Scribd Logo
Upload

Welcome to Scribd!

  • 1 views

    FortiGate_Commands

    Uploaded by

    OgichiShirusaki

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    FortiGate_Commands

    Uploaded by

    OgichiShirusaki
    1 views3 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    1 views3 pages

    FortiGate_Commands

    Uploaded by

    OgichiShirusaki

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 3

    **************************************************

    * Config Port Interface *


    **************************************************

    show system interface


    config system interface
    edit port1
    set mode static
    set ip 192.168.0.5 255.255.255.0
    set allowaccess http https ssh telnet
    set description “WAN-1”
    end

    config system interface


    edit port2
    set mode static
    set ip 192.168.10.1 255.255.255.0
    set allowaccess http https ssh telnet
    set description “WINSRV2K19”
    end

    config system interface


    edit port3
    set mode static
    set ip 192.168.11.1 255.255.255.0
    set allowaccess http https ssh telnet
    set description “LINUX”
    end

    config system interface


    edit port4
    set mode static
    set ip 192.168.12.1 255.255.255.0
    set allowaccess http https ssh telnet
    set description “WIN10”
    end

    **************************************************
    * Configure basic security policies *
    **************************************************

    config system global

    set dns_1 8.8.8.8


    set dns_2 8.8.4.4

    end

    **************************************************
    * Configure basic security policies *
    **************************************************

    config firewall address

    edit "WAN-1"
    set associated-interface "port1"
    set subnet 192.168.10.11 255.255.255.255
    next
    edit "Dentist1"
    set associated-interface "port1"
    set subnet 192.168.10.21 255.255.255.255
    next

    edit "Dentist2"
    set associated-interface "port1"
    set subnet 192.168.10.22 255.255.255.255
    next

    edit "Dentist3"
    set associated-interface "port1"
    set subnet 192.168.10.23 255.255.255.255
    end

    config firewall addrgrp

    edit Internet_PCs
    set member Admin Dentist1 Dentist2 Dentist3
    end

    config firewall policy

    edit 1
    set srcintf port1
    set dstintf port2
    set srcaddr Internet_PCs
    set dstaddr all
    set action accept
    set schedule always
    set service "DHCP" "DNS" "FTP" "HTTP" "HTTPS" "NTP" "POP3" "SMTP" "SSH"
    set logtraffic enable
    set label "Section2"
    set endpoint-restrict-check no-av db-outdated
    next

    edit 2

    set srcintf port2


    set dstintf port1
    set srcaddr all
    set dstaddr Internet_PCs
    set action accept
    set schedule always
    set service "DHCP" "DNS" "FTP" "HTTP" "HTTPS" "NTP" "POP3" "SMTP" "SSH"
    set logtraffic enable
    set label "Section2"
    set endpoint-restrict-check no-av db-outdated
    next

    end

    **************************************************
    * FortiClient enforcement to interfaces *
    **************************************************

    config system interface

    edit port1
    set listen-forticlient-connection [enable|disable]
    set endpoint-compliance [enable|disable]
    next

    end

    **************************************************
    * Configure static routing *
    **************************************************

    configure routing static

    edit 1
    set gateway 172.100.20.5
    set distance 10
    set device port2
    set dst 0.0.0.0

    next
    end

    **************************************************
    * Configure Link Health Monitor *
    **************************************************

    config system link-monitor

    edit <name>

    set srcintf <interface>


    set server <server ip> (server ip located beyond the ISP gateway)
    set gateway-ip <gateway ip>
    set protocol [ping | tecp-echo | udp-echo | twamp | http ]
    set update-static-route (removes all static routes associated with srcint in
    the event of an outage)

    next
    end

    **************************************************
    * Routing - Diagnostics *
    **************************************************

    get router info routing-table all (check active routes)

    get router info routing-table database (check active, standby and inactive
    routes)

    diagnose firewall proute list (check policy routes and isdb routes)

    (Packet Capture Examples)

    diagnose sniffer packet any 'port 443'4

    diagnose sniffer packet any 'host 192.168.1.254 and icmp' 3

    You might also like