Lompat ke konten Lompat ke sidebar Lompat ke footer
Beranda / Fortigate | CLI Command & Verification Part-1

Fortigate | CLI Command & Verification Part-1

Oleh Hasugian Posting Komentar








 




Basic CLI Configuration Commands:

Configure Hostname
config system global
set hostname FG-FW
end

Configure Interface
config system interface
edit port2
set allowaccess ping
set ip 192.168.1.100/24
set alias LAN

Configure DNS
config system dns
set primary 8.8.8.8
set secondary 1.1.1.1
end

Configure Route
config router static
edit 1
set dst 0.0.0.0/0
set gateway 192.168.114.2
set distance 10
set device port1
end

Configure Packet Capture
config firewall policy
edit 1
set capture-packet enable
end

Config firewall Object Address (LAN)
config firewall address
edit 10.0.1.0/24-LAN
set subnet 10.0.1.0/24
next
end

Config firewall Object Address (DMZ)
edit 10.0.2.0/24-DMZ
set subnet 10.0.2.0/24
next
end

Configure Firewall Policy
config firewall policy
edit 0
set name LAN-to-Internet
set srcintf port2
set dstintf port1
set srcaddr 10.0.1.0/24-LAN
set dstaddr all
set schedule always
set service ALL_ICMP HTTP HTTPS DNS NTP
set action accept
set nat enable
end
-------------------------------------------
diagnose sniffer packet any 'src  10.20.45.143 and host 172.16.220.46'
diagnose sniffer packet any 'src  10.20.45.143'
diagnose sniffer packet any 'src  10.20.45.143' | grep 443

Verifikasi List























Packet Sniffing:
diagnose sniffer packet port2
diagnose sniffer packet port2 ' host 192.168.1.1 '
diagnose sniffer packet port2 ' host 192.168.1.1 and host 8.8.8.8 '
diagnose sniffer packet port2 ' host 192.168.1.1 and port 80 '
diagnose sniffer packet any ' host 192.168.1.1 '
diagnose sniffer packet any ' host 192.168.1.1 or host 8.8.8.8 '
diagnose sniffer packet any ' host 192.168.1.1 or host 8.8.8.8 ' 4 10
diagnose sniffer packet any ' host 192.168.1.1 or host 8.8.8.8 ' 4 0 a
diagnose sniffer packet any ' src 192.168.1.1 '
diagnose debug disable
diagnose debug reset
diagnose debug flow filter addr 192.168.1.1
Diagnose debug flow filter port 80
Diagnose System
diagnose sys session filter clear
diagnose sys session filter proto 1
diagnoase sys session clear
diag sys session filter src 10.0.1.1
diag sys session list
diag sys session filter dst 10.0.1.1
diag sys session list

Diagnose debug
diagnose debug flow filter clear
diagnose debug flow filter proto 1
diagnose debug flow filter addr 8.8.8.8
diagnose debub enable
diagnose debug flow trace start 3

CPU dan Memory Utilization
get system performance status
diagnose sys top 1










Commands  Description 
get sys status  Check the system status 
get system performance status  Check the hardware performance 
get system performance top  Check the hardware performance 
get hardware memory  Displays information about memory 
diag sys session full-stat  Check the session table of the firewall 
diag sys session list  Check the session table of the firewall 
get system session status  Displays total number of sessions 
get system interface physical  Check the interface settings 
diagnose hardware deviceinfo nic internal  Check the interface settings 
get system arp  Check the ARP Table 
execute clear system arp table  Clear ARP Table Entries 
get router info routing-table all  Check the Routing Table 
get router info routing-table details 192.168.2.0  Check the matching route 
diag vpn tunnel up phase2-name phase1-name  Change the tunnel state 
diag vpn tunnel down phase2-name phase1-name 
diagnose vpn tunnel list name myphase1  Check the tunnel state 
diag vpn tunnel dumpsa 
diagnose vpn tunnel stat  Check the tunnel state 
diagnose vpn ipsec status  Check packet counters for the tunnel 
diag vpn tunnel list   
diagnose sniffer packet  Tshoot Diagnose Commands 
diagnose sniffer packet any 
diagnose sniffer packet any none 
show full-configuration  Check Full Commands List 
execute reboot  Reboot FortiGate Firewall 
get router info routing-table all  Display Routing Table details 
diagnose firewall proute list 
execute ping  Send Ping packets 
show system dns  Displays configured DNS servers 






=================================================
Cara Menampilkan IP ARP forti
$ diagnose ip arp list | grep port25
$ get system arp | grep 10.20.44.
$ get system arp
===============================
get system performance status | grep Memory
get system performance status | grep Uptime
get hardware memory
 
CEK SERIAL NUMBER FORTI
ortiGate-40F (global) $ get system interface transceiver port21 
 



















 











Posting Komentar untuk "Fortigate | CLI Command & Verification Part-1"

Posting Komentar