Tappez ceci en ligne de commande : diagnose sys checkused system.interface.name “Nom de l’Interface”

Tagged with:  
  • To validate the actual interface speed, type the following command :
<b>get system interface physical

 

  • To configure the speed, type the following comand :
</p><p><b>config system interface</b></p><p><strong>edit interface</strong> (interface is the interface name)</p><p><strong>set speed xxxFull </strong>(see following screenshot for options)</p><p><strong>end</strong></p><p>

Tagged with:  
 execute dhcp lease-list internal
Tagged with:  
config system ddns
end
  • Here are the supported server (5.0.6) :
</div>
<div></div>
<div>

FortiGuardDDNS FortiGuard DDNS service.
dhs.org members.dhs.org
dipdns.net dipdnsserver.dipdns.com
dyndns.org members.dyndns.org and dnsalias.com
dyns.net www.dyns.net
easydns.com members.easydns.com
genericDDNS Generic DDNS based on RFC2136.
now.net.cn ip.todayisp.com
ods.org ods.org
tzo.com rh.tzo.com
vavic.com Peanut Hull

Tagged with:  

1. Validate disk status with this command : get system status

2. Most of em show a status : disk need formating

3. To format the disk : execute formatdisklog (il demande une confirmation et un reboot)

4. Once the device has rebooted :

– config log disk setting

– set status enable

5. In the log configuration section in the GUI, make sure that log writing is change to : log to disk

Tagged with:  

– Run the following command to enable debug :

  • diag debug enable

– Run the following command to display IPSEC message:

  • diag debug app ike -1

– To stop debug message display :

  • Diag debug disable
  • Diag debug app ike 0
Tagged with:  

How to run a debug on a Fortinet firewall

On 25 February 2011, in Fortinet, Pare-Feux, by Himselff

Exercise 5 Debug Flow

1 From the CLI, type the following command to clear the session table:

diag sys session clear

If connecting to the CLI using SSH or Telnet, a log in will be required.

2 Type the CLI commands shown below to configure the debug flow to trace the route selection and session establishment for an HTTP connection to www.fortinet.com.

Use nslookup to confirm the address for www.fortinet.com.

Enter the following commands:

diag debug enable

diag debug flow filter addr

diag debug flow show console enable

diag debug flow show function-name enable

diag debug flow trace start 100

3 From a web browser connect to the following URL and observe the debug flow trace.

http://www.fortinet.com

Depending on the FortiGate model being used, the output displayed may vary slightly.

SYN packet received:

id=36870 trace_id=1 func=resolve_ip_tuple_fast line=3395 msg=”vd-root received a packet(proto=6, 192.168.1.110:1849->208.70.202.225:80) from internal.”

SYN sent and a new session is allocated:

id=36870 trace_id=1 func=resolve_ip_tuple line=3522 msg=”allocate a new session-00000483″

Lookup for next-hop gateway address:

id=36870 trace_id=1 func=vf_ip4_route_input line=1595 msg=”find a route: gw-192.168.3.254 via wan1″

Source NAT, lookup next available port:

id=36870 trace_id=1 func=get_new_addr line=1615 msg=”find SNAT: IP-192.168.3.10, port-44977″

Matched firewall policy. Check to see which policy this session matches:

id=36870 trace_id=1 func=fw_forward_handler line=463 msg=”Allowed by Policy-1: SNAT”

Apply source NAT:

id=36870 trace_id=1 func=__ip_session_run_tuple line=1840 msg=”SNAT 192.168.1.110->192.168.3.10:44977″

SYN ACK received:

id=36870 trace_id=2 func=resolve_ip_tuple_fast line=3395 msg=”vd-root received a packet(proto=6, 208.70.202.225:80->192.168.3.10:44977) from wan1.”

Found existing session ID. Identified as the reply direction:

id=36870 trace_id=2 func=resolve_ip_tuple_fast line=3433 msg=”Find an existing session, id-00000483, reply direction”

Apply destination NAT to inverse source NAT action:

id=36870 trace_id=2 func=__ip_session_run_tuple line=1854 msg=”DNAT 192.168.3.10:44977->192.168.1.110:1849″

Lookup for next-hop gateway address for reply traffic:

id=36870 trace_id=2 func=vf_ip4_route_input line=1595 msg=”find a route: gw-192.168.1.110 via internal”

ACK received:

id=36870 trace_id=3 func=resolve_ip_tuple_fast line=3395 msg=”vd-root received a packet(proto=6, 192.168.1.110:1849->208.70.202.225:80) from internal.”

Match existing session in the original direction:

id=36870 trace_id=3 func=resolve_ip_tuple_fast line=3433 msg=”Find an existing session, id-00000483, original direction”

Apply source NAT:

id=36870 trace_id=3 func=ip_session_run_all_tuple line=4378 msg=”SNAT 192.168.1.110->192.168.3.10:44977″

Receive data from client:

id=36870 trace_id=4 func=resolve_ip_tuple_fast line=3395 msg=”vd-root received a packet(proto=6, 192.168.1.110:1849->208.70.202.225:80) from internal.”

Match existing session in the original direction:

id=36870 trace_id=4 func=resolve_ip_tuple_fast line=3433 msg=”Find an existing session, id-00000483, original direction”

Apply source NAT:

id=36870 trace_id=4 func=ip_session_run_all_tuple line=4378 msg=”SNAT 192.168.1.110->192.168.3.10:44977″

Receive data from server:

id=36870 trace_id=5 func=resolve_ip_tuple_fast line=3395 msg=”vd-root received a packet(proto=6, 208.70.202.225:80->192.168.3.10:44977) from wan1.”

Match existing session in reply direction:

id=36870 trace_id=5 func=resolve_ip_tuple_fast line=3433 msg=”Find an existing s ession, id-00000483, reply direction”

Apply destination NAT to inverse source NAT action:

id=36870 trace_id=5 func=ip_session_run_all_tuple line=4390 msg=”DNAT 192.168.3.10:44977->192.168.1.110:1849″

4 Enter the following command to disable the debug flow trace:

diag debug flow trace stop

5 Disable the special-web policy.

Tagged with: