Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
99 views

Console Output

The document contains output from a FortiGate firewall showing the configuration of FortiGuard services and interfaces. It displays the current ping options, performs pings to internal and external IP addresses, and lists the FortiGate interfaces and their configurations. It also shows the configuration of FortiGuard services including the servers used, licenses, and settings.

Uploaded by

Manuel Germano
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
99 views

Console Output

The document contains output from a FortiGate firewall showing the configuration of FortiGuard services and interfaces. It displays the current ping options, performs pings to internal and external IP addresses, and lists the FortiGate interfaces and their configurations. It also shows the configuration of FortiGuard services including the servers used, licenses, and settings.

Uploaded by

Manuel Germano
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 10

FW_DC_01 (root) # exec ping-options view-settings

Ping Options:
Repeat Count: 5
Data Size: 56
Timeout: 2
Interface: auto
Interval: 1
TTL: 64
TOS: 0
DF bit: unset
Source Address: auto
VRF: 0
Pattern:
Pattern Size in Bytes: 0
Validate Reply: no
Adaptive Ping: disable
Use SD-WAN: no

Default Ping Options:


Repeat Count: 5
Data Size: 56
FW_DC_01 (root) # exec ping 10.254.209.19
PING 10.254.209.19 (10.254.209.19): 56 data bytes
64 bytes from 10.254.209.19: icmp_seq=0 ttl=128 time=1.9 ms
64 bytes from 10.254.209.19: icmp_seq=1 ttl=128 time=0.6 ms
64 bytes from 10.254.209.19: icmp_seq=2 ttl=128 time=0.5 ms
^C
--- 10.254.209.19 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.5/1.0/1.9 ms

FW_DC_01 (root) # exec ping services.fortiguard.net


Unable to resolve hostname.

FW_DC_01 (root) # show sys interface


name Name.
BACKUP_ISCSI static 0.0.0.0 0.0.0.0 192.168.130.11 255.255.255.0 up disable
vlan enable
CCTV static 0.0.0.0 0.0.0.0 10.254.219.11 255.255.255.0 up disable vlan
enable
Connectis static 0.0.0.0 0.0.0.0 102.36.227.242 255.255.255.248 up disable
vlan enable
DMZ static 0.0.0.0 0.0.0.0 172.25.250.251 255.255.255.0 up disable vlan
enable
DMZVLINK0 static 0.0.0.0 0.0.0.0 172.16.20.253 255.255.255.252 up disable
vdom-link enable
DMZVLINK1 static 0.0.0.0 0.0.0.0 172.16.20.254 255.255.255.252 up disable
vdom-link enable
DMZ_LINK static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable aggregate
enable
Desenvolvimento static 0.0.0.0 0.0.0.0 192.168.20.11 255.255.255.0 up
disable vlan enable
INM_Redundant static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable tunnel
enable
INTERLIGACAO static 0.0.0.0 0.0.0.0 10.254.215.11 255.255.255.0 up disable
vlan enable
LINKNFNSSDSCP01 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable
aggregate enable
LINK_BAI static 0.0.0.0 0.0.0.0 10.10.50.4 255.255.255.0 up disable vlan
enable
LINK_BAI_DR static 0.0.0.0 0.0.0.0 10.10.60.4 255.255.255.0 up disable
vlan enable
Link_wan2 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable aggregate
enable
MGMT_DATACENTER static 0.0.0.0 0.0.0.0 10.254.214.11 255.255.255.0 up
disable vlan enable
NOSSAUCALL_ITA static 0.0.0.0 0.0.0.0 72.72.72.2 255.255.255.255 up disable
tunnel enable
NOSSAUCALL_Unit static 0.0.0.0 0.0.0.0 70.70.70.2 255.255.255.255 up
disable tunnel enable
PRODUCAO static 0.0.0.0 0.0.0.0 192.168.1.1 255.255.255.0 up disable vlan
enable
REDE_BACKUP static 0.0.0.0 0.0.0.0 10.254.218.11 255.255.255.0 up disable
vlan enable
REDE_CORE static 0.0.0.0 0.0.0.0 10.254.220.131 255.255.255.0 up disable
vlan enable
REDE_DESENVOLVI static 0.0.0.0 0.0.0.0 10.254.217.131 255.255.255.0 up
disable vlan enable
REDE_TESTE static 0.0.0.0 0.0.0.0 10.254.216.131 255.255.255.0 up disable
vlan enable
RELOGIO_PONTO static 0.0.0.0 0.0.0.0 10.254.213.131 255.255.255.0 up
disable vlan enable
SERVERFARM_NET static 0.0.0.0 0.0.0.0 10.254.221.11 255.255.255.0 up
disable vlan enable
SERVERFARM_SYST static 0.0.0.0 0.0.0.0 10.254.209.131 255.255.255.0 up
disable vlan enable
SERVER_DATABASE static 0.0.0.0 0.0.0.0 10.254.210.131 255.255.255.0 up
disable vlan enable
SERVER_FRONTEND static 0.0.0.0 0.0.0.0 10.254.211.131 255.255.255.0 up
disable vlan enable
SQL static 0.0.0.0 0.0.0.0 192.168.4.11 255.255.255.0 up disable vlan
enable
STORAGE_ISCSI static 0.0.0.0 0.0.0.0 10.254.212.131 255.255.255.0 up
disable vlan enable
UCALL_CONNECTIS static 0.0.0.0 0.0.0.0 10.20.1.2 255.255.255.252 up disable
vlan enable
UPS_APC static 0.0.0.0 0.0.0.0 192.168.60.254 255.255.255.0 up disable
vlan enable
WIFI_Aggregate static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable
aggregate enable
WIFI_COL static 0.0.0.0 0.0.0.0 10.254.105.254 255.255.255.0 up disable
vlan enable
WIFI_Device static 0.0.0.0 0.0.0.0 10.254.206.254 255.255.255.0 up disable
vlan enable
WIFI_GUEST static 0.0.0.0 0.0.0.0 10.254.205.254 255.255.255.0 up disable
vlan enable
WiFiVDevice0 static 0.0.0.0 0.0.0.0 172.16.20.10 255.255.255.252 up disable
vdom-link enable
WiFiVDevice1 static 0.0.0.0 0.0.0.0 172.16.20.9 255.255.255.252 up disable
vdom-link enable
WiFiVGuest0 static 0.0.0.0 0.0.0.0 172.16.20.2 255.255.255.252 up disable
vdom-link enable
WiFiVGuest1 static 0.0.0.0 0.0.0.0 172.16.20.1 255.255.255.252 up disable
vdom-link enable
WiFi_Agregatie static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable
aggregate enable
dmz static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 down disable redundant enable
ha static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical enable
lan static 0.0.0.0 0.0.0.0 192.168.90.254 255.255.255.0 down disable
redundant enable
link_wan static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable aggregate
enable

