Enabling access to the CLI through the network (SSH or Telnet)

SSH or Telnet access to the CLI is accomplished by connecting your computer to the FortiGate unit using one of its RJ‑45 network ports. You can either connect directly, using a peer connection between the two, or through any intermediary network.

note icon If you do not want to use an SSH/Telnet client and you have access to the web-based manager, you can alternatively access the CLI through the network using the CLI Console widget in the web-based manager.

You must enable SSH and/or Telnet on the network interface associated with that physical network port. If your computer is not connected directly or through a switch, you must also configure the FortiGate unit with a static route to a router that can forward packets from the FortiGate unit to your computer. You can do this using either a local console connection or the web-based manager.

Requirements
  • A computer with an available serial communications (COM) port and RJ-45 port
  • Terminal emulation software such as HyperTerminal for Microsoft Windows
  • The RJ-45-to-DB-9 or null modem cable included in your FortiGate package
  • A network cable
  • Prior configuration of the operating mode, network interface, and static route.
To enable SSH or Telnet access to the CLI using a local console connection
  1. Using the network cable, connect the FortiGate unit’s network port either directly to your computer’s network port, or to a network through which your computer can reach the FortiGate unit.
  2. Note the number of the physical network port.
  3. Using a local console connection, connect and log into the CLI.
  4. Enter the following command:

 

config system interface

edit <interface_str>

set allowaccess <protocols_list>

end

 

where:

  • <interface_str> is the name of the network interface associated with the physical network port and containing its number, such as port1.
  • <protocols_list> is the complete, space-delimited list of permitted administrative access protocols, such as https ssh telnet.

For example, to exclude HTTP, HTTPS, SNMP, and PING, and allow only SSH and Telnet administrative access on port1, enter the following:

config system interface

edit port1

set allowaccess ssh telnet

end

 

  1. To confirm the configuration, enter the command to display the network interface’s settings.

show system interface <interface_str>

 

The CLI displays the settings, including the allowed administrative access protocols, for the network interfaces.