USD ($)
$
United States Dollar
India Rupee

Lab 1: Controlling Management Access

Lesson 1/22 | Study Time: 60 Min
Lab 1: Controlling Management Access

Tasks

1.1 Use a browser installed on your local system to connect to the FortiGate firewall

 ✓ Use HTTP and management address 192.168.250.x

 ✓ Authenticate using credentials listed on the topology

1.2 Modify administrative access settings

 ✓ Disable SSH on Port1

 ✓ Enable HTTP and HTTPS access

 ✓ Enable Ping access

 ✓ The system should listen for incoming HTTPS connections on port 8443

 ✓ Set the GUI idle timeout to 10 minutes


Configuration and Verifications 

Power On FortiGate

The FortiGate firewall is in default mode i.e., in factory default with the evaluation license which has validity of 15 days. When evaluation license expires system is unusable, so license needs to reset. To reset the evaluation license on CLI use command "execute factoryreset2". Note: The configurations are not lost when license is reset using the mentioned command.


By taking the console, login to FortiGate using username "admin" and without password (however you have to set the password at first login) set the password as "admin" 


Power On SW01

The FortiGate Port1 is configured as DHCP and receives IP address dynamically from MGMT cloud where DHCP server is pre-configured. Verify Port 1 configuration. Note: Sometimes it takes 5-10 min for the FortiGate Port1 to get an IP address from the DHCP server after power on the switch SW01.


As you can see on the above screenshot, FortiGate Port1 is getting an IP address of 192.168.250.41, This is the management IP, using which you can access FortiGate via HTTP on your local system. However, HTTP is not allowed, so allow HTTP on Port1. Note: In Default FortiGate configuration does not save automatically. In order to save configuration automatically, you need to set it as follows.



Once HTTP is allowed on port1, you can take its GUI from your local system (Local system should also have IP address in the same subnet) and login to FortiGate using credentials admin/admin


It will ask you to complete the setup but as of now you can click on Later. Also skip the video if there is any.


The first screen you see after login is the FortiGate dashboard status, wherein you can do all the management of the firewall. As you can see the current software version is 7.0 and based on KVM.


As per the task, you need to modify the administrative access on FortiGate port1. Enable Ping, Disable SSH and enable HTTPs. Go to Network -> Interfaces, select port1 and click on Edit. Here tick and untick the 


Here in the administrative access section, tick and untick the appropriate the access. 


Now HTTPs should listen on port 8443 with self-signed certificate, and GUI idle time is 10 minutes. Go to System -> Settings, under Administration Settings change Idle time to 10 from 5 (default) and also change the HTTPs port to 8443 from 443 and click on Apply.