Fortigate: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
| Line 86: | Line 86: | ||
</pre> | </pre> | ||
=== turn off paging === | |||
<pre> | |||
config system console | |||
set output more | |||
end | |||
</pre> | |||
=== Expect Script to grab a config === | |||
./get_foritgate_config.expect | |||
<pre> | |||
#!/usr/bin/expect | |||
set timeout 60 | |||
set device [lindex $argv 0] | |||
set user [lindex $argv 1] | |||
set password [lindex $argv 2] | |||
spawn ssh "$user@$device" | |||
expect "*password: " | |||
send "$password\n" | |||
expect "* #" | |||
send "show full-configuration\n" | |||
expect "$device #" | |||
send "exit\n" | |||
</pre> | |||
use it like this: | |||
./get_foritgate_config.expect mit-hwfw-01 admin XXX > my.cfg | |||
Note: the host's hostname must match the name you used to connect to it. | |||
== Monitoring == | == Monitoring == | ||
Revision as of 14:45, 16 March 2015
some quick ref command i ncluding debugging packet flow. http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Install_advanced/cb_appendix_diags.html
HE ipv6 tunnel with foritgate https://www.sixxs.net/wiki/Fortigate
http://docs.fortinet.com/uploaded/files/1587/fortigate-ipv6.pdf
Supplementary Recipes http://docs-legacy.fortinet.com/supplement.html
Fortigate ipv6 http://docs.fortinet.com/uploaded/files/1587/fortigate-ipv6.pdf
Troubleshooting / Diag
what process?
diag sys top
Is IPS your problem?
# diag test application ipsmonitor IPS Engine Test Usage: (Values for > 1: Display IPS engine information 2: Toggle IPS engine enable/disable status 3: Display restart log 4: Clear restart log 5: Toggle bypass status 6: Submit attack characteristics now 97: Start all IPS engines 98: Stop all IPS engines 99: Restart all IPS engines and monitor
clear a session
http://alstechcorner.blogspot.ca/2013/05/howto-clear-session-on-fortigate.html
working with netscan
netscan Use this command to start and stop the network vulnerability scanner and perform related functions. Syntax execute netscan import execute netscan list execute netscan start scan execute netscan status execute netscan stop Variable Description import Import hosts discovered on the last asset discovery scan. list List the hosts discovered on the last asset discover scan. start scan Start configured vulnerability scan. status Display the status of the current network vulnerability scan. stop Stop the current network vulnerability scan.
Syslog setup
(v5.0,build0271 (GA Patch 6))
# config log syslogd setting<enter>
# show
config log syslogd setting
set status enable
set server "192.169.1.135"
set source-ip 192.168.1.99
end
# set server "192.169.1.98"
# end
turn off paging
config system console set output more end
Expect Script to grab a config
./get_foritgate_config.expect
#!/usr/bin/expect set timeout 60 set device [lindex $argv 0] set user [lindex $argv 1] set password [lindex $argv 2] spawn ssh "$user@$device" expect "*password: " send "$password\n" expect "* #" send "show full-configuration\n" expect "$device #" send "exit\n"
use it like this:
./get_foritgate_config.expect mit-hwfw-01 admin XXX > my.cfg
Note: the host's hostname must match the name you used to connect to it.
Monitoring
SNMP
MIBS:
/usr/share/snmp/mibs/FORTINET-CORE-MIB.mib /usr/share/snmp/mibs/FORTINET-FORTIGATE-MIB.mib
Examples:
snmpwalk -v 2c -c mystring 192.168.1.99 .1.3.6.1.4.1.12356
oid of note:
FORTINET-CORE-MIB::fortinet.101.4.1.1.0 ( .1.3.6.1.4.1.12356.101.4.1.5.0 ) http://www.oidview.com/mibs/12356/FORTINET-FORTIGATE-MIB.html
