INFORMATICS

The Best

Przełącznik języka

Tools

This Site

Mining

Security

CMS

Hardware

Backup

Windows Server

Databases

Emulators

Powershell

Storage Array

Active Directory

SEO

MSSQL

FORTINET

Antivirus program

Linux

Licznik

3.png0.png4.png1.png5.png7.png8.png
Today475
Yesterday1207
This week6460
This month16479
Total3041578

Visitor Info

  • IP: 3.21.46.68
  • Browser: Unknown
  • Browser Version:
  • Operating System: Unknown

Who Is Online

5
Online
22.11.2024 08:14

Fortinet-triki

Рейтинг:  5 / 5

Звезда активнаЗвезда активнаЗвезда активнаЗвезда активнаЗвезда активна
 

fortigate
01FG        

DHCP: Przydzielamy IP w zależności od MAC-adresów

reserved address named client_1 consisting of IP address 192.168.110.3 and MAC address 00:09:0F:0A:01:BC for a regular ethernet connection.


config system dhcp reserved-address
 edit client_1
  set ip 192.168.110.3
  set mac 00:09:0F:0A:01:BC
  set type regular
end
  

fortinet mac rezerwacja


Firewall: przepuszczamy IP w zależności od MAC-adresów

 

Usunięcie niepotrzebnego przypisania do IP MAC w fortigate:

config system dhcp reserved-address

Można to zrobić na kilka sposobów poleceniem edit, purge, delete

edit - edytuje obecny wpis

purge czyści wszystkie wpisy w tabeli

delete - kasuje wybrany wpis

będąc w menu reserved-addresss wpisujemy

(reserved-address)# delete jszreiber

po tej komendzie wpis zostaje usunięty

 

Konfiguracja Interfejsu


config system interface
  edit internal
    set ipmac enable
  


This example shows how to enable IP/MAC binding going to and going through the firewall, and block undefined hosts (IP/MAC address pairs).


config firewall ipmacbinding setting
 set bindthroughfw enable
 set bindtofw enable
 set undefinedhost block
end
 


This example shows how to add and enable an IP/MAC entry to the IP/MAC binding table.


config firewall ipmacbinding table
 edit 1
  set ip 172.16.44.55
  set mac 00:10:F3:04:7A:4C
  set name RemoteAdmin
  set status enable
end
 


Sprawdzamy poprawność wpisów komenda SHOW


get system dhcp reserved-address

show system dhcp reserved-address client_1

show firewall ipmacbinding setting

get firewall ipmacbinding setting
 
 

 
Ustalamy sposoby dostępu do Konsoli

 

Ogólna konstrukcja polecenia


config system interface
  edit <interface_name>
  set allowaccess <access_types>
end
  

<interface> - wan1, wan2, internal

<access_types> - http, https, ssh, telnet, ping, snmp

Przykład


config system interface
  edit wan1
  set allowaccess http https ssh telnet
end
  


Sprawdzamy wprowadzone ustawienia dla danego interface


get system interface wan1
 
 


Wysłanie email

 

Ogólna konstrukcja polecenia


config alertemail setting
 set username <user-name-str>
 set mailto1 <email-address-str>
 set mailto2 <email-address-str>
 set mailto3 <email-address-str>
 set filter-mode <category> <threshold>
 set email-interval <minutes-integer>
 set severity {alert | critical | debug | emergency | error |
     information | notification | warning}
 set emergency-interval <minutes-integer>
 set alert-interval <minutes-integer>
 set critical-interval <minutes-integer>
 set error-interval <minutes-integer>
 set warning-interval <minutes-integer>
 set notification-interval <minutes-integer>
 set information-interval <minutes-integer>
 set debug-interval <minutes-integer>
 set IPS-logs {disable | enable}
 set firewall-authentication-failure-logs {disable | enable}
 set HA-logs {enable | disable}
 set IPsec-error-logs {disable | enable}
 set FDS-update-logs {disable | enable}
 set PPP-errors-logs {disable | enable}
 set sslvpn-authentication-errors-logs {disable | enable}
 set antivirus logs {disable | enable}
 set webfilter-logs {disable | enable}
 set configuration-changes-logs {disable | enable}
 set violation-traffic-logs {disable | enable}
 set admin-login-logs {disable | enable}
 set local-disk-usage-warning {disable | enable}
 set FDS-license-expiring-warning {disable | enable}
 set FDS-license-expiring-days <integer>
 set local-disk-usage <integer>
 set fortiguard-log-quota-warning
end
  


Przykład : - <interval> pozostał domyślny

 

config alertemail setting
 set username
 Этот адрес электронной почты защищён от спам-ботов. У вас должен быть включен JavaScript для просмотра. This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 
 set mail1
 Этот адрес электронной почты защищён от спам-ботов. У вас должен быть включен JavaScript для просмотра. This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 
 set mail2
 Этот адрес электронной почты защищён от спам-ботов. У вас должен быть включен JavaScript для просмотра. This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 
 set mail3
 Этот адрес электронной почты защищён от спам-ботов. У вас должен быть включен JavaScript для просмотра. This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 
 set filter-mode category
 set IPS-logs enable
 set firewall-authentication-failure-logs enable
 set IPsec-error-logs enable
 set sslvpn-authentication-errors-logs enable
 set antivirus logs enable
 set configuration-changes-logs enable
 set admin-login-logs enable
 set local-disk-usage-warning enable
 set fortiguard-log-quota-warning
end
  


Sprawdzamy wprowadzone ustawienia


get alertemail config 
 

Search