Hi all, I am new here, also new when it comes to using fortinet devices,
A quick history.
I am an IT in a small company and recently we ask our ISP to install us a firewall and so they set up a FWF 30E. I am so noob on the device that I rarely touch settings although they gave us an access.
And recently our wifi started to act funny so I login to the device and check some settings, I was following a tutorial on fortinet cookbook which is available online when I might have mess up on settings on dedicated to fortiswitch, on the location: Network>Interfaces>dedicated to fortiswitch I remembered selecting LAN on the Role option then click save then alas!
next minute I couldn't access to the gui interface anymore.
So now here's the several problem it cause:
PC which is set to DHCP couldn't connect to the internet anymore, their IP address change incl default gateway so I have to set a static IP and the default gateway which is 10.10.1.254 - where I used to access the fortinet as well. Wifi is now completely not working although it SSID is still broadcasting, if I connect there is no define IP address and even if I try to set static IP address it still won't connect.
What I've done so far, tried to connect to CLI interface via ssh but cannot, also tried and use console cable but still cannot. Tried googling for hours and still haven't found a solution.
Only thing that I need is to gain access to our fortinet's settings again so I can undo what I've done.
Thank you and looking forward for some advice, assistance and or idea that might help me gain access to our device settings again.
Solved! Go to Solution.
hi,
CAPWAP is a management protocol with tunneling. When a port is dedicated to this it can only manage a CAPWAP device, such as a FortiSwitch or a FortiAP.
Access via the console port is key. The cable used is the same as used with Cisco devices, nothing special.
I am assuming you don't see anything when connecting via Putty. Check the speed settings for the console connection: 9600, 8, N, 1. When you hit the ENTER key you must get a (legible) prompt.
If you don't, change the speed to the next higher up (19200, 38400,...115200), hit ENTER, until you get a prompt.
Then log in.
Type 'conf sys int, edit lan, show' and post the output.
hi,
and welcome to the forums.
Basically, you have disabled the LAN interface if I've understood your story right. This port will only react to a protocol called CAPWAP now. No wonder the LAN DHCP server has ceased to exist.
What I cannot understand is that you can't get access through the console port. Is it that you cannot log in, or that you do not get a login prompt? Physical access is now what you need to correct the situation so we should solve this first.
It might be that other interfaces permit access via ssh or web but the default is that they don't.
Hello sir, thank you for the prompt reply, I do beleive that I disabled LAN or something, or probably I set the device to only be accessible via fortiswitch? when I accidetanlly selected that dedicated to fortiswitch settings,
With regards to the console I am not sure what I'm doing wrong? I plug in the RJ45 to db9 female cable from device to computer and it does nothing, I've tried accessing it via Putty but does nothing as well.
BTW: I am using a different RJ45 to db9 female cable not the orginal cable that came with the device, as the console cable was taken by our ISP when they installed the it.
And how do we use CAPWAP sir?
Thank you,
hi,
CAPWAP is a management protocol with tunneling. When a port is dedicated to this it can only manage a CAPWAP device, such as a FortiSwitch or a FortiAP.
Access via the console port is key. The cable used is the same as used with Cisco devices, nothing special.
I am assuming you don't see anything when connecting via Putty. Check the speed settings for the console connection: 9600, 8, N, 1. When you hit the ENTER key you must get a (legible) prompt.
If you don't, change the speed to the next higher up (19200, 38400,...115200), hit ENTER, until you get a prompt.
Then log in.
Type 'conf sys int, edit lan, show' and post the output.
login as: **** ******@**.**.*.***'s password: *******_HQ # conf sys int *******_HQ (interface) # edit lan *******_HQ (lan) # show config system interface edit "lan" set vdom "root" set type hard-switch set stp enable set role lan set snmp-index 4 next end
Ok so I didn't managed to access it via console cable but I managed ti access at last using advance IP scanner, I've tried the instruction's above but I still cannot access it via GUI?
Edit:
Since I can now access the CLI using SSH I use one of the commands here to access GUI via web.
http://itadminguide.com/how-to-restore-fortigate-web-admin-gui-access/
I used the command show system global
Then I tried accessing the GUI with IP+port XX.XX.X.XXX:port
And then there's this sweet smile on my face when I saw the login page of our fortinet.
Further question please?
How to set the DHCP settings so that new device can automatically get an IP please?
Because right now every single device that we connect on LAN requires a static IP to be set. Otherwise there's no internet.
Thank you and cheers!
bootstrapper wrote:How to set the DHCP settings so that new device can automatically get an IP please?
Because right now every single device that we connect on LAN requires a static IP to be set. Otherwise there's no internet.
since are you able to access your fortigate, what if edit the desired interface and enable its dhcp services?
Fortigate Newbie
@Fullmoon, well if you read my first post sir, I am of little knowledge regarding fortigate's/fortinet's, that's why I am cautious, I am trying to avoid one mistake too many, besides, our whole office network depends on that one device, if ever it goes down then my world will go upside down from there and after . Too late for me to realized that I need to have a better knowledge of it, that's why I am here now.
By the way DHCP server is enabled on the interface, - still figuring why devices where not set to automatically receive an IP when connected.
I will have a screenshot of the interface settings tomorrow as I am off work now.
Thank you,
ede_pfau wrote:hi,
CAPWAP is a management protocol with tunneling. When a port is dedicated to this it can only manage a CAPWAP device, such as a FortiSwitch or a FortiAP.
Access via the console port is key. The cable used is the same as used with Cisco devices, nothing special.
I am assuming you don't see anything when connecting via Putty. Check the speed settings for the console connection: 9600, 8, N, 1. When you hit the ENTER key you must get a (legible) prompt.
If you don't, change the speed to the next higher up (19200, 38400,...115200), hit ENTER, until you get a prompt.
Then log in.
This solved the problem when I cannot access GUI, because it happened again as tried changing netmask and default gateway change and I wasn't able to enter GUI again and so I've tried this solution and it worked!
Type 'conf sys int, edit lan, show'
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.