請善用 "tab" key & " ? "
backup configration
# exe backup config/allconfig/ipsuserdefsigfilename 192.168.1.10(tftp server)
restore configration
#exe restore config/allconfig/ipsuserdefsig/imagefilename 192.168.1.10(tftp server)
restore defaults設定回復出廠值
#exe factoryreset
format log disk格式化硬碟以消除所有紀錄
# exe formatlogdisk
shutdown system , reboot
# exe shutdown or reboot
sync ha config
#exe ha synchronize config
show ha status
#diag sys ha status
ping
#exe ping 192.168.1.99
ping option
# exe ping-option view-settings
diagnose VPN
#diag vpn tunnel list/up
# diag sys session list
show neighbor
# diag netlink neighbor list
index=5 192.168.248.149 00:d0:59:17:8e:e9:
index=5 192.168.248.249 00:e0:22:22:26:3e:
index=5 192.168.248.250 00:e0:18:3f:e3:0b:
index=5 192.168.248.252 00:60:97:a1:89:94:
index=5 192.168.248.253 00:04:75:d0:a4:96:
index=5 192.168.248.108 00:50:fc:5b:37:1b:
index=3 61.220.141.65 00:30:da:2b:6d:88:
show session ttl (default 3600)
# show sys session-ttl
# get sys session-ttl
set session ttl
# config sys session-ttl
(session_tll)#set default 14400
(session_tll)#config port<---設定某個service port
(port)edit 4662
(4662)set timeout 600
(4662)end
diagnose sniffier
# diag sniffer packet internal/external
session clear
# diag sys session clear
get routing table
# getrouter info routing_table
顯示系統狀態
Fortigate-50A # get sys status
Version:Fortigate-50A 2.80,build392,050315
virus-db:4.625(03/14/2005 07:43)
ids-db:2.189(03/11/2005 16:43)
Serial-Number:FGT50A2904408969
Bios version:03005000
Log hard disk:Not available
Operation Mode: NAT
Hostname:Fortigate-50A
Max number of virtual domains:2
Current virtual domain:root
顯示系統效能介面
# get system interface
# show system interface
顯示系統效能
# get system performance
CPU states:0% used, 100% idle
Memory states: 63% used
Up:5 days,1 hours,21 minutes.
顯示各service utilization
#diag sys top (ctrl-c exit)
Run Time:33 days, 21 hours and 46 minutes
0U, 1S, 9I; 250T, 117F, 7KF|----->表示這個process佔用cpu的utilization%↓
ipsengine7602R <4.92.8---->表示mem使用率%
thttp7617S0.02.8
httpsd7668S0.02.1
httpsd7689S0.02.1
httpsd19S0.01.9
cli7726R0.01.2
cli7677S0.01.1
scanunitd7619S0.01.1
scanunitd7616S0.01.1
updated30S0.00.8
scanunitd 7614S0.00.7
sshd7676S0.00.6
smtp264S0.00.6
miglogd18S0.00.6
pop3265S0.00.6
ftpd7618S0.00.5
sshd35S0.00.5
imapd266S0.00.5
*********************************************************************
Fortigate Antivirus使用啟發式(heuristic)掃毒技術來檢測檔案
顯示"suspicious"病毒事件設定狀態
Fortigate-400 # get antivirusheuristic
mode: pass
rules:
設定阻擋"suspicious"病毒事件
Fortigate-400 # config antivirusheuristic
(heuristic) # set mode block
(heuristic) # end
Fortigate-400 # get antivirusheuristic
mode: block
rules:
註:設定阻擋"suspicious"可能會導致微軟patch,趨勢掃毒,Symantec等更新失效,此時設定URL白名單可解決.
*********************************************************************
Layer 2 passthrough in Transparent mode
Description: A special Layer 2 passthrough function that passes everything but IP, ARP and STP when FortiGate is in Transparent mode.
This is enabled with the CLI command:
Ver2.80 / 3.0設在各別的介面上
#config system interface
(interface)#edit port1
(port1)#set l2forward enable
(port1)#end(save and exit)
顯示FSAE認證狀況:
Fortigate-400 #diag deb enable
Fortigate-400 #diag deb auth fsae list
把disk log上傳至FTP Server 之CLI指令
config log disk setting
set status enable
set upload enable
set uploadip 192.168.1.168
set uploadzip enable
set max-log-file-size 90
end
“set upload enable”指令要先執行才會看到以下其他指令:
uploadwhether to upload the log file when rolling
uploadipFTP IP address
uploadportFTP port
uploaduserFTP 帳號
uploadpassFTP 密碼
uploaddirlog 要存放在FTP的目錄路徑
uploadtypelog files的類別, 預設全部上傳
uploadzip壓縮上傳之logs
uploadschedscheduled upload (disable=upload when rolling)
uploadtimetime of scheduled upload
drive-standby-time 硬碟省電功能 timeout(0-19800 sec)(0 disable)
upload-delete-files 上傳完畢刪除log files (default=enable)
***************************************************************************
重置/reset session
Fortigate-400 #diag sys session clear
註:欲使新policy確定生效可執行此指令。如設定防範P2P/IM長期佔用session的policy.
MAC 綁ip
config system dhcp reserved-address
edit 1(id)
set ip 192.168.1.1(要綁定的ip)
set mac 00:00:00:00:00:00(要綁定的mac)
end
留言列表
