Difference between revisions of "fortinet CLI notes"
From cpwiki.net
(Created page with " ==vdom== entering editing a vdom # config vdom (vdom) # edit myvdom (myvdom) # category:fortinet") |
(→logging) |
||
| (19 intermediate revisions by one user not shown) | |||
| Line 4: | Line 4: | ||
entering editing a vdom | entering editing a vdom | ||
| − | # config vdom | + | # config vdom |
| − | (vdom) # edit myvdom | + | (vdom) # edit myvdom |
| − | (myvdom) # | + | (myvdom) # |
| + | |||
| + | ==interface commands== | ||
| + | ===configure=== | ||
| + | example | ||
| + | # config system interface | ||
| + | # edit port1 | ||
| + | # set mode static | ||
| + | # set ip 10.1.1.1 255.255.255.0 | ||
| + | # next | ||
| + | # end | ||
| + | |||
| + | ===get info== | ||
| + | for admin status, link stat, speeds, counters... | ||
| + | # config global | ||
| + | # get hardware nic <interface name> | ||
| + | |||
| + | ==routes== | ||
| + | # config router static | ||
| + | # edit <route_index> | ||
| + | # set device "<interface_name>" | ||
| + | # set dst "<destination_ip>" | ||
| + | # set gateway "<router_ip>" | ||
| + | |||
| + | for default gw.. | ||
| + | # set dst 0.0.0.0 0.0.0.0 | ||
| + | or just leave the line out. | ||
| + | |||
| + | HA status | ||
| + | # config global | ||
| + | # get sys ha status | ||
| + | |||
| + | HA failover to highest priority (if it is not currently Master) | ||
| + | on current master run... | ||
| + | # config global | ||
| + | # diagnose sys ha reset-uptime | ||
| + | |||
| + | get admin hash password | ||
| + | # config global | ||
| + | # config sys admin | ||
| + | # show | ||
| + | |||
| + | uptime | ||
| + | # config global | ||
| + | # get system perf status | grep -i uptime | ||
| + | |||
| + | shutdown/reboot | ||
| + | |||
| + | # execute shutdown | ||
| + | or | ||
| + | # execute reboot | ||
| + | |||
| + | ==firewall== | ||
| + | # show firewall policy | ||
| + | |||
| + | ==packet capture== | ||
| + | |||
| + | # diagnose sniffer packet <interface|any> '<tcpdump-filter>' <verbosity> <count> <time-format> | ||
| + | |||
| + | verbosity of 4 will show the port name | ||
| + | |||
| + | where if count = 0, then unlimited | ||
| + | |||
| + | example: | ||
| + | fotinet1 # '''diagnose sniffer packet port1 'icmp'''' 4 2 l | ||
| + | interfaces=[port1] | ||
| + | filters=[icmp] | ||
| + | 2022-08-25 13:16:52.397609 port1 -- 192.168.169.76 -> 192.168.169.31: icmp: echo request | ||
| + | 2022-08-25 13:16:52.397673 port1 -- 192.168.169.31 -> 192.168.169.76: icmp: echo reply | ||
| + | |||
| + | ==misc== | ||
| + | |||
| + | check if fortigate has fortimanager central-management setting | ||
| + | $ show full-configuration | grep "set fmg " | ||
| + | |||
| + | ==default login== | ||
| + | |||
| + | VM images = admin / (empty password) | ||
| + | |||
| + | ==logging== | ||
| + | [https://community.fortinet.com/t5/FortiGate/Technical-Tip-Displaying-logs-via-FortiGate-s-CLI/ta-p/193027 Displaying logs via FortiGate's CLI] | ||
| + | |||
| + | set log filter to view category with traffic logs | ||
| + | execute log filter category 0 | ||
| + | set log filter to view logs from local disk | ||
| + | execute log filter device 0 | ||
| + | view log filter settings | ||
| + | execute log filter dump | ||
| + | reset log filter | ||
| + | execute log filter reset | ||
| + | example.. | ||
| + | |||
| + | execute log filter category 0 | ||
| + | execute log filter device 0 | ||
| + | execute log filter field srcip 10.0.0.10 | ||
| + | execute log filter field dstip 192.168.1.1 | ||
| + | execute log display | ||
[[category:fortinet]] | [[category:fortinet]] | ||
Latest revision as of 15:17, 14 October 2025
Contents |
vdom
entering editing a vdom
# config vdom (vdom) # edit myvdom (myvdom) #
interface commands
configure
example
# config system interface # edit port1 # set mode static # set ip 10.1.1.1 255.255.255.0 # next # end
=get info
for admin status, link stat, speeds, counters...
# config global # get hardware nic <interface name>
routes
# config router static # edit <route_index> # set device "<interface_name>" # set dst "<destination_ip>" # set gateway "<router_ip>"
for default gw..
# set dst 0.0.0.0 0.0.0.0
or just leave the line out.
HA status
# config global # get sys ha status
HA failover to highest priority (if it is not currently Master) on current master run...
# config global # diagnose sys ha reset-uptime
get admin hash password
# config global # config sys admin # show
uptime
# config global # get system perf status | grep -i uptime
shutdown/reboot
# execute shutdown
or
# execute reboot
firewall
# show firewall policy
packet capture
# diagnose sniffer packet <interface|any> '<tcpdump-filter>' <verbosity> <count>
verbosity of 4 will show the port name
where if count = 0, then unlimited
example:
fotinet1 # diagnose sniffer packet port1 'icmp' 4 2 l interfaces=[port1] filters=[icmp] 2022-08-25 13:16:52.397609 port1 -- 192.168.169.76 -> 192.168.169.31: icmp: echo request 2022-08-25 13:16:52.397673 port1 -- 192.168.169.31 -> 192.168.169.76: icmp: echo reply
misc
check if fortigate has fortimanager central-management setting
$ show full-configuration | grep "set fmg "
default login
VM images = admin / (empty password)
logging
Displaying logs via FortiGate's CLI
set log filter to view category with traffic logs
execute log filter category 0
set log filter to view logs from local disk
execute log filter device 0
view log filter settings
execute log filter dump
reset log filter
execute log filter reset
example..
execute log filter category 0 execute log filter device 0 execute log filter field srcip 10.0.0.10 execute log filter field dstip 192.168.1.1 execute log display
