Perintah Dasar Config Fortigate CLI
1. Reset Factory default
FortiGate-VM64-KVM # execute factoryreset This operation will reset the system to factory default! Do you want to continue? (y/n)y System is resetting to factory default...
2. Set the IP address and netmask of the LAN interface
config system interface edit port1 set ip 192.168.100.159 255.255.255.0 set allowaccess ping https ssh end
3. Set the primary and optionally the secondary DNS server
config system dns set primary 65.39.139.52 set secondary 65.39.139.62 end
4. Set the default gateway
config system route edit <seq_num> set device <port> set gateway <gateway_ip> end where: <seq_num> is an unused routing sequence number starting from 1 to create a new route. <port> is the port used for this route. <gateway_ip> is the default gateway IP address for this network. Sample Command: config system route edit 1 set device port1 set gateway 172.30.62.254 end
Set a network protocol (NTP) server
config system ntp set server 172.30.62.81 set status enable end
Daftar isi
Check command
Configuration
check configuration | # show # show |grep xxxx # show full-configuration #show full-configuration | grep XXXX #show full-configuration | grep -f XXXX ← display with tree view |
Network
Check Routing | # get router info routing-table detail # show router static # config router static (static) # show (static) # end |
Check Firewall Policy | # show firewall policy # show firewall policy XXXX # config firewall policy (policy) # show |
Hardware
Check Hardware Information | # get hardware status |
check Version, BIOS, Firmware, etc | # get system status |
check version | # get system status |
Display CPU / memory / line usage | # get system performance status |
Display of NTP server | # get system ntp |
Display the current time and the time of synchronization with the NTP server | # execute time |
check interfaces status , Up or Down | # get system interface physical |
check interfaces | # config system interface (interface) # show (interface) # end |
Display of ARP table | # get system arp |
HA
Check HA Status | # get system ha status |
Check HA Configuration | # get system ha # show system ha |
NTP
Check NTP | # execute time # get system ntp # diagnose sys ntp status |
Set and change Examples
don’t use more | # config system console (console) # set output standard (console) # end |
Save Configuration & exit | (console) # end |
Don’t Save Configuration & exit | (console) # abort |
Object Operation
# config firewall address (address) # show <– check all address configuration(address) # show <– check all address configuration (address) # end(address) # end # config firewall address (address) # edit “test1″(address) # edit “test1” (address) # show <- check(address) # show <- check (address) # abort <- End and discard last config(address) # abort <- End and discard last config # config firewall address (address) # edit “test1″(address) # edit “test1” (address) # show <- check(address) # show <- check (address) # set subnet 192.168.0.5 255.255.255.0(address) # set subnet 192.168.0.5 255.255.255.0 (address) # show <- check(address) # show <- check (address) # end <- End and save last config.(address) # end <- End and save last config. config firewall address edit “test-server-10″”test-server-10” set associated-interface “vlan10″set associated-interface “vlan10” set subnet 192.168.0.5 255.255.255.0set subnet 192.168.0.5 255.255.255.0 endend
Policy Operation
#config firewall policy (policy)# show <- show all policy(policy)# show <- show all policy (policy)# end(policy)# end ## #config firewall policy (policy)# edit 555(policy)# edit 555 (policy)# show(policy)# show (policy)# abort <- End and discard last config(policy)# abort <- End and discard last config ## config firewall policy edit 555555 set name “test”set name “test” set srcintf “vlan10″set srcintf “vlan10” set dstintf “port 5″set dstintf “port 5” set srcadr “xxxx” “xxxx” “xxx”set srcadr “xxxx” “xxxx” “xxx” set action acceptset action accept set schedule “always”set schedule “always” set servie “HTTP” “ICMP_ANY”set servie “HTTP” “ICMP_ANY” end <- End and save last config.end <- End and save last config.
