appliance.
  • On KVM Virtual Machine Manager:

    • In the name list pane, select the name of the virtual appliance, such as KVM-602.
    • Click Open.
  • At the login prompt for the local console, type:
  • admin

  • Press Enter twice. (Initially, there is no password.)
  • Configure the IP address and netmask of the network interface named port1, or whichever network interface maps to the network physically connected to your management computer. Type:

    config system interface

    edit port1

    set ip <address_ip> <netmask_ip>

    end

    where:

    • <address_ip> is the IPv4 or IPv6 address assigned to the network interface, such as 192.168.1.99; the correct IP will vary by your configuration of the vNetwork (see Mapping the virtual NICs (vNICs) to physical NICs)
    • <netmask_ip> is its netmask in dotted decimal format, such as 255.255.255.0 (alternatively, append a CIDR-style subnet such as /24 to the IP)
  • Configure the primary and secondary DNS server IP addresses. Type:

    config system dns

    set primary <dns_ip>

    set secondary <dns_ip>

    end

    where <dns_ip> is the IPv4 or IPv6 address of a DNS server.

  • Configure a static route with the default gateway. Type:

    config router static

    edit 0

    set gateway <router_ip>

    set device port1

    end

    where <router_ip> is the IP address of the gateway router.

    You should now be able to connect via the network from your management computer to port1 of FortiWeb-VM using:

    • a web browser for the web UI (e.g. If port1 has the IP address 192.168.1.1, go to https://192.168.1.1/)
    • an SSH client for the CLI (e.g. If port1 has the IP address 192.168.1.1, connect to 192.168.1.1 on port 22.)
    When connecting to the web UI via HTTPS, if you cannot get a connection, verify that your computer’s time zone matches the appliance’s configured system time. For more first-time connection troubleshooting, or instructions on how to configure the time and time zone, see the FortiWeb Administration Guide.


    In versions earlier than 6.3.6, enabling HA requires all interfaces to enable DHCP mode. From 6.3.6, only port1 is required to enable DHCP mode.

  • Continue by uploading the license file. (See Uploading the license. For the FortiWeb Manager license, see the FortiWeb Manager Administration Guide.)

    If you are using the 15-day free trial license and do not yet have a paid license file, you can continue instead with What’s next?.

    When the 15-day free trial license expires, you will not be able to perform any actions in the web UI until a license has been uploaded. After a valid license has been uploaded, the web UI and the CLI will be unlocked and fully functional.

    The trial period begins the first time you power on your FortiWeb-VM virtual appliance. You can upgrade the trial license to a purchased one at any time during or after the trial period by uploading the license file via the License Information widget in the dashboard of the web UI. For instructions, see Uploading the license.

  • Configuring access to FortiWeb’s web UI & CLI

    Configuring access to FortiWeb’s web UI & CLI

    For hypervisor deployments, after the virtual appliance is powered on, you log in to the FortiWeb-VM command line interface (CLI) via the console and configure basic network settings so that you can connect to the appliance’s web UI, CLI, or both through your management computer’s network connection.

    To configure basic network settings for FortiWeb-VM deployed on a hypervisor
    1. On your management computer, start the following according to the VM environment in which you have deployed FortiWeb-VM:
    • KVM Virtual Machine Manager (virt-manager)
  • Log in to the VM server.
  • Open the console of the FortiWeb-VM virtual appliance.
  • On KVM Virtual Machine Manager:

    • In the name list pane, select the name of the virtual appliance, such as KVM-602.
    • Click Open.
  • At the login prompt for the local console, type:
  • admin

  • Press Enter twice. (Initially, there is no password.)
  • Configure the IP address and netmask of the network interface named port1, or whichever network interface maps to the network physically connected to your management computer. Type:

    config system interface

    edit port1

    set ip <address_ip> <netmask_ip>

    end

    where:

    • <address_ip> is the IPv4 or IPv6 address assigned to the network interface, such as 192.168.1.99; the correct IP will vary by your configuration of the vNetwork (see Mapping the virtual NICs (vNICs) to physical NICs)
    • <netmask_ip> is its netmask in dotted decimal format, such as 255.255.255.0 (alternatively, append a CIDR-style subnet such as /24 to the IP)
  • Configure the primary and secondary DNS server IP addresses. Type:

    config system dns

    set primary <dns_ip>

    set secondary <dns_ip>

    end

    where <dns_ip> is the IPv4 or IPv6 address of a DNS server.

  • Configure a static route with the default gateway. Type:

    config router static

    edit 0

    set gateway <router_ip>

    set device port1

    end

    where <router_ip> is the IP address of the gateway router.

    You should now be able to connect via the network from your management computer to port1 of FortiWeb-VM using:

    • a web browser for the web UI (e.g. If port1 has the IP address 192.168.1.1, go to https://192.168.1.1/)
    • an SSH client for the CLI (e.g. If port1 has the IP address 192.168.1.1, connect to 192.168.1.1 on port 22.)
    When connecting to the web UI via HTTPS, if you cannot get a connection, verify that your computer’s time zone matches the appliance’s configured system time. For more first-time connection troubleshooting, or instructions on how to configure the time and time zone, see the FortiWeb Administration Guide.


    In versions earlier than 6.3.6, enabling HA requires all interfaces to enable DHCP mode. From 6.3.6, only port1 is required to enable DHCP mode.

  • Continue by uploading the license file. (See Uploading the license. For the FortiWeb Manager license, see the FortiWeb Manager Administration Guide.)

    If you are using the 15-day free trial license and do not yet have a paid license file, you can continue instead with What’s next?.

    When the 15-day free trial license expires, you will not be able to perform any actions in the web UI until a license has been uploaded. After a valid license has been uploaded, the web UI and the CLI will be unlocked and fully functional.

    The trial period begins the first time you power on your FortiWeb-VM virtual appliance. You can upgrade the trial license to a purchased one at any time during or after the trial period by uploading the license file via the License Information widget in the dashboard of the web UI. For instructions, see Uploading the license.