Посмотреть уровень сигнала
diag sys lte-modem signal-info
diag sys lte-modem ?
traffic-status <----- LTE Modem traffic status.
modem-details <----- LTE Modem detailed information.
sim-info <----- LTE Modem SIM card information.
signal-info <----- LTE Modem signal information.
data-session-info <----- LTE Modem data session information.
gps-info <----- LTE Modem GPS information.
data-usage <----- LTE Modem data usage.
Забыли пароль от FG
- Подключаемся по консоли
- Находим SN (он появится при загрузке консоли!!! можно на железке не искать), например FG3H0E3917901246
- Далее у нас есть 14 с. что бы ввести логин и пароль
- логин maintainer пароль bcpb+SN, например bcpbFG3H0E3917901246 (SN все символы большие!!!)
- После того ка зашли на железку, либо exec factoryreset - сбрасываем до заводских, либо config system admin, show - и далее задаем новый пароль на админа
Обновить базы по FTP пример
execute restore av ftp /vsigupdate-OS6.4.0_91.02680.MMDB.pkg 195.144.1.8 user pass
execute restore av ftp /vsigupdate-OS6.4.0_91.02680.ETDB.High.pkg 195.144.1.8 user pass
execute restore ips ftp /nids_OS6.4.0_23.00539.NIDS.pkg 195.144.1.8 user pass
execute restore ips ftp /apdb_OS6.4.0_23.00538.APDB.pkg 195.144.1.8 user pass
execute restore other-objects ftp /ffdb_fos64_00007.03178.pkg 195.144.1.8 user pass
execute restore ips ftp /isdb_OS6.4.0_23.00538.ISDB.pkg 195.144.1.8 user pass
VRRP
config system interface
edit "wan2"
set vdom "root"
set ip 10.25.4.158 255.255.240.0
set allowaccess ping https ssh http telnet fgfm
set type physical
set device-identification enable
set fortiheartbeat enable
set endpoint-compliance enable
config vrrp
edit 1
set vrgrp 1
set vrip 172.16.128.145
set priority 150
set vrdst 8.8.8.8
set vrdst-priority 50
next
end
set role lan
set snmp-index 4
next
Info
set vrdst 8.8.8.8 ⇐ Monitored subnet (мониториться не по icmp а по таблице маршрутизации) set vrdst-priority 50 ⇐ priority if subnet is unreachable
get router info vrrp
https://kb.fortinet.com/kb/documentLink.do?externalID=FD44632
Route-reflector & next-hop-self enable
config neighbor
edit "172.17.0.1"
set next-hop-self enable
set next-hop-self-rr enable
set remote-as 65300
set update-source "to-1"
set route-reflector-client enable
next
edit "10.0.0.10"
set next-hop-self enable
set remote-as 12389
set update-source "port2"
next
end
ipsec FG-FG + tunnel ip
config vpn ipsec phase1-interface edit "TO_NOP_RT" set interface "wan1" set peertype any set net-device disable set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1 set dpd on-idle set remote-gw 172.21.0.26 set psksecret C7ML4KxoFgk7j25mMoTd set dpd-retryinterval 5 next end config vpn ipsec phase2-interface edit "TO_NOP_RT" set phase1name "TO_NOP_RT" set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 next end config system interface edit "TO_NOP_RT" set vdom “root” set ip 10.20.0.1 255.255.255.255 set allowaccess ping set type tunnel set remote-ip 10.20.0.0 255.255.255.254 set snmp-index 9 set interface "wan1" next end config firewall policy edit 10 set name “ANY” set srcintf “any” set dstintf “any” set srcaddr “all” set dstaddr “all” set action accept set schedule “always” set service “ALL” next end
configuring FSSO варианты
-
DC-Agent mode The DC Agent installed on the domain controllers
-
Polling Mode In polling mode there are three options: NetAPI polling, Event log polling, and Event log using WMI. However, when using local polling from the FortiGate directly, there is no such option, only Event Log Polling is used