Difference between revisions of "fortinet CLI notes"
From cpwiki.net
(10 intermediate revisions by one user not shown) | |||
Line 9: | Line 9: | ||
==interface commands== | ==interface commands== | ||
+ | ===configure=== | ||
+ | example | ||
+ | # config system interface | ||
+ | # edit port1 | ||
+ | # set mode static | ||
+ | # set ip 10.1.1.1 255.255.255.0 | ||
+ | # next | ||
+ | # end | ||
+ | |||
+ | ===get info== | ||
for admin status, link stat, speeds, counters... | for admin status, link stat, speeds, counters... | ||
# config global | # config global | ||
# get hardware nic <interface name> | # get hardware nic <interface name> | ||
+ | ==routes== | ||
+ | # config router static | ||
+ | # edit <route_index> | ||
+ | # set device "<interface_name>" | ||
+ | # set dst "<destination_ip>" | ||
+ | # set gateway "<router_ip>" | ||
+ | |||
+ | for default gw.. | ||
+ | # set dst 0.0.0.0 0.0.0.0 | ||
+ | or just leave the line out. | ||
+ | |||
HA status | HA status | ||
# config global | # config global | ||
# get sys ha status | # get sys ha status | ||
+ | |||
+ | HA failover to highest priority (if it is not currently Master) | ||
+ | on current master run... | ||
+ | # config global | ||
+ | # diagnose sys ha reset-uptime | ||
get admin hash password | get admin hash password | ||
Line 21: | Line 47: | ||
# config sys admin | # config sys admin | ||
# show | # show | ||
+ | |||
+ | uptime | ||
+ | # config global | ||
+ | # get system perf status | grep -i uptime | ||
+ | |||
+ | shutdown/reboot | ||
+ | |||
+ | # execute shutdown | ||
+ | or | ||
+ | # execute reboot | ||
+ | |||
+ | ==firewall== | ||
+ | # show firewall policy | ||
+ | |||
+ | ==packet capture== | ||
+ | |||
+ | # diagnose sniffer packet <interface|any> '<tcpdump-filter>' <verbosity> <count> <time-format> | ||
+ | |||
+ | where if count = 0, then unlimited | ||
+ | |||
+ | example: | ||
+ | fotinet1 # '''diagnose sniffer packet port1 'icmp'''' 4 2 l | ||
+ | interfaces=[port1] | ||
+ | filters=[icmp] | ||
+ | 2022-08-25 13:16:52.397609 port1 -- 192.168.169.76 -> 192.168.169.31: icmp: echo request | ||
+ | 2022-08-25 13:16:52.397673 port1 -- 192.168.169.31 -> 192.168.169.76: icmp: echo reply | ||
+ | |||
+ | ==misc== | ||
+ | |||
+ | check if fortigate has fortimanager central-management setting | ||
+ | $ show full-configuration | grep "set fmg " | ||
+ | |||
+ | ==default login== | ||
+ | |||
+ | VM images = admin / (empty password) | ||
[[category:fortinet]] | [[category:fortinet]] |
Latest revision as of 18:10, 20 June 2024
Contents |
vdom
entering editing a vdom
# config vdom (vdom) # edit myvdom (myvdom) #
interface commands
configure
example
# config system interface # edit port1 # set mode static # set ip 10.1.1.1 255.255.255.0 # next # end
=get info
for admin status, link stat, speeds, counters...
# config global # get hardware nic <interface name>
routes
# config router static # edit <route_index> # set device "<interface_name>" # set dst "<destination_ip>" # set gateway "<router_ip>"
for default gw..
# set dst 0.0.0.0 0.0.0.0
or just leave the line out.
HA status
# config global # get sys ha status
HA failover to highest priority (if it is not currently Master) on current master run...
# config global # diagnose sys ha reset-uptime
get admin hash password
# config global # config sys admin # show
uptime
# config global # get system perf status | grep -i uptime
shutdown/reboot
# execute shutdown
or
# execute reboot
firewall
- show firewall policy
packet capture
- diagnose sniffer packet <interface|any> '<tcpdump-filter>' <verbosity> <count>
where if count = 0, then unlimited
example:
fotinet1 # diagnose sniffer packet port1 'icmp' 4 2 l interfaces=[port1] filters=[icmp] 2022-08-25 13:16:52.397609 port1 -- 192.168.169.76 -> 192.168.169.31: icmp: echo request 2022-08-25 13:16:52.397673 port1 -- 192.168.169.31 -> 192.168.169.76: icmp: echo reply
misc
check if fortigate has fortimanager central-management setting
$ show full-configuration | grep "set fmg "
default login
VM images = admin / (empty password)