Chapter 10 Install and System Administration for FortiOS 5.0 : Using the CLI : Connecting to the CLI : Enabling access to the CLI through the network (SSH or Telnet)
  
Enabling access to the CLI through the network (SSH or Telnet)
SSH or Telnet access to the CLI is accomplished by connecting your computer to the FortiGate unit using one of its RJ‑45 network ports. You can either connect directly, using a peer connection between the two, or through any intermediary network.
 
If you do not want to use an SSH/Telnet client and you have access to the web-based manager, you can alternatively access the CLI through the network using the CLI Console widget in the web-based manager.
You must enable SSH and/or Telnet on the network interface associated with that physical network port. If your computer is not connected directly or through a switch, you must also configure the FortiGate unit with a static route to a router that can forward packets from the FortiGate unit to your computer. You can do this using either a local console connection or the web‑based manager.
Requirements
a computer with an available serial communications (COM) port and RJ-45 port
terminal emulation software such as HyperTerminal for Microsoft Windows
the RJ-45-to-DB-9 or null modem cable included in your FortiGate package
a network cable
prior configuration of the operating mode, network interface, and static route (for details, see)
To enable SSH or Telnet access to the CLI using a local console connection
1. Using the network cable, connect the FortiGate unit’s network port either directly to your computer’s network port, or to a network through which your computer can reach the FortiGate unit.
2. Note the number of the physical network port.
3. Using a local console connection, connect and log into the CLI. For details, see “Connecting to the CLI using a local console”.
4. Enter the following command:
config system interface
edit <interface_str>
set allowaccess <protocols_list>
next
end
where:
<interface_str> is the name of the network interface associated with the physical network port and containing its number, such as port1
<protocols_list> is the complete, space-delimited list of permitted administrative access protocols, such as https ssh telnet
For example, to exclude HTTP, HTTPS, SNMP, and PING, and allow only SSH and Telnet administrative access on port1:
set system interface port1 config allowaccess ssh telnet
5. To confirm the configuration, enter the command to display the network interface’s settings.
get system interface <interface_str>
The CLI displays the settings, including the allowed administrative access protocols, for the network interfaces.
To connect to the CLI through the network interface, see “Connecting to the CLI using SSH” or “Connecting to the CLI using Telnet”.
See Also
Connecting to the CLI using a local console
Connecting to the CLI using SSH
Connecting to the CLI using Telnet