FortiGate Routers - anyone with experience with them?

[h2009]

Hi has anyone had some experienced with FortiGate Routers?

I've got an issue where the LAN interface of the router has been disabled and I can't get access to the webpage interface to enable it again.

The router has the webpage interface up but I'm getting the message: The SSL-VPN portal has been enabled for tunnel mode use only. Please download FortiClient below in order to connect.

This same message appears if I connect directly to the public IP and over the VPN to it.

 

[Caged]

Is SSH enabled?

If every management interface access is disabled then you're going to need to go into the serial console.

 

[h2009]

The router wasn't setup my me and I have very little information on it.
It was just the internal LAN interface which was disabled but that might link to all other interfaces. Given I can connect by VPN, is there no other way into it?

 

[Caged]

Can you connect via HTTPS to the WAN IP?

It might have been provided by an MSP and then locked down so only they can access it from their office or whatever. Or there's a management VLAN that the management has been enabled on. Really hard to tell without knowing what the config is - which is sort of the point.

 

[Sparky__H]

Sounds like the ssl vpn listener is configured for all interfaces on 443. Try 4434 or 7777 as these are often used for GUI access.

As others have said if whoever set it up done their job properly then the admin accounts will be locked down to host IPs and a management vlan . Just get a console cable and write the config and rules to a file.