常用基础命令
2025/10/29大约 3 分钟
常用基础命令
命令结构
config Configure object. 对策略,对象等进行配置
get Get dynamic and system information. 查看相关关对象的参数信息
show Show configuration. 查看配置文件
diagnose Diagnose facility. 诊断命令
execute Execute static commands. 常用的工具命令,如 ping
exit Exit the CLI. 退出常用命令
常用配置命令
配置接口地址
FortiGate # config system interface FortiGate (interface) # edit lan FortiGate (lan) # set ip 192.168.100.99/24 FortiGate (lan) # end配置静态路由
FortiGate # config router static FortiGate (static) # edit 0 //“ 0 ”系统自动分配路由条目的序号 FortiGate (0) # set device wan1 //出接口 FortiGate (0) # set dst 10.0.0.0 255.0.0.0 //目的网段 FortiGate (0) # set gateway 192.168.57.1 //网关IP FortiGate (0) # end配置默认路由
FortiGate # config router static FortiGate (static) # edit 0 FortiGate (0) # set gateway 192.168.57.1 FortiGate (0) # set device wan1 FortiGate (0) # end添加IP地址对象
FortiGate # config firewall address FortiGate (address) # edit clientnet new entry 'clientnet' added FortiGate (clientnet) # set subnet 192.168.1.0 255.255.255.0 FortiGate (clientnet) # end添加IP池
FortiGate# config firewall ippool FortiGate (ippool) # edit nat-pool new entry 'nat-pool' added FortiGate (nat-pool) # set startip 100.100.100.1 FortiGate (nat-pool) # set endip 100.100.100.100 FortiGate (nat-pool) # end添加虚拟IP
FortiGate # config firewall vip FortiGate (vip) # edit webserver new entry 'webserver' added FortiGate (webserver) # set extip 202.0.0.167 FortiGate (webserver) # set extintf wan1 FortiGate (webserver) # set mappedip 192.168.0.168 FortiGate (webserver) # end配置上网策略
FortiGate # config firewall policy FortiGate (policy) # edit 1 FortiGate (1)#set srcintf internal //源接口 FortiGate (1)#set dstintf wan1 //目的接口 FortiGate (1)#set srcaddr all //源地址 FortiGate (1)#set dstaddr all //目的地址 FortiGate (1)#set action accept //动作 FortiGate (1)#set schedule always //时间 FortiGate (1)#set service ALL //服务 FortiGate (1)#set logtraffic disable //日志开关 FortiGate (1)#set nat enable //开启nat FortiGate (1)#end配置VIP映射策略
FortiGate # config firewall policy FortiGate (policy) #edit 2 FortiGate (2)#set srcintf wan1 //源接口 FortiGate (2)#set dstintf internal //目的接口 FortiGate (2)#set srcaddr all //源地址 FortiGate (2)#set dstaddr ngfw1 //目的地址,虚拟VIP映射,需要先配置好VIP条目才可以被调用 FortiGate (2)#set action accept //动作 FortiGate (2)#set schedule always //时间 FortiGate (2)#set service ALL //服务 FortiGate (2)#set logtraffic all //日志开关 end
常用show命令
查看设备信息、主机名,管理端口
FortiGate # show system global查看系统状态信息和当前资源信息
FortiGate # get system status FortiGate # get system performance status查看应用流量统计
FortiGate # get system performance firewall statistics查看ARP表
FortiGate # get system arp查看arp丰富信息
FortiGate # diagnose ip arp list清除ARP缓存
FortiGate # execute clear system arp table查看当前会话表
FortiGate # diagnose sys session stat FortiGate # diagnose sys session full-stat查看会话列表
FortiGate # diagnose sys session list查看物理接口状态
FortiGate # get system interface physical查看默认路由配置
FortiGate # show router static查看路由表中的静态路由
FortiGate # get router info routing-table static查看OSPF相关配置
FortiGate # show router ospf查看全局路由表
FortiGate # get router info routing-table all查看HA状态
FortiGate # get system ha status查看主备机是否同步
FortiGate # diagnose sys ha checksum
常用诊断命令
IPSec IKE
FortiGate # diagnose debug application ike -1 FortiGate # diagnose debug enable
常用execute命令
FortiGate #execute ping 8.8.8.8 //常规ping操作
FortiGate #execute ping-options source 192.168.1.200 //指定ping数据包的源地址 192.168.1.200
FortiGate #execute ping 8.8.8.8 //继续输入ping的目标地址,即可通过192.168.1.200的源地址执行ping操作
FortiGate #execute traceroute 8.8.8.8
FortiGate #execute telnet 2.2.2.2 //进行telnet访问
FortiGate #execute ssh 2.2.2.2 //进行ssh 访问
FortiGate #execute factoryreset //恢复出厂设置
FortiGate #execute reboot //重启设备
FortiGate #execute shutdown //关闭设备