Scribd
Upload
246 views

Fortigate Tips and Tricks - Network & Security Blog

This document provides tips and tricks for troubleshooting and using Fortigate firewall devices. It includes commands for checking firewall policies and address objects, debugging packet sniffing, restarting processes using excessive memory, and testing authentication. The tips are intended to help with common issues administrators encounter when managing Fortigates.

Uploaded by

SAGALOG
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
246 views

Fortigate Tips and Tricks - Network & Security Blog

This document provides tips and tricks for troubleshooting and using Fortigate firewall devices. It includes commands for checking firewall policies and address objects, debugging packet sniffing, restarting processes using excessive memory, and testing authentication. The tips are intended to help with common issues administrators encounter when managing Fortigates.

Uploaded by

SAGALOG
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

(http://www.ipspace.

eu)

Home (http://www.ipspace.eu/) About (http://www.ipspace.eu/about-2/) Contact (http://www.ipspace.eu/contact/) <

Home (http://www.ipspace.eu) Cisco (http://www.ipspace.eu/category/cisco/) Fortinet (http://www.ipspace.eu/category/fortinet/) Genera !ecurity (http://www.ipspace.eu/category/genera -security/) "inu# (http://www.ipspace.eu/category/ inu#/) $ews (http://www.ipspace.eu/category/news/) %i&erbe' (http://www.ipspace.eu/category/ri&erbe'/) !cripts (http://www.ipspace.eu/category/scripts/) (in'ows (http://www.ipspace.eu/category/win'ows/)

Fortigate )ips an' )ric*s


January 27th, 2012 admin

MetaFlows - PF_Ring
Multithreaded IPS Systems And Purpose Built PF_Ring Appliances
www.metaflows.com

Fortigate )ips an' )ric*s (http://www.ipspace.eu/fortinet/fortigate-tips-an'-tric*s/) This article presents some useful commands/tricks that you can do to your Fortigate.

+ebug A''resses: any times it happens that !e ha"e a lot of fire!all policies for one address defined in our address #ool. $et%s take an e&ample' (e ha"e )(((,!er&er* defined !ith the +# of -.2.-/.-.-0. To see !hat policies are using this ,ddress !e can use the follo!ing' #diag sys checkused firewall.address:name 'WWW_Server'
(http://www.ipspace.eu/wp-content/ga ery/fortiguar'/chec*use'.1pg)

From the output you clearly see that the policy that is using this address is policy "14" n case our address is in an address group! we can find out where that address group is used "y e#ecuting the following commands: #diag sys checkused firewall.addgrp:name 'Server_Groups'

The fire!all from Fortinet has also sniffing capa-ilities.take that (ireshark /' #diag de"ug packet test nterface_$ame 'host %_&ost' '

+f !e !ould like to sniff all the interfaces on port 07 or 01 23# !e can try the follo!ing. #diag sniff packet any 'udp port () or udp port (*' ( To stop the sniffing issue C)%"2C. 3o not use t!ice or your putty session !ill die

Fortigate C34 or 5emory at -006 From time to time !e disco"er -ugs, or the 4#2/ emory goes to 1005 usage. Then !e are left !ith a re-oot and if that does not fi& it !e need to check !hat process is using all the memory. To do this !e can use the follo!ing' #diag de"ug en #get sys status #get sys perf status #diag sys top + +,, 67 let it run for 10618 seconds and then stop it -y pressing )9*. #diag hard sys mem
(http://www.ipspace.eu/wp-content/ga ery/fortigate-anti&irus/systop.1pg)

$et%s say !e found out that the process )auth'* is using 1005 of the process. To re-oot it !e can use the follo!ing' :diag sys kill 11 proccess;id +n our case !e !ill perform the follo!ing command' :diag sys kill 11 81 This command !ill re6spa!n the auth' process. <ome other <ignal;+3s' 7 ca !8G98"" -: ca !8G);%5

3rob ems with Authentication< To test the authentication !e can use the follo!ing commands' ='iag test auth >type? >ser&er,name? >chap @ pap @ mschap @ mschap2? >username? >pw'? $ets say !e !ant to test an users= $3,# username and #,<<(>?3 !e !ill test !ith the follo!ing' ='iag test authser&er 'ap ser&er >ser&er,name? >username? >pw'?
f the authentication is succesful then that means that we are good to go- .he pro"lem is somewhere else.

