Advanced Search
Search Results
351 total results found
HA Cluster Member Firmware Revisions
(2014-11-20) Verify the firmware versions of cluster members: fw-ottawa-A # get system stat Version [...] [...] fw-ottawa-A # execute ha manage 0 fw-ottawa-B # get system stat Version [...] [...]
DHCP and PPPoE
Problem: Cannot set mode to DHCP or PPPoE when HA is on. It doesn't work. Note: this is allegedly supported in 5.2.1 or higher, but there are otherproblems with this firmware that prevent me from confirming this. **Update:** With 5.2.2 I can at leas...
arp
(2015-04-20) Show the arp table: # get system arp
crashlog
(2015-04-22) List the firewall's internal crashlog: # di de crashlog read
DHCP Reservation
(2015-01-29) Warning: this method does not work in 5.2 (and presumably higher). config system dhcp reserved-address edit <string> set ip <ipv4> set mach <mac> set type regular end
Reset to Factory Defaults
(2013-08-28) Reset To Factory Defaults You have two minutes from power reset to perform this task. Login: username maintainer password bcpb$SERIALNUMBER Reset: execute factoryreset Let it run, then log in as admin with no password.
Interface Duplex
(2013-12-17) Problem Need to force speed/duplex on a physical interface. Solution There's no GUI option, you must command-line: forti$ config system interface forti(Interface)$ edit wan2 forti(wan2)$ set speed 100full forti(wan2)$ end Possible settings for sp...
Interface Mode
(2014-06-24) To set interface mode: make sure the default Internal interface has no DHCP server enabled (it is by default) and has no policies referring to it (there are by default) or any address objects referring explicitly to it on the console: config sys...
Packet Capture
(2013-07-18) Show information of packets seen on an interface: # diag sniffer packet internal none 4 3 internal in 192.168.0.1.22 -> 192.168.0.30.1144: psh 2859918764 ack 1949135261 internal in 192.168.0.1.22 -> 192.168.0.30.1144: psh 2859918816 ack 1949135261...
Radius Server Definition
(2014-06-14) On the smaller FortiGates, the GUI doesn't include the ability to define Radius servers. So you have to do it via the command line. This is a minimal Radius server definition: config user radius edit "DC Radius" set server "192.168.1.2...
Reset Admin Password
(2014-07-03) Problem Nobody remembers the password for a given admin account. We have another superadmin account that we can log in with. Solution Easy: delete the account and recreate it. Harder: (ie under some circumstances you can't delete the admin account...
Routing Table
(2013-08-26) Display the routing table: # get router info routing-table all
Simple Commands
(2013-11-13) Ping # exec ping $TARGET Routes # get router info routing-table all
Syslog
(2014-08-22) To enable logging to a syslog server: config log syslogd setting set status enable set server <ip.or.dns-name.here> end For some reason this doesn't appear as a GUI option.
Test Authentication Servers
Testing authentication These cli commands can help you test your radius or ldap server: # diag test auth radius <server_name> <chap | pap | mschap | mschap2> <username> <pwd> # diag test authserver ldap <server_name> <username> <pwd> These commands turn on mo...
Backup ISP with some traffic selection
(2013-08-26) Problem: My scenario is that I have a FortiGate 60D with two ISPs: a static DSL, and a dynamic high speed cable. So I have VIP objects defined on my DSL line going to a couple of systems, including a mail system. I want: The mail system to send t...
DHCP Client Leases
(2015-04-22) List the DHCP leases handed out on $INTERFACE. # exec dhcp lease-list $INTERFACE
Interface Status
(2015-04-01) Interface State Show IP, status, speed/duplex: get system interface physical Show physical state including errors and drops get hardware nic X Also you can look at ifconfig: fnsysctl ifconfig X
Memory Logging
(2015-03-12) Problem By default, baby firewalls (which seems to mean up to and including F90Ds ) do not log practically anything. Solution Enable memory logging from the command line: config log memory setting set status enable end The system will now use up ...
Configuration Preparation
(2015-08-24) This is the recipe that I use when configuring out-of-box systems for the first time. By default, WAN1 is a dhcp insterface. So I set WAN1 to allow HTTPS management, then plug WAN1 into the LAN that I have handy so I can web-manage. config system ...