Firewalls are frequently used command Fortigate

1. Command Structure

　　　　#config the policy, and other objects to configure

　　　　#get view the object parameters

　　　　#show View Profile

　　　　#diagnose diagnosis command 

　　　　#execute tools commonly used commands, such as ping treacert, execute a command.

　　　　#exit exit

　　　　#end save and exit

 

---

　　2. Common Commands

　　1, an interface address

　　　FortiGate # config system interface

　　　FortiGate (interface) # edit port1

　　　FortiGate (port1) # set ip 192.168.8.99/24

　　　FortiGate (port1) # end

 

　　2. Configure static routes

　　FortiGate (static) # edit 1

       FortiGate (1) # set device wan1

       FortiGate (1) # set dst 10.0.0.0 255.0.0.0

       FortiGate (1) # set gateway 192.168.57.1

       FortiGate (1) # end

　　3. Configure default route

　　FortiGate (1) # set gateway 192.168.57.1

       FortiGate (1) # set device wan1

       FortiGate (1) # end

　　4. Add Address

　　FortiGate # config firewall address

       FortiGate (address) # edit clientnet

        new entry 'clientnet' added

       FortiGate (clientnet) # set subnet 192.168.1.0 255.255.255.0

       FortiGate (clientnet) # end

　　5. Add the ip pool

　　FortiGate (ippool) # edit nat-pool

        new entry 'nat-pool' added

       FortiGate (nat-pool) # set startip 100.100.100.1

       FortiGate (nat-pool) # set endip 100.100.100.100

       FortiGate (nat-pool) # end

　　6. Add a virtual ip

　　FortiGate # config firewall vip

       FortiGate (vip) # edit webserver

        new entry 'webserver' added

       FortiGate (webserver) # set extip 202.0.0.167

       FortiGate (webserver) # set extintf wan1

       FortiGate (webserver) # set mappedip 192.168.0.168

       FortiGate (webserver) # end

 

  7. Configure Internet strategy

       FortiGate # config firewall policy

       FortiGate (policy) # edit 1        

       FortiGate (1) #set srcintf internal // source interface

       FortiGate (1) #set dstintf wan1 // destination interface

       FortiGate (1) #set srcaddr all // source address

       FortiGate (1) #set dstaddr all // destination address

       FortiGate (1) #set action accept // action

       FortiGate (1)#set schedule always    //时间

       FortiGate (1) #set service ALL // Services

       FortiGate (1) #set logtraffic disable // log switching

       FortiGate (1) #set nat enable // open nat

       end

 

  8, configuration mapping strategy

       FortiGate # config firewall policy

       FortiGate (policy) #edit 2

       FortiGate (2) #set srcintf wan1 // source interface

       FortiGate (2) #set dstintf internal // destination interface

       FortiGate (2) #set srcaddr all // source address

       FortiGate (2) #set dstaddr FortiGate1 // destination address, the virtual ip mapping, add a good advance

       FortiGate (2) #set action accept // action

       FortiGate (2)#set schedule always //时间

       FortiGate (2) #set service ALL // Services

       FortiGate (2) #set logtraffic all // log switching

       end

 

  9, the internal routing exchange port interface modification

       About ensure internal port routing, dhcp, firewall policies are deleted

       FortiGate # config system global

       FortiGate (global) # set internal-switch-mode interface

       FortiGate (global) #end

       Restart

--------------------------------------

     1, view the host name, port management

            FortiGate # show system global

     2, view system status information, current resource information

            FortiGate # get system performance status

     3, see the application traffic statistics

           FortiGate # get system performance firewall statistics

     4, see the arp table  

           FortiGate # get system arp

     5, see arp wealth of information

           FortiGate # diagnose ip arp list

     6, clear arp cache

            FortiGate # execute clear system arp table

     7, view the current session table

            FortiGate # diagnose sys session stat 或 FortiGate # diagnose sys session full-stat；

     8. Check the session list

            FortiGate # diagnose sys session list

     9, view the status of the physical interface

           FortiGate # get system interface physical

    10, view the default routing configuration

          FortiGate # show router static

    11, the routing table Static routing

          FortiGate # get router info routing-table static

    12, see ospf configuration

           FortiGate # show router ospf

    13, see the global routing table

          FortiGate # get router info routing-table all

-----------------------------------------------

    1, HA status View

        FortiGate # get system ha status

    2, is synchronized to view the standby machine

     FortiGate # diagnose sys ha showcsum

---------------------------------------------------

   3. Diagnostic command:

      FortiGate # diagnose debug application ike -1

  ---------------------------------------------------

      execute the command:

       FortiGate #execute ping 8.8.8.8 // ping routine operation

       FortiGate #execute ping-options source 192.168.1.200 // specified ping packet source address 192.168.1.200

       FortiGate #execute ping 8.8.8.8 // continue to enter the destination address to ping, you can ping the source address of 192.168.1.200

       FortiGate #execute  traceroute   8.8.8.8                  

       FortiGate #execute telnet 2.2.2.2 // telnet access                  

       FortiGate #execute ssh 2.2.2.2 // conducted ssh access

       FortiGate #execute factoryreset // restore factory settings

       FortiGate #execute reboot // reboot

       FortiGate #execute shutdown // Turn off your device