FW_DC_01 (root) # config sys fortiguard

command parse error before 'fortiguard'


Command fail. Return code 1

FW_DC_01 (root) # end

FW_DC_01 # config global

FW_DC_01 (global) # config sys fortiguard

FW_DC_01 (fortiguard) # get


fortiguard-anycast : disable
protocol : udp
port : 8888
load-balance-servers: 1
auto-join-forticloud: enable
update-server-location: any
sandbox-region :
antispam-force-off : disable
antispam-cache : enable
antispam-cache-ttl : 1800
antispam-cache-mpercent: 2
antispam-license : Contract
antispam-expiration : Sun Feb 2 2025
antispam-timeout : 7
outbreak-prevention-force-off: disable
outbreak-prevention-cache: enable
outbreak-prevention-cache-ttl: 300
outbreak-prevention-cache-mpercent: 2
outbreak-prevention-license: Contract
outbreak-prevention-expiration: Sun Feb 2 2025
outbreak-prevention-timeout: 7
webfilter-force-off : disable
webfilter-cache : enable
webfilter-cache-ttl : 3600
webfilter-license : Contract
webfilter-expiration: Sun Feb 2 2025
webfilter-timeout : 15
sdns-server-ip : "208.184.237.61"
sdns-server-port : 53
sdns-options :
source-ip : 102.36.227.242
source-ip6 : ::
proxy-server-ip : 0.0.0.0
proxy-server-port : 0
proxy-username :
proxy-password : *
ddns-server-ip : 0.0.0.0
ddns-server-port : 443
interface-select-method: auto

FW_DC_01 (root) # diag deb ratin


Locale : english
Service : Web-filter
Status : Enable
License : Contract

Service : Antispam
Status : Enable
License : Contract

Service : Virus Outbreak Prevention


Status : Enable
License : Contract

Num. of servers : 3
Protocol : udp
Port : 8888
Anycast : Disable
Default servers : Included

