ssh admin@192.168.0.10 <- Fortigate Default user is admin
| check configuration | # show # show |grep xxxx # show full-configuration #show full-configuration | grep XXXX #show full-configuration | grep -f XXXX ← display with tree view |
| Check Routing | # get router info routing-table detail # show router static # config router static
(static) # show (static) # end |
| Check Firewall Policy | # show firewall policy # show firewall policy XXXX # config firewall policy
(policy) # show |
| Check Hardware Information | # get hardware status |
| check Version, BIOS, Firmware, etc | # get system status |
| check version | # get system status |
| Display CPU / memory / line usage | # get system performance status |
| Display of NTP server | # get system ntp |
| Display the current time and the time of synchronization with the NTP server | # execute time |
| check interfaces status , Up or Down | # get system interface physical |
| check interfaces | # config system interface
(interface) # show (interface) # end |
| Display of ARP table | # get system arp |
| Check HA Status | # get system ha status |
| Check HA Configuration | # get system ha # show system ha |
| Check NTP | # execute time # get system ntp # diagnose sys ntp status |
| don't use more | # config system console
(console) # set output standard (console) # end |
| Save Configuration & exit | (console) # end |
| Don't Save Configuration & exit | (console) # abort |
# config firewall address (address) # show <-- check all address configuration (address) # end
# config firewall address (address) # edit "test1" (address) # show <- check (address) # abort <- End and discard last config
# config firewall address (address) # edit "test1" (address) # show <- check (address) # set subnet 192.168.0.5 255.255.255.0 (address) # show <- check (address) # end <- End and save last config.
config firewall address
edit "test-server-10"
set associated-interface "vlan10"
set subnet 192.168.0.5 255.255.255.0
end
#config firewall policy (policy)# show <- show all policy (policy)# end #
#config firewall policy (policy)# edit 555 (policy)# show (policy)# abort <- End and discard last config #
config firewall policy
edit 555
set name "test"
set srcintf "vlan10"
set dstintf "port 5"
set srcadr "xxxx" "xxxx" "xxx"
set action accept
set schedule "always"
set servie "HTTP" "ICMP_ANY"
end <- End and save last config.
# config firwall policy # delete 1 # end
# config router static # delete 1 # end
| Help | # ? |
| ping | # execute ping 192.168.0.1 |
| traceroute | # execute traceroute 192.168.1.1 |
| telnet | # execute telnet 192.168.0.10 # execute telnet 192.168.0.1 22 |
| ssh | # execute ssh user@192.168.0.10 # execute ssh user@192.168.0.10 23 |
| execute command like tcpdump | # diagnose sniffer packet port15 ← Interface Port15 # diagnose sniffer packet any 'host xx.xx.xx.xx' # diagnose sniffer packet port15 'host xx.xx.xx.xx' # diagnose sniffer packet any 'host xx.xx.xx.xx or host yy.yy.yy.yy' # diagnose sniffer packet any 'udp port 53 or tcp port 53' # diagnose sniffer packet any 'host xx.xx.xx.xx and tcp port 80' |
| shutdown | # execute shutdown |
| clear arp table | # execute clear system arp table |
# exec backup config tftp conf/test-fw-01_20180913.conf 192.168.0.10
# execute log filter dump category: traffic deice: memory (snipp) Filter: (snipp)
# execute log filter device <- Check Option Example output (can be different if disk logging is available): Available devices: 0: memory 1: disk 2: fortianalyzer 3: forticloud # execute log filter device XX <- Set Option
# execute log filter category <- Check Option 0: traffic 1: event 2: utm-virus 3: utm-webfilter 4: utm-ips 5: utm-emailfilter 7: utm-anomaly 8: utm-voip 9: utm-dlp 10: utm-app-ctrl 12: utm-waf 15: utm-dns 16: utm-ssh 17: utm-ssl 18: utm-cifs 19: utm-file-filter # execute log filter category XXXX <- Set Option
# execute log filter device 1 <- 1: disk # execute log filter category 1 <- 1: event
# execute log display