Using the CLI : Connecting to the CLI using a local console : Enabling access to the CLI through the network
 
Enabling access to the CLI through the network
SSH, Telnet, or CLI Console widget (via the web UI) access to the CLI requires connecting your computer to the FortiADC appliance using one of its RJ‑45 network ports. You can either connect directly, using a peer connection between the two, or through any intermediary network.
 
If you do not want to use an SSH/Telnet client and you have access to the web UI, you can alternatively access the CLI through the network using the CLI Console widget in the web UI.
You must enable SSH and/or Telnet on the network interface associated with that physical network port. If your computer is not connected directly or through a switch, you must also configure the FortiADC appliance with a static route to a router that can forward packets from the FortiADC appliance to your computer.
You can do this using either:
a local console connection (see the following procedure)
the web UI
Requirements
a computer with an available serial communications (COM) port and RJ-45 port
terminal emulation software such as PuTTY
the RJ-45-to-DB-9 or null modem cable included in your FortiADC package
a crossover Ethernet cable (if connecting directly) or straight-through Ethernet cable (if connecting through a switch or router)
To enable SSH or Telnet access to the CLI using a local console connection
1. Using the network cable, connect the FortiADC appliance’s network port either directly to your computer’s network port, or to a network through which your computer can reach the FortiADC appliance.
2. Note the number of the physical network port.
3. Using a local console connection, connect and log into the CLI.
4. Enter the following commands:
config system interface
edit <interface_name>
set allowaccess {http https ping snmp ssh telnet}
end
where:
<interface_name> is the name of the network interface associated with the physical network port, such as port1
{http https ping snmp ssh telnet} is the complete, space-delimited list of permitted administrative access protocols, such as https ssh telnet; omit protocols that you do not want to permit
For example, to exclude HTTP, SNMP, and Telnet, and allow only HTTPS, ICMP ECHO (ping), and SSH administrative access on port1:
config system interface
edit "port1"
set allowaccess ping https ssh
next
end
 
Telnet is not a secure access method. SSH should be used to access the CLI from the Internet or any other untrusted network.
 
5. To confirm the configuration, enter the command to view the access settings for the interface.
show system interface <interface_name>
The CLI displays the settings, including the management access settings, for the interface.
6. If you will be connecting indirectly, through one or more routers or firewalls, configure the appliance with at least one static route so that replies from the CLI can reach your client.