Fortinet防火墙命令行概述

1. 可以通过SSH, Telnet, 或者serial console

创新互联公司专业为企业提供吉林网站建设、吉林做网站、吉林网站设计、吉林网站制作等企业网站建设、网页设计与制作、吉林企业网站模板建站服务,10余年吉林做网站经验,不只是建网站,更提供有价值的思路和整体网络服务。

2. CLI的配置是分级的结构,如下所示:
config system interface
edit "internal"
set vdom "root"
set ip 192.168.100.99 255.255.255.0
set allowaccess ping https ssh snmp http telnet
set type physical
next
end

3. 命令行层次结构具体有下面这些关键字:

  1. config

  2. edit

  3. next

  4. end

  5. exit

  6. abort

4. 使用 “?” 可以查询可用当前级别可以的指令

5. 使用 可以将当前命令补齐

6. 设置wan2的IP:的例子:

FortiGate-60 # config system interface
(interface)# edit wan2
(wan2)# set ip 192.177.11.12 255.255.255.248
(wan2)# end
FortiGate-60 #

7. 可以用“get”命令显示参数和当前值:
(internal)# get
name : internal
vdom : root
cli-conn-status : 0
mode : static
dhcp-relay-service :
dhcp-relay-ip :
dhcp-relay-type :
ip : 192.168.96.254 255.255.255.0
allowaccess : ping HTTPS HTTP telnet

8. 可以用“show”命令显示当前配置:
FGT50B3 # config system interface
FGT50B3 (interface) # edit internal
FGT50B3 (internal) # show
config system interface
edit "internal"
set vdom "root"
set ip 192.168.100.99 255.255.255.0
set allowaccess ping https ssh snmp http telnet
set type physical
next
end

9. 可以用“show full-configuration”命令显示当前完全配置:
FGT50B3 # config system interface
FGT50B3 (interface) # edit internal
FGT50B3 (internal) # show full-configuration
config system interface
edit "internal"
set vdom "root"
set mode static
set dhcp-relay-service disable
unset dhcp-relay-ip
set dhcp-relay-type regular
set ip 192.168.100.99 255.255.255.0
set allowaccess ping https ssh snmp http telnet
set gwdetect disable
unset detectserver
set ha-priority 0
set pptp-client disable
set arpforward enable
set broadcast-forward disable
set bfd global
set l2forward disable
set icmp-redirect enable
set vlanforward enable
set stpforward disable
set ident-accept disable
set ipmac disable
set subst disable
set log disable
set fdp disable
set dDNS disable
set status up
set netbios-forward disable
set wins-ip 0.0.0.0
set type physical
set tcp-mss 0
set inbandwidth 0
set outbandwidth 0
set description ''
set alias ''
set l2tp-client disable
config ipv6
set autoconf disable
set ip6-address ::/0
unset ip6-allowaccess
set ip6-default-life 1800
set ip6-hop-limit 0
set ip6-link-mtu 0
set ip6-manage-flag disable
set ip6-max-interval 600
set ip6-min-interval 198
set ip6-other-flag disable
set ip6-reachable-time 0
set ip6-retrans-time 0
set ip6-send-adv disable
end
set idle-timeout 0
unset macaddr
set mtu-override disable
next
end

10. 执行某些命令,例如:
execute factoryreset
execute ping
execute backup
execute traceroute
execute reboot


分享文章:Fortinet防火墙命令行概述
网页网址:http://pwwzsj.com/article/iioeep.html