FortiExplorer for iOS – FortiOS 6.2

2 Replies

FortiExplorer for iOS

FortiExplorer for iOS is a user-friendly application that helps you to quickly and easily configure, manage, and monitor

FortiGate appliances using an iOS device. FortiExplorer lets you rapidly provision, deploy, and monitor Security Fabric components including FortiGate, FortiWiFi, and FortiAP devices.

FortiExplorer for iOS requires iOS 9.3 or later and is compatible with iPhone, iPad, and iPod Touch. It is supported by FortiOS 5.6+ and is only available on the App Store for iOS devices.

Advanced features are available with the purchase of FortiExplorer Pro. Paid features include the ability to add more than two devices and the ability to download firmware images from FortiCare.

Up to six members can use this app with ‘Family Sharing’ enabled in the App Store.

Getting started with FortiExplorer

If your FortiGate is accessible on the wireless network, you can connect to it using FortiExplorer provided that your iOS device is on the same network (see Connecting FortiExplorer to a FortiGate via WiFi). Otherwise, you will need to physically connect your iOS device to the FortiGate using a USB cable.

Connecting FortiExplorer to a FortiGate via USB

For the purpose of this document, we assume that you are just getting started; you do not have access to the FortiGate over the wireless network, and the FortiGate is in its factory configuration.

  1. Connect your iOS device to your FortiGate’s USB management port.If prompted on your iOS device, Trust this ‘computer’.
  2. Open the FortiExplorer app and select your FortiGate from the list under USB Attached Device.
  3. On the Login screen, select USB.
  4. Enter the default Username (admin) and leave the Password field blank.
  5. You can opt to Remember Password. Tap Done when you are ready.
  6. FortiExplorer opens the FortiGate management interface to the Device Status page:
  7. Go to Network > Interfaces and configure the WAN interface(s).In the example, the wan1 interface Address mode is set to DHCP by default. Set it to Manual and enter its Address, Netmask, and Default Gateway, and then Apply your changes.
  8. (Optional) Configure Administrative Access to allow HTTP and HTTPS This will allow administrators to access the FortiGate GUI using a web browser.
  9. Go to Network > Interfaces and configure the local network (internal) interface.Set the Address mode as before and configure Administrative Access if desired.
  10. Configure a DHCP Server for the internal network subnet.
  11. Return to the internal interface using the < button at the top of the screen.
  12. Go to Network > Static Routes and configure the static route to the gateway.
  13. Go to Policy & Objects > IPv4 Policy and edit the Internet access policy. As a best practice, provide a Name for the policy, enable the desired Security Profiles, and configure Logging Options. Select OK to finalize.

Running a Security Fabric Rating

The FortiGate is now configured in a very basic state. Once you’ve configured the other potential elements of your network, such as other Interfaces, Schedules, or Managed FortiAPs, it is recommended that you run a Security Fabric Rating to identify potential vulnerabilities and highlight best practices that could be used to improve your network’s overall security and performance.

Go to Security Fabric > Security Rating and follow the steps to determine a Security Score for the selected device (s). The results should identify issues ranging from Medium to Critical importance, and may provide recommended actions where possible.

Connecting FortiExplorer to a FortiGate via WiFi

If your FortiGate is accessible on the wireless network, you can connect to it using FortiExplorer provided that your iOS device is on the same network. Assuming this is the case:

  1. Open the FortiExplorer app and select Add from the Devices
  2. Enter the Host information and appropriate Username and Password If necessary, change the default Port number, and opt to Remember Password.
  3. If the FortiGate device identity cannot be verified, click Connect at the prompt. FortiExplorer opens the FortiGate management interface to the Device Status

Upgrading to FortiExplorer Pro

Paid features provided with the purchase of FortiExplorer Pro include the ability to add more than two devices and the ability to download firmware images from FortiCare.

To upgrade to FortiExplorer Pro, open the FortiExplorer app, go to Settings and select Upgrade to FortiExplorer Pro. Follow the on-screen prompts.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiGate, Fortinet Cookbook, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

2 thoughts on “FortiExplorer for iOS – FortiOS 6.2

  1. Mike Butash

    I’ve found fortiExplorer mostly useless without the ability to deal with vdoms, as most of my customers run a mix of vdom and non-vdom sites, including my own house/lab. Fortinet really needs to fix the vdom hate in the ancillary features like FortiExplorer and security fabric features that refuse to work with it enabled.

    Reply
    1. Mike Post author

      Yeah, it sounds like it won’t be a good fit for you. In most of my environments I am stuck staging a bunch of FortiGates for clients so it helps me enable HTTPS on the WAN interface. That is pretty much what I use it for LOL

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.