Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DeerTracks3512
New Contributor II

FortiGate 90E - lost access

Hello,

 

I'm attempting to access an old FortiGate 90E that I had setup. I hooked up the console cable and was able to access it via putty using my old credentials. I attempted to use the command found in some documentation. 

 

CLI Commands

https://help.fortinet.com/fauth/5-3/Content/Admin%20Guides/5_3%20Admin%20Guide/200/204_CLI_commands....

 

netmask342245.PNG

 

It seems like this command wasn't recognized. 

port.png

 

Here is the version of the firewall.

port1.png

 

I'm pretty certain the firewall used to be configured so that someone could access the GUI through one of the ports on the firewall, but I cannot remember which port it could be. Is there a way for me to list the IPs each port is assigned to? What is the best way for me to access this firewall without messing up the configuration to much? 

 

Thank you! 

1 Solution
AlexC-FTNT

you may have "multi-vdom" enabled in FortiGate, so try first to run "config global", then run the commands above


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -

View solution in original post

12 REPLIES 12
dan
New Contributor III

The link is from FortiAuthenticator and not applicable to  FortiGate.

When you are on the console and logged in, what about typing a question mark (?) now and then and go from there?

 

Other hints:

 

?

show 

config ?

config system interface

edit ?

 

 

 

etc...

 

 

 

 

 

 

Dan

 

 

Yurisk
Contributor III

To get the missing info for GUI management access, run: 

 

show sys admin  <-- To show IPs/users allowed to access the FGT GUI

show full | grep admin-sport  <-- To show on what HTTPS port admin GUI is listening.

show sys int <-- To show interfaces and their IPs

 

Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.


All opinions are mine only.
DeerTracks3512

Thank you for this information. I was able to get the port # using the second command you referenced, but the other commands do not appear to be working. Here is the terminal. 

 

port2.PNG

 

What else could I try? 

 

Another note. I'm currently accessing the firewall through PuTTY and the cli input is very laggy. I need to repeatedly press keys to actually get the text to input. Entering commands into the terminal is not smooth at all. Is this normal? 

AlexC-FTNT

# shows that you are privileged user

If you look for the GUI access you need to find the IP of the interface and check that HTTP/HTTPS access is enabled. You would access GUI over the port 8443.
Try https://fortigateIP:8443
Normally, when you access the FG from LAN, the management IP of the FortiGate is the Gateway iP received by the PC.
This may also help:#diag ip address list 


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
DeerTracks3512

Is SNMP-INDEX the port #? I think I've identified which port is being used for access. I've included the picture below. I need to assign that port to a new IP address. How do I do that? I want to assign this to 10.0.0.18/24

 

Does this look correct for GUI access? 

 

port4.PNG

 

 

AlexC-FTNT

The questions that you ask are very basic and the answers can be found in both available documentation and any search engine results. I would recommend you to read the Handbook to familiarize yourself with the firewall and its capabilities: 
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/223745/getting-started

 

Some of your questions have already been answered:
How to change the port for the admin access to avoid port conflict
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-change-the-port-for-the-admin-acces...
Administrative access to interfaces
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/909236/configuring-administrative-access...


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
DeerTracks3512

Alright. Thank you for the reply.

Yurisk

Do you have VDOMs enabled on this FGT by any chance ?

Try: 
config vdom 

edit <TAB> <-- Does it show VDOMs names ? 

Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.


All opinions are mine only.
Debbie_FTNT
Staff
Staff

Hey DeerTracks,

 

do you happen to recall if your admin user has full access permission? It sounds a bit as if your admin might be restricted, which would limit your visibility on the GUI.
Try this:
get system interface
-> this should definitely show output if your admin user has permission to view/edit interfaces
get system admin
-> same as above, should show output if your admin user has permission to view/edit other admins

 

If you don't get any output like this either, then your admin is very likely to have restricted permissions and you would not regain full access to the FortiGate that way. In that case, you might have to look at the maintainer procedure: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Reset-a-lost-admin-password-on-a-FortiGate...  (this might be disabled on your FortiGate, and you might not be able to enable it depending on your privileges), or you might need to consider factoryresetting/wiping the unit and reinstalling firmware. That would include a loss of configuration, however.

 

As for PuTTY being laggy - your FortiGate is on an older version, and I don't know what is going on with it, but version 6.2.0 did have some bugs that could impact performance.
You can run 'get system performance status' to have an idea of CPU/memory usage etc. You can run 'diagnose debug crashlog read' to get the crashlog and see if any processes are crashing constantly and impacting its performance

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++