FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Sabk_FTNT
Staff
Staff
Description
This article explains how to set a username and password to secure HTTP access to the chassis ShelfManager.

Scope
It applies to FortiGate 5000 chassis series.

The process provided has been validated with Pigeon Point Shelf Manager version 3.4.2.4.  It might vary slightly with other versions.

Solution
1) Connect to the ShelfManager via telnet or SSH.

2) Go to directory /etc  and create a file httpd.conf with username and password.
Use VI as text editor.
cd /etc
vi httpd.conf

Add a single line to the file.
/:Username:mypassword

skerjean_FD40534_tn_FD40534-1.jpg

3) Kill the current running httpd process and restart with the password file.  Use the "ps" command to list the process ID and then use the kill command.
kill -9 <httpd pid>

skerjean_FD40534_tn_FD40534-2.jpg
Restart http deamon with
/bin/httpd -h /usr/httpd/html -r httpd.conf

4) Clear browser cache and validate correct authentication prompt for HTTP access to the ShelfManager.

5) At this stage the Shelf manager is protected by a password for HTTP access but the settings are not saved.  After a reboot, access to the shelf manager via HTTP will again be possible without password.
After correct validation at step 4, adjust the boot file for HTTP access secured also after ShelfManager reboot.

This is achieved by modification of the file rc.common in the directory /etc.

Edit the rc.common file.  Find the line "daemon -f /bin/httpd -h /usr/httpd/html" and replace it with "daemon -f /bin/httpd -h /usr/httpd/html -r /etc/httpd.conf"

Save file changes.

skerjean_FD40534_tn_FD40534-3.jpg
6) Reboot ShelfManager and validate correct prompt for login for HTTP access.
# reboot

Related Articles

Technical Note : How to disable Network Services on ShelfManager v2.5.3 and v2.6.4.4

Contributors