Using Fortigate web interface to configure the firewall is a lot more easier than the CLI. But, there are several things you need to do before you can access Fortigate Web interface when it is within EVE-NG Network Emulator Lab. You also need to have basic knowledge on Fortigate CLI before you can get into the Fortigate Web interface.
This post will cover the basic CLI command to find out Fortigate interface IP address and to set static IP address for Fortigate interface. Before we begin, you need to have EVE-NG running and working properly and already have Fortinet Fortigate image deployed. Read this post on how to Download and deploy Fortigate image to EVE-NG.
We will not add any network interface to EVE-NG, but just using the same interface we use to access EVE-NG web interface. Let's begin!
How to access Fortigate Web Interface in EVE-NG Lab Using DHCP and Static mode
Preparing EVE-NG Lab for Fortigate
- Login to EVE-NG Web Interface and create new Lab
- Add an object > Node and choose 'Fortinet Fortigate'
- Add an object > Network and change the type to 'Management (Cloud0)
- Connect 'NET' to Fortigate Port1 (Do not start the Fortigate before creating a connection, the connection can only be configured if the appliance status is not started)
- Right click the Fortigate node and choose start
- The Fortigate icon changed to blue, then click it to open CLI configuration interface
- Default Fortigate user is admin without password, you will force to create password at first config
Access Fortigate Web Interface DHCP Mode
- Default NAT interface from VMware Player have DHCP server configured, so if you didn't have changed anything in VMware Player configuration, the interface port1 on Fortigate should already get the IP address from VMware Player DHCP server. Type this command to find out the IP addresses of Fortigate interfaces:
show system interface ?
 |
| The question mark (?) will show you the interfaces status, mode and IP addresses |
- From the example above, you can see Fortigate interface port1 IP address is 192.168.70.132 from DHCP and the status is UP
- You can now access the Fortigate Web UI from
http://192.168.70.132/
Access Fortigate Web Interface Static Mode
- In real life, usually we just plug in UTP cable to Fortigate port and a console cable to Fortigate to get into CLI configuration. As a network engineer, I have portable DHCP server on my laptop (tftpd32 / tftpd64) but never think of using it for configuring devices with console port available. Because we are in EVE-NG environment, we just need to start Fortigate appliance and click it once more to get into CLI configuration interface, this is actually console simulator. Then type this command to enter interface configuration:
config system interface
- Optionally, if you want to see the existing/running interface configuration type
show
- Port1 is the port connected to the cloud (NET), so we are going to configure it, give port1 static IP address of 192.168.70.70
edit port1
set mode static
set ip 192.168.70.70/24
end
endcommand is very important to apply the configuration (many times I forgot that command and think that something is not right 😜)
- Optional, you can type
show system interface port1orshow system interface ?to make sure the IP address have changed.
- Optional,
ping 192.168.70.70from host computer to see if it is already connected
- Open your browser and navigate to
http://192.168.70.70/
If you take a good look at the interfaces configuration, you'll notice that only port1 have
set allowaccess ping https ssh http fgfm configuration. That means, that default configuration on Fortigate only allow management access from port1. To allow management access to the other port you need to add at least set allowaccess http to the port configuration.That is all for configuring Access to Fortigate Firewall Web Interface within EVE-NG Network Emulator Lab. As for the video, please subscribe to My Youtube Channel to get the notification. Thank you.
