- Command Structure
#config the policy, and other objects to configure
#get view the object parameters
#show View Profile
#diagnose diagnosis command
#execute tools commonly used commands, such as ping treacert, execute a command.
#exit exit
#end save and exit
2. Common Commands
1, an interface address
FortiGate # config system interface
FortiGate (interface) # edit port1
FortiGate (port1) # set ip 192.168.8.99/24
FortiGate (port1) # end
2. Configure static routes
FortiGate (static) # edit 1
FortiGate (1) # set device wan1
FortiGate (1) # set dst 10.0.0.0 255.0.0.0
FortiGate (1) # set gateway 192.168.57.1
FortiGate (1) # end
3. Configure default route
FortiGate (1) # set gateway 192.168.57.1
FortiGate (1) # set device wan1
FortiGate (1) # end
4. Add Address
FortiGate # config firewall address
FortiGate (address) # edit clientnet
new entry 'clientnet' added
FortiGate (clientnet) # set subnet 192.168.1.0 255.255.255.0
FortiGate (clientnet) # end
5. Add the ip pool
FortiGate (ippool) # edit nat-pool
new entry 'nat-pool' added
FortiGate (nat-pool) # set startip 100.100.100.1
FortiGate (nat-pool) # set endip 100.100.100.100
FortiGate (nat-pool) # end
6. Add a virtual ip
FortiGate # config firewall vip
FortiGate (vip) # edit webserver
new entry 'webserver' added
FortiGate (webserver) # set extip 202.0.0.167
FortiGate (webserver) # set extintf wan1
FortiGate (webserver) # set mappedip 192.168.0.168
FortiGate (webserver) # end
7. Configure Internet strategy
FortiGate # config firewall policy
FortiGate (policy) # edit 1
FortiGate (1) #set srcintf internal // source interface
FortiGate (1) #set dstintf wan1 // destination interface
FortiGate (1) #set srcaddr all // source address
FortiGate (1) #set dstaddr all // destination address
FortiGate (1) #set action accept // action
FortiGate (1)#set schedule always //时间
FortiGate (1) #set service ALL // Services
FortiGate (1) #set logtraffic disable // log switching
FortiGate (1) #set nat enable // open nat
end
8, configuration mapping strategy
FortiGate # config firewall policy
FortiGate (policy) #edit 2
FortiGate (2) #set srcintf wan1 // source interface
FortiGate (2) #set dstintf internal // destination interface
FortiGate (2) #set srcaddr all // source address
FortiGate (2) #set dstaddr FortiGate1 // destination address, the virtual ip mapping, add a good advance
FortiGate (2) #set action accept // action
FortiGate (2)#set schedule always //时间
FortiGate (2) #set service ALL // Services
FortiGate (2) #set logtraffic all // log switching
end
9, the internal routing exchange port interface modification
About ensure internal port routing, dhcp, firewall policies are deleted
FortiGate # config system global
FortiGate (global) # set internal-switch-mode interface
FortiGate (global) #end
Restart
--------------------------------------
1, view the host name, port management
FortiGate # show system global
2, view system status information, current resource information
FortiGate # get system performance status
3, see the application traffic statistics
FortiGate # get system performance firewall statistics
4, see the arp table
FortiGate # get system arp
5, see arp wealth of information
FortiGate # diagnose ip arp list
6, clear arp cache
FortiGate # execute clear system arp table
7, view the current session table
FortiGate # diagnose sys session stat 或 FortiGate # diagnose sys session full-stat;
8. Check the session list
FortiGate # diagnose sys session list
9, view the status of the physical interface
FortiGate # get system interface physical
10, view the default routing configuration
FortiGate # show router static
11, the routing table Static routing
FortiGate # get router info routing-table static
12, see ospf configuration
FortiGate # show router ospf
13, see the global routing table
FortiGate # get router info routing-table all
-----------------------------------------------
1, HA status View
FortiGate # get system ha status
2, is synchronized to view the standby machine
FortiGate # diagnose sys ha showcsum
---------------------------------------------------
3. Diagnostic command:
FortiGate # diagnose debug application ike -1
---------------------------------------------------
execute the command:
FortiGate #execute ping 8.8.8.8 // ping routine operation
FortiGate #execute ping-options source 192.168.1.200 // specified ping packet source address 192.168.1.200
FortiGate #execute ping 8.8.8.8 // continue to enter the destination address to ping, you can ping the source address of 192.168.1.200
FortiGate #execute traceroute 8.8.8.8
FortiGate #execute telnet 2.2.2.2 // telnet access
FortiGate #execute ssh 2.2.2.2 // conducted ssh access
FortiGate #execute factoryreset // restore factory settings
FortiGate #execute reboot // reboot
FortiGate #execute shutdown // Turn off your device