{"id":1691,"date":"2024-05-15T13:31:00","date_gmt":"2024-05-15T10:31:00","guid":{"rendered":"https:\/\/helia.ee\/koolitus\/?page_id=1691"},"modified":"2024-05-15T13:31:00","modified_gmt":"2024-05-15T10:31:00","slug":"uhendamine-fortigate-ule-veebi-ja-konsooli","status":"publish","type":"page","link":"https:\/\/helia.ee\/koolitus\/?page_id=1691","title":{"rendered":"\u00dchendamine FORTIGATE \u00fcle veebi ja konsooli"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Connecting to the web UI or CLI<\/h2>\n\n\n\n<p>To configure, maintain, and administer the&nbsp;FortiWeb&nbsp;appliance, you need to connect to it. There are two methods:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Web UI<\/strong>&nbsp;\u2014 A&nbsp;<a><\/a>graphical user interface (GUI), from within a&nbsp;<a><\/a>web browser. It can display reports and logs, but lacks many advanced diagnostic commands. For usage, see&nbsp;<a href=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/web_based_manager.htm#web-based_manager_3595258540_2324857\">How to use the web UI<\/a>.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/Images\/system_status_status.png\" alt=\"\"\/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a><\/a><strong>Command line interface (CLI)<\/strong>&nbsp;\u2014 A text interface similar to&nbsp;<a><\/a>DOS or&nbsp;<a><\/a>UNIX commands, from a&nbsp;<a><\/a>Secure Shell (SSH) or&nbsp;<a><\/a>Telnet&nbsp;<a><\/a>terminal, or from the JavaScript&nbsp;<strong>CLI Console<\/strong>&nbsp;widget in the web&nbsp;UI (<strong>System&nbsp;&gt; Status&nbsp;&gt; Status<\/strong>). It provides access to many advanced diagnostic commands as well as configuration, but lacks reports and logs. For usage, see the&nbsp;<a href=\"http:\/\/docs.fortinet.com\/fortiweb\/\" target=\"_blank\" rel=\"noreferrer noopener\">FortiWeb CLI Reference<\/a>.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/Images\/cli.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Access to the CLI and\/or web UI through your network is not yet configured if:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>you are connecting for the first time<\/li>\n\n\n\n<li>you have just reset the configuration to its default state<\/li>\n\n\n\n<li>you have just restored the firmware<\/li>\n<\/ul>\n\n\n\n<p>In these cases, you must initially connect your computer directly to&nbsp;FortiWeb, using the default settings.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/Images\/first-time-connection.png\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><img decoding=\"async\" src=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/Resources\/Images\/Icon-Tools.png\"><\/td><td>If you are installing a&nbsp;FortiWeb-VM virtual appliance, you should have already connected if you followed the instructions in the&nbsp;<a href=\"http:\/\/docs.fortinet.com\/fortiweb\/\" target=\"_blank\" rel=\"noreferrer noopener\">FortiWeb-VM Install Guide<\/a>. If so, you can skip this chapter and continue with&nbsp;<a href=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/password.htm#password_3732266657_1017171\">Changing the \u201cadmin\u201d account password<\/a>.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Via the direct connection, you can use the web UI or CLI to configure&nbsp;FortiWeb\u2019s basic network settings. Once this is done, you will be able to place&nbsp;FortiWeb&nbsp;on your network, and use&nbsp;FortiWeb&nbsp;through your network.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><img decoding=\"async\" src=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/Resources\/Images\/Icon-Light-Bulb.png\"><\/td><td>Until the&nbsp;FortiWeb&nbsp;appliance is configured with an IP address and connected to your network, you may prefer to connect the&nbsp;FortiWeb&nbsp;appliance directly to your management computer, or through a switch, in a peer network that is isolated from your overall network. This will improve&nbsp;<a><\/a>security during setup. However, isolation is not required.