Help
FortiPAM
FortiPAM allows you to protect, isolate and secure privileged account credentials, manage and control privileged user access, and monitor and record privileged account activity.
sisrayilov
Staff
Staff

Created on ‎01-16-2025 04:45 AM Edited on ‎01-16-2025 04:46 AM By Community Manager

Article Id 370294

Technical Tip: How to setup a direct connection to a CISCO switch privileged mode on FortiPAM

Description

 

This article describes how to directly connect CISCO switch's privileged mode bypassing the step of entering enable mode password.

 

Scope

 

FortiPAM.

 

Solution

 

First step:


A 'Cisco Enable Secret' secret needs to be created in order to save the Host and Enable mode password to first connect to the enable mode.
The following fields should be filled:

  • 'Name': Specify a name of a secret.
  • 'Folder': Select a personal or public folder to add the secret.
  • 'Target': Select the target of the secret.
  • 'Privileged account': Select 'Yes' or 'No' based on a need.
  • 'Template': Select 'Cisco Enable Secret'. 
  • 'Server information': Enable this feature and select 'Cisco' from the drop down list.
  • 'Associated Secret': Can be left empty at this step.
  • 'Description': Add description if it is needed.
  • 'Host': IP address of the Cisco switch.
  • 'Password': Enter a password for the enable mode.


CiscoEnableSecret.png


Note: Verify the password using the 'Verify' option in the top right of the screen.

Second step:


A 'Cisco User (SSH Secret)' secret needs to be created to save a Host, a username, and a password.

Fill in the following fields:

  • 'Name': Specify a name of a secret.
  • 'Folder': Select a personal or public folder to add the secret.
  • 'Target': Select the target of the secret.
  • 'Privileged account': Disabled by default. Can be enabled as needed.
  • 'Template': Select 'Cisco Enable Secret'. 
  • 'Server information': Enable this feature and select 'Cisco' from the drop-down list.
  • 'Associated Secret': Select the 'Cisco Enable Secret' secret that was created before this step.
  • 'Description': Add a description if needed.
  • 'Host': IP address of the Cisco switch.
  • 'Password': Enter credentials of the privileged mode.

CiscoSSH secret.png

 

Note: Be sure to verify credentials using the 'Verify' option in the top right of the screen as needed.


Additionally, enable 'SSH-Auto Password' in the 'Service Setting' of the 'Cisco User (SSH secret)' secret in order to skip the enable password input after making an 'ssh' connection to a switch. This setting is disabled by default.

SSH auto password.png

 

Then, select the 'Cisco User (SSH secret)' on the secret list, select the 'Launch Secret' option, and connect by selecting one of the options on the pop-up screen. It can be done through the 'Cisco user (SSH secret)' settings section as well, as shown above. 
 

web ssh.png

 
Final step:

 

After establishing the ssh session with a switch, it is necessary to input the 'enable' command in order to move to the privileged mode. 
Shortcuts for 'enable' may also be entered instead of the whole command.

connect to switch.png

 

Labels:
334
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.