Using the CLI : Connecting to the CLI : Enabling access to the CLI through the network (SSH or Telnet or CLI Console widget)
 
Enabling access to the CLI through the network
(SSH or Telnet or CLI Console widget)
SSH, Telnet, or CLI Console widget (via the web UI) access to the CLI requires connecting your computer to the FortiWeb appliance using one of its RJ‑45 network ports. You can either connect directly, using a peer connection between the two, or through any intermediary network.
 
If you do not want to use an SSH/Telnet client and you have access to the web UI, you can alternatively access the CLI through the network using the CLI Console widget in the web UI. For details, see the FortiWeb Administration Guide.
You must enable SSH and/or Telnet on the network interface associated with that physical network port. If your computer is not connected directly or through a switch, you must also configure the FortiWeb appliance with a static route to a router that can forward packets from the FortiWeb appliance to your computer (see “config router static”).
You can do this using either:
a local console connection (see the following procedure)
the web UI (see the FortiWeb Administration Guide)
Requirements
a computer with an available serial communications (COM) port and RJ-45 port
terminal emulation software such as PuTTY
the RJ-45-to-DB-9 or null modem cable included in your FortiWeb package
a crossover Ethernet cable (if connecting directly) or straight-through Ethernet cable (if connecting through a switch or router)
prior configuration of the operating mode, network interface, and static route (for details, see the FortiWeb Administration Guide.
To enable SSH or Telnet access to the CLI using a local console connection
1. Using the network cable, connect the FortiWeb appliance’s network port either directly to your computer’s network port, or to a network through which your computer can reach the FortiWeb appliance.
2. Note the number of the physical network port.
3. Using a local console connection, connect and log into the CLI. For details, see “Connecting to the CLI using a local console”.
4. Enter the following commands:
config system interface
edit <interface_name>
set allowaccess {http https ping snmp ssh telnet}
end
where:
<interface_name> is the name of the network interface associated with the physical network port, such as port1
{http https ping snmp ssh telnet} is the complete, space-delimited list of permitted administrative access protocols, such as https ssh telnet; omit protocols that you do not want to permit
For example, to exclude HTTP, SNMP, and Telnet, and allow only HTTPS, ICMP ECHO (ping), and SSH administrative access on port1:
config system interface
edit "port1"
set allowaccess ping https ssh
next
end
 
Telnet is not a secure access method. SSH should be used to access the CLI from the Internet or any other untrusted network.
 
5. To confirm the configuration, enter the command to view the access settings for the interface.
show system interface <interface_name>
The CLI displays the settings, including the management access settings, for the interface.
6. If you will be connecting indirectly, through one or more routers or firewalls, configure the appliance with at least one static route so that replies from the CLI can reach your client. See “config router static”.
To connect to the CLI through the network interface, see “Connecting to the CLI using SSH” or “Connecting to the CLI using Telnet”.