Difference between revisions of "Basic commands"

From Tech-Wiki
Jump to: navigation, search
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[Category:Fortinet]]
 
[[Category:Fortinet]]
 +
 +
Basic system information - Equivalent to cisco ‘show version’
 +
get sys status
 +
get sys performance status
  
 
Essentials troubleshooting commands:
 
Essentials troubleshooting commands:
Line 10: Line 14:
 
List network interfaces - Equivalent to cisco ‘show ip interfaces brief’
 
List network interfaces - Equivalent to cisco ‘show ip interfaces brief’
 
  diag ip address list
 
  diag ip address list
 +
get sys interface physical
 +
get hardware nic port1
 +
diag hard deviceinfo nic port1
 +
get system interface transceiver port1
 +
fnsysctl ifconfig port1
  
 
List the routing table - Equivalent to cisco ‘show ip route’
 
List the routing table - Equivalent to cisco ‘show ip route’
Line 17: Line 26:
 
Connect to a specific VDOM (change context)
 
Connect to a specific VDOM (change context)
 
  config vdom
 
  config vdom
   edit root  (or edit vdom1)
+
   edit root  (or edit vdom1, or config global)
  
 
Sample network configuration with physical ports and vlans:
 
Sample network configuration with physical ports and vlans:
Line 48: Line 57:
 
  diag netlink brctl name host <vdom.name>.b
 
  diag netlink brctl name host <vdom.name>.b
  
Doing a packet capture (sniffer)
+
Listing a firewall rule
  diag sniffer packet any '!port 22' 4 10 <tsformat>
+
  show firewall policy 6
interfaces=[any]  (interface name can be specified)
+
filters=[!port 22]  (none can be used as well)
+
level=4 (print interface name and header)
+
count=10 (packets to dump)
+
tsformat=l (none specified then relative time, l-localtime)
+
 
+
Packet flow debug - Equivalent to FW Monitor in Check Point, to evaluate the packet being accepted, forwarded or denied:
+
diag debug flow show function enable
+
diag debug flow show console enable
+
diag debug flow filter addr 10.31.101.22
+
diag debug flow filter port 80
+
diag debug enable
+
diag debug flow trace start 100
+
diag debug disable
+
  
VPN debug commands:
+
Disable the ‘more’ at page breaks
  diag vpn ike log filter name <phase1-name>
+
  config sys console
diag vpn ike log filter src-addr4 <peer>
+
  set output standard
diag debug application ike -1 (or 255)
+
diag debug enable
+
diag vpn tunnel list
+
diag vpn tunnel flush  <phase1-name>
+
diag vpn tunnel reset  <phase1-name>
+
diag debug enable (then disable it)
+

Latest revision as of 18:47, 2 December 2020


Basic system information - Equivalent to cisco ‘show version’

get sys status
get sys performance status 

Essentials troubleshooting commands:

exec ping <destination>
exec ping-options source <origin>
exec ping6
exec traceroute <destination>
exec telnet|ssh <destination>

List network interfaces - Equivalent to cisco ‘show ip interfaces brief’

diag ip address list
get sys interface physical
get hardware nic port1
diag hard deviceinfo nic port1
get system interface transceiver port1
fnsysctl ifconfig port1

List the routing table - Equivalent to cisco ‘show ip route’

get router info routing-table all
diag ip route list

Connect to a specific VDOM (change context)

config vdom
 edit root  (or edit vdom1, or config global)

Sample network configuration with physical ports and vlans:

config system interfaces
edit port2
  set ip 163.7.131.4 255.255.255.248
  set vdom root
end
edit vlan.15
  set interface port5
  set vlanid 15
  set ip 163.7.131.4 255.255.255.248
  set vdom root
end

Setting static routes and default gateway

config router static
 edit 1
  set dst 0.0.0.0/0.0.0.0
  set gateway 192.168.0.254
  set device vlan.15
 end

Show arp table

diag ip arp list

Show arp table (in transparent mode)

diag netlink brctl list
diag netlink brctl domain <bridge_name>
diag netlink brctl name host <vdom.name>.b

Listing a firewall rule

show firewall policy 6

Disable the ‘more’ at page breaks

config sys console
  set output standard