This guide shows how to connect to a Fortinet device, such as a FortiGate, FortiSwitch, or FortiAP, through the CLI by using the device's console port.
The instructions in this guide apply for macOS 11.0 or newer using the Z shell. However, the steps to establish a serial connection will also be similar for Unix-like systems, and both of the serial terminal applications covered are available on macOS and Unix/Linux. PuTTY can be used on Windows.
Install drivers
If necessary, install the latest version of the Prolific serial device driver, and then restart your computer. As of macOS 11.0 (Big Sur), the necessary serial drivers are already installed, so you may not need to install them if you're running 11.0 or newer.
As these drivers are not signed, macOS will also block this driver package from being installed at first. Go to the "Security & Privacy" settings in the System Preferences to allow the driver to run.
Configure the USB-serial controller interface
Go to the System Preferences and select "Network". Confirm that a new interface with a name similar to "USB-Serial Controller" is present. If it doesn't exist, click the "+" button at the bottom of the left pane to add it.
Select the "Advanced" button to configure the USB-serial controller using the following settings:
- Vendor: "Null Modem"
- Model: Depends on the device. For example:
- 9600 bps for a FortiGate
- 115200 bps for a FortiSwitch
- "Enable error correction and compression in modem" should not be checked
Connecting to the console port
Connect your computer to your Fortinet device's serial port to establish a serial link.
If your Fortinet device has an RJ45 console port, you'll need a RJ45 to DB9 adapter. In the likely event your computer doesn't have a DB9 port, you'll need an additional DB9 to USB adapter.
Set up and connect to the serial terminal
To connect to your device, you'll need a serial terminal application. The simplest option would be to use Screen, which is typically included with macOS and Linux distributions. An alternative tool that is more advanced is Minicom, but you'll need to install extra software to use it.
Option 1: Screen
(1) Start a CLI session using Terminal.
(2) Run ls /dev/cu.* to list all available serial devices. Confirm that your USB serial adapter is available by looking for a device with a name containing usbserial. For example:
% ls /dev/cu.*
/dev/cu.Bluetooth-Incoming-Port /dev/cu.usbserial-14130
In this case, /dev/cu.usbserial-14130 is the correct path and device, with 14130 appended as a unique process ID. Note that the ID may change between sessions, such as if you plug the RJ45-to-serial-to-USB adapters into a different USB port on your computer; as a result, you may want to periodically confirm the name.
(3) Run the Screen application using the serial device path you retrieved earlier, along with the baud rate (which is "9600" for a FortiGate in this case) as a parameter:
screen /dev/cu.usbserial-14130 9600
(4) If the connection was successfully established, you'll be prompted for login credentials on your Fortinet device. Log in with your credentials.
Option 2: Minicom
(1) Start a CLI session using Terminal.
(2) Install the Homebrew package manager.
(3) Install Minicom using Homebrew: sudo brew install minicom
(4) Run ls /dev/cu.* to list and filter available serial devices. Confirm that your USB-to-serial adapter is available by looking for a device with a name containing usbserial. For example:
% ls /dev/cu.*
/dev/cu.Bluetooth-Incoming-Port /dev/cu.usbserial-14130
In this case, /dev/cu.usbserial-14130 is the correct path and device, with 14130 appended as a unique process ID. Note that the ID may change between sessions, such as if you plug the RJ45-to-serial-to-USB adapters into a different USB port on your computer; as a result, you may want to periodically confirm the name.
(5) Open the Minicom setup mode by running minicom -s. You should see the following interactive menu:
+-----[configuration]------+
| Filenames and paths |
| File transfer protocols |
| Serial port setup |
| Modem and dialing |
| Screen and keyboard |
| Save setup as dfl |
| Save setup as.. |
| Exit |
| Exit from Minicom |
+--------------------------+
(6) Select the Serial port setup option. You will now see the following menu:
+-----------------------------------------------------------------------+
| A - Serial Device : /dev/cu.usbserial-14130 |
| B - Lockfile Location : /usr/local/Cellar/minicom/2.8/var |
| C - Callin Program : |
| D - Callout Program : |
| E - Bps/Par/Bits : 9600 8N1 |
| F - Hardware Flow Control : Yes |
| G - Software Flow Control : No |
| H - RS485 Enable : No |
| I - RS485 Rts On Send : No |
| J - RS485 Rts After Send : No |
| K - RS485 Rx During Tx : No |
| L - RS485 Terminate Bus : No |
| M - RS485 Delay Rts Before: 0 |
| N - RS485 Delay Rts After : 0 |
| |
| Change which setting? |
+-----------------------------------------------------------------------+
There are two settings in particular that may need to be changed from the default values:
- In
A - Serial Device, enter the serial device path you located in step (4). - In
E - Bps/Par/Bits, set the baud rate. In this specific case, we want to use9600 8N1for the FortiGate.
(7) Select Save setup as dfl to save your settings.
(8) Select Exit to save your settings and start Minicom's serial connection to your Fortinet device. If the connection was successfully established, you'll be prompted for login credentials on your Fortinet device. Log in with your credentials.
Alternatively, choose Exit from Minicom to exit setup without establishing a serial connection.
Once configured, you can run minicom without entering setup mode again if the port number remains the same.
