Johnson峰的部落格

請善用 "tab" key & " ? "

backup configration

# exe backup config/allconfig/ipsuserdefsigfilename 192.168.1.10(tftp server)

restore configration

#exe restore config/allconfig/ipsuserdefsig/imagefilename 192.168.1.10(tftp server)

restore defaults設定回復出廠值

#exe factoryreset

format log disk格式化硬碟以消除所有紀錄

# exe formatlogdisk

shutdown system , reboot

# exe shutdown or reboot

sync ha config

#exe ha synchronize config

show ha status

#diag sys ha status

ping

#exe ping 192.168.1.99

ping option

# exe ping-option view-settings

diagnose VPN

#diag vpn tunnel list/up

# diag sys session list

show neighbor

# diag netlink neighbor list

index=5 192.168.248.149 00:d0:59:17:8e:e9:

index=5 192.168.248.249 00:e0:22:22:26:3e:

index=5 192.168.248.250 00:e0:18:3f:e3:0b:

index=5 192.168.248.252 00:60:97:a1:89:94:

index=5 192.168.248.253 00:04:75:d0:a4:96:

index=5 192.168.248.108 00:50:fc:5b:37:1b:

index=3 61.220.141.65 00:30:da:2b:6d:88:

show session ttl (default 3600)

# show sys session-ttl

# get sys session-ttl

set session ttl

# config sys session-ttl

(session_tll)#set default 14400

(session_tll)#config port<---設定某個service port

(port)edit 4662

(4662)set timeout 600

(4662)end

diagnose sniffier

# diag sniffer packet internal/external

session clear

# diag sys session clear

get routing table

# getrouter info routing_table

顯示系統狀態

Fortigate-50A # get sys status

Version:Fortigate-50A 2.80,build392,050315

virus-db:4.625(03/14/2005 07:43)

ids-db:2.189(03/11/2005 16:43)

Serial-Number:FGT50A2904408969

Bios version:03005000

Log hard disk:Not available

Operation Mode: NAT

Hostname:Fortigate-50A

Max number of virtual domains:2

Current virtual domain:root

顯示系統效能介面

 # get system interface

 # show system interface

顯示系統效能

# get system performance

CPU states:0% used, 100% idle

Memory states: 63% used

Up:5 days,1 hours,21 minutes.

顯示各service utilization

#diag sys top (ctrl-c exit)

Run Time:33 days, 21 hours and 46 minutes

0U, 1S, 9I; 250T, 117F, 7KF|----->表示這個process佔用cpu的utilization%↓

 ipsengine7602R <4.92.8---->表示mem使用率%

     thttp7617S0.02.8

    httpsd7668S0.02.1

    httpsd7689S0.02.1

    httpsd19S0.01.9

       cli7726R0.01.2

       cli7677S0.01.1

 scanunitd7619S0.01.1

 scanunitd7616S0.01.1

   updated30S0.00.8

 scanunitd 7614S0.00.7

      sshd7676S0.00.6

      smtp264S0.00.6

   miglogd18S0.00.6

      pop3265S0.00.6

      ftpd7618S0.00.5

      sshd35S0.00.5

     imapd266S0.00.5

*********************************************************************

Fortigate Antivirus使用啟發式(heuristic)掃毒技術來檢測檔案

顯示"suspicious"病毒事件設定狀態

Fortigate-400 # get antivirusheuristic

mode: pass

rules:

設定阻擋"suspicious"病毒事件

Fortigate-400 # config antivirusheuristic

(heuristic) # set mode block

(heuristic) # end

Fortigate-400 # get antivirusheuristic

mode: block

rules:

註:設定阻擋"suspicious"可能會導致微軟patch,趨勢掃毒,Symantec等更新失效,此時設定URL白名單可解決.

*********************************************************************

Layer 2 passthrough in Transparent mode

Description: A special Layer 2 passthrough function that passes everything but IP, ARP and STP when FortiGate is in Transparent mode.

This is enabled with the CLI command:

Ver2.80 / 3.0設在各別的介面上

#config system interface

(interface)#edit port1

(port1)#set l2forward enable

(port1)#end(save and exit)

顯示FSAE認證狀況:

Fortigate-400 #diag deb enable

Fortigate-400 #diag deb auth fsae list

把disk log上傳至FTP Server 之CLI指令

config log disk setting

     set status enable

     set upload enable

     set uploadip 192.168.1.168

     set uploadzip enable

     set max-log-file-size 90

 end

“set upload enable”指令要先執行才會看到以下其他指令:

uploadwhether to upload the log file when rolling

uploadipFTP IP address

uploadportFTP port

uploaduserFTP 帳號

uploadpassFTP 密碼

uploaddirlog 要存放在FTP的目錄路徑

uploadtypelog files的類別, 預設全部上傳

uploadzip壓縮上傳之logs

uploadschedscheduled upload (disable=upload when rolling)

uploadtimetime of scheduled upload

drive-standby-time 硬碟省電功能 timeout(0-19800 sec)(0 disable)

upload-delete-files 上傳完畢刪除log files (default=enable)

***************************************************************************

重置/reset session

Fortigate-400 #diag sys session clear

註:欲使新policy確定生效可執行此指令。如設定防範P2P/IM長期佔用session的policy.

MAC 綁ip

config system dhcp reserved-address

edit 1(id)

set ip 192.168.1.1(要綁定的ip)

set mac 00:00:00:00:00:00(要綁定的mac)

end