Fortinet
From Cheatsheet
Jump to navigationJump to search
Links
- https://docs.fortinet.com/product/fortigate/6.4
- https://docs.fortinet.com/document/fortigate/6.4.7/administration-guide/954635/getting-started
- https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/830108/ping-options-ping6-options
CLI Configuration
Don't forget to enter the proper vDOM when applicable
DHCP server
edit 0 will cause the first available ID to be assigned to this range.
config system dhcp server
edit 0
set lease-time 86400
set default-gateway 192.168.20.1
set netmask 255.255.255.0
set interface "VDOM-LAN01"
config ip-range
edit 1
set start-ip 192.168.20.10
set end-ip 192.168.20.254
next
end
set dns-server1 192.168.20.2
set dns-server2 8.8.8.8
next
Checks
Common
# Ping IP 8.8.8.8 execute ping 8.8.8.8 # Ping from a specific interface IP execute ping-options source 10.0.25.1 # Ping for a certain amount of times execute ping-options repeat-count # Traceroute to IP 1.1.1.1 execute traceroute 1.1.1.1 # List all available interfaces diagnose netlink interface list # Show detailed interface statistics diagnose netlink interface list name <INTERFACE>
VPN
- https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/168495/ipsec-vpn-troubleshooting
- https://www.fortinetguru.com/2017/10/ipsec-phase-2-parameters/
- https://docs.fortinet.com/document/fortigate/6.2.11/cookbook/031670/ikev2-ipsec-site-to-site-vpn-to-an-aws-vpn-gateway
# Show phase 1 configuration for a specific interface. show vpn ipsec phase1-interface <PHASE1NAME> # Ping for a certain amount show vpn ipsec phase2-interface <PHASE2NAME> # Show summary of VPN tunnel when within a vDom get vpn ipsec tunnel summary # Show detailed phase 1 information of a VPN. diagnose vpn ike gateway list name <Phase1name>
# Enable VPN phase-1 debug mode and display logs in the console diagnose vpn ike log filter name <phase1-name> diagnose debug app ike -1 diagnose debug enable # Disable debug mode diagnose debug disable
Syslog
# Test logging capability diag log test