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a><a><\/a>Connecting to the web UI<\/h3>\n\n\n\n<p>You can connec<a><\/a>t to the web UI using its default settings.<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><a><\/a>Default settings for connecting to the web UI<\/h6>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><a><\/a>Network Interface<\/td><td><a><\/a>port1<\/td><\/tr><tr><td><a><\/a>URL<\/td><td><a><\/a><a href=\"https:\/\/192.168.1.99\/\">https:\/\/192.168.1.99\/<\/a><\/td><\/tr><tr><td>Administrator Account<\/td><td><a><\/a>admin<\/td><\/tr><tr><td>Password<\/td><td><a><\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h6 class=\"wp-block-heading\">Requirements<\/h6>\n\n\n\n<ul class=\"wp-block-list\">\n<li>a computer with an&nbsp;<a><\/a>RJ-45&nbsp;<a><\/a>Ethernet network port<\/li>\n\n\n\n<li>a&nbsp;<a><\/a>web browser such as&nbsp;<a><\/a>Microsoft Internet Explorer version 6.0 or greater, or&nbsp;<a><\/a>Mozilla Firefox 3.5 or greater<\/li>\n\n\n\n<li>a crossover Ethernet cable<\/li>\n<\/ul>\n\n\n\n<h6 class=\"wp-block-heading\">To connect to the web UI<\/h6>\n\n\n\n<p><strong>1.<\/strong>&nbsp;&nbsp;On your management computer, configure the Ethernet port with the static IP address 192.168.1.2 with a netmask of 255.255.255.0.<\/p>\n\n\n\n<p><strong>2.<\/strong>&nbsp;&nbsp;Using the Ethernet cable, connect your computer\u2019s Ethernet port to the&nbsp;FortiWeb&nbsp;appliance\u2019s port1.<\/p>\n\n\n\n<p><strong>3.<\/strong>&nbsp;&nbsp;Start your browser and enter the following URL:<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/192.168.1.99\/\n<\/div><\/figure>\n\n\n\n<p>(Remember to include the \u201cs\u201d in https:\/\/.)<\/p>\n\n\n\n<p>Your browser connects the appliance.<\/p>\n\n\n\n<p>If you do&nbsp;<strong>not<\/strong>&nbsp;see the login page due to an SSL cipher error during the connection, and you are connecting to the&nbsp;<a><\/a>trial license of&nbsp;<a><\/a>FortiWeb-VM or a&nbsp;<a><\/a>LENC version of&nbsp;FortiWeb, then your browser must be configured to accept encryption of 64-<a><\/a>bit strength or less during the&nbsp;<a><\/a>handshake. (<a><\/a>RC2,&nbsp;<a><\/a>RC4, and&nbsp;<a><\/a>DES with less than 64-bit strength is supported.&nbsp;<a><\/a>AES and&nbsp;<a><\/a>3DES is&nbsp;<strong>not<\/strong>&nbsp;supported in these versions.)<\/p>\n\n\n\n<p>For example, in&nbsp;<a><\/a>Mozilla&nbsp;<a><\/a>Firefox, if you receive this error message:<\/p>\n\n\n\n<p><code><a><\/a>ssl_error_no_cypher_overlap<\/code><\/p>\n\n\n\n<p>you may need to enter&nbsp;<code>about:config<\/code>&nbsp;in the URL bar, then set&nbsp;<strong>security.ssl3.rsa.rc4_40_md5<\/strong>&nbsp;to&nbsp;<strong>true<\/strong>.<\/p>\n\n\n\n<p>To support&nbsp;<a><\/a>HTTPS&nbsp;<a><\/a>authentication, the&nbsp;FortiWeb&nbsp;appliance ships with a self-signed&nbsp;<a><\/a>security certificate, which it presents to clients whenever they initiate an&nbsp;<a><\/a>HTTPS connection to the&nbsp;FortiWeb&nbsp;appliance. When you connect, depending on your web browser and prior access of the&nbsp;FortiWeb&nbsp;appliance, your browser might display two security&nbsp;<a><\/a>warnings related to this certificate:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The certificate is not automatically trusted because it is&nbsp;<a><\/a>self-signed, rather than being signed by a valid&nbsp;<a><\/a>certificate authority (CA). Self-signed certificates cannot be verified with a proper CA, and therefore might be fraudulent. You must manually indicate whether or not to&nbsp;<a><\/a>trust the certificate.