On github, you can download a Firewall Inspection Tester. This one is tested with Ubuntu (tested with 18.04 and 20.04).You can download it at: https://github.com/gahlberg/fit?search=1 Here the commands on openSUSE Leap 15.5: cd /home zypper install vim git python3-pip pip3 install click==6.6 requests==2.10.0 selenium==2.53.6 requests-toolbelt==0.7.0 git clone https://github.com/gahlberg/fit.git cd ./fit chmod 700 repeatFit.py chmod 700 […]
Category: Archive
set source-ip
Where can “set source-ip” be used.FortiGate 60E 7.0.5 config system dns set source-ip 0.0.0.0 config system sflow set source-ip 0.0.0.0 config system netflow set source-ip 0.0.0.0 config system snmp user edit “snmp-user” set source-ip 0.0.0.0 config system fortiguard set source-ip 0.0.0.0 config log fortiguard setting set source-ip 0.0.0.0 config log fortianalyzer setting set source-ip 0.0.0.0 […]
Just for fun – FortiGate HA 4-node cluster
FortiGate 100D v6.2.10 build1263
FortiAnalyzer query examples
Log View ==> FortiGate ==> Application Control (apprisk=high or apprisk=critical) and -action=block
FortiGate / FortiManager TCL script example
Creating 150 address with a TCL-script #! proc do_cmd {cmd} { puts [exec “$cmd\n” “# ” 15] } set numhosts 150 do_cmd “config firewall address” for {set i 12} {$i <= $numhosts} {incr i} { do_cmd “edit host-$i” do_cmd “set subnet 192.168.21.$i/32” do_cmd “next” } do_cmd “end”
FortiGate CLI
get get router info routing-table all get router info routing-table database get router info routing-table ospf get router info ospf neighbor get system arp get system arp | grep 192.168.1.10 get system source-ip status get ipsec tunnel list get vpn ipsec tunnel details execute execute router clear ospf process execute ping 8.8.8.8 execute disk FortiGate-600D […]
default-information originate
Cisco 1841Version 12.4(25f) When to distribute the default gateway of this router to other routing devices with OSPF: ! router ospf 1 router-id 0.0.0.1 log-adjacency-changes network 192.168.11.0 0.0.0.255 area 0.0.0.0 network 192.168.12.0 0.0.0.255 area 0.0.0.0 network 192.168.13.0 0.0.0.255 area 0.0.0.0 network 192.168.14.0 0.0.0.255 area 0.0.0.0 default-information originate !
openSUSE serial console
How to start a serial console connection to for instance a FortiGate firewall. screen /dev/ttyS0 9600
Windows 10 DNS change registry with CLI
How to manually change the DNS setting in Windows 10, with CLI.I created two small CMD-files, one for Google DNS, and one for a local DNS, and placed them on my Desktop. The “reg add” line all on 1 line. Replace the Interfaces with your own. Google DNS @ECHO OFF CLS reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1x0x0x6x-3×78-4×79-9x3x-87x8766xxx7x} /v […]
Tunnel and OSPF
Here an example of 1 corporate router with connections to 3 branche routers. Each connection is with a serial interface. The routing is done with OSPF.The example is created with Cisco Packet Tracer. Partial running-config of CORP CORP# ! OUTPUT OMITTED ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface Tunnel0 ip address 10.0.10.1 255.255.255.252 […]