Transparent Mode: cant access management

Report Inappropriate Content · ‎08-03-2006

I decided to put my fortigate-100 in transparent mode, between a Cisco PIX and our network I configured the management IP to 10.0.0.10/255.255.255.0 gateway 10.0.0.1 (network is 10.0.0.0/24) I did the setup on an isolated network and it worked fine. Once I plugged it on the network, it' s working transparently, but I can' t access the management console with https://10.0.0.10 I can ping it though. should I put an IP on a different subnet (10.10.10.1)? is my mask all wrong? que pasa?

UkWizard · ‎08-04-2006

A couple of possible things could be stopping this; 1. you have a clash on that IP address on the network (see tip below) 2. You dont have the https access ticked on the interface that you trying to access it (internal usually) 3. You have restricted the admin users to only come from certain ip addresses. have you tried telneting, or ssh' ing to the unit ? in case https is just off. If you use a proxy, have you tried disabling the proxy in the web browser? from a windows machine, try the following cmd line; nbtstat -A 10.0.0.10 if it comes back with a workgroup/pc name. then its clashing with a windows machine on the network.

UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.

Report Inappropriate Content · ‎08-04-2006

The odd thing is I was able to connect to it from home by going thru the cisco vpn... 1. no clash on ip. nbtstat -A 10.0.0.10 = host not found. 2. https was/is active 3. woops, while connected from home I did set it for admin access from my office workstation ip (10.0.0.29 in the first of the three fields), then I lost the connection. now I can' t log in from anywhere. I' ll try playing with it on an isolated network to see if I can access it. will try telneting...

UkWizard · ‎08-04-2006

Thats the problem, the external port of the firewall only has access, hence why you could get in initially from home. Then when you set the workstation restriction you limited it to this IP only. If it doesnt work from that workstation IP, then plug that workstation into the outside port/switch, then you will be able to access it to turn the internal one on. (or briefly swop the two cables over in the two ports, making the external port on the inside.) Otherwise see if you can logon via the console, as you can change the access via the command line.

UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.

Report Inappropriate Content · ‎08-04-2006

woohoo! I' m in. switching int<->ext cables worked. Do you mean I have no access from the inside?

UkWizard · ‎08-04-2006

Logon to the gui, goto the internal port properties and enable the https/ssh access. Once you have done that, you can swop the cables back over and voila...

UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.

Report Inappropriate Content · ‎08-04-2006

solved! Thanks Uk!

UkWizard · ‎08-04-2006

You' re welcome.

UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.

Transparent Mode: cant access management

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website