AA!8C CB55A$+! To sho! the ,?# ta-le' #diag ip arp list To sho! the routing ta-le' #diag ip route list To check the @+4 status on the Fortigate' #diag hard dev nic port ###oA' #diag de"ug en #diag de"ug app ppp '

Bope this helpsC

Bappy fire!alling and please comment if you ha"e any Duestions. ThanksC

%e ate' 3osts
Fortinet 4sefu "in*s (http://www.ipspace.eu/fortinet/fortinet-usefu - in*s/) Creating a Fortigate C3$ (http://www.ipspace.eu/fortinet/creating-a-fortigate-&pn/) Fortigate )roub eshooting D C3$ (http://www.ipspace.eu/fortinet/fortigate-troub eshooting-&pn/) #osted in Fortigate (http://www.ipspace.eu/category/fortinet/fortigate/), Fortinet (http://www.ipspace.eu/category/fortinet/) Tags' fortigate tips (http://www.ipspace.eu/tag/fortigate-tips/), fortigate troub eshooting (http://www.ipspace.eu/tag/fortigatetroub eshooting/), fortigate tutoria (http://www.ipspace.eu/tag/fortigate-tutoria /), fortigate &pn (http://www.ipspace.eu/tag/fortigate-&pn/), fortinet tips (http://www.ipspace.eu/tag/fortinet-tips/), fortinet troub eshooting (http://www.ipspace.eu/tag/fortinet-troub eshooting/), fortinet tutoria (http://www.ipspace.eu/tag/fortinet-tutoria /) E Fortigate @ Fortinet Anti&irus (http://www.ipspace.eu/fortinet/fortigatefortinet-anti&irus/) 8nsecure 5agaEine (http://www.ipspace.eu/news/insecure-magaEine/) F Gou can ea&e a response (=respon'), or trac*bac* (http://www.ipspace.eu/fortinet/fortigate-tips-an'-tric*s/trac*bac*/) from your o!n site.

"ea&e a %ep y
@ame .reDuired/

ail .! ill not -e pu-lished/ .reDuired/

(e-site

<u-mit 4omment <earch


(=) (http://www.a''this.com/boo*mar*.php<&F2:0GwinnameFa''thisGpubF#a-HaI:e-'7Jc'.:e7HGsourceFtb#2:0G ngFfrGsF'e iciousGur Fhttp6JA62F62Fwww.ipspace.eu62Ffortinet62Ffortigate-tips-an'tric*s62FGtit eFFortigate620)ips620an'620)ric*s6206.C620$etwor*62062I620!ecurity620A ogGateFA)-#aHaI:e-'7Jc'.:e7H/-/-/:00Ib2fJJ022cJ7I/-GfrommenuF-Gui'F:00Ib2fJ2'f2cff0GctF-GttF0) (=) (http://www.a''this.com/boo*mar*.php<&F2:0GwinnameFa''thisGpubF#aHaI:e-'7Jc'.:e7HGsourceFtb#2:0G ngFfrGsF'iggGur Fhttp6JA62F62Fwww.ipspace.eu62Ffortinet62Ffortigate-tips-an'tric*s62FGtit eFFortigate620)ips620an'620)ric*s6206.C620$etwor*62062I620!ecurity620A ogGateFA)-#a-HaI:e-'7Jc'.:e7H/-//:00Ib2fJJ022cJ7I/2GfrommenuF-Gui'F:00Ib2fJ0c0b7I':GctF-GttF0) (http://www.a''this.com/boo*mar*.php< &F2:0GwinnameFa''thisGpubF#a-HaI:e-'7Jc'.:e7HGsourceFtb#2:0G ngFfrGsFstumb euponGur Fhttp6JA62F62Fwww.ipspace.eu62Ffortinet62Ffortigate-tips-an'tric*s62FGtit eFFortigate620)ips620an'620)ric*s6206.C620$etwor*62062I620!ecurity620A ogGateFA)-#a-HaI:e-'7Jc'.:e7H//-/:00Ib2fJJ022cJ7I/JGfrommenuF-Gui'F:00Ib2fJJaIe.JafGctF-GttF0) (=) (=)

