常用基础命令

命令结构

config      Configure object.                           对策略,对象等进行配置
get         Get dynamic and system information.         查看相关关对象的参数信息
show        Show configuration.                         查看配置文件
diagnose    Diagnose facility.                          诊断命令
execute     Execute static commands.                    常用的工具命令,如 ping
exit        Exit the CLI.                               退出

常用命令

常用配置命令

  1. 配置接口地址

    FortiGate # config system interface
    FortiGate (interface) # edit lan
    FortiGate (lan) # set ip 192.168.100.99/24
    FortiGate (lan) # end
    
  2. 配置静态路由

    FortiGate # config router static 
    FortiGate (static) # edit 0                  //“ 0 ”系统自动分配路由条目的序号
    FortiGate (0) # set device wan1              //出接口
    FortiGate (0) # set dst 10.0.0.0 255.0.0.0   //目的网段
    FortiGate (0) # set gateway 192.168.57.1     //网关IP
    FortiGate (0) # end
    
  3. 配置默认路由

    FortiGate # config router static 
    FortiGate (static) # edit 0  
    FortiGate (0) # set gateway 192.168.57.1
    FortiGate (0) # set device wan1
    FortiGate (0) # end
    
  4. 添加IP地址对象

    FortiGate # config firewall address
    FortiGate (address) # edit clientnet
    new entry 'clientnet' added
    FortiGate (clientnet) # set subnet 192.168.1.0 255.255.255.0
    FortiGate (clientnet) # end
    
  5. 添加IP池

    FortiGate# config firewall ippool 
    FortiGate (ippool) # edit nat-pool
    new entry 'nat-pool' added
    FortiGate (nat-pool) # set startip 100.100.100.1
    FortiGate (nat-pool) # set endip 100.100.100.100
    FortiGate (nat-pool) # end
    
  6. 添加虚拟IP

    FortiGate # config firewall vip
    FortiGate (vip) # edit webserver
    new entry 'webserver' added
    FortiGate (webserver) # set extip 202.0.0.167
    FortiGate (webserver) # set extintf wan1
    FortiGate (webserver) # set mappedip 192.168.0.168
    FortiGate (webserver) # end
    
  7. 配置上网策略

    FortiGate # config firewall policy
    FortiGate (policy) # edit 1        
    FortiGate (1)#set srcintf internal     //源接口
    FortiGate (1)#set dstintf wan1         //目的接口
    FortiGate (1)#set srcaddr all          //源地址
    FortiGate (1)#set dstaddr all          //目的地址
    FortiGate (1)#set action accept        //动作
    FortiGate (1)#set schedule always      //时间
    FortiGate (1)#set service ALL          //服务
    FortiGate (1)#set logtraffic disable   //日志开关
    FortiGate (1)#set nat enable           //开启nat
    FortiGate (1)#end
    
  8. 配置VIP映射策略

    FortiGate # config firewall policy
    FortiGate (policy) #edit 2
    FortiGate (2)#set srcintf wan1      //源接口
    FortiGate (2)#set dstintf internal  //目的接口
    FortiGate (2)#set srcaddr all       //源地址
    FortiGate (2)#set dstaddr ngfw1     //目的地址,虚拟VIP映射,需要先配置好VIP条目才可以被调用
    FortiGate (2)#set action accept     //动作
    FortiGate (2)#set schedule always   //时间
    FortiGate (2)#set service ALL       //服务
    FortiGate (2)#set logtraffic all    //日志开关
    end
    

常用show命令

  1. 查看设备信息、主机名,管理端口

    FortiGate # show system global
    
  2. 查看系统状态信息和当前资源信息

    FortiGate # get system status
    FortiGate # get system performance status
    
  3. 查看应用流量统计

    FortiGate # get system performance firewall statistics
    
  4. 查看ARP表

    FortiGate # get system arp
    
  5. 查看arp丰富信息

    FortiGate # diagnose ip arp list
    
  6. 清除ARP缓存

    FortiGate # execute clear system arp table
    
  7. 查看当前会话表

    FortiGate # diagnose sys session stat
    FortiGate # diagnose sys session full-stat
    
  8. 查看会话列表

    FortiGate # diagnose sys session list
    
  9. 查看物理接口状态

    FortiGate # get system interface physical
    
  10. 查看默认路由配置

    FortiGate # show router static
    
  11. 查看路由表中的静态路由

    FortiGate # get router info routing-table static
    
  12. 查看OSPF相关配置

    FortiGate # show router ospf
    
  13. 查看全局路由表

    FortiGate # get router info routing-table all
    
  14. 查看HA状态

    FortiGate # get system ha status
    
  15. 查看主备机是否同步

    FortiGate # diagnose sys ha checksum
    

常用诊断命令

  1. IPSec IKE

    FortiGate # diagnose debug application ike -1
    FortiGate # diagnose debug enable
    

常用execute命令

FortiGate #execute  ping  8.8.8.8                         //常规ping操作
FortiGate #execute  ping-options source  192.168.1.200    //指定ping数据包的源地址 192.168.1.200
FortiGate #execute  ping  8.8.8.8                         //继续输入ping的目标地址,即可通过192.168.1.200的源地址执行ping操作
FortiGate #execute  traceroute   8.8.8.8                  
FortiGate #execute  telnet 2.2.2.2      //进行telnet访问                  
FortiGate #execute  ssh  2.2.2.2        //进行ssh 访问
FortiGate #execute  factoryreset        //恢复出厂设置
FortiGate #execute  reboot              //重启设备
FortiGate #execute  shutdown            //关闭设备

Copyright © 2023 Fortinet Inc. All rights reserved. Powered by Fortinet TAC Team.
📲扫描下方二维码分享此页面👇
该页面修订于: 2022-08-22 16:41:00

results matching ""

    No results matching ""