Fortinet 73 FortiWeb 5.0 Patch 6 Administration Guide
Requirements
• a computer with an RJ-45 Ethernet network port
• a web browser such as Microsoft Internet Explorer version 6.0 or greater, or Mozilla Firefox
3.5 or greater
• a crossover Ethernet cable
To connect to the web UI
1. On your management computer, configure the Ethernet port with the static IP address
192.168.1.2 with a netmask of 255.255.255.0.
2. Using the Ethernet cable, connect your computer’s Ethernet port to the FortiWeb appliance’s
port1.
3. Start your browser and enter the URL:
https://192.168.1.99/
(Remember to include the “s” in https://.)
Your browser connects the appliance.
If you do not see the login page due to an SSL cipher error during the connection, and you
are connecting to the trial license of FortiWeb-VM or a LENC version of FortiWeb, then your
browser must be configured to accept encryption of 64-bit strength or less during the
handshake. (RC2, RC4, and DES with less than 64-bit strength is supported. AES and 3DES
is not supported in these versions.)
For example, in Mozilla Firefox, if you receive this error message:
ssl_error_no_cypher_overlap
you may need to enter about:config in the URL bar, t hen se t security.ssl3.rsa.rc4_40_md5
to true.
To support HTTPS authentication, the FortiWeb appliance ships with a self-signed security
certificate, which it presents to clients whenever they initiate an HTTPS connection to the
FortiWeb appliance. When you connect, depending on your web browser and prior access
of the FortiWeb appliance, your browser might display two security warnings related to this
certificate:
• The certificate is not automatically trusted because it is self-signed, rather than being
signed by a valid certificate authority (CA). Self-signed certificates cannot be verified with
a proper CA, and therefore might be fraudulent. You must manually indicate whether or
not to trust the certificate.
• The certificate might belong to another web site. The common name (CN) field in the
certificate, which usually contains the host name of the web site, does not exactly match
the URL you requested. This could indicate server identity theft, but could also simply
indicate that the certificate contains a domain name while you have entered an IP
address. You must manually indicate whether this mismatch is normal or not.
Both warnings are normal for the default certificate. SSL v3 and TLS v1.0 are supported.
4. Verify and accept the certificate, either permanently (the web browser will not display the
self-signing warning again) or temporarily. You cannot log in until you accept the certificate.
For details on accepting the certificate, see the documentation for your web browser.
5. In the Name field, type admin, then click Login. (In its default state, there is no password for
this account.)
Login credentials entered are encrypted before they are sent to the FortiWeb appliance. If
your login is successful, the web UI appears. To continue by updating the firmware, see