Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
1 views

console-output-config-and-drops

The document outlines the configuration of a FortiGate-40F-3G4G device for IPsec VPN, detailing settings for phase 1 and phase 2 interfaces. Key configurations include the remote gateway address, encryption proposals, and network settings. Additionally, it provides diagnostic commands and output related to network processor statistics and interface status.

Uploaded by

hariharpanga
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
1 views

console-output-config-and-drops

The document outlines the configuration of a FortiGate-40F-3G4G device for IPsec VPN, detailing settings for phase 1 and phase 2 interfaces. Key configurations include the remote gateway address, encryption proposals, and network settings. Additionally, it provides diagnostic commands and output related to network processor statistics and interface status.

Uploaded by

hariharpanga
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

FortiGate-40F-3G4G # config vpn ipsec

concentrator Concentrator configuration.


fec Configure Forward Error Correction (FEC) mapping profiles.
forticlient Configure FortiClient policy realm.
manualkey Configure IPsec manual keys.
manualkey-interface Configure IPsec manual keys.
phase1 Configure VPN remote gateway.
phase1-interface Configure VPN remote gateway.
phase2 Configure VPN autokey tunnel.
phase2-interface Configure VPN autokey tunnel.

FortiGate-40F-3G4G # config vpn ipsec phase1-interface

FortiGate-40F-3G4G (phase1-interface) # sh
config vpn ipsec phase1-interface
edit "to-hub-wan"
set interface "wan"
set ike-version 2
set peertype any
set net-device enable
set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-
prfsha384 chacha20poly1305-prfsha256
set add-route disable
set localid "india-support"
set npu-offload disable
set auto-discovery-receiver enable
set nattraversal forced
set network-overlay enable
set network-id 5
set remote-gw 139.138.156.22
set psksecret ENC
KcPDMcP05pw4ARqlyNlDP8J54jr0BYVavX1lgRMjE86xVt36IsVtGOlje31VEwOJ7Poj2M7c2ris2mzXKMf
hgOQbOTw2NKnYAkHiIm5PLnnEPm
dAS23TDhOP0bHpVm4hTixRmq0qYhpYuIR9YmAZe4EhrrdWGapEsgfzOr76IXbwVKywujgtty7SYCbESnF9H
6vamg==
next
end

FortiGate-40F-3G4G (phase1-interface) # end

FortiGate-40F-3G4G # config vpn ipsec


concentrator Concentrator configuration.
fec Configure Forward Error Correction (FEC) mapping profiles.
forticlient Configure FortiClient policy realm.
manualkey Configure IPsec manual keys.
manualkey-interface Configure IPsec manual keys.
phase1 Configure VPN remote gateway.
phase1-interface Configure VPN remote gateway.
phase2 Configure VPN autokey tunnel.
phase2-interface Configure VPN autokey tunnel.

FortiGate-40F-3G4G # config vpn ipsec phase2-interface

FortiGate-40F-3G4G (phase2-interface) # edit


name IPsec tunnel name.
to-hub-wan

FortiGate-40F-3G4G (phase2-interface) # edit to-hub-wan


FortiGate-40F-3G4G (to-hub-wan) # sj
Unknown action 0

FortiGate-40F-3G4G (to-hub-wan) # s
Unknown action 0

FortiGate-40F-3G4G (to-hub-wan) # sh
config vpn ipsec phase2-interface
edit "to-hub-wan"
set phase1name "to-hub-wan"
set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm
aes256gcm chacha20poly1305
set auto-negotiate enable
next
end

FortiGate-40F-3G4G (to-hub-wan) # sh full


config vpn ipsec phase2-interface
edit "to-hub-wan"
set phase1name "to-hub-wan"
set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm
aes256gcm chacha20poly1305
set pfs enable
set ipv4-df disable
set dhgrp 14 5
set replay enable
set auto-negotiate enable
set inbound-dscp-copy phase1
set auto-discovery-sender phase1
set auto-discovery-forwarder phase1
set keylife-type seconds
set encapsulation tunnel-mode
set comments ''
set initiator-ts-narrow disable
set diffserv disable
set protocol 0
set src-addr-type subnet
set src-port 0
set dst-addr-type subnet
set dst-port 0
set keylifeseconds 43200
set src-subnet 0.0.0.0 0.0.0.0
set dst-subnet 0.0.0.0 0.0.0.0
next
end

FortiGate-40F-3G4G (to-hub-wan) # end

FortiGate-40F-3G4G # diagnose npu


np6xlite Network Processor version 6 XLite

FortiGate-40F-3G4G # diagnose npu np6xlite


fastpath Configure fastpath
ipsec-fragment Configure ipsec fragmentation type.
dce Show non-zero subengine drop counters.
anomaly-drop Show non-zero L3/L4 anomaly check drop counters.
session-stats Show session offloading statistics counters
port-list Show port list
sse-stats Show hardware session statistics counters
session-dump Dump hardware session summary or session list
mse-dump Dump MSE session
register Show NP6XLITE registers.
npu-feature Show NPU feature and status.