delete command
How to delete Policy
# config firwall policy # delete 1 # delete 1 # end# end
How to delete router
# config router static # delete 1# delete 1 # end# end
Frotigate Execute Commands
Help | # ? |
ping | # execute ping 192.168.0.1 |
traceroute | # execute traceroute 192.168.1.1 |
telnet | # execute telnet 192.168.0.10 # execute telnet 192.168.0.1 22 |
ssh | # execute ssh user@192.168.0.10 # execute ssh user@192.168.0.10 23 |
execute command like tcpdump | # diagnose sniffer packet port15 ← Interface Port15 # diagnose sniffer packet any ‘host xx.xx.xx.xx’ # diagnose sniffer packet port15 ‘host xx.xx.xx.xx’ # diagnose sniffer packet any ‘host xx.xx.xx.xx or host yy.yy.yy.yy’ # diagnose sniffer packet any ‘udp port 53 or tcp port 53’ # diagnose sniffer packet any ‘host xx.xx.xx.xx and tcp port 80’ |
shutdown | # execute shutdown |
clear arp table | # execute clear system arp table |
Backup Configuration
# exec backup config tftp conf/test-fw-01_20180913.conf 192.168.0.10
Displaying logs via CLI
Check log filter
# execute log filter dump category: traffic: traffic deice: memory: memory (snipp)(snipp) Filter:Filter: (snipp)(snipp)
set filter
# execute log filter device <- Check Option Example output (can be different if disk logging is available):Example output (can be different if disk logging is available): Available devices:Available devices: 0: memory0: memory 1: disk1: disk 2: fortianalyzer2: fortianalyzer 3: forticloud3: forticloud # execute log filter device XX <- Set Option# execute log filter device XX <- Set Option # execute log filter category <- Check Option 0: traffic0: traffic 1: event1: event 2: utm-virus2: utm-virus 3: utm-webfilter3: utm-webfilter 4: utm-ips4: utm-ips 5: utm-emailfilter5: utm-emailfilter 7: utm-anomaly7: utm-anomaly 8: utm-voip8: utm-voip 9: utm-dlp9: utm-dlp 10: utm-app-ctrl10: utm-app-ctrl 12: utm-waf12: utm-waf 15: utm-dns15: utm-dns 16: utm-ssh16: utm-ssh 17: utm-ssl17: utm-ssl 18: utm-cifs18: utm-cifs 19: utm-file-filter19: utm-file-filter # execute log filter category XXXX <- Set Option# execute log filter category XXXX <- Set Option
Example
# execute log filter device 1 <- 1: disk # execute log filter category 1 <- 1: event# execute log filter category 1 <- 1: event
View log
# execute log display
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2371154409193440&output=html&h=90&slotname=7687921215&adk=2855842838&adf=309505464&pi=t.ma~as.7687921215&w=728&lmt=1706319559&format=728×90&url=https%3A%2F%2Fcmdref-net.translate.goog%2Fhardware%2Ffortigate%2Findex.html%3F_x_tr_sl%3Den%26_x_tr_tl%3Did%26_x_tr_hl%3Did%26_x_tr_pto%3Dtc&wgl=1&dt=1706311842481&bpp=1&bdt=10744&idt=7492&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C300x250%2C1280x587%2C300x250%2C300x250%2C728x90%2C1170x280&nras=2&correlator=1661219824745&frm=20&pv=1&ga_vid=1098975729.1706311843&ga_sid=1706311843&ga_hid=896980556&ga_fc=1&u_tz=420&u_his=2&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1.5&adx=276&ady=6555&biw=1280&bih=587&scr_x=0&scr_y=4235&eid=44759875%2C44759926%2C44759837%2C95321626%2C95322164&oid=2&pvsid=3680919856282137&tmod=521664048&uas=1&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=1920&brdim=-7%2C-7%2C-7%2C-7%2C1280%2C0%2C1295%2C687%2C1280%2C587&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1.01&ifi=7&uci=a!7&btvi=1&fsb=1&dtd=M