Посмотреть уровень сигнала
diag sys lte-modem signal-info
diag sys lte-modem
traffic-status ⇐--- LTE Modem traffic status.
modem-details ⇐--- LTE Modem detailed information.
sim-info ⇐--- LTE Modem SIM card information.
signal-info ⇐--- LTE Modem signal information.
data-session-info ⇐--- LTE Modem data session information.
gps-info ⇐--- LTE Modem GPS information.
data-usage ⇐--- LTE Modem data usage.
Забыли пароль от FG
- Подключаемся по консоли
- Находим SN (он появится при загрузке консоли!!! можно на железке не искать), например FG3H0E3917901246
- Далее у нас есть 14 с. что бы ввести логин и пароль
- логин maintainer пароль bcpb+SN, например bcpbFG3H0E3917901246 (SN все символы большие!!!)
- После того ка зашли на железку, либо exec factoryreset - сбрасываем до заводских, либо config system admin, show - и далее задаем новый пароль на админа
Обновить базы по FTP пример
execute restore av ftp /vsigupdate-OS6.4.0_91.02680.MMDB.pkg 195.144.1.8 user pass execute restore av ftp /vsigupdate-OS6.4.0_91.02680.ETDB.High.pkg 195.144.1.8 user pass execute restore ips ftp /nids_OS6.4.0_23.00539.NIDS.pkg 195.144.1.8 user pass execute restore ips ftp /apdb_OS6.4.0_23.00538.APDB.pkg 195.144.1.8 user pass execute restore other-objects ftp /ffdb_fos64_00007.03178.pkg 195.144.1.8 user pass execute restore ips ftp /isdb_OS6.4.0_23.00538.ISDB.pkg 195.144.1.8 user pass
VRRP
config system interface edit “wan2” set vdom “root” set ip 10.25.4.158 255.255.240.0 set allowaccess ping https ssh http telnet fgfm set type physical set device-identification enable set fortiheartbeat enable set endpoint-compliance enable config vrrp edit 1 set vrgrp 1 set vrip 172.16.128.145 set priority 150 set vrdst 8.8.8.8 ⇐ Monitored subnet (мониториться не по icmp а по таблице маршрутизации) set vrdst-priority 50 ⇐ priority if subnet is unreachable next end set role lan set snmp-index 4 next
get router info vrrp [https://kb.fortinet.com/kb/documentLink.do?externalID=FD44632
](https://kb.fortinet.com/kb/documentLink.do?externalID=FD44632)
Route-reflector & next-hop-self enable
config neighbor edit “172.17.0.1” set next-hop-self enable set next-hop-self-rr enable set remote-as 65300 set update-source “to-1” set route-reflector-client enable next edit “10.0.0.10” set next-hop-self enable set remote-as 12389 set update-source “port2” next end
ipsec FG-FG + tunnel ip
config vpn ipsec phase1-interface edit “TO_NOP_RT” set interface “wan1” set peertype any set net-device disable set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1 set dpd on-idle set remote-gw 172.21.0.26 set psksecret C7ML4KxoFgk7j25mMoTd set dpd-retryinterval 5 next end config vpn ipsec phase2-interface edit “TO_NOP_RT” set phase1name “TO_NOP_RT” set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 next end config system interface edit “TO_NOP_RT” set vdom “root” set ip 10.20.0.1 255.255.255.255 set allowaccess ping set type tunnel set remote-ip 10.20.0.0 255.255.255.254 set snmp-index 9 set interface ” wan 1” next end config firewall policy edit 10 set name “ANY” set srcintf “any” set dstintf “any” set srcaddr “all” set dstaddr “all” set action accept set schedule “always” set service “ALL” next end
configuring FSSO варианты
DC-Agent mode The DC Agent installed on the domain controllers Polling Mode In polling mode there are three options: NetAPI polling, Event log polling, and Event log using WMI. However, when using local polling from the FortiGate directly, there is no such option, only Event Log Polling is used Обновление страницы: Сайты Google Сообщить о нарушении