Fortigate: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
No edit summary |
|||
| Line 202: | Line 202: | ||
( .1.3.6.1.4.1.12356.101.4.1.5.0 ) | ( .1.3.6.1.4.1.12356.101.4.1.5.0 ) | ||
http://www.oidview.com/mibs/12356/FORTINET-FORTIGATE-MIB.html | http://www.oidview.com/mibs/12356/FORTINET-FORTIGATE-MIB.html | ||
== My devices == | |||
I have a 60C, Tuxedo.quadratic.net and I have a 60D deluxe.quadratic.net | |||
here is deluxe: | |||
<pre> | |||
Deluxe # diagnose hardware deviceinfo disk | |||
Disk Internal-0(boot) ref: 3.8GB type: USB [FORTINET S01_V140320_004] dev: /dev/sda | |||
partition ref: 251.0MB, 223.0MB free mounted: N label: dev: /dev/sda1(boot) | |||
partition ref: 247.0MB, 215.0MB free mounted: Y label: dev: /dev/sda2(boot) | |||
partition ref: 3.2GB, 3.1GB free mounted: Y label: dev: /dev/sda3 | |||
Disk Internal ref: 16 7.5GB type: USB [FORTINET S01_V140320_008] dev: /dev/sdb | |||
partition ref: 17 7.4GB, 7.4GB free mounted: N label: 3CD780673389B3D2 dev: /dev/sdb1 | |||
Total available disks: 2 | |||
Max SSD disks: 0 Available storage disks: 1 | |||
Deluxe # | |||
</pre> | |||
Revision as of 21:29, 28 November 2015
some quick ref command i ncluding debugging packet flow. http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Install_advanced/cb_appendix_diags.html
HE ipv6 tunnel with foritgate https://www.sixxs.net/wiki/Fortigate
http://docs.fortinet.com/uploaded/files/1587/fortigate-ipv6.pdf
Supplementary Recipes http://docs-legacy.fortinet.com/supplement.html
Fortigate ipv6 http://docs.fortinet.com/uploaded/files/1587/fortigate-ipv6.pdf
Loading FortiGate firmware image using TFTP
Troubleshooting / Diag
what process?
diag sys top
Is IPS your problem?
# diag test application ipsmonitor IPS Engine Test Usage: (Values for > 1: Display IPS engine information 2: Toggle IPS engine enable/disable status 3: Display restart log 4: Clear restart log 5: Toggle bypass status 6: Submit attack characteristics now 97: Start all IPS engines 98: Stop all IPS engines 99: Restart all IPS engines and monitor
clear a session
http://alstechcorner.blogspot.ca/2013/05/howto-clear-session-on-fortigate.html
working with netscan
netscan Use this command to start and stop the network vulnerability scanner and perform related functions. Syntax execute netscan import execute netscan list execute netscan start scan execute netscan status execute netscan stop Variable Description import Import hosts discovered on the last asset discovery scan. list List the hosts discovered on the last asset discover scan. start scan Start configured vulnerability scan. status Display the status of the current network vulnerability scan. stop Stop the current network vulnerability scan.
Syslog setup
(v5.0,build0271 (GA Patch 6))
# config log syslogd setting<enter>
# show
config log syslogd setting
set status enable
set server "192.169.1.135"
set source-ip 192.168.1.99
end
# set server "192.169.1.98"
# end
turn off paging
config system console set output more end
Expect Script to grab a config
./get_foritgate_config.expect
#!/usr/bin/expect set timeout 60 set device [lindex $argv 0] set user [lindex $argv 1] set password [lindex $argv 2] spawn ssh "$user@$device" expect "*password: " send "$password\n" expect "* #" send "show full-configuration\n" expect "$device #" send "exit\n"
use it like this:
./get_foritgate_config.expect mit-hwfw-01 admin XXX > my.cfg
Note: the host's hostname must match the name you used to connect to it.
working with local storage
tuxedo # diagnose hardware deviceinfo disk Device S0 7.5 GB ref: 0 FORTINET FGT60C (Unknown) [FLASH] partition 1 39.1 MB ref: n/a label: [ dev: /dev/sda1 major: 8 minor: 1 free: 11MB mounted: Y ] partition 2 39.1 MB ref: n/a label: [ dev: /dev/sda2 major: 8 minor: 2 free: 11MB mounted: N ] partition 3 39.1 MB ref: n/a label: [ dev: /dev/sda3 major: 8 minor: 3 free: 10MB mounted: Y ] partition 4 7.2 GB ref: 4 label: 34847B710E010EB9 [ dev: /dev/sda4 major: 8 minor: 4 free: 5414MB mounted: Y ] Total available disks: 1 tuxedo #
---
tuxedo # config log memory setting tuxedo (setting) # get diskfull : overwrite status : enable tuxedo (setting) # end tuxedo # config log disk setting tuxedo (setting) # get status : disable max-policy-packet-capture-size: 10 log-quota : 0 dlp-archive-quota : 0 maximum-log-age : 0 full-first-warning-threshold: 75 full-second-warning-threshold: 90 full-final-warning-threshold: 95 tuxedo (setting) # end tuxedo # config log fortiguard setting tuxedo (setting) # get status : disable source-ip : 0.0.0.0 tuxedo (setting) # end tuxedo #
Monitoring
PING
Suppose that you want to ping an interface.
1. go to netowrk -> interfaces -> the interface , for example wan1 "Administrative Access" check PING.
2. go to "admin" -> "Adminitrators", and add you allowed source ip for ping to the admin user's allowed hosts.
SNMP
MIBS:
/usr/share/snmp/mibs/FORTINET-CORE-MIB.mib /usr/share/snmp/mibs/FORTINET-FORTIGATE-MIB.mib
Examples:
snmpwalk -v 2c -c mystring 192.168.1.99 .1.3.6.1.4.1.12356
oid of note:
FORTINET-CORE-MIB::fortinet.101.4.1.1.0 ( .1.3.6.1.4.1.12356.101.4.1.5.0 ) http://www.oidview.com/mibs/12356/FORTINET-FORTIGATE-MIB.html
My devices
I have a 60C, Tuxedo.quadratic.net and I have a 60D deluxe.quadratic.net
here is deluxe:
Deluxe # diagnose hardware deviceinfo disk Disk Internal-0(boot) ref: 3.8GB type: USB [FORTINET S01_V140320_004] dev: /dev/sda partition ref: 251.0MB, 223.0MB free mounted: N label: dev: /dev/sda1(boot) partition ref: 247.0MB, 215.0MB free mounted: Y label: dev: /dev/sda2(boot) partition ref: 3.2GB, 3.1GB free mounted: Y label: dev: /dev/sda3 Disk Internal ref: 16 7.5GB type: USB [FORTINET S01_V140320_008] dev: /dev/sdb partition ref: 17 7.4GB, 7.4GB free mounted: N label: 3CD780673389B3D2 dev: /dev/sdb1 Total available disks: 2 Max SSD disks: 0 Available storage disks: 1 Deluxe #