-=- Server List (Thu Dec 1 18:24:38 2022) -=-

IP Weight RTT Flags TZ Packets


Curr Lost Total Lost Updated Time
208.184.237.61 1 211 DI 0 9132
0 9044 Thu Dec 1 18:23:42 2022
209.222.147.36 396 202 D 0 5377
0 5377 Thu Dec 1 18:23:42 2022
173.243.138.194 398 217 D 0 5224
0 5226 Thu Dec 1 18:23:42 2022

FW_DC_01 (root) # exec ping 208.184.237.61


PING 208.184.237.61 (208.184.237.61): 56 data bytes
64 bytes from 208.184.237.61: icmp_seq=0 ttl=48 time=211.3 ms
64 bytes from 208.184.237.61: icmp_seq=1 ttl=48 time=211.1 ms
64 bytes from 208.184.237.61: icmp_seq=2 ttl=48 time=211.1 ms
^C
--- 208.184.237.61 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 211.1/211.1/211.3 ms

FW_DC_01 (root) # config sys fortiguard

command parse error before 'fortiguard'


Command fail. Return code 1

FW_DC_01 (root) # end

FW_DC_01 # config global

FW_DC_01 (global) # config sys fortiguard

FW_DC_01 (fortiguard) # set s


sandbox-region Cloud sandbox region.
sdns-server-ip IP address of the FortiGuard DNS rating server.
sdns-server-port Port to connect to on the FortiGuard DNS rating server.
sdns-options Customization options for the FortiGuard DNS service.
source-ip Source IPv4 address used to communicate with FortiGuard.
source-ip6 Source IPv6 address used to communicate with FortiGuard.
FW_DC_01 (fortiguard) # get
fortiguard-anycast : disable
protocol : udp
port : 8888
load-balance-servers: 1
auto-join-forticloud: enable
update-server-location: any
sandbox-region :
antispam-force-off : disable
antispam-cache : enable
antispam-cache-ttl : 1800
antispam-cache-mpercent: 2
antispam-license : Contract
antispam-expiration : Sun Feb 2 2025
antispam-timeout : 7
outbreak-prevention-force-off: disable
outbreak-prevention-cache: enable
outbreak-prevention-cache-ttl: 300
outbreak-prevention-cache-mpercent: 2
outbreak-prevention-license: Contract
outbreak-prevention-expiration: Sun Feb 2 2025
outbreak-prevention-timeout: 7
webfilter-force-off : disable
webfilter-cache : enable
webfilter-cache-ttl : 3600
webfilter-license : Contract
webfilter-expiration: Sun Feb 2 2025
webfilter-timeout : 15
sdns-server-ip : "208.184.237.61"
sdns-server-port : 53
sdns-options :
source-ip : 0.0.0.0
source-ip6 : ::
proxy-server-ip : 0.0.0.0
proxy-server-port : 0
proxy-username :
proxy-password : *
ddns-server-ip : 0.0.0.0
ddns-server-port : 443
interface-select-method: auto

FW_DC_01 (fortiguard) # show


config system fortiguard
set fortiguard-anycast disable
set protocol udp
set port 8888
set sdns-server-ip "208.184.237.61"
end

FW_DC_01 (fortiguard) # set sdns-server-ip


<ip-address> FortiGuard DNS rating server ip.

FW_DC_01 (fortiguard) # set sdns-server-ip 0.0.0.0


The IP address is not assignable.
node_check_object fail! for sdns-server-ip 0.0.0.0

value parse error before '0.0.0.0'


Command fail. Return code -8
FW_DC_01 (fortiguard) # set sdns-server-ip

incomplete command in the end


Command fail. Return code -160

FW_DC_01 (fortiguard) # unset sdns-server-ip

FW_DC_01 (fortiguard) # show


config system fortiguard
set fortiguard-anycast disable
set protocol udp
set port 8888
end

