Enabling GUI Access on Fortigate Firewall
Fortigate Next-Generation Firewalls (NGFW) run on FortiOS. There are various version i.e. 6.4, 6.2, 6.0, 5.6, 5.2, 5.0. These firewalls can be managed via the CLI as well as via the GUI.
In this post, we will particularly focus on enabling the GUI access for an out-of-box Fortigate firewall.
You can login to Fortigate firewall with default credentials as below:
Username: admin
Password: <No password>…Just hit Enter
Step 1: Configure the port1 or the port connecting to switch with a free IP address on your private network as below:
- Fortinet_Lab # config system interface
- Fortinet_Lab (interface) # edit port1
- Fortinet_Lab (port1) # set ip 10.80.144.150/24
- Fortinet_Lab (port1) # set allowaccess ping http https fgfm
- ssh SSH access.
- snmp SNMP access.
- telnet TELNET access.
- radius-acct RADIUS accounting access.
- probe-response Probe access.
- capwap CAPWAP access.
- ftm FTM access.
- Fortinet_Lab (port1) # set allowaccess ping http https fgfm ftm ssh >> Remember to allow the https and http connection to firewall on this port. You can also allow other options to connect to firewall but those will need to be specifically allowed under each port where you want to connect from your network. For example we have allowed ping, ssh etc on firewall to this port (port1).
- Fortinet_Lab (port1) # end
Step 2: Verify if the configurations under the port as below:
Fortinet_Lab # show system interface port1
config system interface
edit “port1”
set vdom “root”
set ip 10.80.144.150 255.255.255.0
set allowaccess ping https ssh http fgfm ftm
set type physical
set snmp-index 1
next
end
Step 3: Configure the static default route or specific route towards the default gateway. In our lab topology we will configure the default route towards the gateway as below:
Fortinet_Lab # config router static
Fortinet_Lab (static) # edit 1
new entry ‘1’ added
Fortinet_Lab (1) # set gateway 10.80.144.1
Fortinet_Lab (1) # set dst 0.0.0.0/0
Fortinet_Lab (1) # set device port1
Fortinet_Lab (1) # end
Verify the route:
Fortinet_Lab # show router static
config router static
edit 1
set gateway 10.80.144.1
set device “port1”
next
end
Fortinet_Lab #
Step 4: Execute the Ping to default Gateway IP to ensure our route towards GW is working:
Remember to allowaccess ping if desired on the port whose IP you are using to ping GW IP like we did allow ping on Port1.
Fortinet_Lab # execute ping 10.80.144.1
PING 10.80.144.1 (10.80.144.1): 56 data bytes
64 bytes from 10.80.144.1: icmp_seq=0 ttl=64 time=0.7 ms
64 bytes from 10.80.144.1: icmp_seq=1 ttl=64 time=0.5 ms
64 bytes from 10.80.144.1: icmp_seq=2 ttl=64 time=0.5 ms
64 bytes from 10.80.144.1: icmp_seq=3 ttl=64 time=0.4 ms
64 bytes from 10.80.144.1: icmp_seq=4 ttl=64 time=0.5 ms
— 10.80.144.1 ping statistics —
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.4/0.5/0.7 ms
Step 5: Try accessing the GUI page for Fortinet Fortigate at https://10.80.144.150 i.e. IP given to port1 in our example. You will get a screen as below. Login with default username and empty password here.