Difference between revisions of "fortinet CLI notes"

From cpwiki.net
Jump to: navigation, search
Check Point Profressional Services
 
(10 intermediate revisions by one user not shown)
Line 9: Line 9:
  
 
==interface commands==
 
==interface commands==
 +
===configure===
 +
example
 +
# config system interface
 +
# edit port1
 +
# set mode static
 +
# set ip 10.1.1.1 255.255.255.0
 +
# next
 +
# end
 +
 +
===get info==
 
for admin status, link stat, speeds, counters...
 
for admin status, link stat, speeds, counters...
 
  # config global
 
  # config global
 
  # get hardware nic <interface name>
 
  # get hardware nic <interface name>
 
   
 
   
 +
==routes==
 +
# config router static
 +
# edit <route_index>
 +
# set device "<interface_name>"
 +
# set dst "<destination_ip>"
 +
# set gateway "<router_ip>"
 +
 +
for default gw..
 +
# set dst 0.0.0.0 0.0.0.0
 +
or just leave the line out.
 +
 
HA status
 
HA status
 
  # config global
 
  # config global
 
  # get sys ha status
 
  # get sys ha status
 +
 +
HA failover to highest priority (if it is not currently Master)
 +
on current master run...
 +
# config global
 +
# diagnose sys ha reset-uptime
  
 
get admin hash password
 
get admin hash password
Line 21: Line 47:
 
  # config sys admin
 
  # config sys admin
 
  # show
 
  # show
 +
 +
uptime
 +
# config global
 +
# get system perf status | grep -i uptime
 +
 +
shutdown/reboot
 +
 +
# execute shutdown
 +
or
 +
# execute reboot
 +
 +
==firewall==
 +
# show firewall policy
 +
 +
==packet capture==
 +
 +
# diagnose sniffer packet <interface|any> '<tcpdump-filter>' <verbosity> <count> <time-format>
 +
 +
where if count = 0, then unlimited
 +
 +
example:
 +
fotinet1 # '''diagnose sniffer packet port1 'icmp'''' 4 2 l
 +
interfaces=[port1]
 +
filters=[icmp]
 +
2022-08-25 13:16:52.397609 port1 -- 192.168.169.76 -> 192.168.169.31: icmp: echo request
 +
2022-08-25 13:16:52.397673 port1 -- 192.168.169.31 -> 192.168.169.76: icmp: echo reply
 +
 +
==misc==
 +
 +
check if fortigate has fortimanager central-management setting
 +
  $ show full-configuration | grep "set fmg "
 +
 +
==default login==
 +
 +
VM images = admin / (empty password)
  
 
[[category:fortinet]]
 
[[category:fortinet]]

Latest revision as of 18:10, 20 June 2024


Contents

vdom

entering editing a vdom

# config vdom
(vdom) #  edit myvdom
(myvdom) # 

interface commands

configure

example

# config system interface
# edit port1
# set mode static
# set ip 10.1.1.1 255.255.255.0
# next
# end

=get info

for admin status, link stat, speeds, counters...

# config global
# get hardware nic <interface name>

routes

# config router static
# edit <route_index>
# set device "<interface_name>"
# set dst "<destination_ip>"
# set gateway "<router_ip>"

for default gw..

# set dst 0.0.0.0 0.0.0.0

or just leave the line out.

HA status

# config global
# get sys ha status

HA failover to highest priority (if it is not currently Master) on current master run...

# config global
# diagnose sys ha reset-uptime

get admin hash password

# config global
# config sys admin
# show

uptime

# config global
# get system perf status | grep -i uptime

shutdown/reboot

# execute shutdown

or

# execute reboot

firewall

  1. show firewall policy

packet capture

  1. diagnose sniffer packet <interface|any> '<tcpdump-filter>' <verbosity> <count>

where if count = 0, then unlimited

example:

fotinet1 # diagnose sniffer packet port1 'icmp' 4 2 l
interfaces=[port1]
filters=[icmp]
2022-08-25 13:16:52.397609 port1 -- 192.168.169.76 -> 192.168.169.31: icmp: echo request
2022-08-25 13:16:52.397673 port1 -- 192.168.169.31 -> 192.168.169.76: icmp: echo reply

misc

check if fortigate has fortimanager central-management setting

 $ show full-configuration | grep "set fmg "

default login

VM images = admin / (empty password)