Scribd Logo
Cargar

¡Te damos la bienvenida a Scribd!

  • 628 vistas

    Fortigate CLI - Comandos Útiles I

    Cargado por

    Fernando Raza Céspedes
    Comandos utiles para usar en cli de Fortigate

    Copyright:

    © All Rights Reserved
    Descargue como PDF, TXT o lea en línea desde Scribd

    Fortigate CLI - Comandos Útiles I

    Cargado por

    Fernando Raza Céspedes
    628 vistas3 páginas
    Comandos utiles para usar en cli de Fortigate

    Título original

    Fortigate CLI __ Comandos Útiles I

    Derechos de autor

    © © All Rights Reserved

    Formatos disponibles

    PDF, TXT o lea en línea desde Scribd

    ¿Le pareció útil este documento?

    ¿Este contenido es inapropiado?

    Comandos utiles para usar en cli de Fortigate

    Copyright:

    © All Rights Reserved
    Descargue como PDF, TXT o lea en línea desde Scribd
    Descargar como pdf o txt
    628 vistas3 páginas

    Fortigate CLI - Comandos Útiles I

    Cargado por

    Fernando Raza Céspedes
    Comandos utiles para usar en cli de Fortigate

    Copyright:

    © All Rights Reserved
    Descargue como PDF, TXT o lea en línea desde Scribd
    Descargar como pdf o txt
    de 3

    4/7/2015

    FortigateCLI::ComandostilesI

    (http://stackfire.com)

    Stackfire(http://stackfire.com)
    Productos&Servicios(http://stackfire.com/portfolio/)
    CloudServices
    Blog(http://stackfire.com/blog/)
    Cursos(http://www.stackfire.com)
    Contacto(http://stackfire.com/contacto/)

    Blog

    FortigateCLI::ComandostilesI(http://stackfire.com/fortigatecli
    comandosutilesi/)
    Bysoporte(http://stackfire.com/author/soporte/)
    octubre16,2014
    0comments(http://stackfire.com/fortigateclicomandosutilesi/#respond)
    Fortinet(http://stackfire.com/category/fortinet/),SeguridadInformtica(http://stackfire.com/category/seguridadinformatica/)
    SeguramentetodosconocemoselenlacealadocumentacintcnicadeFortinet:http://docs.fortinet.com,peronosolopodemosencontrarinformacintcnicaenestesitioweb,existenvideos,recursosHTML,etc.quenospuedenservirde
    ayudayquecomentaremosenesteartculo.
    EstaseriedepublicacionestieneelobjetivodeincrementarlainformacindelaterminaldecomandosdelappliancellamadaFortinetCLI.Lossiguienteseslaprimerentregadeunlistadodecomandosgeneralesdegranayudaparatodoslos
    administradoresdesistemas.
    Mostrarlaconfiguracingeneraldelapplianceyestadodelosmdulos:

    myfirewall1 # get sys status


    Version: Fortigate-50B v4.0,build0535,120511 (MR3 Patch 7)
    Virus-DB: 14.00000(2011-08-24 17:17)
    Extended DB: 14.00000(2011-08-24 17:09)
    IPS-DB: 3.00150(2012-02-15 23:15)
    FortiClient application signature package: 1.529(2012-10-09 10:00)
    Serial-Number: FGT50B1234567890
    BIOS version: 04000010
    Log hard disk: Not available
    Hostname: myfirewall1
    Operation Mode: NAT
    Current virtual domain: root
    Max number of virtual domains: 10
    Virtual domains status: 1 in NAT mode, 0 in TP mode
    Virtual domain configuration: disable
    FIPS-CC mode: disable
    Current HA mode: standalone
    Distribution: International
    Branch point: 234
    Release Version Information: MR3 Patch 7
    System time: Thu Nov 15 13:12:30 2012
    Mostrarlasestadsticasdeltrficohastaelmomento:

    myfirewall1 # get system performance firewall statistics


    getting traffic statistics...
    Browsing: 544083 packets, 80679942 bytes
    DNS: 19333 packets, 2400831 bytes
    E-Mail: 52 packets, 3132 bytes
    FTP: 0 packets, 0 bytes
    Gaming: 0 packets, 0 bytes
    IM: 0 packets, 0 bytes
    Newsgroups: 0 packets, 0 bytes
    P2P: 0 packets, 0 bytes
    Streaming: 0 packets, 0 bytes
    TFTP: 0 packets, 0 bytes
    VoIP: 0 packets, 0 bytes
    Generic TCP: 13460 packets, 1301879 bytes
    Generic UDP: 7056 packets, 647156 bytes
    Generic ICMP: 172 packets, 11804 bytes
    Generic IP: 26 packets, 832 bytes
    MostrarelestadodelCPUytiempoprendido:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10

