Enabling access to the CLI through the network
(SSH or Telnet or CLI Console widget)
SSH, Telnet, or CLI Console widget (via the web UI) access to the CLI requires connecting your computer to the FortiWeb appliance using one of its RJ‑45 network ports. You can either connect directly, using a peer connection between the two, or through any intermediary network.
| If you do not want to use an SSH/Telnet client and you have access to the web UI, you can alternatively access the CLI through the network using the CLI Console widget in the web UI. For details, see the FortiWeb Administration Guide. |
You must enable SSH and/or Telnet on the network interface associated with that physical network port. If your computer is
not connected directly or through a switch, you must also configure the FortiWeb appliance with a static route to a router that can forward packets from the FortiWeb appliance to your computer (see
“config router static”).
You can do this using either:
• a local console connection (see the following procedure)
Requirements
• a computer with an available serial communications (COM) port and RJ-45 port
• terminal emulation software such as
PuTTY • the RJ-45-to-DB-9 or null modem cable included in your FortiWeb package
• a crossover Ethernet cable (if connecting directly) or straight-through Ethernet cable (if connecting through a switch or router)
To enable SSH or Telnet access to the CLI using a local console connection
1. Using the network cable, connect the FortiWeb appliance’s network port either directly to your computer’s network port, or to a network through which your computer can reach the FortiWeb appliance.
2. Note the number of the physical network port.
4. Enter the following commands:
config system interface
edit <interface_name>
set allowaccess {http https ping snmp ssh telnet}
end
where:
• <interface_name> is the name of the network interface associated with the physical network port, such as port1
• {http https ping snmp ssh telnet} is the complete, space-delimited list of permitted administrative access protocols, such as https ssh telnet; omit protocols that you do not want to permit
For example, to exclude HTTP, SNMP, and Telnet, and allow only HTTPS, ICMP ECHO (ping), and SSH administrative access on port1:
config system interface
edit "port1"
set allowaccess ping https ssh
next
end
| Telnet is not a secure access method. SSH should be used to access the CLI from the Internet or any other untrusted network. |
5. To confirm the configuration, enter the command to view the access settings for the interface.
show system interface <interface_name>
The CLI displays the settings, including the management access settings, for the interface.
6. If you will be connecting indirectly, through one or more routers or firewalls, configure the appliance with at least one static route so that replies from the CLI can reach your client. See
“config router static”.