<\/li>\n\n\n\n<li>The certificate might belong to another web site. The&nbsp;<a><\/a>common name (CN) field in the certificate, which usually contains the&nbsp;<a><\/a>host name of the web site, does not exactly match the&nbsp;<a><\/a>URL you requested. This could indicate server identity theft, but could also simply indicate that the certificate contains a&nbsp;<a><\/a>domain name while you have entered an&nbsp;<a><\/a>IP address. You must manually indicate whether this&nbsp;<a><\/a>mismatch is normal or not.<\/li>\n<\/ul>\n\n\n\n<p>Both warnings are normal for the&nbsp;<a><\/a>default certificate.&nbsp;<a><\/a>SSL v3 and&nbsp;<a><\/a>TLS v1.0 are supported.<\/p>\n\n\n\n<p><strong>4.<\/strong>&nbsp;&nbsp;Verify and accept the certificate, either permanently (the web browser will not display the self-signing warning again) or temporarily. You cannot log in until you accept the certificate.<\/p>\n\n\n\n<p>For details on accepting the certificate, see the documentation for your web browser.<\/p>\n\n\n\n<p><strong>5.<\/strong>&nbsp;&nbsp;In the&nbsp;<strong>Name<\/strong>&nbsp;field, type&nbsp;<code>admin<\/code>, then click&nbsp;<strong><a><\/a>Login<\/strong>. (In its default state, there is no&nbsp;<a><\/a>password for this account.)<\/p>\n\n\n\n<p>Login credentials entered are encrypted before they are sent to the&nbsp;FortiWeb&nbsp;appliance. If your login is successful, the web UI appears. To continue by updating the firmware, see&nbsp;<a href=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/firmware.htm#firmware_2404944458_1039297\">Updating the firmware<\/a>. Otherwise, to continue by setting an administrative password, see&nbsp;<a href=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/password.htm#password_3732266657_1017171\">Changing the \u201cadmin\u201d account password<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><img decoding=\"async\" src=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/Resources\/Images\/Icon-Tools.png\"><\/td><td>If 3 incorrect login or password attempts occur in a row, your IP address will be temporarily blacklisted from the GUI and CLI (network, not console). This is to protect the appliance from brute force login&nbsp;<a><\/a>attacks. Wait 1 minute, then attempt the login again.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a>Connecting to the CLI<\/h3>\n\n\n\n<p>Using its default settings, you can access the&nbsp;<a><\/a>CLI from your management computer in two ways:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>a local console connection<\/li>\n\n\n\n<li>an SSH connection, either local or through the network<\/li>\n<\/ul>\n\n\n\n<p>Secure Shell (SSH) provides both secure authentication and secure communications to the CLI. Supported&nbsp;<a><\/a>SSH protocol versions,&nbsp;<a><\/a>ciphers, and&nbsp;<a><\/a>bit strengths include SSH version&nbsp;2 with&nbsp;<a><\/a>AES-128,&nbsp;<a><\/a>3DES,&nbsp;<a><\/a>Blowfish, and&nbsp;<a><\/a>SHA-1.<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><a><\/a>Default settings for connecting to the CLI by SSH<\/h6>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><a><\/a>Network Interface<\/td><td><a><\/a>port1<\/td><\/tr><tr><td><a><\/a>IP Address<\/td><td>192.168.1.99<\/td><\/tr><tr><td>SSH Port Number<\/td><td>22<\/td><\/tr><tr><td>Administrator Account<\/td><td><a><\/a>admin<\/td><\/tr><tr><td>Password<\/td><td><a><\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Alternatively, you can access the CLI via SSH and a public-private key pair. However, to use this option, you first access the CLI using the CLI Console widget (part of the web UI status dashboard) or via SSH and password to upload the public key. See&nbsp;<a href=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/connecting_gui_cli.htm#connect_to_cli_using_SSH_key_pair\">To connect to the CLI using an SSH connection and public-private key pair<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><img decoding=\"async\" src=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/Resources\/Images\/Icon-Tools.png\"><\/td><td>If you are&nbsp;<strong>not<\/strong>&nbsp;connecting for the first time, nor have you just reset the configuration to its default state or restored the firmware, administrative access settings may have already been configured. In this case, access the CLI using the IP address, administrative access protocol, administrator account and password already configured, instead of the default settings.