Commands of Fortigate

Let's start with some basic commands of Fortigate

This blog is for people who are interested in learning Fortigate firewall with me. I invite all other peers and pioneers who can add some light and new learning to people who are keen to explore features and uses of Fortigate firewalls. The objective of this blog is to learn fortigate firewalls in CLI mode as being an administrator we know that learning CLI is a bit painful process but it's quite easier to manage a box if we are familiar with CLI. So let's start with some basic commands and usage of the fortigate firewall. 

Please google for installation of fortigate firewalls this tutorial will guide us from setting up fortigate firewall for GUI access. Our first command on Fortigate firewall starts with changing the hostname:-

changing firewall name is a global command which can be executed in global mode.

config sytem global

set hostname practicelab-fw1

end

Note:- Changes won't take effect until end command is executed..

Getting familiar with show commands to verify or see device configurations

Date &  Time..

execute date

execute time

Verify interface status on firewall..

show system interface ?

Verify interface config..

show system interface port2

"show" command can be to view running config of the firewall

To generate continuous output on console for taking running config backup of firewall which is equivalent to "term len 0" command on Cisco following commands can be used which will generate continuous output without pressing spacebar.

config system console

set output standard

end

To limit output on console..

config system console

set output more

end

To view routing table info..

get route info routing-table all

To view the IPsec monitor..

To monitor SSL-VPN users..

To be continued...

Fortigate VDOM

 By default VDOM feature is disabled on the firewall and this has to be enabled..

There are two ways to enable this feature either via GUI or CLI but we will focus here on the CLI

Following commands will enable VDOMs on Fortigate firewall..

config system global

set vdom-admin enable

end

To Disable VDOM

config global

    config system global

        set vdom-admin disable

    next

end

Now we will talk about VDOM and global settings..

Settings that we configure outside a VDOM are called Global settings which will affect entire 

Fortigate including areas such as Interface, DNS, Firmware, Fortianalyzer, SNMP & Sandbox etc and

should always be done b a security expert.

After enabling settings for VDOM admin accounts with Super_admin profile can access settings for both 

Global and VDOM settings. Other admins can configure only the VDOM they are assigned to.

Following commands are used for changing GLOBAL and VDOM settings...

For Global

config global

For VDOM

config vdom

    edit <vdom_name>