Difference between revisions of "fortinet CLI notes"
From cpwiki.net
(7 intermediate revisions by one user not shown) | |||
Line 13: | Line 13: | ||
# get hardware nic <interface name> | # get hardware nic <interface name> | ||
− | + | ==routes== | |
+ | # config router static | ||
+ | # edit <route_index> | ||
+ | # set device "<interface_name>" | ||
+ | # set dst "<destination_ip>" | ||
+ | # set gateway "<router_ip>" | ||
+ | |||
+ | for default gw.. | ||
+ | # set dst 0.0.0.0 0.0.0.0 | ||
+ | |||
+ | HA status | ||
+ | # config global | ||
+ | # get sys ha status | ||
+ | |||
+ | HA failover to highest priority (if it is not currently Master) | ||
+ | on current master run... | ||
+ | # config global | ||
+ | # diagnose sys ha reset-uptime | ||
+ | |||
+ | get admin hash password | ||
+ | # config global | ||
+ | # config sys admin | ||
+ | # show | ||
+ | |||
+ | uptime | ||
+ | # config global | ||
+ | # get system perf status | grep -i uptime | ||
+ | |||
+ | shutdown/reboot | ||
+ | |||
+ | # execute shutdown | ||
+ | or | ||
+ | # execute reboot | ||
+ | |||
+ | ==firewall== | ||
+ | # show firewall policy | ||
+ | |||
+ | ==packet capture== | ||
+ | |||
+ | # diagnose sniffer packet <interface|any> '<tcpdump-filter>' <verbosity> <count> <time-format> | ||
+ | |||
+ | where if count = 0, then unlimited | ||
+ | |||
+ | example: | ||
+ | fotinet1 # diagnose sniffer packet port1 'icmp' 4 2 l | ||
+ | interfaces=[port1] | ||
+ | filters=[icmp] | ||
+ | 2022-08-25 13:16:52.397609 port1 -- 192.168.169.76 -> 192.168.169.31: icmp: echo request | ||
+ | 2022-08-25 13:16:52.397673 port1 -- 192.168.169.31 -> 192.168.169.76: icmp: echo reply | ||
+ | |||
+ | |||
[[category:fortinet]] | [[category:fortinet]] |
Revision as of 02:51, 6 November 2022
Contents |
vdom
entering editing a vdom
# config vdom (vdom) # edit myvdom (myvdom) #
interface commands
for admin status, link stat, speeds, counters...
# config global # get hardware nic <interface name>
routes
# config router static # edit <route_index> # set device "<interface_name>" # set dst "<destination_ip>" # set gateway "<router_ip>"
for default gw..
# set dst 0.0.0.0 0.0.0.0
HA status
# config global # get sys ha status
HA failover to highest priority (if it is not currently Master) on current master run...
# config global # diagnose sys ha reset-uptime
get admin hash password
# config global # config sys admin # show
uptime
# config global # get system perf status | grep -i uptime
shutdown/reboot
# execute shutdown
or
# execute reboot
firewall
- show firewall policy
packet capture
- diagnose sniffer packet <interface|any> '<tcpdump-filter>' <verbosity> <count>
where if count = 0, then unlimited
example: fotinet1 # diagnose sniffer packet port1 'icmp' 4 2 l interfaces=[port1] filters=[icmp] 2022-08-25 13:16:52.397609 port1 -- 192.168.169.76 -> 192.168.169.31: icmp: echo request 2022-08-25 13:16:52.397673 port1 -- 192.168.169.31 -> 192.168.169.76: icmp: echo reply