Fortigate: Difference between revisions
Line 122: | Line 122: | ||
Note: the host's hostname must match the name you used to connect to it. | Note: the host's hostname must match the name you used to connect to it. | ||
== working with local storage == | |||
<pre> | |||
tuxedo # diagnose hardware deviceinfo disk | |||
Device S0 7.5 GB ref: 0 FORTINET FGT60C (Unknown) [FLASH] | |||
partition 1 39.1 MB ref: n/a label: | |||
[ dev: /dev/sda1 major: 8 minor: 1 free: 11MB mounted: Y ] | |||
partition 2 39.1 MB ref: n/a label: | |||
[ dev: /dev/sda2 major: 8 minor: 2 free: 11MB mounted: N ] | |||
partition 3 39.1 MB ref: n/a label: | |||
[ dev: /dev/sda3 major: 8 minor: 3 free: 10MB mounted: Y ] | |||
partition 4 7.2 GB ref: 4 label: 34847B710E010EB9 | |||
[ dev: /dev/sda4 major: 8 minor: 4 free: 5414MB mounted: Y ] | |||
Total available disks: 1 | |||
tuxedo # | |||
</pre> | |||
== Monitoring == | == Monitoring == |
Revision as of 16:50, 15 September 2015
some quick ref command i ncluding debugging packet flow. http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Install_advanced/cb_appendix_diags.html
HE ipv6 tunnel with foritgate https://www.sixxs.net/wiki/Fortigate
http://docs.fortinet.com/uploaded/files/1587/fortigate-ipv6.pdf
Supplementary Recipes http://docs-legacy.fortinet.com/supplement.html
Fortigate ipv6 http://docs.fortinet.com/uploaded/files/1587/fortigate-ipv6.pdf
Troubleshooting / Diag
what process?
diag sys top
Is IPS your problem?
# diag test application ipsmonitor IPS Engine Test Usage: (Values for > 1: Display IPS engine information 2: Toggle IPS engine enable/disable status 3: Display restart log 4: Clear restart log 5: Toggle bypass status 6: Submit attack characteristics now 97: Start all IPS engines 98: Stop all IPS engines 99: Restart all IPS engines and monitor
clear a session
http://alstechcorner.blogspot.ca/2013/05/howto-clear-session-on-fortigate.html
working with netscan
netscan Use this command to start and stop the network vulnerability scanner and perform related functions. Syntax execute netscan import execute netscan list execute netscan start scan execute netscan status execute netscan stop Variable Description import Import hosts discovered on the last asset discovery scan. list List the hosts discovered on the last asset discover scan. start scan Start configured vulnerability scan. status Display the status of the current network vulnerability scan. stop Stop the current network vulnerability scan.
Syslog setup
(v5.0,build0271 (GA Patch 6))
# config log syslogd setting<enter> # show config log syslogd setting set status enable set server "192.169.1.135" set source-ip 192.168.1.99 end # set server "192.169.1.98" # end
turn off paging
config system console set output more end
Expect Script to grab a config
./get_foritgate_config.expect
#!/usr/bin/expect set timeout 60 set device [lindex $argv 0] set user [lindex $argv 1] set password [lindex $argv 2] spawn ssh "$user@$device" expect "*password: " send "$password\n" expect "* #" send "show full-configuration\n" expect "$device #" send "exit\n"
use it like this:
./get_foritgate_config.expect mit-hwfw-01 admin XXX > my.cfg
Note: the host's hostname must match the name you used to connect to it.
working with local storage
tuxedo # diagnose hardware deviceinfo disk Device S0 7.5 GB ref: 0 FORTINET FGT60C (Unknown) [FLASH] partition 1 39.1 MB ref: n/a label: [ dev: /dev/sda1 major: 8 minor: 1 free: 11MB mounted: Y ] partition 2 39.1 MB ref: n/a label: [ dev: /dev/sda2 major: 8 minor: 2 free: 11MB mounted: N ] partition 3 39.1 MB ref: n/a label: [ dev: /dev/sda3 major: 8 minor: 3 free: 10MB mounted: Y ] partition 4 7.2 GB ref: 4 label: 34847B710E010EB9 [ dev: /dev/sda4 major: 8 minor: 4 free: 5414MB mounted: Y ] Total available disks: 1 tuxedo #
Monitoring
PING
Suppose that you want to ping an interface.
1. go to netowrk -> interfaces -> the interface , for example wan1 "Administrative Access" check PING.
2. go to "admin" -> "Adminitrators", and add you allowed source ip for ping to the admin user's allowed hosts.
SNMP
MIBS:
/usr/share/snmp/mibs/FORTINET-CORE-MIB.mib /usr/share/snmp/mibs/FORTINET-FORTIGATE-MIB.mib
Examples:
snmpwalk -v 2c -c mystring 192.168.1.99 .1.3.6.1.4.1.12356
oid of note:
FORTINET-CORE-MIB::fortinet.101.4.1.1.0 ( .1.3.6.1.4.1.12356.101.4.1.5.0 ) http://www.oidview.com/mibs/12356/FORTINET-FORTIGATE-MIB.html