Fortigate: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
Line 140: Line 140:
Total available disks: 1
Total available disks: 1


tuxedo #
</pre>
---
<pre>
tuxedo # config log memory setting
tuxedo (setting) # get
diskfull            : overwrite
status              : enable
tuxedo (setting) # end
tuxedo # config log disk setting
tuxedo (setting) # get
status              : disable
max-policy-packet-capture-size: 10
log-quota          : 0
dlp-archive-quota  : 0
maximum-log-age    : 0
full-first-warning-threshold: 75
full-second-warning-threshold: 90
full-final-warning-threshold: 95
tuxedo (setting) # end
tuxedo # config log fortiguard setting
tuxedo (setting) # get
status              : disable
source-ip          : 0.0.0.0
tuxedo (setting) # end
tuxedo #
tuxedo #
</pre>
</pre>

Revision as of 17:04, 15 September 2015

some quick ref command i ncluding debugging packet flow. http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Install_advanced/cb_appendix_diags.html

HE ipv6 tunnel with foritgate https://www.sixxs.net/wiki/Fortigate

http://docs.fortinet.com/uploaded/files/1587/fortigate-ipv6.pdf

Supplementary Recipes http://docs-legacy.fortinet.com/supplement.html

Fortigate ipv6 http://docs.fortinet.com/uploaded/files/1587/fortigate-ipv6.pdf

cacti + snmp + fortigate


Troubleshooting / Diag

what process? 

diag sys top

Is IPS your problem? 

# diag test application ipsmonitor 
 
IPS Engine Test Usage: (Values for >
1: Display IPS engine information
2: Toggle IPS engine enable/disable status
3: Display restart log
4: Clear restart log
5: Toggle bypass status
6: Submit attack characteristics now
97: Start all IPS engines
98: Stop all IPS engines
99: Restart all IPS engines and monitor

clear a session 

http://alstechcorner.blogspot.ca/2013/05/howto-clear-session-on-fortigate.html

working with netscan

 
netscan
Use this command to start and stop the network vulnerability scanner and perform related functions.
Syntax
execute netscan import
execute netscan list
execute netscan start scan
execute netscan status
execute netscan stop
 
Variable
Description
import
Import hosts discovered on the last asset discovery scan.
list
List the hosts discovered on the last asset discover scan.
start scan
Start configured vulnerability scan.
status
Display the status of the current network vulnerability scan.
stop
Stop the current network vulnerability scan.


Syslog setup

(v5.0,build0271 (GA Patch 6)) 

# config log syslogd setting<enter>
# show
config log syslogd setting
    set status enable
    set server "192.169.1.135"
    set source-ip 192.168.1.99
end
# set server  "192.169.1.98"
# end


turn off paging

config system console
set output more
end


Expect Script to grab a config

./get_foritgate_config.expect 

#!/usr/bin/expect

set timeout 60

set device   [lindex $argv 0]
set user     [lindex $argv 1]
set password [lindex $argv 2]

spawn ssh "$user@$device"
expect "*password: "
send "$password\n"
expect "* #"
send "show full-configuration\n"
expect "$device #"
send "exit\n"

use it like this: 

./get_foritgate_config.expect mit-hwfw-01 admin XXX > my.cfg

Note: the host's hostname must match the name you used to connect to it.

working with local storage

tuxedo # diagnose hardware deviceinfo disk

Device S0           7.5 GB      ref: 0          FORTINET FGT60C (Unknown) [FLASH]
  partition 1      39.1 MB      ref: n/a        label:
  [ dev: /dev/sda1  major: 8  minor: 1  free: 11MB  mounted: Y ]
  partition 2      39.1 MB      ref: n/a        label:
  [ dev: /dev/sda2  major: 8  minor: 2  free: 11MB  mounted: N ]
  partition 3      39.1 MB      ref: n/a        label:
  [ dev: /dev/sda3  major: 8  minor: 3  free: 10MB  mounted: Y ]
  partition 4       7.2 GB      ref: 4          label: 34847B710E010EB9
  [ dev: /dev/sda4  major: 8  minor: 4  free: 5414MB  mounted: Y ]

Total available disks: 1

tuxedo #

--- 

tuxedo # config log memory setting

tuxedo (setting) # get
diskfull            : overwrite
status              : enable

tuxedo (setting) # end
tuxedo # config log disk setting

tuxedo (setting) # get
status              : disable
max-policy-packet-capture-size: 10
log-quota           : 0
dlp-archive-quota   : 0
maximum-log-age     : 0
full-first-warning-threshold: 75
full-second-warning-threshold: 90
full-final-warning-threshold: 95

tuxedo (setting) # end
tuxedo # config log fortiguard setting

tuxedo (setting) # get
status              : disable
source-ip           : 0.0.0.0

tuxedo (setting) # end
tuxedo #

Monitoring

PING

Suppose that you want to ping an interface.

1. go to netowrk -> interfaces -> the interface , for example wan1 "Administrative Access" check PING.

2. go to "admin" -> "Adminitrators", and add you allowed source ip for ping to the admin user's allowed hosts.

SNMP

MIBS: 

/usr/share/snmp/mibs/FORTINET-CORE-MIB.mib
/usr/share/snmp/mibs/FORTINET-FORTIGATE-MIB.mib

Examples: 

snmpwalk -v 2c -c mystring 192.168.1.99 .1.3.6.1.4.1.12356

oid of note: 

FORTINET-CORE-MIB::fortinet.101.4.1.1.0
( .1.3.6.1.4.1.12356.101.4.1.5.0 )
http://www.oidview.com/mibs/12356/FORTINET-FORTIGATE-MIB.html
Retrieved from "https://wiki.quadratic.net/index.php?title=Fortigate&oldid=2586"