Setting Up The System

Setting up the system

These instructions in this chapter will guide you to the point where you have a simple, verifiably working installation. From there, you can begin to use optional features and fine-tune your configuration.

FortiMail initial setup involves the following steps:

  • Connecting to the Web UI or CLI
  • Choosing the operation mode
  • Running the Quick Start Wizard
  • Connecting to FortiGuard services
  • Gateway mode deployment
  • Transparent mode deployment
  • Server mode deployment
  • Initial configuration in basic mode
  • Testing the installation
  • Backing up the configuration

Connecting to the Web UI or CLI

To configure, maintain, and administer the FortiMail unit, you need to connect to it. There are three methods for these tasks:

  • using the web UI, a graphical user interface (GUI), from within a current web browser (see “Connecting to the FortiMail web UI for the first time”)
  • using the command line interface (CLI), a command line interface similar to DOS or UNIX commands, from a Secure Shell (SSH) or Telnet terminal (see “Connecting to the FortiMail CLI for the first time” on page 27)
  • using the front panel’s LCD display and control buttons available on some models (see “Using the front panel’s control buttons and LCD display” on page 29).

Connecting to the FortiMail web UI for the first time

To use the web UI for the initial configuration, you must have:

  • a computer with an Ethernet port
  • a supported web browser (Microsoft Internet Explorer 7 to 10, Firefox 3.5 to 20, Safari 4 to 5, and Chrome 6 to 26)
  • Adobe Flash Player 9 or higher plug-in to display statistic charts
  • a crossover Ethernet cable

Table 3: Default settings for connecting to the web UI

Network Interface port1
URL https://192.168.1.99/admin

 

Table 3: Default settings for connecting to the web UI

Administrator Account admin
Password (none)

To connect to the web UI

  1. Configure the management computer to be on the same subnet as the port 1 interface of the FortiMail unit.

For example, in Microsoft Windows 7, from the Windows Start menu, go to Control Panel > Network and Sharing Center > Change Adapter Settings > Local Area Connection Properties > Internet Protocol Version 4 (TCP/IPv4) Properties and change the management computer IP address to 192.168.1.2 and the netmask to 255.255.255.0.

  1. Using the Ethernet cable, connect your computer’s Ethernet port to the FortiMail unit’s port1.
  2. Start your web browser and enter the URL https://192.168.1.99/admin. (Remember to include the “s” in https:// and “/admin” at the end of the URL.)

If you are connecting to FortiMail-VM with a trial license or to a LENC version of FortiMail, you may not be able to see the logon page due to an SSL cipher error during the connection. In this case, you must configure your browser to accept low encryption. For example, in Mozilla Firefox, if you receive this error message:

ssl_error_no_cypher_overlap

you may need to enter about:config in the URL bar, then set security.ssl3.rsa.rc4_40_md5 to true.

To support HTTPS authentication, the FortiMail unit ships with a self-signed security certificate, which it presents to clients whenever they initiate an HTTPS connection to the FortiMail unit. When you connect, depending on your web browser and prior access of the FortiMail unit, your browser might display two security warnings related to this certificate:

  • The certificate is not automatically trusted because it is self-signed, rather than being signed by a valid certificate authority (CA). Self-signed certificates cannot be verified with a proper CA, and therefore might be fraudulent. You must manually indicate whether or not to trust the certificate.
  • The certificate might belong to another web site. The common name (CN) field in the certificate, which usually contains the host name of the web site, does not exactly match the URL you requested. This could indicate server identity theft, but could also simply indicate that the certificate contains a domain name while you have entered an IP address. You must manually indicate whether this mismatch is normal or not.

Both warnings are normal for the default certificate.

  1. Verify and accept the certificate, either permanently (the web browser will not display the self-signing warning again) or temporarily. You cannot log in until you accept the certificate.

For details on accepting the certificate, see the documentation for your web browser.

The Login dialog appears.

  1. In the Name field, type admin, then select Login. (In its default state, there is no password for this account.)

Login credentials entered are encrypted before they are sent to the FortiMail unit. If your login is successful, the web UI appears.

This entry was posted in Administration Guides, FortiMail and tagged , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.