Fortigate - CLI Command & Verification List Part-1

 

Basic CLI Configuration Commands:
Configure Hostname
config system global
set hostname FG-FW
end

Configure Interface
config system interface
edit port2
set allowaccess ping
set ip 192.168.1.100/24
set alias LAN

Configure DNS
config system dns
set primary 8.8.8.8
set secondary 1.1.1.1
end

Configure Route
config router static
edit 1
set dst 0.0.0.0/0
set gateway 192.168.114.2
set distance 10
set device port1
end

Configure Packet Capture
config firewall policy
edit 1
set capture-packet enable
end

Config firewall address (LAN)
config firewall address
edit 10.0.1.0/24-LAN
set subnet 10.0.1.0/24
next
end

Config firewall address (DMZ)
edit 10.0.2.0/24-DMZ
set subnet 10.0.2.0/24
next
end

Configure Firewall Policy
config firewall policy
edit 0
set name LAN-to-Internet
set srcintf port2
set dstintf port1
set srcaddr 10.0.1.0/24-LAN
set dstaddr all
set schedule always
set service ALL_ICMP HTTP HTTPS DNS NTP
set action accept
set nat enable
end

Verifikasi List

Packet Sniffing: diagnose sniffer packet port2 diagnose sniffer packet port2 ' host 192.168.1.1 ' diagnose sniffer packet port2 ' host 192.168.1.1 and host 8.8.8.8 ' diagnose sniffer packet port2 ' host 192.168.1.1 and port 80 ' diagnose sniffer packet any ' host 192.168.1.1 ' diagnose sniffer packet any ' host 192.168.1.1 or host 8.8.8.8 ' diagnose sniffer packet any ' host 192.168.1.1 or host 8.8.8.8 ' 4 10 diagnose sniffer packet any ' host 192.168.1.1 or host 8.8.8.8 ' 4 0 a diagnose sniffer packet any ' src 192.168.1.1 ' diagnose debug disable diagnose debug reset diagnose debug flow filter addr 192.168.1.1 Diagnose debug flow filter port 80 Diagnose System diagnose sys session filter clear diagnose sys session filter proto 1 diagnoase sys session clear diag sys session filter src 10.0.1.1 diag sys session list diag sys session filter dst 10.0.1.1 diag sys session list Diagnose debug diagnose debug flow filter clear diagnose debug flow filter proto 1 diagnose debug flow filter addr 8.8.8.8 diagnose debub enable diagnose debug flow trace start 3 CPU dan Memory Utilization get system performance status diagnose sys top 1
Commands  Description  get sys status  Check the system status  get system performance status  Check the hardware performance  get system performance top  Check the hardware performance  get hardware memory  Displays information about memory  diag sys session full-stat  Check the session table of the firewall  diag sys session list  Check the session table of the firewall  get system session status  Displays total number of sessions  get system interface physical  Check the interface settings  diagnose hardware deviceinfo nic internal  Check the interface settings  get system arp  Check the ARP Table  execute clear system arp table  Clear ARP Table Entries  get router info routing-table all  Check the Routing Table  get router info routing-table details 192.168.2.0  Check the matching route  diag vpn tunnel up phase2-name phase1-name  Change the tunnel state  diag vpn tunnel down phase2-name phase1-name  diagnose vpn tunnel list name myphase1  Check the tunnel state  diag vpn tunnel dumpsa  diagnose vpn tunnel stat  Check the tunnel state  diagnose vpn ipsec status  Check packet counters for the tunnel  diag vpn tunnel list    diagnose sniffer packet  Tshoot Diagnose Commands  diagnose sniffer packet any  diagnose sniffer packet any none  show full-configuration  Check Full Commands List  execute reboot  Reboot FortiGate Firewall  get router info routing-table all  Display Routing Table details  diagnose firewall proute list  execute ping  Send Ping packets  show system dns  Displays configured DNS servers

Berbagi :