Sunday, January 19, 2025
HomeKiến thức NetworkFortigate
Fortigate

Lệnh Fortigate hay quên

Hà Đăng Hoàng
By Hà Đăng Hoàng

-

1593
0

1. List toàn bộ thông tin ip address trên interface

$ diagnose ip address list
IP=103.138.89.226->103.138.89.226/255.255.255.128 index=7 devname=wan1
IP=103.138.88.226->103.138.88.226/255.255.255.128 index=8 devname=wan2

2. Đặt IP cho 1 interface

config system interface
  edit wan1
    set mode static
    set ip 103.138.88.227 255.255.255.128
    set allowaccess https ssh ping
    end

3. Static route

config router static
  edit 1
    set gateway 103.138.88.129
    set device wan1
    end

4. Show static route

$ get router info routing-table static

Routing table for VRF=0
S*      0.0.0.0/0 [10/0] via 103.138.88.129, wan1

5. Show HA Status

$ get system ha status
HA Health Status: OK
Model: FortiGate-100E
Mode: HA A-P
Group: 0
Debug: 0
Cluster Uptime: 85 days 0:29:13
Cluster state change time: 2022-11-02 00:00:43
Master selected using:
    <2022/11/02 00:00:43> FG100ETK20024860 is selected as the master because it has the largest value of uptime.
    <2022/11/02 00:00:05> FG100ETK20024685 is selected as the master because it's the only member in the cluster.
ses_pickup: disable
override: disable
Configuration Status:
    FG100ETK20024685(updated 0 seconds ago): out-of-sync
    FG100ETK20024860(updated 4 seconds ago): in-sync
System Usage stats:
    FG100ETK20024685(updated 0 seconds ago):
        sessions=15, average-cpu-user/nice/system/idle=0%/0%/0%/99%, memory=23%
    FG100ETK20024860(updated 4 seconds ago):
        sessions=443, average-cpu-user/nice/system/idle=3%/0%/0%/96%, memory=24%
HBDEV stats:
    FG100ETK20024685(updated 0 seconds ago):
        ha1: physical/1000auto, up, rx-bytes/packets/dropped/errors=790558/2798/0/0, tx=841849/2705/0/0
        ha2: physical/1000auto, up, rx-bytes/packets/dropped/errors=384298/815/0/0, tx=387126/815/0/0
    FG100ETK20024860(updated 4 seconds ago):
        ha1: physical/1000auto, up, rx-bytes/packets/dropped/errors=11333555/28868/0/0, tx=11033095/28344/0/0
        ha2: physical/1000auto, up, rx-bytes/packets/dropped/errors=9321392/20001/0/0, tx=9377131/20062/0/0
Slave : Forti-VT-02     , FG100ETK20024685, HA cluster index = 1
Master: Forti-VT-01     , FG100ETK20024860, HA cluster index = 0
number of vcluster: 1
vcluster 1: standby 169.254.0.1
Slave : FG100ETK20024685, HA operating index = 1
Master: FG100ETK20024860, HA operating index = 0

6. Khởi động lại thiết bị

$ execute reboot
This operation will reboot the system !
Do you want to continue? (y/n)

7. How to configure management IP in transparent mode

config system settings
  set manageip 10.1.1.100/255.255.255.0
  set gateway 10.1.1.254
end

8. HA Config

config system admin
  edit admin
  set password 'password'
end

config system global
  set hostname Firewall-01
end

config system ha
  set group-id 1
  set group-name "Firewall-Group-Name"
  set mode a-p
  set password 'h8HCx9Nuzfa1QKt'
  set hbdev "a" 40 "b" 50
  set priority 250
end

9. Remove fortilink

config system ntp
  set ntpsync disable
end

config system dhcp server
  delete 1
  delete 2
end

config system interface
  delete fortilink
end

10. FortiGate Change Management Port via CLI

config system global
  set admin-sport 8433
end

11. Execute ha manage

Dùng lệnh get system ha status bạn nhận được thông tin HA, hãy nhìn xuống dưới cùng và bạn thấy thông tin kiểu như dưới, với index chính là device_id.

Master: FG100ETK20012340, HA operating index = 0
Slave : FG100ETK20056785, HA operating index = 1

Sử dụng lệnh execute ha manage <device_id> <username> để chuyển sang thiết bị có ID tương ứng. Ví dụ như dưới, khi được hỏi mật khẩu, bạn hãy nhập mật khẩu theo username tương ứng nhé.

$ execute ha manage 1 admin
Warning: Permanently added '169.254.0.2' (ED25519) to the list of known hosts.
admin@169.254.0.2's password:

12. Lấy thông tin thiết bị

$ get system status
Version: FortiGate-100E v6.2.3,build1066,191218 (GA)
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 6.00741(2015-12-01 02:30)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
Serial-Number: FG100ETK14524860
IPS Malicious URL Database: 3.00227(2021-12-25 17:42)
Botnet DB: 1.00000(2012-05-28 22:51)
BIOS version: 05000008
System Part-Number: P18827-04
Log hard disk: Not available
Hostname: Forti-VT-01
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: a-p, master
Cluster uptime: 90 days, 18 hours, 31 minutes, 10 seconds
Cluster state change time: 2022-11-06 16:14:38
Branch point: 1066
Release Version Information: GA
System time: Tue Nov  8 08:05:24 2022

13. Hiển thị firewall policy.

$ get firewall policy
== [ 1 ]
policyid: 1
== [ 2 ]
policyid: 2

14. Cài đặt 1 firewall policy.

config firewall policy
  edit 1
    set srcaddr all
    set dstaddr all
    end
Previous article
Giám sát Docker với Grafana, Prometheus, cAdvisor và Node Exporter
Next article
Cách tạo 1 image Docker TFTP đơn giản
Hà Đăng Hoàng
Hà Đăng Hoànghttps://wiki.hoanghd.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

4,956FansLike
256FollowersFollow
223SubscribersSubscribe
spot_img

LATEST POSTS

Related Stories

Load more

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

LIÊN KẾT

Bạn có thể quét mã QR bên để gia nhập với nhóm của chúng tôi, nhóm dành cho các bạn muốn tìm hiểu các giải pháp CNTT. Tại đây bạn có thể tự do trao đổi kiến thức thoải mái và miễn phí.

Liên kết với tôi https://zalo.me/g/fmitpl996

© Chào mừng đến với wiki của Hoàng