1.命令结构
config Configure object. 对策略,对象等进行配置
get Get dynamic and system information. 查看相关关对象的参数信息
show Show configuration. 查看配置文件
diagnose Diagnose facility. 诊断命令
execute Execute static commands. 常用的工具命令,如 ping
2.常用命令1
1、查看主机名,管理端口
FortiGate # show system global
2、查看系统状态信息,当前资源信息
FortiGate # get system performance status
3、查看应用流量统计
FortiGate # get system performance firewall statistics
4、查看arp表
FortiGate # get system arp
5、查看arp丰富信息
FortiGate # diagnose ip arp list
6、清楚arp缓存
FortiGate # execute clear system arp table
7、 查看当前会话表
FortiGate # diagnose sys session stat 或 FortiGate # diagnose sys session full-stat;
8、 查看会话列表
FortiGate # diagnose sys session list
9、查看物理接口状态
FortiGate # get system interface physical
10、查看默认路由配置
FortiGate # show router static
11、查看路由表中的静态路由
FortiGate # get router info routing-table static
12、查看ospf相关配置
FortiGate # show router ospf
13、查看全局路由表
FortiGate # get router info routing-table all
14、查看HA状态
FortiGate # get system ha status
15、查看主备机是否同步
FortiGate # diagnose sys ha showcsum
16、execute 命令:
FortiGate #execute ping 8.8.8.8 //常规ping操作
FortiGate #execute ping-options source 192.168.1.200 //指定ping数据包的源地址 192.168.1.200
FortiGate #execute ping 8.8.8.8 //继续输入ping的目标地址,即可通过192.168.1.200的源地址执行ping操作
FortiGate #execute traceroute 8.8.8.8
FortiGate #execute telnet 2.2.2.2 //进行telnet访问
FortiGate #execute ssh 2.2.2.2 //进行ssh 访问
FortiGate #execute factoryreset //恢复出厂设置
FortiGate #execute reboot //重启设备
FortiGate #execute shutdown //关闭设备
3.常用命令2
1)恢复出厂配置:进入命令行,执行execute factoryrest命令,回车后会提示此操作将会恢复出厂配置,是否继续,输入字母"y"即可
FortiGate #execute factoryreset
This operation will reset the system to factory default!
Do you want to continue? (y/n) y
恢复出厂设置后,管理口地址恢复为192.168.1.99,可通过此地址登陆 https://192.168.1.99,进行管理,用户名和密码分别恢复默认的admin和空。
2)清除当前回话:diagnose sys session clear
注:不会导致断网,但登录防火墙会断开(重连即可)。
3)查看硬盘信息-硬盘:diagnose hardware deviceinfo disk
4)格式化日志硬盘:execute formatlogdisk
5)重启设备:execute reboot
6)恢复出厂设置:execute factoryreset
7)查看HA状态:FortiGate # get system ha status
查看主备机是否同步:FortiGate # diagnose sys ha showcsum
8)查看设备进程信息:diagnose sys top
9)运行状况检查命令
查看系统当前运行状态:get system performance status
4.
1)命令行查看单用户配置
FG300C3912601260 # show user local xinghen
config user local
edit "xinghen"
set type ldap
set two-factor fortitoken
set fortitoken "FTKMOB67CBFFD23E"
set email-to "xinghen1216@hen.com"
set ldap-server "xinghen"
next
end
查看全部配置
FG300C3912601260 # show full-configuration user local xinghen
config user local
edit "xinghen"
set status enable
set type ldap
set two-factor fortitoken
set fortitoken "FTKMOB67CBFFD23E"
set email-to "xinghen1216@hen.com"
set sms-server fortiguard
set sms-phone ''
set authtimeout 0
set auth-concurrent-override disable
set ldap-server "xinghen"
set workstation ''
next
end
2)命令行查看所有用户及用户组
FG300C3912601260 # show user group hris
config user group
edit "hris"
set member "zhaoting5" "lisimin" "zhuyi1" "sunlin3"
next
end
3)命令行查看硬件信息
FGT5HD3915800383 # get hardware
cpu Display detailed information for all installed CPU(s).
memory Display system memory information.
nic Display NIC information.
npu npu
status Hardware status.
5.查看当前的实际全部详细路由:get router info kernel get router info routing-table database
6.查看当前登录的管理员:get system info admin status
FW-1 # get system info admin status Index User name Login type From Logged in users: 1 USERNAME TYPE FROM TIME xinghen ssh 10.10.65.65 Mon Jul 20 16:04:46 2020
断开已登录管理员的会话:execute disconnect-admin-session <index_id>
FW-1 # execute disconnect-admin-session <integer> Index of admin to be disconnected Currently connected admins: INDEX USERNAME TYPE VDOM PROFILE FROM TIME 0 xinghen ssh root super_admin 10.10.65.65 Mon Jul 20 16:04:46 2020
