Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 6 views

    Fortinet

    Uploaded by

    Abhishek garg
    This document contains commands and configurations for a FortiGate firewall. It includes commands for system settings, interfaces, routing, HA, backups and restores, firmware upgrades, and network scanning tools like Nmap and Hping3.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd

    Fortinet

    Uploaded by

    Abhishek garg
    6 views3 pages
    This document contains commands and configurations for a FortiGate firewall. It includes commands for system settings, interfaces, routing, HA, backups and restores, firmware upgrades, and network scanning tools like Nmap and Hping3.

    Original Title

    fortinet

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document contains commands and configurations for a FortiGate firewall. It includes commands for system settings, interfaces, routing, HA, backups and restores, firmware upgrades, and network scanning tools like Nmap and Hping3.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    6 views3 pages

    Fortinet

    Uploaded by

    Abhishek garg
    This document contains commands and configurations for a FortiGate firewall. It includes commands for system settings, interfaces, routing, HA, backups and restores, firmware upgrades, and network scanning tools like Nmap and Hping3.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    You are on page 1of 3

    #diagonse system session clear

    #get system session list


    #get router info routing-table static/ospf
    #get system session list
    #get system arp
    #execute log display
    #excute ping 10.0.0.1
    #excute reboot
    #execute shutdown
    #execute ping source <port1>
    #config firewall vip
    #show "DMZ-server1"
    #config system interface
    #show
    edit "port1"
    set vdom "root"
    set mode dhcp
    set distance 1
    set allowaccess ping ssh http telnet
    set type
    set snmp-index 1
    set status down/up
    end
    next
    #diagonse ip address list

    by default fortigate choose one best path

    #config system setting


    #set v4-ecmp-mode weight-based
    #end

    by default static AD value is 10

    C:\Windows\system32/ cd
    C:\>
    C:\Windows\system32>netsh interface ipv4 set subinterface "Ethernet" mtu=352

    how to check MTU


    "netsh interface ipv4 show subinterface".

    for dhcp static route ad value is 5

    config router bgp


    set multipath enable

    #backup and restore tftp

    # execute backup config tftp fw1-backup 192.168.0.104 passwd 1234


    # execute restore config tftp fw1-backup 192.168.0.104 passwd 1234

    reset factory
    #execute factoryreset

    #fireware upload
    #HA configuration
    overide ride HA - it allow firewall higher priority should be primary
    config system HA
    #set override enable
    #end

    #config system HA
    #set load-balance-all enable

    #config system global


    #set hostname - fw
    #end

    #show system interface


    #

    #diagnose packet sniffer packet port2


    #dia sys ha history read

    #Nmap –A praction.in
    #nmap -A 10.0.0.2 ( -A option to find the target OS, version of services ex-
    http version , ports)
    #nmap 192.168.0.1 - scan ports
    #nmap -sn 192.168.0.* scan hosts * wildcard - asterik to scan all hosts (-n
    is used to disable DNS Resolution)
    nmap -sn 192.168.*.* full segment
    #nmap www.praction.in

    Hping3 is a DOS and DDOS attack software , it used for scan network

    #hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.1.200 - syn


    attack

    -c packet count
    -p port
    -d data size 120 byte
    -S sync scan
    -w win is
    --rand source - random source
    --flood - replies will be ignored and flood packet asap

    #hping3 -1 --flood -1 192.168.1.200 - icmp flood

    -1 icmp
    -2 udp
    default TCP

    dan.me.uk - lookup tool


    dan.me.uk/torlist
    #hping3 --traceroute -1 10.0.0.1

    wireshark
    how to filter with (ICMP,HTTP,tcp, tcp.flag.syn==1, ip.addr==192.168.0.1,
    ip.src_host==192.168.0.104, ip.dst_host==192.168.0.104

    tcp.port==443, tcp.analysis.flags, view to zoom in or out , color change ,, i

    filter packets with website name - tcp contains gmail.com , frame contains
    gmail.com

    check TCP/UDP/TLS stream - select the packet - right click - flow - TCP stream
    ( to check the application data)

    statices to check i/o map and protocol map

    it will cause the firewall to change

    You might also like