Fortinet: Difference between revisions

From Cheatsheet
Jump to navigationJump to search
VisualWikitext
No edit summary
Line 30: Line 30:
== Checks ==
== Checks ==
=== Common ===
=== Common ===
<syntaxhighlight lang="bash">
<syntaxhighlight>
# Ping IP 8.8.8.8
# Ping IP 8.8.8.8
execute ping 8.8.8.8
execute ping 8.8.8.8

Revision as of 15:18, 31 July 2023


Links

CLI Configuration

DHCP server

edit 0 will cause the first available ID to be assigned to this range. 

config system dhcp server
    edit 0
        set lease-time 86400
        set default-gateway 192.168.20.1
        set netmask 255.255.255.0
        set interface "VDOM-LAN01"
        config ip-range
            edit 1
                set start-ip 192.168.20.10
                set end-ip 192.168.20.254
            next
        end
        set dns-server1 192.168.20.2
        set dns-server2 8.8.8.8
    next

Checks

Common

# Ping IP 8.8.8.8
execute ping 8.8.8.8

# Ping from a specific interface IP
execute ping-options source 10.0.25.1

# Ping for a certain amount of times
execute ping-options repeat-count

# Traceroute to IP 1.1.1.1
execute traceroute 1.1.1.1

# List all available interfaces
diagnose netlink interface list

# Show detailed interface statistics
diagnose netlink interface list name <INTERFACE>

VPN

# Show phase 1 configuration for a specific interface.
show vpn ipsec phase1-interface <PHASE1NAME>

# Ping for a certain amount
show vpn ipsec phase2-interface <PHASE2NAME>

# Show summary of VPN tunnel when within a vDom
get vpn ipsec tunnel summary

# Show detailed phase 1 information of a VPN.
diagnose vpn ike gateway list name <Phase1name>
# Enable VPN phase-1 debug mode and display logs in the console
diagnose vpn ike log filter name <phase1-name> 
diagnose debug app ike -1
diagnose debug enable

# Disable debug mode
diagnose debug disable

Syslog

# Test logging capability
diag log test
Retrieved from "https://wiki.brammerloo.nl/index.php?title=Fortinet&oldid=39"