Chapter 2 – Getting Started

CLIonly features

As you can see in the Product/Feature Matrix, the Entry Level models have a number of features that are only available using the Command Line Interface (CLI), rather than appearing in the GUI.

You can use FortiExplorer or terminal emulation software to access the CLI. The CLI can also be assessed from within the GUI, by going to the Dashboard and using the CLI Console widget. If the console does not appear in the dashboard, select Widget, then select CLI Console. The console can also be accessed by using the drop- down menu in the top right of the page, where your account’s user name is shown.

You can also open the CLI console so that it automatically opens to the object you wish to configure. For example, to edit a firewall policy, right-click on the policy in the policy list (Policy & Objects > IPv4 Policy) and select Edit in CLI. The CLI console will appear, with the commands to access this part of the configuration added automatically.

Once you have access to the CLI, you can find instructions for specific tasks throughout the FortiOS Handbook. You can also refer to the CLI Reference for a list of the available command.

For more information about using the CLI, see the System Administration handbook.

Basic Administration

This section contains information about basic FortiGate administration that can be done after you have installed the unit in your network.

While this section mainly focuses on tasks done using the GUI, some tasks include instructions to use the command line interface (CLI). You can connect to the CLI using the CLI widget, FortiExplorer, or by connecting using a SSH or Telnet connection. For more information about the CLI, see the System Administration handbook.

The following topics are included in this section:

 

  • Registration
  • System Settings
  • Administrators
  • Passwords
  • Firmware
  • Configuration Backups
  • FortiGuard
  • FortiCloud

 

Registration

In order to have full access to Fortinet Support and FortiGuard Services, you must register your FortiGate.

 

Registering your FortiGate:

 

1. Go to the Dashboard and locate the License Information widget.

2. Select Register.

3. In the pop-up window, either use an existing Fortinet Support account or create a new one. Select your Countrand Reseller.

4. Select OK.

 

System Settings

There are several system settings that should be configured once your FortiGate is installed:

  • Default administrator password
  • View Settings
  • Time and date
  • Idle timeout
  • Administrator password retries and lockout time
  • Administrative port settings
  • Changing the host name

 

Default administrator password

By default, your FortiGate has an administrator account set up with the user name admin and no password. In order to prevent unauthorized access to the FortiGate, it is highly recommended that you add a password to this account.

 

To change the default password:

1. Go to System > Administrators.

2. Edit the admin account.

3. Select Change Password.

4. Leave Old Password blank, enter the New Password and re-enter the password for confirmation.

5. Select OK.

For details on selecting a password and password best practices, see System Settings on page 217.

 

It is also recommended to change the user name of this account; however, since you cannot change the user name of an account that is currently in use, a second administrator account will need to be created in order to do this. For more information about creating and using administrator accounts, see “Administrators” on page 220.

 

View Settings

View settings can be accessed by going to System > Settings. Three settings can be selected, to change the presentation of information in the GUI: language, lines per page, and theme.

 

The default language of the GUI is English. To change the language, go to System > Settings. Select the language you want from the Language dSrop-down list. For best results, you should select the language that is used by the management computer.

 

To change the number of lines per page that are displayed in the GUI tables, set Lines Per Page to a value between 20 and 1000. The default is 50 lines per page.

 

Four color themes are currently available: Green (the default), red, blue, and melongene. To change your theme, select the color from the Theme drop-down list.

 

Time and date

For effective scheduling and logging, the FortiGate system date and time should be accurate. You can either manually set the system date and time or configure the FortiGate to automatically keep its time correct by synchronizing with a Network Time Protocol (NTP) server.

 

The Network Time Protocol enables you to keep the FortiGate time in sync with other network systems. By enabling NTP on the FortiGate, FortiOS will check with the NTP server you select at the configured intervals. This will also ensure that logs and other time-sensitive settings on the FortiGate are correct.

 

The FortiGate maintains its internal clock using a built-in battery. At start up, the time reported by the FortiGate will indicate the hardware clock time, which may not be accurate. When using NTP, the system time might change after the FortiGate has successfully obtained the time from a configured NTP server.

 

By default, FortiOS has the daylight savings time configuration enabled. The system time must be manually adjusted after daylight saving time ends. To disable DST, enter the following command in the CLI:

 

config system global set dst disable

end

 

To set the date and time

1. Go to the Dashboard and locate the System Information widget.

2. Beside System Time, select Change.

3. Select your Time Zone.

4. Either select Set Time and manually set the system date and time, or select Synchronize with NTP Server. If you select synchronization, you can either use the default FortiGuard servers or specify a different server. You can also set the Sync Interval.

5. Select OK.

If you use an NTP server, you can identify a specific port/IP address for this self-originating traffic. The configuration is performed in the CLI with the command set source-ip. For example, to set the source IP of NTP to be on the DMZ1 port with an IP of 192.168.4.5, the commands are:

 

config system ntp

set ntpsyn enable set syncinterval 5

set source-ip 192.168.4.5 end

 

Idle timeout

By default, the GUI disconnects administrative sessions if no activity occurs for five minutes. This prevents someone from using the GUI if the management PC is left unattended.

 

To change the idle timeout

1. Go to System > Settings.

2. In the Administration Settings section, enter the time in minutes in the Idle Timeout field

3. Select Apply.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.