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h6 class=\"wp-block-heading\">Requirements<\/h6>\n\n\n\n<ul class=\"wp-block-list\">\n<li>a computer with an available&nbsp;<a><\/a>serial communications (COM) port<\/li>\n\n\n\n<li>the&nbsp;<a><\/a>RJ-45-to-DB-9 or&nbsp;<a><\/a>null modem cable included in your&nbsp;FortiWeb&nbsp;package<\/li>\n\n\n\n<li>terminal emulation software such as&nbsp;<a><\/a><a href=\"http:\/\/www.chiark.greenend.org.uk\/~sgtatham\/putty\/download.html\">PuTTY<\/a><\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><img decoding=\"async\" src=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/Resources\/Images\/Icon-Tools.png\"><\/td><td>The following procedures describe connection using PuTTY software; steps may vary with other terminal emulators.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h6 class=\"wp-block-heading\"><a><\/a><a><\/a>To connect to the CLI using a local console connection<\/h6>\n\n\n\n<p><strong>1.<\/strong>&nbsp;&nbsp;Using the RJ-45-to-DB-9 or null modem cable, connect your computer\u2019s serial communications (COM) port to the&nbsp;FortiWeb&nbsp;appliance\u2019s console port.<\/p>\n\n\n\n<p><strong>2.<\/strong>&nbsp;&nbsp;Verify that the&nbsp;FortiWeb&nbsp;appliance is powered on.<\/p>\n\n\n\n<p><strong>3.<\/strong>&nbsp;&nbsp;On your management computer, start&nbsp;<a><\/a><a href=\"http:\/\/www.chiark.greenend.org.uk\/~sgtatham\/putty\/download.html\">PuTTY<\/a>.<\/p>\n\n\n\n<p><strong>4.<\/strong>&nbsp;&nbsp;In the&nbsp;<strong>Category<\/strong>&nbsp;tree on the left, go to&nbsp;<strong>Connection&nbsp;&gt; Serial<\/strong>&nbsp;and configure the following:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Serial line to connect to<\/td><td>COM1 (or, if your computer has multiple serial ports, the name of the connected serial port)<\/td><\/tr><tr><td><a><\/a>Speed (baud)<\/td><td>9600<\/td><\/tr><tr><td>Data bits<\/td><td>8<\/td><\/tr><tr><td>Stop bits<\/td><td>1<\/td><\/tr><tr><td><a><\/a>Parity<\/td><td>None<\/td><\/tr><tr><td><a><\/a>Flow control<\/td><td>None<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>5.<\/strong>&nbsp;&nbsp;In the&nbsp;<strong>Category<\/strong>&nbsp;tree on the left, go to&nbsp;<strong>Session<\/strong>&nbsp;(<strong>not<\/strong>&nbsp;the sub-node,&nbsp;<strong>Logging<\/strong>) and from&nbsp;<strong>Connection type<\/strong>, select&nbsp;<strong>Serial<\/strong>.<\/p>\n\n\n\n<p><strong>6.<\/strong>&nbsp;&nbsp;Click&nbsp;<strong>Open<\/strong>.<\/p>\n\n\n\n<p><strong>7.<\/strong>&nbsp;&nbsp;Press the Enter key to initiate a connection.<\/p>\n\n\n\n<p>The&nbsp;<a><\/a>login prompt appears.<\/p>\n\n\n\n<p><strong>8.<\/strong>&nbsp;&nbsp;Type&nbsp;<code><a><\/a>admin<\/code>&nbsp;then press Enter twice. (In its default state, there is no&nbsp;<a><\/a>password for the&nbsp;<code>admin<\/code>&nbsp;account.)<\/p>\n\n\n\n<p>The CLI displays the following text, followed by a command line prompt:<\/p>\n\n\n\n<p><code>Welcome!<\/code><\/p>\n\n\n\n<p>You can now enter commands. To continue by updating the firmware, see&nbsp;<a href=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/firmware.htm#firmware_2404944458_1039297\">Updating the firmware<\/a>. Otherwise, to continue by setting an administrative password, see&nbsp;<a href=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/password.htm#password_3732266657_1017171\">Changing the \u201cadmin\u201d account password<\/a>. For information about how to use the CLI, see the&nbsp;<a href=\"http:\/\/docs.fortinet.com\/fortiweb\/\" target=\"_blank\" rel=\"noreferrer noopener\">FortiWeb CLI Reference<\/a>.