Difference between revisions of "fortinet CLI notes"
From cpwiki.net
Line 9: | Line 9: | ||
==interface commands== | ==interface commands== | ||
+ | ===configure=== | ||
+ | example | ||
+ | # config system interface | ||
+ | # edit port1 | ||
+ | # set mode static | ||
+ | # set ip 10.1.1.1 255.255.255.0 | ||
+ | # next | ||
+ | # end | ||
+ | |||
+ | ===get info== | ||
for admin status, link stat, speeds, counters... | for admin status, link stat, speeds, counters... | ||
# config global | # config global | ||
Line 22: | Line 32: | ||
for default gw.. | for default gw.. | ||
# set dst 0.0.0.0 0.0.0.0 | # set dst 0.0.0.0 0.0.0.0 | ||
+ | or just leave the line out. | ||
HA status | HA status | ||
Line 68: | Line 79: | ||
$ show full-configuration | grep "set fmg " | $ show full-configuration | grep "set fmg " | ||
− | == | + | ==default login== |
− | + | VM images = admin / (empty password) | |
[[category:fortinet]] | [[category:fortinet]] |
Latest revision as of 18:10, 20 June 2024
Contents |
vdom
entering editing a vdom
# config vdom (vdom) # edit myvdom (myvdom) #
interface commands
configure
example
# config system interface # edit port1 # set mode static # set ip 10.1.1.1 255.255.255.0 # next # end
=get info
for admin status, link stat, speeds, counters...
# config global # get hardware nic <interface name>
routes
# config router static # edit <route_index> # set device "<interface_name>" # set dst "<destination_ip>" # set gateway "<router_ip>"
for default gw..
# set dst 0.0.0.0 0.0.0.0
or just leave the line out.
HA status
# config global # get sys ha status
HA failover to highest priority (if it is not currently Master) on current master run...
# config global # diagnose sys ha reset-uptime
get admin hash password
# config global # config sys admin # show
uptime
# config global # get system perf status | grep -i uptime
shutdown/reboot
# execute shutdown
or
# execute reboot
firewall
- show firewall policy
packet capture
- diagnose sniffer packet <interface|any> '<tcpdump-filter>' <verbosity> <count>
where if count = 0, then unlimited
example:
fotinet1 # diagnose sniffer packet port1 'icmp' 4 2 l interfaces=[port1] filters=[icmp] 2022-08-25 13:16:52.397609 port1 -- 192.168.169.76 -> 192.168.169.31: icmp: echo request 2022-08-25 13:16:52.397673 port1 -- 192.168.169.31 -> 192.168.169.76: icmp: echo reply
misc
check if fortigate has fortimanager central-management setting
$ show full-configuration | grep "set fmg "
default login
VM images = admin / (empty password)