SUPPORT FORTINET FREE
 |
- CHASSIS
- ULTRA HIGH END
- HIGH END
- ENTRY LEVEL
- VIRTUAL MACHINES
- DATA CENTER FIREWALL
# config firewall address (address) # show <-- check all address configuration (address) # end
# config firewall address (address) # edit "test1" (address) # show <- check (address) # abort <- End and discard last config
# config firewall address (address) # edit "test1" (address) # show <- check (address) # set subnet 192.168.0.5 255.255.255.0 (address) # show <- check (address) # end <- End and save last config.
config firewall address edit "test-server-10" set associated-interface "vlan10" set subnet 192.168.0.5 255.255.255.0 end
Policy Operation
#config firewall policy (policy)# show <- show all policy (policy)# end #
#config firewall policy (policy)# edit 555 (policy)# show (policy)# abort <- End and discard last config #
config firewall policy edit 555 set name "test" set srcintf "vlan10" set dstintf "port 5" set srcadr "xxxx" "xxxx" "xxx" set action accept set schedule "always" set servie "HTTP" "ICMP_ANY" end <- End and save last config.
delete command
How to delete Policy
# config firwall policy # delete 1 # end
How to delete router
# config router static # delete 1 # end
Frotigate Execute Commands
| Help | # ? |
| ping | # execute ping 192.168.0.1 |
| traceroute | # execute traceroute 192.168.1.1 |
| telnet | # execute telnet 192.168.0.10 # execute telnet 192.168.0.1 22 |
| ssh | # execute ssh user@192.168.0.10 # execute ssh user@192.168.0.10 23 |
| execute command like tcpdump | # diagnose sniffer packet port15 ← Interface Port15 # diagnose sniffer packet any 'host xx.xx.xx.xx' # diagnose sniffer packet port15 'host xx.xx.xx.xx' # diagnose sniffer packet any 'host xx.xx.xx.xx or host yy.yy.yy.yy' # diagnose sniffer packet any 'udp port 53 or tcp port 53' # diagnose sniffer packet any 'host xx.xx.xx.xx and tcp port 80' |
| shutdown | # execute shutdown |
| clear arp table | # execute clear system arp table |
Backup Configuration
# exec backup config tftp conf/test-fw-01_20180913.conf 192.168.0.10Displaying logs via CLI
Check log filter
# execute log filter dump category: traffic deice: memory (snipp) Filter: (snipp)
set filter
# execute log filter device <- Check Option Example output (can be different if disk logging is available): Available devices: 0: memory 1: disk 2: fortianalyzer 3: forticloud # execute log filter device XX <- Set Option
# execute log filter category <- Check Option 0: traffic 1: event 2: utm-virus 3: utm-webfilter 4: utm-ips 5: utm-emailfilter 7: utm-anomaly 8: utm-voip 9: utm-dlp 10: utm-app-ctrl 12: utm-waf 15: utm-dns 16: utm-ssh 17: utm-ssl 18: utm-cifs 19: utm-file-filter # execute log filter category XXXX <- Set Option
Example
# execute log filter device 1 <- 1: disk # execute log filter category 1 <- 1: event
View log
# execute log displayconfig system interface
edit "port1"
set vdom "root"
set mode dhcp
set allowaccess ping https ssh snmp http
set type physical
set lldp-reception enable
set role wan
set snmp-index 1
next
edit "port2"
set vdom "root"
set mode static
set ip 10.0.0.1 255.255.255.0
set type physical
set snmp-index 2
config system ha
set group-name "HAGroup"
set mode a-p
set password Fortinet
set hbdev "ha" 50 "port14" 0
set session-pickup enable
set override disable
set priority 180
end
On the Slave Fortigate
config system ha
set group-name "HAGroup"
set mode a-p set password Fortinet
set hbdev "ha" 50 "port14" 0
set session-pickup enable
set override disable
set priority 125
end
config user tacacs+
edit "TACACS-SERVER"
set server <IP address>
set key <string>
set authen-type ascii
set source-ip <IP address>
next
- config log tacacs+accounting setting
- set status enable set server "10.1.100.34"
- set server-key ************ end
- config log tacacs+accounting filter
- set login-audit enable
- set config-change-audit enable
- set cli-cmd-audit enable
- end
No comments:
Post a Comment