1. FGT30D # config system interface
FGT30D (interface) # showconfig system interface
edit "wan"
set ip 10.99.142.1 255.255.255.0
set allowaccess ping https ssh snmp http fgfm
set type physical
set snmp-index 2
next
.....
edit "lan"
set ip 192.168.100.1 255.255.255.0
set allowaccess ping https ssh http fgfm capwap
set type physical
set snmp-index 1
next
end
2. Change System Hostname
FGT30D # config system globalFGT30D (global) # set hostname FGT30D
FGT30D (global) # end
3. Configure System DHCP Server on Interface "lan"
FGT30D # config system dhcp serverconfig system dhcp server
edit 1
set default-gateway 192.168.100.1
set dns-service default
set interface "lan"
config ip-range
edit 1
set end-ip 192.168.100.200
set start-ip 192.168.100.80
next
end
set netmask 255.255.255.0
next
end
4. FGT30D # config firewall policy
config firewall policy
edit 1
set srcintf "lan"
set dstintf "wan"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
next
end
5. FGT30D # config router static
config router static
edit 1
set device "wan"
set gateway 10.99.142.6
next
end
6. Configure system DNS host
FGT30D # config system dnsconfig system dns
set primary 208.91.112.53
set secondary 208.91.112.52
end
7. Set System Users
FGT30D # config system adminconfig system admin
edit admin
set password <psswrd>
config system admin
edit "admin"
set accprofile "super_admin"
....
set password ENC AK1TDEt3tvzlnXWgK7ZjkFDgEisgltyWyK2/lnOYtvcl28=
next
edit "superadmin1"
set accprofile "super_admin"
....
set password ENC AK1eDVLPbT+qARqmQ5r0ituEhnmu9xVwdAbo2puf9TZofo=
next
edit "testadmin"
set accprofile "prof_admin"
set password ENC AK1JB0gM4GKvhld20nMmfFbhnictGo/+oUIqAaGTGlb+vg=
next
end
8. Configure Syslog Settings
config log syslogd(2|3) setting
set status enable
set server 10.99.1.1
set port 514
set facility user
end
diagnose log test // Test logging
9. Execure Command - Ping
FGT30D # execute ping www.google.caPING www.google.ca (173.194.46.111): 56 data bytes
64 bytes from 173.194.46.111: icmp_seq=0 ttl=57 time=20.7 ms
64 bytes from 173.194.46.111: icmp_seq=1 ttl=57 time=22.7 ms
64 bytes from 173.194.46.111: icmp_seq=2 ttl=57 time=20.6 ms
--- www.google.ca ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 20.6/21.3/22.7 ms
10. Set Ping Source
FGT30D # execute ping-options source 192.168.1.1FGT30D # execute ping-options viewPing Options:
Repeat Count: 5
Data Size: 56
Timeout: 2
Interval: 1
TTL: 64
TOS: 0
DF bit: unset
Source Address: 192.168.1.1
Pattern:
Pattern Size in Bytes: 0
Validate Reply: no
Note: ping-options will reset when session closed
11. Debugging
diag debug enable
diag debug console timestamp enable
diag sniffer packet wan 'host 8.8.8.8' 1
diag debug disable
diag debug reset
12. Backup Configuration to Flash
FGT30D # execute backup config flashPlease wait...
Config backed up to flash disk done.
Setting timestamp
FGT30D # execute revision list config Last Firmware Version: V0.0.0-build000-REL0
ID TIME ADMIN FIRMWARE VERSION COMMENT
1 2015-02-10 13:39:29 jn V5.0.0-build292-REL0
2 2015-02-10 13:42:15 jn V5.0.0-build292-REL0 20140210
13. Restore Configuration from Flash
FGT30D # execute restore config flash 2This operation will overwrite the current settings!
Do you want to continue? (y/n)y
Please wait...
Get config from local disk OK.
File check OK.
14. Get system configuraiton
get system arp // ARP Table
get system dns // DNS Configuration
get system dhcp server // DHCP server configuration
FGT30D # get system setting
opmode : nat
firewall-session-dirty: check-all
bfd : disable
utf8-spam-tagging : enable
wccp-cache-engine : disable
vpn-stats-log :
vpn-stats-period : 0
v4-ecmp-mode : source-ip-based
gui-default-policy-columns:
asymroute : disable
ses-denied-traffic : disable
strict-src-check : disable
asymroute6 : disable
per-ip-bandwidth : disable
sip-helper : enable
sip-nat-trace : enable
status : enable
sip-tcp-port : 5060
sip-udp-port : 5060
sccp-port : 2000
multicast-forward : enable
multicast-ttl-notchange: disable
allow-subnet-overlap: disable
deny-tcp-with-icmp : disable
ecmp-max-paths : 10
discovered-device-timeout: 28
email-portal-check-dns: enable
show system interface wan1 | grep -A2 ip // Show WAN and interface information.
get system info admin status // Show logged in users
get system status // Show system hardware/software update versions
get hardware status // Detailed hardware model information
get system performance status
get system performance top
show system interface
diagnose hardware deviceinfo nic // Interface Statistics/Settings
diagnose hardware sysinfo memory
diag debug crashlog read
diag hardware sysinfo shm // Device should be in 0, if (>0) then conservemode
get system global | grep -i timer // Show tcp and udp timers for halfopen and idle
get system session-ttl // System default tcp-idle session timeout
get hardware nic
get system interface physical
diagnose ip address list
diagnose ip arp list
diagnose sys session list
diagnose sys session clear
diagnose sys kill 9 <id>
15. Online Demo Read Access for Fortinet Products
- Fortigate:
user:demo
password: demo
fortigate.com
- ForiAnalyzer:
user:demo
password: demo
fortianalyzer.com
- FortiManager:
user:demo
password: demo
fortimanager.com
- FortiMail
user:demo
password: demo
https://209.87.230.132/admin
- FortiWeb
user:demo
password: demo
http://fortiweb.fortinet.com/
- FortiDB
user:demo
password: demo
http://www.fortidb.com/