In this post I will just show some examples of packet captures and debugs for reference.
Generally speaking we would use the packet capture "diagnose sniffer packet" for wanting to know about traffic coming or going from the firewall.
If some traffic is coming in and not coming out of the firewall we can use "debug flow filter" to see how the Forti is processing a packet and why it might be being dropped.
PACKET CAPTURE
Lets do an identical packet capture and see what the different verbosity levels can give us.
Verbosity level options:
FG1 # diagnose sniffer packet port2 'host 52.52.208.2 and tcp port 443'
<verbose>
1: print header of packets
2: print header and data from ip of packets
3: print header and data from ethernet of packets (if available)
4: print header of packets with interface name
5: print header and data from ip of packets with interface name
6: print header and data from ethernet of packets (if available) with intf name
Tuesday, April 28, 2020
Backup
In this blog we will take some backups via cli on the Fortigate and then do a restore.
We will try with FTP/TFTP and SCP.
First lets see what options we have with the execute backup command.
FG1 # execute backup
config config
disk disk
full-config full-config
ipsuserdefsig ipsuserdefsig
memory memory
FG1 #
We will try with FTP/TFTP and SCP.
First lets see what options we have with the execute backup command.
FG1 # execute backup
config config
disk disk
full-config full-config
ipsuserdefsig ipsuserdefsig
memory memory
FG1 #
Sunday, April 26, 2020
Syslog
This post will show how to get syslog messages from a Fortigate into a syslog server.
In this case I am using Splunk free for the syslog.
Our syslog server is running on 192.168.100.200 on UDP port 1514.
If you enable syslog in the gui you don't get many choices.
However, if we look in the cli we will see a lot more options to configure.
In this case I am using Splunk free for the syslog.
Our syslog server is running on 192.168.100.200 on UDP port 1514.
If you enable syslog in the gui you don't get many choices.
However, if we look in the cli we will see a lot more options to configure.
Friday, April 24, 2020
DHCP
In this post we will see how to config a basic DHCP scope to set the Fortigate as a DHCP server for a local interface and also how to monitor the assignment and check the leases.
First let's note we have no DHCP config. We will configure it for port2.
FG1 (server) # show
config system dhcp server
end
First let's note we have no DHCP config. We will configure it for port2.
FG1 (server) # show
config system dhcp server
end
NTP
In this post we will set NTP and timezone for our Fortigate
CONFIGURE NTP
First lets see the current NTP config
FG1 # show system ntp
config system ntp
set ntpsync enable
end
FG1 # show full-configuration system ntp
config system ntp
set ntpsync enable
set type fortiguard
set syncinterval 60
set source-ip 0.0.0.0
set source-ip6 ::
set server-mode disable
end
Find a suitable public NTP server and confirm reachability. In this case Google.
FG1 # execute ping time.google.com
PING time.google.com (216.239.35.8): 56 data bytes
64 bytes from 216.239.35.8: icmp_seq=0 ttl=43 time=142.7 ms
64 bytes from 216.239.35.8: icmp_seq=1 ttl=43 time=142.7 ms
64 bytes from 216.239.35.8: icmp_seq=2 ttl=43 time=142.2 ms
64 bytes from 216.239.35.8: icmp_seq=3 ttl=43 time=142.6 ms
64 bytes from 216.239.35.8: icmp_seq=4 ttl=43 time=143.0 ms
--- time.google.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 142.2/142.6/143.0 ms
FG1 #
CONFIGURE NTP
First lets see the current NTP config
FG1 # show system ntp
config system ntp
set ntpsync enable
end
FG1 # show full-configuration system ntp
config system ntp
set ntpsync enable
set type fortiguard
set syncinterval 60
set source-ip 0.0.0.0
set source-ip6 ::
set server-mode disable
end
Find a suitable public NTP server and confirm reachability. In this case Google.
FG1 # execute ping time.google.com
PING time.google.com (216.239.35.8): 56 data bytes
64 bytes from 216.239.35.8: icmp_seq=0 ttl=43 time=142.7 ms
64 bytes from 216.239.35.8: icmp_seq=1 ttl=43 time=142.7 ms
64 bytes from 216.239.35.8: icmp_seq=2 ttl=43 time=142.2 ms
64 bytes from 216.239.35.8: icmp_seq=3 ttl=43 time=142.6 ms
64 bytes from 216.239.35.8: icmp_seq=4 ttl=43 time=143.0 ms
--- time.google.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 142.2/142.6/143.0 ms
FG1 #
Initial Config
On first
startup, login with admin and no password and it will force you to choose a new
password.
Let’s see
what IPs it has right now.
Port1 will
be the WAN and its picked up a DHCP assignment. Port2 is set for static and has
no IP so we will set it.
First lets
see the current config.
Now set the
static IP and admin access to the interface.
How does it look?
We have now set port2 IP and admin access for the port. Let's try and access the port.
Yes we can
ssh to it!
Finally, lets
set the hostname.
Check version and note how you can use grep. Typing in "?" after "status" wont show you that option.
FG1 # get system status | grep Version
Version: FortiGate-VM64 v6.2.3,build1066,191218 (GA)
Release Version Information: GA
Version: FortiGate-VM64 v6.2.3,build1066,191218 (GA)
Release Version Information: GA
Subscribe to:
Posts (Atom)