FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rvoong
Staff
Staff
Description
When using FortiExplorer to access a FortiGate there are a certain number of limitations such as there being no logging, and that there can only be one CLI session on the FortiExplorer at anytime.

When we use the CLI on FortiExplorer to access the FortiGate there is no option on the FortiExplorer to enable logging and save all the ouput from the CLI.

There is a workaround that can leverage the FortiExplorer USB connection and allow using native telnet application like "Putty" or "Tera Term"to access the FortiGate with logging capability.

This workaround also allow multiple telnet session to be open to the FortiGate.

Scope
FortiExplorer will only provide HTTP and Telnet access to the FortiGate. SSH and HTTPS access to the FortiGate leveraging on FortiExplorer will not work.

This will only work with FortiGate models that have a USB management port.

Solution
Prerequisite:

1. FortiExplorer installed on the PC.
2. USB cable to connect from the PC to the FortiGate USB management port.


Steps:
1. Make sure the FortiGate is listed under the FortiExplorer before proceeding further.

FortiExplorer.PNG

2. Open any native Telnet application like "Putty" or "Tera Term".
3. On the host field enter the following IP address "127.0.0.1"; this is a local host IP address.
4. On the Port use 12123.

putty_config.PNG

5. Connect to the FortiGate and a login prompt will be displayed.
6. Login as usual and enable logging if required.

TelnetAccess.PNG



Note: there is no network connection from the PC to the FortiGate; the only connection from the PC is a USB connection from the PC to the USB Management port of the FortiGate.

The concept behind the destination port is to add 121 in front of the default Telnet port or HTTP port:

Telnet default port = 23 will become 12123
HTTP default port = 80 will become 12180

Any browser can be used to access the FortiGate leveraging on the FortiExplorer:

HTTPAccess.PNG




Contributors