FW_DC_01 (fortiguard) # get


fortiguard-anycast : disable
protocol : udp
port : 8888
load-balance-servers: 1
auto-join-forticloud: enable
update-server-location: any
sandbox-region :
antispam-force-off : disable
antispam-cache : enable
antispam-cache-ttl : 1800
antispam-cache-mpercent: 2
antispam-license : Contract
antispam-expiration : Sun Feb 2 2025
antispam-timeout : 7
outbreak-prevention-force-off: disable
outbreak-prevention-cache: enable
outbreak-prevention-cache-ttl: 300
outbreak-prevention-cache-mpercent: 2
outbreak-prevention-license: Contract
outbreak-prevention-expiration: Sun Feb 2 2025
outbreak-prevention-timeout: 7
webfilter-force-off : disable
webfilter-cache : enable
webfilter-cache-ttl : 3600
webfilter-license : Contract
webfilter-expiration: Sun Feb 2 2025
webfilter-timeout : 15
sdns-server-ip :
sdns-server-port : 53
sdns-options :
source-ip : 0.0.0.0
source-ip6 : ::
proxy-server-ip : 0.0.0.0
proxy-server-port : 0
proxy-username :
proxy-password : *
ddns-server-ip : 0.0.0.0
ddns-server-port : 443
interface-select-method: auto

FW_DC_01 (fortiguard) # end

FW_DC_01 (global) # end


FW_DC_01 # dig deb ratin
8304: Unknown action 0
Command fail. Return code -1

FW_DC_01 # diag deb ratin


8304: Unknown action 0
Command fail. Return code -1

FW_DC_01 # config vdom

FW_DC_01 (vdom) # edit root


current vf=root:0

FW_DC_01 (root) # diag deb rati


Locale : english

Service : Web-filter
Status : Enable
License : Contract

Service : Antispam
Status : Enable
License : Contract

Service : Virus Outbreak Prevention


Status : Enable
License : Contract

Num. of servers : 3
Protocol : udp
Port : 8888
Anycast : Disable
Default servers : Included

-=- Server List (Thu Dec 1 18:44:47 2022) -=-

IP Weight RTT Flags TZ Packets


Curr Lost Total Lost Updated Time
209.222.147.36 0 190 D 0 5771
0 5414 Thu Dec 1 18:43:42 2022
173.243.138.194 304 216 D 0 5271
0 5226 Thu Dec 1 18:43:42 2022
208.184.237.61 392 211 DI 0 9538
0 9211 Thu Dec 1 18:43:42 2022

FW_DC_01 (root) # exec traceroute 209.222.147.36


traceroute to 209.222.147.36 (209.222.147.36), 32 hops max, 3 probe packets per
hop, 84 byte packets
1 102.36.227.241 0.397 ms 0.234 ms 0.144 ms
2 10.128.7.77 0.593 ms 0.440 ms 0.397 ms
3 169.239.76.66 0.506 ms 1.594 ms 0.424 ms
4 197.149.151.41 0.441 ms 1.825 ms 1.075 ms
5 102.130.69.245 2.095 ms 2.180 ms 2.216 ms
6 170.238.232.145 <145.232.238.170.angolacables.ao> 62.742 ms 62.843 ms 63.578
ms
7 170.238.232.185 <185.232.238.170.angolacables.ao> 125.756 ms 125.356 ms
125.393 ms
8 4.31.223.161 <et-5-0-13.edge6.miami1.level3.net> 171.720 ms * *
9 * * *
10 4.30.36.130 204.505 ms 190.520 ms 190.549 ms
11 66.117.46.59 190.425 ms 190.304 ms 190.299 ms
12 209.222.147.44 152.875 ms 151.978 ms 151.948 ms
13 209.222.147.36 <service.fortiguard.net> 189.877 ms 189.882 ms 189.864 ms