    myfirewall1 # get system performance status


    CPU states: 0% user 0% system 0% nice 100% idle
    CPU0 states: 0% user 0% system 0% nice 100% idle
    Memory states: 48% used
    Average network usage: 1 kbps in 1 minute, 0 kbps in 10 minutes, 0 kbps in 30 minutes
    Average sessions: 0 sessions in 1 minute, 0 sessions in 10 minutes, 0 sessions in 30 minutes
    Average session setup rate: 0 sessions per second in last 1 minute, 0 sessions per second in last 10 minutes, 0 sessions per second in last 30 minutes
    Virus caught: 0 total in 1 minute
    IPS attacks blocked: 0 total in 1 minute
    Uptime: 24 days, 11 hours, 25 minutes

    MostrarelusodelCPUordenadoporlosprocesosdemayorpeso:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23

    myfirewall1 # get system performance top


    Run Time: 24 days, 11 hours and 26 minutes
    0U, 0S, 100I; 249T, 119F, 60KF
    initXXXXXXXXXXX 1 S 0.0 4.5
    cmdbsvr 23 S 0.0 6.8
    zebos_launcher 27 S 0.0 4.7
    uploadd 28 S 0.0 4.6
    miglogd 29 S 0.0 5.9
    miglogd 30 S 0.0 4.6
    httpsd 31 S 0.0 7.0
    nsm 32 S 0.0 1.1
    ripd 33 S 0.0 0.9
    ripngd 34 S 0.0 0.9
    ospfd 35 S 0.0 0.9
    proxyd 36 S 0.0 4.6
    wad_diskd 37 S 0.0 4.6
    scanunitd 38 S < 0.0 4.9
    ospf6d 39 S 0.0 0.9
    bgpd 40 S 0.0 1.0
    isisd 41 S 0.0 0.9
    proxyacceptor 42 S 0.0 0.7
    proxyworker 43 S 0.0 1.8
    getty 44 S < 0.0 4.6

    MostrarelestadodelmdulodeHighAvailability:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10

    myfirewall1 # get sys ha status


    Model: 311
    Mode: a-p
    Group: 0
    Debug: 0
    ses_pickup: enable
    Master:254 myfirewall1 FG311B1111111111 0
    Slave :128 myfirewall2 FG311B1111111112 1
    number of vcluster: 1
    vcluster 1: work 10.0.0.1

    http://stackfire.com/fortigateclicomandosutilesi/

    1/3

    4/7/2015

    FortigateCLI::ComandostilesI

    10 vcluster 1: work 10.0.0.1


    11 Master:0 FG311B1111111111
    12 Slave :1 FG311B1111111112
    VerificarlatabladesesionesdelFirewall:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21

    myfirewall1 # diag sys session full-stat


    session table: table_size=65536 max_depth=1 used=2
    expect session table: table_size=1024 max_depth=0 used=0
    misc info: session_count=1 setup_rate=0 exp_count=0 clash=0
    memory_tension_drop=0 ephemeral=0/16368 removeable=0 ha_scan=0
    delete=0, flush=0, dev_down=0/0
    TCP sessions:
    1 in ESTABLISHED state
    firewall error stat:
    error1=00000000
    error2=00000000
    error3=00000000
    error4=00000000
    tt=00000000
    cont=00000000
    ids_recv=00000000
    url_recv=00000000
    av_recv=00000000
    fqdn_count=00000000
    tcp reset stat:
    syncqf=0 acceptqf=0 no-listener=11025 data=0 ses=0 ips=0

    Lasiguientelistatieneunasolasesin,quepuedeserunasolicituddeDNSde192.168.227.97a.theservidordns65.39.139.53:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15

    myfirewall # diag sys session list


    session info: proto=17 proto_state=01 duration=2214 expire=123 timeout=0 flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=3
    origin-shaper=
    reply-shaper=
    per_ip_shaper=
    ha_id=0 hakey=28310
    policy_dir=0 tunnel=/
    state=local
    statistic(bytes/packets/allow_err): org=5095/76/1 reply=8757/75/1 tuples=2
    orgin->sink: org out->post, reply pre->in dev=10->12/12->10 gwy=0.0.0.0/192.168.227.97
    hook=out dir=org act=noop 192.168.227.97:54223->65.39.139.53:53(0.0.0.0:0)
    hook=in dir=reply act=noop 65.39.139.53:53->192.168.227.97:54223(0.0.0.0:0)
    misc=0 policy_id=0 auth_info=0 chk_client_info=0 vd=0 serial=0047c5b4 tos=ff/ff imp2p=0 app=0
    dd_type=0 dd_rule_id=0
    total session 7

