Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
itsroland
New Contributor

Cannot Connect to Fortigate 200e Via Console Port

Apologies if this post is in the wrong location, this is my first time posting here. 

 

I've got a Fortigate 200e firewall that was handed off to me by the individual working on this project before me. While this firewall has not yet been installed in it's permanent home, this person made changes to the configuration for testing purposes and changed the address through which you connect to the webUI, but doesn't remember what he changed it to. Thus, I need to access the CLI through the console port so I can change these settings. 

 

I'm using an RJ45 to DB9 cable with a serial to USB adapter. I can confirm the issue is not with the cable I'm using, as I'm able to console in to a Cisco switch I also have via the same means. The software I'm using is PuTTY, and my settings are as follows:

 

Speed: 9600

Data Bits: 8

Stop Bits: 1

Parity: None

Flow Control: None

 

Once I open the connection, the login prompt never appears. I've tried hitting 'enter' multiple times to no success. All the information I can find online regarding connecting to this firewall via serial cable implies that I should be able to connect with my current settings, and I can't seem to find a solution. I've never worked with a Fortinet product specifically, so I wouldn't be surprised if I'm missing something obvious here, but otherwise I'm stumped. 

 

Any help is greatly appreciated. 

 

Thanks!

2 REPLIES 2
ede_pfau
Esteemed Contributor III

Your config for PuTTY is correct.

If the FGT is powered down, and you switch it on, you should see at least some BIOS messages. Even if there was no firmware on it.

But...of course you can change the speed of the serial port (and something much more inconvenient, see later). So, you should try through all speeds from 9600 to 115k, hitting ENTER a few times. Maybe you're lucky.

 

And then, as mentioned, one can disable console access altogether. That would be very, very secure and very, very dumb at the same time. I hope the ex-admin was not too cautious. I do not know of any way out of this, as (to my knowledge) there is no "pinhole" in the case through which you could factory-reset the FGT.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Dave_Hall
Honored Contributor

The console port on the fgt could be a bit "finicky".  There were times where I had to remove and reinsert (push in) the RJ45 console cable end before I could get a connection - failing this, I would remove the USB cable from my computer and either reinsert it or move to a different USB port.  Mind you this was working with a batch of 92D hardware. 

 

Do suggest watching the console output during boot up, as Ede suggested.  Hate to think the fgt as "locked" due to some former admin wiping out the firmware and the fgt is just "sitting there" at the BIOS prompt.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Labels
Top Kudoed Authors