Czyszczenie DHCP FortiGate
Aby wyczyścić wszystkie adresy DHCP na FortiGate należy wykonać poniższą komendę:
FGT# execute dhcp lease-clear
Fortigate
Fortigate execute factoryreset - from the CLI or Via System status reset Configure the FortiGate internal interface. show sh system interface diagnose hardware deviceinfo nic get system status sh firewall policy 6 sh router policy diagnose system session list diagnose system session clear diagnose ip arp list get router info routing-table all diagnose system top diagnose system kill 9 <id> diag test auth ldap <server_name> <username> <password> Ldap test query from the Forti to the AD
Kill the specific PID
Show System Processes running with PIDs
Equivalent to ‘show ip route’
Shows the arp table of connected hosts
Clears all xlate/translations
Show the excisting translations
Show Policy Routing rules
show firewall rule numer 6
Equivalent to show interface
show version information
Equivalent to show run interface
config system interface
edit internal
Show global or vdom config
Fortinet-triki
fortigate
01FG
DHCP: Przydzielamy IP w zależności od MAC-adresów
reserved address named client_1 consisting of IP address 192.168.110.3 and MAC address 00:09:0F:0A:01:BC for a regular ethernet connection.
config system dhcp reserved-address
edit client_1
set ip 192.168.110.3
set mac 00:09:0F:0A:01:BC
set type regular
end
Firewall: przepuszczamy IP w zależności od MAC-adresów
Usunięcie niepotrzebnego przypisania do IP MAC w fortigate:
config system dhcp reserved-address
Można to zrobić na kilka sposobów poleceniem edit, purge, delete
edit - edytuje obecny wpis
purge czyści wszystkie wpisy w tabeli
delete - kasuje wybrany wpis
będąc w menu reserved-addresss wpisujemy
(reserved-address)# delete jszreiber
po tej komendzie wpis zostaje usunięty
Konfiguracja Interfejsu
config system interface
edit internal
set ipmac enable
This example shows how to enable IP/MAC binding going to and going through the firewall, and block undefined hosts (IP/MAC address pairs).
config firewall ipmacbinding setting
set bindthroughfw enable
set bindtofw enable
set undefinedhost block
end
This example shows how to add and enable an IP/MAC entry to the IP/MAC binding table.
config firewall ipmacbinding table
edit 1
set ip 172.16.44.55
set mac 00:10:F3:04:7A:4C
set name RemoteAdmin
set status enable
end
Sprawdzamy poprawność wpisów komenda SHOW
get system dhcp reserved-address
show system dhcp reserved-address client_1
show firewall ipmacbinding setting
get firewall ipmacbinding setting
Ustalamy sposoby dostępu do Konsoli
Ogólna konstrukcja polecenia
config system interface
edit <interface_name>
set allowaccess <access_types>
end
<interface> - wan1, wan2, internal
<access_types> - http, https, ssh, telnet, ping, snmp
Przykład
config system interface
edit wan1
set allowaccess http https ssh telnet
end
Sprawdzamy wprowadzone ustawienia dla danego interface
get system interface wan1
Wysłanie email
Ogólna konstrukcja polecenia
config alertemail setting
set username <user-name-str>
set mailto1 <email-address-str>
set mailto2 <email-address-str>
set mailto3 <email-address-str>
set filter-mode <category> <threshold>
set email-interval <minutes-integer>
set severity {alert | critical | debug | emergency | error |
information | notification | warning}
set emergency-interval <minutes-integer>
set alert-interval <minutes-integer>
set critical-interval <minutes-integer>
set error-interval <minutes-integer>
set warning-interval <minutes-integer>
set notification-interval <minutes-integer>
set information-interval <minutes-integer>
set debug-interval <minutes-integer>
set IPS-logs {disable | enable}
set firewall-authentication-failure-logs {disable | enable}
set HA-logs {enable | disable}
set IPsec-error-logs {disable | enable}
set FDS-update-logs {disable | enable}
set PPP-errors-logs {disable | enable}
set sslvpn-authentication-errors-logs {disable | enable}
set antivirus logs {disable | enable}
set webfilter-logs {disable | enable}
set configuration-changes-logs {disable | enable}
set violation-traffic-logs {disable | enable}
set admin-login-logs {disable | enable}
set local-disk-usage-warning {disable | enable}
set FDS-license-expiring-warning {disable | enable}
set FDS-license-expiring-days <integer>
set local-disk-usage <integer>
set fortiguard-log-quota-warning
end
Przykład : - <interval> pozostał domyślny
config alertemail setting
set username
Ten adres pocztowy jest chroniony przed spamowaniem. Aby go zobaczyć, konieczne jest włączenie w przeglądarce obsługi JavaScript. This e-mail address is being protected from spambots. You need JavaScript enabled to view it
set mail1
Ten adres pocztowy jest chroniony przed spamowaniem. Aby go zobaczyć, konieczne jest włączenie w przeglądarce obsługi JavaScript. This e-mail address is being protected from spambots. You need JavaScript enabled to view it
set mail2
Ten adres pocztowy jest chroniony przed spamowaniem. Aby go zobaczyć, konieczne jest włączenie w przeglądarce obsługi JavaScript. This e-mail address is being protected from spambots. You need JavaScript enabled to view it
set mail3
Ten adres pocztowy jest chroniony przed spamowaniem. Aby go zobaczyć, konieczne jest włączenie w przeglądarce obsługi JavaScript. This e-mail address is being protected from spambots. You need JavaScript enabled to view it
set filter-mode category
set IPS-logs enable
set firewall-authentication-failure-logs enable
set IPsec-error-logs enable
set sslvpn-authentication-errors-logs enable
set antivirus logs enable
set configuration-changes-logs enable
set admin-login-logs enable
set local-disk-usage-warning enable
set fortiguard-log-quota-warning
end
Sprawdzamy wprowadzone ustawienia
get alertemail config
Fortinet
Fortinet Online Demos |
FORTIANALYZER - The FortiAnalyzer family of real-time network logging, analyzing, and reporting systems is a series of dedicated hardware solutions that securely aggregate and analyze log data from FortiGate security appliances.
FORTIMANAGER - The FortiManager System is an integrated management and monitoring tool that enables enterprises and service providers to easily manage large numbers of FortiGate Antivirus Firewalls.
FORTIGATE - The FortiGate series of multi-threat security systems detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance.
FORTIMAIL - Fortinet's FortiMail Secure Messaging Platform provides optimum configuration flexibility with enterprise-class antispam and antivirus features to secure mission critical email applications.
|
Strona 2 z 2