Web UI and CLI Overview

FortiWAN provides the Web User Interface (Web UI) which is the primary interface for network deployments, administration, configurations and traffic statistics and analysis. FortiWAN’s Command Line interface (CLI) provides basic commands for trouble shooting and system recovery. This section starts with the steps to connect to FortiWAN’s Web UI and CLI while the first time using FortiWAN product. Afterward a basic and common concept about using Web UI is introduced.

Connecting to the Web UI and the CLI

Be aware that the position of LAN port may vary depending on models. FortiWAN-200B, for example, has five network interfaces, with its fourth interface as LAN port and fifth as DMZ port (see Network interfaces and port mapping).

Before setting up FortiWAN in your network, ensure the following are taken care of:

• Check network environment and make sure the following are ready before FortiWAN installation and setup: wellstructured network architecture, and proper IP allocation.
• Use cross-over to connect PC to FortiWAN LAN port instead of straight-through.

Default LAN port

FortiWAN’s LAN port (see Network interfaces and port mapping) is used to connect to a private LAN subnet and provides the access to the Web UI. The default subnet configured on LAN port is 192.168.0.0/255.255.255.0 and the localhost IP address is 192.168.0.1, which means you can connect to LAN port (192.168.0.1) from a management computer in the subnet 192.168.0.0/255.255.255.0 without changing network setting on LAN port. For example, connect directly a management computer that IP address/netmask is 192.168.0.10/255.255.255.0 to the LAN port.

For the first time accessing to the Web UI, you can get the connection via a computer matching with the default LAN subnet (See the section “Access via a computer that matches the default LAN IP address” below). However, the default subnet configured on LAN port might conflict with or be unreachable from your existing network, especially for the deployments of FortiWAN-VM. If you want to have the connection to LAN port from a subnet that does not match the default LAN IP address, such as an existing subnet 10.10.10.0/255.255.255.0, you have to change the network setting of LAN port via CLI to match the subnet (See the section “Access via a computer that does not match the default LAN IP address” below).

To connect to the Web UI

The default IP address of LAN port is 192.168.0.1 and the netmask is 255.255.255.0. For the first time accessing the Web UI, you can get the access via a computer connected directly to FortiWAN, or via a computer in a existing LAN subnet connected to FortiWAN.

Requires: Microsoft Internet Explorer 6, Mozilla Firefox 2.0, or Google Chrome 2.0 or newer.

Access via a computer that matches the default LAN IP address

• Using the Ethernet cable, connect LAN port of the appliance to your computer. For a FortiWAN-VM appliance, connect your computer to the virtual network (vSwitch) of the LAN port of FortiWAN-VM appliance.
• Switch on FortiWAN. It will emit 3 beeps, indicating the system is initialized and activated. Meanwhile, the LAN port LED blinks, indicating a proper connection.
• By default, the LAN IP address is 192.168.0.1. Configure your computer to match the appliance’s default LAN subnet. For example, on Windows 7, click the Start (Windows logo) menu to open it, and then click Control Panel. Click Network and Sharing Center, Local Area Connection, and then the Properties button. Select Internet Protocol Version 4 (TCP/IPv4), then click its Properties button. Select Use the following IP address, then change your computer’s settings to:
• IP address: 192.168.0.2 (or 192.168.0.X) l Subnet mask: 255.255.255.0
• To connect to FortiWAN’s web UI, start a web browser and go to https://192.168.0.1. (Remember to include the “s” in https://.) l Login to web UI with the default username,admin, and leave the password field blank (case sensitive). Access via a computer that does not match the default LAN IP address
• Connect to the CLI (See the section “To connect to the CLI” below).
• Configure the network setting of LAN port to match the existing LAN subnet (See the section “Change network setting to LAN port via CLI” below).
• After system reboots, connect the subnet to the LAN port of FortiWAN appliance.
• To connect to FortiWAN’s web UI, start a web browser on a computer in the subnet and go to https://xxx.xxx.xxx.xxx, where xxx.xxx.xxx.xxx is the IP address assigned to LAN port. (Remember to include the “s” in https://.) l Login to web UI with the default username,admin, and leave the password field blank (case sensitive).

Note:

1. Make sure the proxy settings of the web browser are disabled. For example, open Internet Explorer and select “Internet Option” on “Tools” menu. Click the “Connection” tab, “LAN settings” and open “Local Area Network Settings” dialog box, then disable “Proxy server”.
2. Default account admin has the Administrator permission (See “Administration/Administrator and Monitor Password”). It is strong recommended to reset the passwords ASAP, and take good care of it.
3. Web UI supports concurrent multiple sign-in (See “Using the Web UI/Multi-user Login”).
4. The default Username/Password, Administrator/1234 and Monitor/5678, used for V4.0.x remain in this version, but will be removed in next version.
5. FortiWAN supports Web UI access from the Internet by connecting to the WAN ports. For example, start the web browser and go to https://xxx.xxx.xxx.xxx, where xxx.xxx.xxx.xxx is the IP address assigned to a WAN port (see Configuring Network Interface). However, FortiWAN’s Firewall denies any access to FortiWAN’s localhost coming from the Internet (WAN) by default (see Firewall). Therefore, LAN port is the only way for your first time Web UI accessing. Then it is your option to configure network setting to a WAN link (WAN port) and modify the firewall rules to accept localhost accessing from the Internet.

To connect to the CLI

Requires: Terminal emulator such as HyperTerminal, PuTTY, Tera Term, or a terminal server l Using the console cable, connect the appliance’s console port to your terminal server or computer. On your computer or terminal server, start the terminal emulator

• Use these settings:
• Bits per second: 9600 l Data bits: 8 l Parity: None l Stop bits: 1 l Flow control: None
• Press Enter on your keyboard to connect to the CLI
• Login with the default username, admin, and leave the password field blank (case sensitive)

FortiWAN maintains a common local authentication database for its Web UI and CLI. Accounts defined as group Administrator are able to CLI with its username and password.

Note: FortiWAN CLI has limited functionality and cannot fully configure the system. Normal configuration changes should be done via the WebUI.

Change network setting to LAN port via CLI

1. Connect and log into the CLI (See the section “To connect to the CLI” above).
2. Configure the IP address and netmask of LAN pot via command resetconfig. Also configure a static route with a default gateway if it’s necessary. Type:

resetconfig <ip_address/netmask>

resetconfig <ip_address/netmask> <network_ip/netmask@gateway_ip> where:

<ip_address/netmask> is the IPv4 address and netmask assigned to the LAN port. It must correspond to the subnet you would like to connect to. For example, type resetconfig 10.10.10.1/255.255.255.0, if 10.10.10.0/255.255.255.0 is the subnet connected to the LAN port. Then IP address of LAN port is changed to

10.10.10.1 from the default.

<network_ip/netmask@gateway_ip> is the routing rule assigned to the LAN port, so that packets can be routed to the subnet via the gateway. For example, type resetconfig 192.168.2.254/255.255.255.0 192.168.1.0/255.255.255.0@192.168.2.1, if 192.168.2.0/255.255.255.0 is the subnet connected directly to the LAN port and 192.168.2.1 is the gateway to route packets to subnet 192.168.1.0/255.255.255.0.

Then IP address of LAN port is changed to 192.168.2.254 from the default.

See “Console Mode Commands” for details.

3. System reboots for applying the configurations.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!