一、命令结构
config Configure object. 对策略,对象等进行配置
get Get dynamic and system information. 查看相关关对象的参数信息
show Show configuration. 查看配置文件
diagnose Diagnose facility. 诊断命令
execute Execute static commands. 常用的工具命令,如 ping
exit Exit the CLI. 退出
二、常用命令
1.配置接口地址:
FortiGate # config system interface
FortiGate (interface) # edit lan
FortiGate (lan) # set ip 192.168.100.99/24
FortiGate (lan) # end
2.配置静态路由
FortiGate (static) # edit 1
FortiGate (1) # set device wan1
FortiGate (1) # set dst 10.0.0.0 255.0.0.0
FortiGate (1) # set gateway 192.168.57.1
FortiGate (1) # end
3.配置默认路由
FortiGate (1) # set gateway 192.168.57.1
FortiGate (1) # set device wan1
FortiGate (1) # end
4.添加地址
FortiGate # config firewall address
FortiGate (address) # edit clientnet
new entry 'clientnet' added
FortiGate (clientnet) # set subnet 192.168.1.0 255.255.255.0
FortiGate (clientnet) # end
5.添加ip池
FortiGate (ippool) # edit nat-pool
new entry 'nat-pool' added
FortiGate (nat-pool) # set startip 100.100.100.1
FortiGate (nat-pool) # set endip 100.100.100.100
FortiGate (nat-pool) # end
6.添加虚拟ip
FortiGate # config firewall vip
FortiGate (vip) # edit webserver
new entry 'webserver' added
FortiGate (webserver) # set extip 202.0.0.167
FortiGate (webserver) # set extintf wan1
FortiGate (webserver) # set mappedip 192.168.0.168
FortiGate (webserver) # end
7.配置上网策略
FortiGate # config firewall policy
FortiGate (policy) # edit 1
FortiGate (1)#set srcintf internal //源接口
FortiGate (1)#set dstintf wan1 //目的接口
FortiGate (1)#set srcaddr all //源地址
FortiGate (1)#set dstaddr all //目的地址
FortiGate (1)#set action accept //动作
FortiGate (1)#set schedule always //时间
FortiGate (1)#set service ALL //服务
FortiGate (1)#set logtraffic disable //日志开关
FortiGate (1)#set nat enable //开启nat
end
8.配置映射策略
FortiGate # config firewall policy
FortiGate (policy) #edit 2
FortiGate (2)#set srcintf wan1 //源接口
FortiGate (2)#set dstintf internal //目的接口
FortiGate (2)#set srcaddr all //源地址
FortiGate (2)#set dstaddr ngfw1 //目的地址,虚拟ip映射,事先添加好的
FortiGate (2)#set action accept //动作
FortiGate (2)#set schedule always //时间
FortiGate (2)#set service ALL //服务
FortiGate (2)#set logtraffic all //日志开关
end
9.把internal交换接口修改为路由口
确保关于internal口的路由、dhcp、防火墙策略都删除
FortiGate # config system global
FortiGate (global) # set internal-switch-mode interface
FortiGate (global) #end
重启
--------------------------------------
10.查看主机名,管理端口
FortiGate # show system global
11.查看系统状态信息,当前资源信息
FortiGate # get system performance status
12.查看应用流量统计
FortiGate # get system performance firewall statistics
4. 查看arp表
FortiGate # get system arp
5.查看arp丰富信息
FortiGate # diagnose ip arp list
6.清楚arp缓存
FortiGate # execute clear system arp table
7.查看当前会话表
FortiGate # diagnose sys session stat 或 FortiGate # diagnose sys session full-stat;
8.查看会话列表
FortiGate # diagnose sys session list
9、查看物理接口状态
FortiGate # get system interface physical
10.查看默认路由配置
FortiGate # show router static
11.查看路由表中的静态路由
FortiGate # get router info routing-table static
12.查看ospf相关配置
FortiGate # show router ospf
13.查看全局路由表
FortiGate # get router info routing-table all
-----------------------------------------------
14.查看HA状态
FortiGate # get system ha status
15.查看主备机是否同步
FortiGate # diagnose sys ha showcsum
---------------------------------------------------
16.诊断命令:
FortiGate # diagnose debug application ike -1
---------------------------------------------------
17. execute 命令:
FortiGate #execute ping 8.8.8.8 //常规ping操作
FortiGate #execute ping-options source 192.168.1.200 //指定ping数据包的源地址 192.168.1.200
FortiGate #execute ping 8.8.8.8 //继续输入ping的目标地址,即可通过192.168.1.200的源地址执行ping操作
FortiGate #execute traceroute 8.8.8.8
FortiGate #execute telnet 2.2.2.2 //进行telnet访问
FortiGate #execute ssh 2.2.2.2 //进行ssh 访问
FortiGate #execute factoryreset //恢复出厂设置
FortiGate #execute reboot //重启设备
FortiGate #execute shutdown //关闭设备
5333
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