(https://twitter.com/ip!pace,eu)Fo ow 5e on )witterK (https://twitter.com/ip!pace,eu)

<earch
(http://fee's.fee'burner.com/ipspace/&Hc5)

Certifications

%ecent 3osts
Fortinet 4sefu "in*s
(http://www.ipspace.eu/fortinet/fortinet-usefu - in*s/)

CC8; !ecurity &H A ueprint is out (http://www.ipspace.eu/cisco/asa/ccie-security-&H-b ueprint-is-out/) Creating a Fortigate C3$ (http://www.ipspace.eu/fortinet/creating-a-fortigate-&pn/) ip!pace Forum < (http://www.ipspace.eu/news/ipspace-forum/) "inu# Fi e !ystem (http://www.ipspace.eu/ inu#/ inu#-fi e-system/)

Categories
A!A (http://www.ipspace.eu/category/cisco/asa/) Ca 5anager (http://www.ipspace.eu/category/cisco/ca manager/) Fortigate (http://www.ipspace.eu/category/fortinet/fortigate/) Fortinet (http://www.ipspace.eu/category/fortinet/) Genera !ecurity (http://www.ipspace.eu/category/genera -security/) "inu# (http://www.ipspace.eu/category/ inu#/) $ews (http://www.ipspace.eu/category/news/) (in'ows (http://www.ipspace.eu/category/win'ows/)

A ogro
+anie s CC8; b og (http:// ostintransit.se) +arrenLs CC8; mission (http://me ow'.co.u*/ccie/) +e&irusare (http://'e&irusare.com/)

%ecent Comments
%outer!ecure (http://routersecure.com) on )witter Account (http://www.ipspace.eu/news/twitter-account/=comment-H./2) +anie (http://www.ipspace.eu) on Fortigate 83! (http://www.ipspace.eu/fortinet/fortigate/fortigate-ips/=comment-H.07) H-lastman on Fortigate 83! (http://www.ipspace.eu/fortinet/fortigate/fortigate-ips/=comment-H.0/) +anie (http://www.ipspace.eu) on Creating a Fortigate C3$ (http://www.ipspace.eu/fortinet/creating-a-fortigate&pn/=comment-HI.7)

A e# (http://a e#amaran'ei.ca) on 8nsecure 5agaEine (http://www.ipspace.eu/news/insecure-magaEine/=comment-H2/:)

Archi&es
Mune 20-2 (http://www.ipspace.eu/20-2/0I/) 5ay 20-2 (http://www.ipspace.eu/20-2/0:/) Apri 20-2 (http://www.ipspace.eu/20-2/0H/) 5arch 20-2 (http://www.ipspace.eu/20-2/0J/) February 20-2 (http://www.ipspace.eu/20-2/02/) Manuary 20-2 (http://www.ipspace.eu/20-2/0-/)

Feature' Ci'eo

4opyright I $etwor* G !ecurity A og (http://www.ipspace.eu) 6 +t=s all a-out <ecurity #o!ered -y (or'3ress (http://wor'press.org/) J 3esigned -y' !hare3oint Hosting (http://www.appsHrent.com/sharepoint.htm ) J Thanks to Ausiness ;mai Hosting (http://businessemai hosting.com/), 3ro1ect !er&er Hosting (http://pro1ectser&erhosting.com/) and Hoste' Cirtua +es*top (http://&irtua 'es*topon ine.com/hoste'-'es*top/) A!A (http://www.ipspace.eu/category/cisco/asa/) Ca 5anager (http://www.ipspace.eu/category/cisco/ca manager/) Cata yst !witches (http://www.ipspace.eu/category/cisco/switches/) FortiAna yEer (http://www.ipspace.eu/category/fortinet/fortiana yEer-fortinet/) Fortigate (http://www.ipspace.eu/category/fortinet/fortigate/) Fortimai (http://www.ipspace.eu/category/fortinet/fortimai /)

You might also like