Skip to content

Archive

Category: Firewall

I bought an used Fortigate 50B firewall and didn’t get the admin password nor the console cable with it. It has a serial RJ-45 connector and I made a RJ-45 to RS-232 converter from a LAN cable (There are two wiring standards for the RJ-45 jacks and plugs, T568A and T568B).

 

RJ-45 to RS-232 pinout


 

DB9  RJ-45
 2     3(green/white)
 3     6(green)
 5     5(blue/white)

DB9 pins 2/3(TxD/RxD) may need to be swapped if you use a null-modem cable.

 

Console Settings:
Baud Rate (bps): 9600
Data bits: 8
Parity: None
Stop bits: 1
Flow Control: None

 

Resetting Password:
With the cable attached, and console connected, reboot the firewall.
When the logon prompt appears, type in “maintainer” as username. Use bcpb and the serial number of the firewall as password.

Example:
Serial number is FGT50B12345ABCDE, then the password would be bcpbFGT50B12345ABCDE.

* Use UPPERCASE letters in the serial number.
* You have only 14 seconds or less to type in the username/password on some devices. Rebooting the device resets timer.
* For security reasons the maintainer feature can be disabled. If you are greeted with “PASSWORD RECOVERY FUNCTIONALITY IS DISABLED”, you are unfortunately out of luck.

 

Set a new password from CLI:
config system admin
edit admin
set password yournewpasswordhere
end

 

I needed a firewall and ended up with pfSense with an Intel D2500CC motherboard. A retired Shuttle K-45 was used for the case, which turned out to be Mini-ITX compatible and a good candidate for case modding.

With the motherboard and powersupply being passively cooled, a SSD harddrive and a quiet fan makes the machine completely noiseless.

 

I had to cut out holes for the DVD-ROM and for the LCD.

 


The LCD is a “20×4 SureElec LCD” (USB) and works with lcdproc using the SureElec driver in pfSense.

 

 

The original PSU was broken and replaced with an Antec md-135 powersupply. Removing the original PSU also freed up space for a WLAN antenna(or two). The Intel D2500 has two Gigabit network cards and i added a Dual Gigabit NIC into the PCI slot. The fan mesh was removed.

 

 

mypf5
The LCD did not fit inside the front panel so i had to separate the PCBs and extend them with a flat cable.

 

 

…and pictures of the original K-45: