80. Lecture-80:FortiGate Firewall CLI Basic Commands.
Before doing to do troubleshooting in FortiGate Firewall we need to know command. You know, command is instruction. Whatever you do graphically the same thing can be done by commands as well. And command also is an English word. This is my command. You have to obey them. So command is nothing but an instruction to give to console. They do this job of and the console. Normally we call them CLI command, line interface and these commands should be some specific so they can accept them. Otherwise if you put anything at not command it will reject them. Envelope command and FortiGate Firewall command are divided like this one. Normally we write configure system interface. So config is basically command and system interface is object. We call them object. Then when we go to config system interface and we edit click on edit and put one normally this is what we do up to now.
Yeah, this is called subcommand. Because under the command there is another command which is added and the port number we type them is called table. Now, after that we say set mode or state and set this and set IP. We type many thing like this. This is call option which option you want to configure. And when we configure option then there is something we normally type the one which is like enable, disable, up, down this is call option. But when we want to put something to give them like an IP address subnet mask this call value. And after set whatever we mentioned this is called field. And the last thing we type end to save the setting. End means you want to save all these things. And when you put end and exit from there so it will save automatically.
So this is command. Command is nothing but instruction to give someone then sub command. I told you this is subcommand, then object, then table, then field, then value and then option to put this is all together to make configuration of 40 gate firewall then insert the table. You know, this is the table. This one like aid it in this one here you will find many things like a clone to make a copy. Like to delete, to edit if I go here, sorry config system interface. This one edit question mark. These are edit, delete, purge, get show and end and it’s written and save last configuration that whatever I type exit from here and save them. Edit means to edit and ed for both purposes. Suppose if it is my first time to edit port number three which is not edited. So it means either if you want to edit something or edit edit normally we use them to modify something and delete. Definitely if you want to delete something and perch to clear the value and get to get the information.
Suppose I say get information of port one. So this is port one. Information name is port one. Vdome is root, VRF is zero disable DHCP is disabled. IP addresses two, three, four allow access is Httpsshttp and all those things. So get me give me the information of this port number where I’m already here question mark to show you all the value. And definitely if you want to delete something question and you can delete which thing you want to delete them and show port number show whatever I configure up to. Now just type show it will show you this port detail. So get me the configuration and show me the configuration and get the detail. So now it’s showing me all the configuration like a set Vdome, set IP, set allowed set type this is the configuration. So showing you the configuration detail of the port. And when you type, get. So get display you the detail that IP is this one mode is this one. But it’s not showing you that you use set Vidom route. No.
But it says you are root your VDOM is root, your IP is 192 one 6800 234. But when I say show me that how you configure this one the configuration. This main difference between get and show so which I mentioned here like a clone delete edit and to save thing get less the configuration and show display the changes default configuration either the configuration command to show you. This is the difference between get and show. For the field command which I show you above there is abort append and get and move like suppose if I want to go to edit port three because I don’t want to disrupt the other two. Port three is not in use. Now I’m in Port Three. Now the configuration is changed before before the port it was a bit delete perch get show and end. Now we say configure object set, modify value unset select unselect append clear get show next about and end. Because now in field mode you have to look this one. Then you will understand first command.
Then the second one is the sub command and altogether is a table. So table command was different and value command is different. Now I’m in the field command. So field will give you this one about so exit. Suppose if you want to without changes suppose I change this port three I set mode DHCP sure. So mode set mode as DHCP I change the port number three more to this one. Now I say no, no, I don’t want to change. So say about go to configuration system interface and edit port three sorry, port 3123 and check again show it’s not there. Because I say what means I don’t want this change. Maybe you sometime, maybe you’ve done the changes but then you realize no this run. So rather than to type and if I type N, suppose if I say set mode DHCP, if I say N, it means save and exit from here. Now if I go to config system interface and edit port three and now show you will see this is DHCP now because end doesn’t mean that end the statement end means end the statement but save as well. So this is called abode append if you want to existing changes. If you want to do you can use append. And I already tool you get aiality tool you move to move the object from one place. Next next means suppose you are here I’m in port three.
Next I want to go to OK next and click edit port 4234 if there is port and now set mode DHCP port four as well. Now end so what will happen? Both will save rather than end and then go to config system interface you will type system configuration and then other two command two time so it will waste your time so other than type next get okay I done with this go to next go to next next configure all the interfaces and one time type end and one time type config system interface edit port three suppose if I’m not using next what I will do I will say end then I will type again config system interface and edit port fourth so it means I need to type config system interface two time so why not use next command select definitely to clear something and set to set the value where we use set DSCP mode dessert enable and all those show and unselect to select something and unsafe definitely is very clear to you now some important command exit from here sorry end if you don’t know any command don’t worry I will give you a hint that what you need to do one is show full configuration and end these are all the commands look at space bar space bar look at space bar space bar all the configuration whatever look at is not ending so let me type Q to quit and if you go above all the configuration whatever need your configuration like use grip like this one grip .