    Aunqueesdemuchomayorutilidadsiseutilizaunfiltroparabuscarunasesinenparticular:

    1 myfirewall1 # diagnose sys session filter src 192.168.227.129


    2 myfirewall1 # diag sys session list
    Documentosaadidosoactualizadosrecientemente
    EstossonlosdocumentosquesehanincorporadooaadidoenelWebSitededocumentacin(http://docs.fortinet.com(http://docs.fortinet.com/)):
    FortiGate/FortiOS
    WhatsNewforFortiOS5.2(http://docs.fortinet.com/uploaded/files/1912/fortigatewhatsnew52patch1.pdf)(Actualizado)
    FortiOS5.2.1MaximumValuesTables(http://docslegacy.fortinet.com/fgt/handbook/52/521/maxvalues/maxvalues.html)(Actualizado)FortiAnalyzer
    FortiAnalyzer3900EQuickStartGuide(http://docs.fortinet.com/uploaded/files/2130/FortiAnalyzer3900EQuickStart%20%20Online.pdf)(Nuevo)
    FortiAnalyzer3500EQuickStartGuide(http://docs.fortinet.com/uploaded/files/2129/FortiAnalyzer3500EQuickStart%20%20online.pdf)(Nuevo)
    FortiAnalyzer5.0.8Datasets(http://docs.fortinet.com/uploaded/files/2126/FortiAnalyzer_Dataset_Dictionary.pdf)(Nuevo)
    FortiAnalyzer5.2.0CLIReference(http://docs.fortinet.com/uploaded/files/2090/fortianalyzercli520.pdf)(Actualizado)
    FortiAnalyzer5.0.6CLIReference(http://docs.fortinet.com/uploaded/files/1772/FortiAnalzyer506CLIReference.pdf)(Actualizado)FortiManager
    FortiManager5.2.0AdministrationGuide(http://docs.fortinet.com/d/fortimanager5.2.0administrationguide)(Nuevo)
    FortiManager5.2.0CLIReference(http://docs.fortinet.com/uploaded/files/2089/fortimanagercli520.pdf)(Actualizado)
    VMInstallGuideforVMware(http://docs.fortinet.com/uploaded/files/1128/FortiManagerVMVMwareInstallGuide.pdf)(Nuevo)
    FortiManager5.0.7CLIReference(http://docs.fortinet.com/uploaded/files/2000/fortimanagercli507.pdf)(Actualizado)
    FortiManager5.0.6CLIReference(http://docs.fortinet.com/uploaded/files/1771/FortiManager506CLIReference.pdf)(Actualizado)FortiClient
    FortiClient(Windows)5.2.1AdministrationGuide(http://docs.fortinet.com/uploaded/files/1975/forticlientadmin52.pdf)(Nuevo)
    FortiClient(MacOSX)5.2.1AdministrationGuide(http://docs.fortinet.com/uploaded/files/1976/forticlientadmin52.pdf)(Nuevo)
    FortiClient(Android)5.2.3UserGuide(http://docs.fortinet.com/uploaded/files/1961/forticlientandroiduserguidev52.pdf)(Actualizado)
    FortiClientVPN(Android)5.2.3UserGuide(http://docs.fortinet.com/d/forticlientvpnandroid5.2userguide)(Actualizado)
    FortiMail
    WhatsNewforFortiMail5.2.0(http://docs.fortinet.com/uploaded/files/2105/fortimailwhatsnew520.pdf)(Nuevo)
    FortiMail5.2.0AdministrationGuide(http://docs.fortinet.com/uploaded/files/2093/fortimailadmin520.pdf)(Actualizado)
    FortiWeb
    FortiWebVM5.3InstallGuide(http://docs.fortinet.com/uploaded/files/1973/FortiWebVM_5_3_Install_Guide_Revision2.pdf)(Actualizado)
    FortiWeb5.3AdministrationGuide(HTML)(http://docslegacy.fortinet.com/fweb/admin_hlp/530/index.html)(Actualizado)
    FortiWeb5.3AdministrationGuide(PDF)(http://docs.fortinet.com/uploaded/files/2108/FortiWeb_5_3_Administration_Guide_Revision1.pdf)(Nuevo)
    FortiWeb5.3LogReference(PDF)(http://docs.fortinet.com/uploaded/files/2125/FortiWeb_5_3_Log_Reference_Revision1.pdf)(Actualizado)
    FortiWeb5.3CLIReference(HTML)(http://docslegacy.fortinet.com/fweb/520/cli/index.html)(Actualizado)
    FortiController
    FortiControllerSessionAwareLoadBalancingGuide(http://docs.fortinet.com/uploaded/files/2039/forticontrollersessionawareloadbalancing50.pdf)(Actualizado)
    FortiConverter
    FortiConverter4.5UserGuide(http://docs.fortinet.com/uploaded/files/2127/FortiConverter_4_5_0_User_Guide_Revision1.pdf)
    FortiADC
    FortiADCESeriesHelp(http://docslegacy.fortinet.com/fadc/404/htmle/Index.htm)(Actualizado)
    FortiADCESeriesHandbook(http://docs.fortinet.com/d/fortiadceseriesfortiadchandbookforeseriesmodels3)(Actualizado)
    FortiDDoS
    FortiDDoS4.1Patch2Handbook(http://docs.fortinet.com/uploaded/files/2071/FortiDDoS_4_1_Patch_2_Handbook_Revision1.pdf)(Nuevo)
    FortiSandbox
    FortiSandbox1.4AdministrationGuide(http://docs.fortinet.com/uploaded/files/2077/fortisandboxadminv1.4.pdf)(Actualizado)
    FortiSandboxVMwareInstallGuide(http://docs.fortinet.com/uploaded/files/2107/fortisandboxvmvmwareinstallguide.pdf)(Nuevo)
    ParamayorinformacinconsultaelmanualdereferenciadeFortinet
    http://docslegacy.fortinet.com/fweb/520/cli/index.html#page/FortiWeb%2520CLI%2520Reference/introduction.html(%20http://docslegacy.fortinet.com/fweb/520/cli/index.html#page/FortiWeb%2520CLI%2520Reference/introduction.html)