<\/p>\n\n\n\n<h6 class=\"wp-block-heading\">Requirements<\/h6>\n\n\n\n<ul class=\"wp-block-list\">\n<li>a computer with an RJ-45&nbsp;<a><\/a>Ethernet port<\/li>\n\n\n\n<li>a crossover&nbsp;<a><\/a>Ethernet cable (if connecting directly) or straight-through Ethernet cable (if connecting through a switch or router)<\/li>\n\n\n\n<li>a&nbsp;FortiWeb&nbsp;network interface configured to accept SSH connections (In its default state, port1 accepts SSH. You may need to connect directly first in order to configure a static route so that, later, you can connect through routers. For details, see&nbsp;<a href=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/network_settings.htm#network_settings_2363754841_1027676\">Adding a gateway<\/a>.)<\/li>\n\n\n\n<li><a href=\"http:\/\/www.chiark.greenend.org.uk\/~sgtatham\/putty\/\">an SSH client, such as&nbsp;<\/a><a>PuTTY<\/a><\/li>\n<\/ul>\n\n\n\n<h6 class=\"wp-block-heading\"><a><\/a>To connect to the CLI using an SSH connection and password<\/h6>\n\n\n\n<p><strong>1.<\/strong>&nbsp;&nbsp;On your management computer, configure the Ethernet port with the static IP address 192.168.1.2 with a netmask of 255.255.255.0.<\/p>\n\n\n\n<p><strong>2.<\/strong>&nbsp;&nbsp;Using the Ethernet cable, connect your computer\u2019s Ethernet port to the&nbsp;FortiWeb&nbsp;appliance\u2019s port1.<\/p>\n\n\n\n<p><strong>3.<\/strong>&nbsp;&nbsp;Verify that the&nbsp;FortiWeb&nbsp;appliance is powered on.<\/p>\n\n\n\n<p><strong>4.<\/strong>&nbsp;&nbsp;On your management computer, start&nbsp;<a><\/a><a href=\"http:\/\/www.chiark.greenend.org.uk\/~sgtatham\/putty\/\">PuTTY<\/a>.<\/p>\n\n\n\n<p>Initially, the&nbsp;<strong>Session<\/strong>&nbsp;category of settings is displayed.<\/p>\n\n\n\n<p><strong>5.<\/strong>&nbsp;&nbsp;In&nbsp;<strong>Host Name (or IP Address)<\/strong>, type&nbsp;<code>192.168.1.99<\/code>.<\/p>\n\n\n\n<p><strong>6.<\/strong>&nbsp;&nbsp;In Port, type&nbsp;<code>22<\/code>.<\/p>\n\n\n\n<p><strong>7.<\/strong>&nbsp;&nbsp;From&nbsp;<strong>Connection type<\/strong>, select&nbsp;<strong>SSH<\/strong>.<\/p>\n\n\n\n<p><strong>8.<\/strong>&nbsp;&nbsp;Select&nbsp;<strong>Open<\/strong>.<\/p>\n\n\n\n<p>The SSH client connects to the&nbsp;FortiWeb&nbsp;appliance.<\/p>\n\n\n\n<p>The SSH client may display a warning if this is the first time you are connecting to the&nbsp;FortiWeb&nbsp;appliance and its SSH&nbsp;<a><\/a>key is not yet recognized by your SSH client, or if you have previously connected to the&nbsp;FortiWeb&nbsp;appliance but it used a different IP address or SSH key. If your management computer is directly connected to the&nbsp;FortiWeb&nbsp;appliance with no network hosts between them, this is normal.<\/p>\n\n\n\n<p><strong>9.<\/strong>&nbsp;&nbsp;Click&nbsp;<strong>Yes<\/strong>&nbsp;to verify the&nbsp;<a><\/a>fingerprint and accept the&nbsp;FortiWeb&nbsp;appliance\u2019s SSH key. You cannot log in until you accept the key.<\/p>\n\n\n\n<p>The CLI displays a login prompt.<\/p>\n\n\n\n<p><strong>10.<\/strong>&nbsp;&nbsp;Type&nbsp;<code>admin<\/code>&nbsp;and press Enter. (by default, this account has no&nbsp;<a><\/a>password..)<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><img decoding=\"async\" src=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/Resources\/Images\/Icon-Tools.png\"><\/td><td>If 3 incorrect login or password attempts occur in a row, your IP address will be temporarily blacklisted from the GUI and CLI (network, not console). This is to protect the appliance from brute force login&nbsp;<a><\/a>attacks. Wait 1 minute, then attempt the login again.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>The CLI displays a prompt, such as:<\/p>\n\n\n\n<p>FortiWeb#<\/p>\n\n\n\n<p>You can now enter commands. To continue by updating the firmware, see&nbsp;<a href=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/firmware.htm#firmware_2404944458_1039297\">Updating the firmware<\/a>. Otherwise, to continue by setting an administrative password, see&nbsp;<a href=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/password.htm#password_3732266657_1017171\">Changing the \u201cadmin\u201d account password<\/a>.