(完整版)FortiGate防火墙常用配置命令
FortiGate 常用配置命令 一、命令结构
config Configure object. 对策略,对象等进行配置
get Get dynamic and system information. 查看相关关对象的参数信息show Show configuration. 查看配置文件
diagnose Diagnose facility. 诊断命令
execute Execute static commands. 常用的工具命令,如ping exit Exit the CLI. 退出
二、常用命令 1、配置接口地址:
FortiGate # config system interface FortiGate (interface) # edit lan
FortiGate (lan) # set ip 192.168.100.99/24 FortiGate (lan) # end 2、配置静态路由
FortiGate (static) # edit 1 FortiGate (1) # set device wan1
FortiGate (1) # set dst 10.0.0.0 255.0.0.0 FortiGate (1) # set gateway 192.168.57.1 FortiGate (1) # end 3、配置默认路由
FortiGate (1) # set gateway 192.168.57.1 FortiGate (1) # set device wan1 FortiGate (1) # end 4、添加地址
FortiGate # config firewall address FortiGate (address) # edit clientnet new entry 'clientnet' added
FortiGate (clientnet) # set subnet 192.168.1.0 255.255.255.0 FortiGate (clientnet) # end
5、添加ip池
FortiGate (ippool) # edit nat-pool new entry 'nat-pool' added
FortiGate (nat-pool) # set startip 100.100.100.1 FortiGate (nat-pool) # set endip 100.100.100.100 FortiGate (nat-pool) # end 6、添加虚拟ip
FortiGate # config firewall vip FortiGate (vip) # edit webserver new entry 'webserver' added
FortiGate (webserver) # set extip 202.0.0.167 FortiGate (webserver) # set extintf wan1
FortiGate (webserver) # set mappedip 192.168.0.168 FortiGate (webserver) # end
7、配置上网策略
FortiGate # config firewall policy FortiGate (policy) # edit 1
FortiGate (1)#set srcintf internal //源接口 FortiGate (1)#set dstintf wan1 //目的接口 FortiGate (1)#set srcaddr all //源地址 FortiGate (1)#set dstaddr all //目的地址 FortiGate (1)#set action accept //动作 FortiGate (1)#set schedule always //时间 FortiGate (1)#set service ALL //服务
FortiGate (1)#set logtraffic disable //日志开关 FortiGate (1)#set nat enable //开启nat end
8、配置映射策略
FortiGate # config firewall policy FortiGate (policy) #edit 2
FortiGate (2)#set srcintf wan1 //源接口 FortiGate (2)#set dstintf internal //目的接口 FortiGate (2)#set srcaddr all //源地址
FortiGate (2)#set dstaddr FortiGate1 //目的地址,虚拟ip映射,事先添加好的FortiGate (2)#set action accept //动作
FortiGate (2)#set schedule always //时间 FortiGate (2)#set service ALL //服务 FortiGate (2)#set logtraffic all //日志开关 end
9、把internal交换接口修改为路由口
确保关于internal口的路由、dhcp、防火墙策略都删除 FortiGate # config system global
FortiGate (global) # set internal-switch-mode interface FortiGate (global) #end 重启
-------------------------------------- 1、查看主机名,管理端口 FortiGate # show system global 2、查看系统状态信息,当前资源信息 FortiGate # get system performance status 3、查看应用流量统计
FortiGate # get system performance firewall statistics 4、查看arp表
FortiGate # get system arp 5、查看arp丰富信息
FortiGate # diagnose ip arp list 6、清楚arp缓存
FortiGate # execute clear system arp table
7、查看当前会话表
FortiGate # diagnose sys session stat 或FortiGate # diagnose sys session full-stat;
8、查看会话列表
FortiGate # diagnose sys session list 9、查看物理接口状态
FortiGate # get system interface physical 10、查看默认路由配置
FortiGate # show router static 11、查看路由表中的静态路由
FortiGate # get router info routing-table static 12、查看ospf相关配置 FortiGate # show router ospf 13、查看全局路由表
FortiGate # get router info routing-table all ----------------------------------------------- 1、查看HA状态
FortiGate # get system ha status 2、查看主备机是否同步
FortiGate # diagnose sys ha showcsum --------------------------------------------------- 3.诊断命令:
FortiGate # diagnose debug application ike -1 --------------------------------------------------- execute 命令:
FortiGate #execute ping 8.8.8.8 //常规ping操作FortiGate #execute ping-options source 192.168.1.200 //指定ping数据包的源地址192.168.1.200
FortiGate #execute ping 8.8.8.8 //继续输入ping 的目标地址,即可通过192.168.1.200的源地址执行ping操作
FortiGate #execute traceroute 8.8.8.8
FortiGate #execute telnet 2.2.2.2 //进行telnet访问FortiGate #execute ssh 2.2.2.2 //进行ssh 访问FortiGate #execute factoryreset //恢复出厂设置FortiGate #execute reboot //重启设备FortiGate #execute shutdown //关闭设备