Sorry I need to put something like a suppose interface it will show you all the configuration related to interface and copy an interface and set your value and apply also I will give you another hint don’t worry about the configuration the command it’s so easy suppose I am in graphical view but I need to configure something through command like let me go to policy click on this policy and edit ncli locate there is an option this TCLI command look at what is the command first go to configure policy then add it to means policy number two then show to show you the detail set name just the name of the policy SSLVPN to when set source interface set destination interface source address destination action accept schedule always services always this what we do graphically and next and end just copy and remove fjfg and if you want to create a new policy just change this one remove set UUID is a unique ID and that’s it and paste them if you are not sure let me do it one so command is not an issue and also you can find out from the copy to clipboard and let me go to node page paste what you need to do it means first I need to go to configuration then go to edit but edit I will say this time I’m going to edit 54 policy number and no need of show command and let me remove these two I want to set directly no need to show and set VPN suppose let me give them SSL VPN no need of this one all the values doesn’t require. So I say source interface is this one. Let me put the same and no need of next setnet enable and copy and paste here either here, it’s up to you. Where is my console interface? This one and paste what I done. Edit new entry. Okay, I’ve done it.
So if I go there, there will be with the symptoms SSL new it’s not showing SSL, just refresh. You will see. There will be policy already created. Look at SSL. Same like the other one I created through command. You will say oh, you know the command. No this was so simple to create so don’t worry anywhere whatever we done okay whatever like a static route we done click on static route go to edit and CLI so if you want to edit a route this is the command configure outer static that’s the first entry they show me the show but anyway go to set gateway we set the gateway we set that port number and end they set copy and create a new route here in 2 seconds but just understand the way of it is working so where was okay so these are the configuration full configuration we will show you all the configuration get system status it will show you get system status git system status sorry next because starting another one you have to type again status again again this one this is the system status version is this one if you need the version detail and all those things you can use this command if you want to check the policy show for wall policy so I have SSLVPN policy and I created my own as well which is SSL VPN this one it’s here with configuration just copy and paste again from here no need to go there as well if you need the route information which we already use get route info just question mark it will show you automatically routing table question mark static it will show you the static route this mystatic route configure with the help of question mark just like in Cisco and other vendor you can use this method and if you need all just type all if you configure any other routing table so it shows you all above is only static one now it’s showing connected as well just like a Cisco and if you need suppose some information show full configuration only I say admin related so this is admin related detail just copy them if you want to change anything just paste them again other thing the shortcut we have to know question mark can be used for help which I told you whatever you need like here just type question so there is config get show diagnose execute alias and exit these are the command available with the help of this one tape R to complete suppose if I say config tape it or to complete you can use up arrow to bring the old command this one down to bring the other command lift to go to the cursor move to the up one like this and to this side control A to move the circle to the beginning suppose you have a long command control A it will take you to the initial one control E it will take you to the end now I need to move to the end control E now it’s move to the E CTRL B it will take you one word so admin control B admin system full configuration and show by one word move the cursor forward one word control. F delete the character control. D one character control e let me go to the end and then control.
What was a d CTRL d? Sorry you have to be here. Control D. So it’s deleting one character if you want and Control C the entire word to clear them. Now, these are some basic command to configure. Let me show you some basic configuration. Just 1 minute so where I was to configure some basic configuration I know you can do it from internet and so easy I show you the method first I need to change the config system global to change the host name set hostname hostname tab. And suppose if I say firewall when I say N, it will say look at now the change exchange. Second, we normally configure after hostname. We configure interface, as you remember. So let’s configure. Interface config system interface? Which interface? Edit port tab one, tab two, tab three. Let’s configure this one and set IP. Set mode first. Static. And let me type IP. Suppose 11255 either you can type like this to add 24 there is no space and set alias. We give them the name set alias like DMZ and End. And if you go there, you will see it set up now. So whenever we start for all normally I done. Interface is here. Now I’ve done this one. Look at his DMZ and IP address is there and alias is DMZ. This is the alias which we normally assign this one. So I assign from here. Then after that we normally configure DNS. So say config system DNS Sorry? DNS. DNS. What is the DNS right now? Eight eight n one one let’s change the second 12444 set primary DNS we have two DNS eight and set secondary DNS four. Four and end.
Now you will see this one change from one to four. If you refresh it, it’s four now. So you can do this one as well. Then we configure static route, which we do normally thing here. Static route. Let’s configure the static route. Let me delete this one and configure them through command. So type config system route sorry, config router stating then which route number I say one, there is nothing. So then new entry. I know added edit can be used for new entry and also existing as well. And set destination. Sorry, destination it’s not showing destination. DST. I think this is DST something. So destination I say zero. There is no space. By the way, this is the destination where I want to reach and sit gateway. You know I’m noon you just question mark. You will see all the thing. There is a destination, there is a gateway. Just type gateway tab and gateways 192, 100 and 6800.
One set distance. You know there was distance command as well. Set question mark. There is distance. Yeah, distance, distance. Put ten and said device port on which put the traffic will go. Set device port one. This is the vein port and add and when you refresh it will do the same which we done graphically. Okay, you know, I set administrative distance when port one. This is the gateway and there’s the thing and so on. This way you can configure all. But no need to know all these command and set allow access. If you have a management interface, default out. I already told you DNS, I already told you change the hostname. I already set the admin password. If you change the admin password, this is the way to do it. And more command like execute factory reset. I told you yesterday, if you want to reboot, if you want to shut down, execute shutdown, execute ping execute, reboot, execute reach it too. These are some basic command to know at least.