<\/p>\n\n\n\n<p>For information about how to use the CLI, see the&nbsp;<a href=\"http:\/\/docs.fortinet.com\/fortiweb\/\" target=\"_blank\" rel=\"noreferrer noopener\">FortiWeb CLI Reference<\/a>.<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><a><\/a>To connect to the CLI using an SSH connection and public-private key pair<\/h6>\n\n\n\n<p><strong>1.<\/strong>&nbsp;&nbsp;Create a public-private key pair using a key generator.<\/p>\n\n\n\n<p><strong>2.<\/strong>&nbsp;&nbsp;Save the private key to the location on your management computer where your SSH keys are stored.<\/p>\n\n\n\n<p><strong>3.<\/strong>&nbsp;&nbsp;Connect to the CLI using either the CLI Console widget on the web UI dashboard or via anSSH connection (see&nbsp;<a href=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/connecting_gui_cli.htm#connect_to_cli_using_SSH_password\">To connect to the CLI using an SSH connection and password<\/a>).<\/p>\n\n\n\n<p><strong>4.<\/strong>&nbsp;&nbsp;Use the following CLI command to copy the public key to FortiWeb using the CLI commands:<\/p>\n\n\n\n<p>config system admin<\/p>\n\n\n\n<p>edit admin<\/p>\n\n\n\n<p>set sshkey &lt;sshkey&gt;<\/p>\n\n\n\n<p>end<\/p>\n\n\n\n<p>where&nbsp;<code>&lt;sshkey&gt;<\/code>&nbsp;is the public key data.<\/p>\n\n\n\n<p>The following data is an example of an ssh public key:<\/p>\n\n\n\n<p>\u201cssh-rsa<\/p>\n\n\n\n<p>AAAAB3NzaC1yc2EAAAADAQABAAABAQDJWw9hWG6KC+RYViLmPVN283mNIwOVE9EyO+Rk SsQgqZzc\/NkzWpR4A3f6egYUZ1TY3ERYJ350zpvtmVoM8sbtDyLjuj\/OYqZWLr06jjd+ NBKNbl9crqGdcoi+5WYZ9qo8NKgW4yXrmcNzdM46c708mrKNc9cfVlCk2kJSNNEY8FRX fm3Ge7y0aNRuBBQ6n9LkYWSoW+AETwNt8ZS0\/9tJ9gV6V6J4071Y8xSfM1VDJQwdneuX CpVrs3Fg1DijUdritp7W8ptxqgbLvdkRObaTvpEGSl6rBPZcsqQFCCgn1QHdE9UxoPA7 jpSrEZ\/Gkh63kz5KC6dZgUg0G2IrIgXt\u201d<br><\/p>\n\n\n\n<p><strong>5.<\/strong>&nbsp;&nbsp;To log in using the private key, open a connection to the CLI using SSH (see&nbsp;<a href=\"https:\/\/help.fortinet.com\/fweb\/552\/Content\/FortiWeb\/fortiweb-admin\/connecting_gui_cli.htm#connect_to_cli_using_SSH_password\">To connect to the CLI using an SSH connection and password<\/a>).<\/p>\n\n\n\n<p><strong>6.<\/strong>&nbsp;&nbsp;When FortiWeb displays the CLI prompt, use the following command to log in using the public key:<\/p>\n\n\n\n<p>ssh -i &lt;privatekey&gt;<\/p>\n\n\n\n<p>where<code>&nbsp;&lt;privatekey&gt;&nbsp;<\/code>is the name of the private key stored on your management computer.<\/p>\n\n\n\n<p>For information about how to use the CLI, see the&nbsp;<a href=\"http:\/\/docs.fortinet.com\/fortiweb\/\" target=\"_blank\" rel=\"noreferrer noopener\">FortiWeb CLI Reference<\/a>.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Connecting to the web UI or CLI To configure, maintain, and administer the&nbsp;FortiWeb&nbsp;appliance, you need to connect to it. There are two methods: Access to the CLI and\/or web UI through your network is not yet configured if: In these cases, you must initially connect your computer directly to&nbsp;FortiWeb, using the default settings. If you [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":1685,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-1691","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/1691","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1691"}],"version-history":[{"count":1,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/1691\/revisions"}],"predecessor-version":[{"id":1692,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/1691\/revisions\/1692"}],"up":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/1685"}],"wp:attachment":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}