FortiGate-40F-3G4G # diagnose npu np6xlite dce 0


DROP_IHP1_PKTCHK:0000000000002182[5b] DROP_PDQ_OSW_HRX0:0000000000031411[ae]

FortiGate-40F-3G4G # diagnose npu np6xlite dce 0

FortiGate-40F-3G4G # diagnose npu np6xlite dce 0

FortiGate-40F-3G4G # diagnose npu np6xlite dce 0

FortiGate-40F-3G4G # fnsysctl ifocnfig to-hub-wan


can not find command ifocnfig

FortiGate-40F-3G4G # fnsysctl ifoconfig to-hub-wan


can not find command ifoconfig

FortiGate-40F-3G4G # fnsysctl ifconfig to-hub-wan


to-hub-wan Link encap:Unknown
inet addr:10.191.33.10 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:5080017303 errors:10071722 dropped:0 overruns:0 frame:0
TX packets:2778268530 errors:3435944 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4275532615591 (3981.9 GB) TX bytes:746399475839 (695.1 GB)

FortiGate-40F-3G4G # fnsysctl ifconfig to-hub-wan


to-hub-wan Link encap:Unknown
inet addr:10.191.33.10 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:5080017516 errors:10071722 dropped:0 overruns:0 frame:0
TX packets:2778268762 errors:3435944 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4275532676227 (3981.9 GB) TX bytes:746399612382 (695.1 GB)

FortiGate-40F-3G4G # fnsysctl ifconfig to-hub-wan


to-hub-wan Link encap:Unknown
inet addr:10.191.33.10 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:5080017543 errors:10071722 dropped:0 overruns:0 frame:0
TX packets:2778268788 errors:3435944 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4275532679532 (3981.9 GB) TX bytes:746399616706 (695.1 GB)

FortiGate-40F-3G4G # fnsysctl ifconfig to-hub-wan


to-hub-wan Link encap:Unknown
inet addr:10.191.33.10 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:5080017568 errors:10071722 dropped:0 overruns:0 frame:0
TX packets:2778268814 errors:3435944 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4275532683225 (3981.9 GB) TX bytes:746399620865 (695.1 GB)
FortiGate-40F-3G4G # fnsysctl ifconfig to-hub-wan
to-hub-wan Link encap:Unknown
inet addr:10.191.33.10 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:5080017578 errors:10071722 dropped:0 overruns:0 frame:0
TX packets:2778268826 errors:3435944 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4275532684111 (3981.9 GB) TX bytes:746399621917 (695.1 GB)

FortiGate-40F-3G4G # fnsysctl ifconfig to-hub-wan


to-hub-wan Link encap:Unknown
inet addr:10.191.33.10 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:5080017598 errors:10071722 dropped:0 overruns:0 frame:0
TX packets:2778268849 errors:3435944 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4275532692103 (3981.9 GB) TX bytes:746399625081 (695.1 GB)

FortiGate-40F-3G4G # fnsysctl ifconfig to-hub-wan


to-hub-wan Link encap:Unknown
inet addr:10.191.33.10 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:5080017658 errors:10071722 dropped:0 overruns:0 frame:0
TX packets:2778268928 errors:3435944 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4275532706811 (3981.9 GB) TX bytes:746399648015 (695.1 GB)

FortiGate-40F-3G4G # fnsysctl ifconfig to-hub-wan


to-hub-wan Link encap:Unknown
inet addr:10.191.33.10 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:5080017692 errors:10071722 dropped:0 overruns:0 frame:0
TX packets:2778268960 errors:3435944 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4275532711528 (3981.9 GB) TX bytes:746399654799 (695.1 GB)

FortiGate-40F-3G4G # fnsysctl ifconfig to-hub-wan


to-hub-wan Link encap:Unknown
inet addr:10.191.33.10 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:5080017723 errors:10071722 dropped:0 overruns:0 frame:0
TX packets:2778268987 errors:3435944 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4275532715329 (3981.9 GB) TX bytes:746399659139 (695.1 GB)

FortiGate-40F-3G4G # fnsysctl ifconfig to-hub-wan


to-hub-wan Link encap:Unknown
inet addr:10.191.33.10 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:5080020706 errors:10071722 dropped:0 overruns:0 frame:0
TX packets:2778271837 errors:3435944 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4275533646571 (3981.9 GB) TX bytes:746400744461 (695.1 GB)
FortiGate-40F-3G4G # diagnose npu np6xlite dce 0

FortiGate-40F-3G4G # diagnose npu np6xlite dce 0

FortiGate-40F-3G4G # diagnose npu np6xlite dce 0

FortiGate-40F-3G4G # diagnose npu np6xlite dce 0

FortiGate-40F-3G4G # fnsysctl ifoconfig to-hub-wan


can not find command ifoconfig

FortiGate-40F-3G4G # fnsysctl ifconfig to-hub-wan


to-hub-wan Link encap:Unknown
inet addr:10.191.33.10 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:5080032252 errors:10071722 dropped:0 overruns:0 frame:0
TX packets:2778281643 errors:3435944 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4275539328683 (3981.9 GB) TX bytes:746404102095 (695.1 GB)

FortiGate-40F-3G4G # fnsysctl ifoconfig to-hub-wan


can not find command ifoconfig

FortiGate-40F-3G4G # fnsysctl ifoconfig to-hub-wan


can not find command ifoconfig

FortiGate-40F-3G4G #

You might also like