FW_DC_01 (root) # exec traceroute 173.243.138.194


traceroute to 173.243.138.194 (173.243.138.194), 32 hops max, 3 probe packets per
hop, 84 byte packets
1 102.36.227.241 0.373 ms 0.153 ms 0.139 ms
2 10.128.7.77 0.715 ms 0.432 ms 0.444 ms
3 169.239.76.66 0.464 ms 0.432 ms 0.419 ms
4 197.149.151.41 0.468 ms 0.670 ms 0.416 ms
5 102.130.69.245 2.009 ms 1.959 ms 2.233 ms
6 170.238.232.145 <145.232.238.170.angolacables.ao> 62.718 ms 62.683 ms 62.874
ms
7 170.238.232.185 <185.232.238.170.angolacables.ao> 125.623 ms 125.378 ms
125.661 ms
8 198.32.124.227 126.630 ms 126.624 ms 126.614 ms
9 64.125.28.16 <ae2.mpr2.mia1.us.zip.zayo.com> 126.843 ms 126.765 ms 128.428
ms
10 64.125.30.204 <ae5.cs2.atl10.us.eth.zayo.com> 216.309 ms 215.981 ms 216.029
ms
11 64.125.30.160 <ae0.cs1.atl10.us.zip.zayo.com> 215.696 ms 216.271 ms 215.636
ms
12 * * *
13 64.125.29.26 <ae2.cs1.sea1.us.eth.zayo.com> 215.878 ms 215.753 ms 215.764 ms
14 64.125.23.41 <ae11.mpr1.yvr3.ca.zip.zayo.com> 216.114 ms 216.190 ms 233.681
ms
15 209.249.223.26 <209.249.223.26.available> 220.064 ms 219.996 ms 220.026 ms
16 96.45.47.39 217.204 ms 217.193 ms 217.261 ms
17 173.243.138.252 216.700 ms 216.632 ms 216.647 ms
18 173.243.138.194 <service.fortiguard.net> 216.702 ms 216.611 ms 216.675 ms

FW_DC_01 (root) # exec traceroute 208.184.237.61


traceroute to 208.184.237.61 (208.184.237.61), 32 hops max, 3 probe packets per
hop, 84 byte packets
1 102.36.227.241 0.367 ms 0.143 ms 0.140 ms
2 10.128.7.77 0.528 ms 0.413 ms 0.401 ms
3 169.239.76.66 0.484 ms 0.432 ms 0.416 ms
4 197.149.151.41 0.468 ms 0.412 ms 0.420 ms
5 102.130.69.245 1.969 ms 2.192 ms 2.196 ms
6 170.238.232.145 <145.232.238.170.angolacables.ao> 62.711 ms 62.847 ms 79.109
ms
7 170.238.232.185 <185.232.238.170.angolacables.ao> 130.850 ms 125.618 ms
125.434 ms
8 198.32.124.227 126.622 ms 126.733 ms 126.570 ms
9 64.125.28.16 <ae2.mpr2.mia1.us.zip.zayo.com> 126.834 ms 126.804 ms 126.685
ms
10 64.125.30.204 <ae5.cs2.atl10.us.eth.zayo.com> 209.066 ms 208.891 ms 209.861
ms
11 * * *
12 * * *
13 * * *
14 64.125.21.35 <ae20.er5.sjc7.us.zip.zayo.com> 211.149 ms 211.178 ms 222.146
ms
15 64.124.27.77 <64.124.27.77.idia-292873-zyo.zip.zayo.com> 209.428 ms 209.392
ms 209.503 ms
16 208.184.237.46 <208.184.237.46.idia-292873-zyo.zip.zayo.com> 211.229 ms
211.204 ms 211.230 ms
17 208.184.237.61 <service.fortiguard.net> 211.188 ms 211.203 ms 211.128 ms

FW_DC_01 (root) # exec traceroute-options source 196.216.58.74

FW_DC_01 (root) # exec traceroute 209.222.147.36


traceroute to 209.222.147.36 (209.222.147.36), 32 hops max, 3 probe packets per
hop, 84 byte packets
1 105.174.7.33 1.391 ms 1.137 ms 1.111 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 41.78.19.1 1.379 ms 1.404 ms 1.492 ms
7 * * *
8 195.8.30.150 <unitel1.cprm.net> 162.912 ms 162.904 ms 162.902 ms
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * 209.222.147.36 <service.fortiguard.net> 156.398 ms 156.213 ms

FW_DC_01 (root) # diag deb rati


Locale : english

Service : Web-filter
Status : Enable
License : Contract

Service : Antispam
Status : Enable
License : Contract

Service : Virus Outbreak Prevention


Status : Enable
License : Contract

Num. of servers : 3
Protocol : udp
Port : 8888
Anycast : Disable
Default servers : Included

-=- Server List (Thu Dec 1 19:02:26 2022) -=-

IP Weight RTT Flags TZ Packets


Curr Lost Total Lost Updated Time
209.222.147.36 0 190 D 0 6086
0 5417 Thu Dec 1 19:01:42 2022
173.243.138.194 280 219 D 0 5283
0 5226 Thu Dec 1 19:01:42 2022
208.184.237.61 374 211 DI 0 9547
0 9211 Thu Dec 1 19:01:42 2022

FW_DC_01 (root) #

You might also like