fortinet CLI notes

From cpwiki.net
Revision as of 19:47, 7 May 2024 by Nighthawk (Talk | contribs)

Jump to: navigation, search
Check Point Profressional Services


Contents

vdom

entering editing a vdom

# config vdom
(vdom) #  edit myvdom
(myvdom) # 

interface commands

for admin status, link stat, speeds, counters...

# config global
# get hardware nic <interface name>

routes

# config router static
# edit <route_index>
# set device "<interface_name>"
# set dst "<destination_ip>"
# set gateway "<router_ip>"

for default gw..

# set dst 0.0.0.0 0.0.0.0

HA status

# config global
# get sys ha status

HA failover to highest priority (if it is not currently Master) on current master run...

# config global
# diagnose sys ha reset-uptime

get admin hash password

# config global
# config sys admin
# show

uptime

# config global
# get system perf status | grep -i uptime

shutdown/reboot

# execute shutdown

or

# execute reboot

firewall

  1. show firewall policy

packet capture

  1. diagnose sniffer packet <interface|any> '<tcpdump-filter>' <verbosity> <count>

where if count = 0, then unlimited

example:

fotinet1 # diagnose sniffer packet port1 'icmp' 4 2 l
interfaces=[port1]
filters=[icmp]
2022-08-25 13:16:52.397609 port1 -- 192.168.169.76 -> 192.168.169.31: icmp: echo request
2022-08-25 13:16:52.397673 port1 -- 192.168.169.31 -> 192.168.169.76: icmp: echo reply

misc

check if fortigate has fortimanager central-management setting

 $ show full-configuration | grep "set fmg "