    LeaveaReply
    Tudireccindecorreoelectrniconoserpublicada.Loscamposnecesariosestnmarcados*
    Name

    Email

    URL
    Message

    PuedesusarlassiguientesetiquetasyatributosHTML(HyperTextMarkupLanguage):
    <ahref=""title=""><abbrtitle=""><acronymtitle=""><b><blockquotecite=""><cite><codeclass=""title=""dataurl=""><deldatetime=""><em><i><qcite=""><s><strike><strong><preuser=""computer=""escaped=""class=""title=""dataurl=""><spanclass=""title=""dataurl="">

    Submit
    Recibirunemailconlossiguientescomentariosaestaentrada.
    Recibirunemailconcadanuevaentrada.

    Search

    Search

    Publicaciones
    marzo2015(http://stackfire.com/2015/03/)(1)
    noviembre2014(http://stackfire.com/2014/11/)(2)
    octubre2014(http://stackfire.com/2014/10/)(2)
    septiembre2014(http://stackfire.com/2014/09/)(2)

    http://stackfire.com/fortigateclicomandosutilesi/

    2/3

    4/7/2015

    FortigateCLI::ComandostilesI

    septiembre2014(http://stackfire.com/2014/09/)(2)
    agosto2014(http://stackfire.com/2014/08/)(1)

    Categoras
    Apple(http://stackfire.com/category/apple/)
    Blog(http://stackfire.com/category/blog/)
    Desarrollo(http://stackfire.com/category/desarrollo/)
    Fortinet(http://stackfire.com/category/fortinet/)
    Microsoft(http://stackfire.com/category/microsoft/)
    SeguridadInformtica(http://stackfire.com/category/seguridadinformatica/)
    Uncategorized(http://stackfire.com/category/uncategorized/)

    Stackfire
    611Megusta

    Megustaestapgina

    Selprimerodetusamigos
    enindicarquetegustaesto.

    RioAmur#30,Col.CuauhtmocCP.01209,MxicoD.F.
    +5212091804VentasExt.101SoporteExt.102CorporativosExt.103
    [email protected]

    Copyright2015Stackfire.AllRightsReserved.

    PoweredbyStackfire(http://www.stackfire.com)

    http://stackfire.com/fortigateclicomandosutilesi/

    3/3

    También podría gustarte