1-1 Basic Settings

Learning Objectives

• Create a basic configuration in FortiGate

• Identify CLI commands in FortiGate

• Create an IP access in FortiGate

• Create a DHCP server in FortiGate

• Backups and Restore configuration in FortiGate

This exercise will access a FortiGate device using the command-line interface (CLI). Setup your GNS3 and try to connect to FortiGate through WebTerm.

Figure 1-1: main scenario

Explore the CLI

To explore the CLI, from the GNS3 double click on FortiGate to open the console. In the Password field, type <the default password is blank>, and then press enter.

Enter the following command:

get system status

Figure 1-2: get system status output

This command displays basic status information about FortiGate. The output includes FortiGate’s serial number, operation mode, and a lot of useful information. When the More prompt appears on the CLI, do one of the following:

• To continue scrolling Space bar

• To scroll one line at a time Enter

• Enter the following command: get ?

The ? character is not displayed on the screen.

This command shows all of the options that the CLI will accept after the # get command. Depending on the command, you may need to enter additional words to completely specify a configuration option.

• Enter the following command: execute ?

• This command lists all options that the CLI will accept after the execute command.

• Type exe, and then press the Tab key. Notice that the CLI completes the current word.

• Press the space bar and then press the Tab key three times.

• Each time you press the Tab key, the CLI replaces the second word with the next possible option for the execute command, in alphabetical order.

You can abbreviate most commands. In this book, many of the commands that you see will be in abbreviated form. For example, instead of typing execute, you can type exe.

Use this technique to reduce the number of keystrokes that are required to enter a command. Often, experts can configure FortiGate faster using the CLI than the GUI.

Configuration Check configuration

# show

# show | grep xxxx

# show full-configuration

#show full-configuration | grep XXXX

#show full-configuration | grep -f XXXX ← display with tree view

Network

Check Routing

# get router info routing-table detail

# show router static

# config router static

(static) # show

(static) # end

Check Firewall Policy

# show firewall policy

# show firewall policy XXXX

# config firewall policy

(policy) # show

Hardware

Check Hardware Information

# get hardware status

Check Version, BIOS, Firmware, etc

# get system status

Check version

# get system status

Display CPU / memory / line usage

# get system performance status

Display of NTP server

# get system ntp

Display the current time and the time of synchronization with the NTP server

# execute time

Check interfaces status , Up or Down

# get system interface physical

Check interfaces

# config system interface

(interface) # show

(interface) # end

Display of ARP table

# get system arp

High Availability (HA)

Check HA Status

# get system ha status

Check HA Configuration

# get system ha

# show system ha

Network Time Protocol (NTP)

Check NTP

# execute time

# get system ntp

# diagnose sys ntp status

show system interface port3

Figure 1-3: Configuration of port3

Enter the following command:

show full-configuration system interface port3

Figure 1-4: show full-configuration of port3

Enter the following command:

show system interface

For setting an IP address on the port1:

#config system interface

#edit port1

#set mode static

#set ip 192.168.10.1 255.255.255.0

#set allowaccess ping ssh http https

#end