INFORMATICS

The Best

Czyszczenie DHCP FortiGate

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Aby wyczyścić wszystkie adresy DHCP na FortiGate należy wykonać poniższą komendę:

FGT# execute dhcp lease-clear

Fortigate

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Fortigate

execute factoryreset - from the CLI or Via System status reset

Configure the FortiGate internal interface.

show

sh system interface

diagnose hardware deviceinfo nic

get system status

sh firewall policy 6

sh router policy

diagnose system session list

diagnose system session clear

diagnose ip arp list

get router info routing-table all

diagnose system top

diagnose system kill 9 <id>

diag test auth ldap <server_name> <username> <password>

Ldap test query from the Forti to the AD

Kill the specific PID

Show System Processes running with PIDs

Equivalent to ‘show ip route’

Shows the arp table of connected hosts

Clears all xlate/translations

Show the excisting translations

Show Policy Routing rules

show firewall rule numer 6

Equivalent to show interface

show version information

 

Equivalent to show run interface

 

config system interface

  

edit internal

 

 

 

 

 

 

 

 

Show global or vdom config

Fortinet-triki

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

fortigate
01FG        

DHCP: Przydzielamy IP w zależności od MAC-adresów

reserved address named client_1 consisting of IP address 192.168.110.3 and MAC address 00:09:0F:0A:01:BC for a regular ethernet connection.


config system dhcp reserved-address
 edit client_1
  set ip 192.168.110.3
  set mac 00:09:0F:0A:01:BC
  set type regular
end
  

fortinet mac rezerwacja


Firewall: przepuszczamy IP w zależności od MAC-adresów

 

Usunięcie niepotrzebnego przypisania do IP MAC w fortigate:

config system dhcp reserved-address

Można to zrobić na kilka sposobów poleceniem edit, purge, delete

edit - edytuje obecny wpis

purge czyści wszystkie wpisy w tabeli

delete - kasuje wybrany wpis

będąc w menu reserved-addresss wpisujemy

(reserved-address)# delete jszreiber

po tej komendzie wpis zostaje usunięty

 

Konfiguracja Interfejsu


config system interface
  edit internal
    set ipmac enable
  


This example shows how to enable IP/MAC binding going to and going through the firewall, and block undefined hosts (IP/MAC address pairs).


config firewall ipmacbinding setting
 set bindthroughfw enable
 set bindtofw enable
 set undefinedhost block
end
 


This example shows how to add and enable an IP/MAC entry to the IP/MAC binding table.


config firewall ipmacbinding table
 edit 1
  set ip 172.16.44.55
  set mac 00:10:F3:04:7A:4C
  set name RemoteAdmin
  set status enable
end
 


Sprawdzamy poprawność wpisów komenda SHOW


get system dhcp reserved-address

show system dhcp reserved-address client_1

show firewall ipmacbinding setting

get firewall ipmacbinding setting
 
 

 
Ustalamy sposoby dostępu do Konsoli

 

Ogólna konstrukcja polecenia


config system interface
  edit <interface_name>
  set allowaccess <access_types>
end
  

<interface> - wan1, wan2, internal

<access_types> - http, https, ssh, telnet, ping, snmp

Przykład


config system interface
  edit wan1
  set allowaccess http https ssh telnet
end
  


Sprawdzamy wprowadzone ustawienia dla danego interface


get system interface wan1
 
 


Wysłanie email

 

Ogólna konstrukcja polecenia


config alertemail setting
 set username <user-name-str>
 set mailto1 <email-address-str>
 set mailto2 <email-address-str>
 set mailto3 <email-address-str>
 set filter-mode <category> <threshold>
 set email-interval <minutes-integer>
 set severity {alert | critical | debug | emergency | error |
     information | notification | warning}
 set emergency-interval <minutes-integer>
 set alert-interval <minutes-integer>
 set critical-interval <minutes-integer>
 set error-interval <minutes-integer>
 set warning-interval <minutes-integer>
 set notification-interval <minutes-integer>
 set information-interval <minutes-integer>
 set debug-interval <minutes-integer>
 set IPS-logs {disable | enable}
 set firewall-authentication-failure-logs {disable | enable}
 set HA-logs {enable | disable}
 set IPsec-error-logs {disable | enable}
 set FDS-update-logs {disable | enable}
 set PPP-errors-logs {disable | enable}
 set sslvpn-authentication-errors-logs {disable | enable}
 set antivirus logs {disable | enable}
 set webfilter-logs {disable | enable}
 set configuration-changes-logs {disable | enable}
 set violation-traffic-logs {disable | enable}
 set admin-login-logs {disable | enable}
 set local-disk-usage-warning {disable | enable}
 set FDS-license-expiring-warning {disable | enable}
 set FDS-license-expiring-days <integer>
 set local-disk-usage <integer>
 set fortiguard-log-quota-warning
end
  


Przykład : - <interval> pozostał domyślny

 

config alertemail setting
 set username
 This email address is being protected from spambots. You need JavaScript enabled to view it. This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 
 set mail1
 This email address is being protected from spambots. You need JavaScript enabled to view it. This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 
 set mail2
 This email address is being protected from spambots. You need JavaScript enabled to view it. This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 
 set mail3
 This email address is being protected from spambots. You need JavaScript enabled to view it. This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 
 set filter-mode category
 set IPS-logs enable
 set firewall-authentication-failure-logs enable
 set IPsec-error-logs enable
 set sslvpn-authentication-errors-logs enable
 set antivirus logs enable
 set configuration-changes-logs enable
 set admin-login-logs enable
 set local-disk-usage-warning enable
 set fortiguard-log-quota-warning
end
  


Sprawdzamy wprowadzone ustawienia


get alertemail config 
 

Fortinet

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Fortinet Online Demos

Fortinet FortianalyzerFORTIANALYZER - The FortiAnalyzer family of real-time network logging, analyzing, and reporting systems is a series of dedicated hardware solutions that securely aggregate and analyze log data from FortiGate security appliances.

https://www.fortianalyzer.com

Your Login name is: demo
Your password is: fortianalyzer


FORTIMANAGER - The FortiManager System is an integrated management and monitoring tool that enables enterprises and service providers to easily manage large numbers of FortiGate Antivirus Firewalls.

https://www.fortimanager.com

Your Login name is: demo
Your password is: fortimanager


Fortinet FortigateFORTIGATE - The FortiGate series of multi-threat security systems detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance.

https://www.fortigate.com

Your Login name is: demo
Your password is: fortigate


Fortinet FortimailFORTIMAIL - Fortinet's FortiMail Secure Messaging Platform provides optimum configuration flexibility with enterprise-class antispam and antivirus features to secure mission critical email applications.

http://www.fortinet.com/FortiMaildemo

(No login ID or password needed.)

Search