Fortinet防火墙命令行概述
1. 可以通过SSH, Telnet, 或者serial console
创新互联公司专业为企业提供吉林网站建设、吉林做网站、吉林网站设计、吉林网站制作等企业网站建设、网页设计与制作、吉林企业网站模板建站服务,10余年吉林做网站经验,不只是建网站,更提供有价值的思路和整体网络服务。
2. CLI的配置是分级的结构,如下所示:
config system interface
edit "internal"
set vdom "root"
set ip 192.168.100.99 255.255.255.0
set allowaccess ping https ssh snmp http telnet
set type physical
next
end
3. 命令行层次结构具体有下面这些关键字:
config
edit
next
end
exit
abort
4. 使用 “?” 可以查询可用当前级别可以的指令
5. 使用
6. 设置wan2的IP:的例子:
FortiGate-60 # config system interface
(interface)# edit wan2
(wan2)# set ip 192.177.11.12 255.255.255.248
(wan2)# end
FortiGate-60 #
7. 可以用“get”命令显示参数和当前值:
(internal)# get
name : internal
vdom : root
cli-conn-status : 0
mode : static
dhcp-relay-service :
dhcp-relay-ip :
dhcp-relay-type :
ip : 192.168.96.254 255.255.255.0
allowaccess : ping HTTPS HTTP telnet
8. 可以用“show”命令显示当前配置:
FGT50B3 # config system interface
FGT50B3 (interface) # edit internal
FGT50B3 (internal) # show
config system interface
edit "internal"
set vdom "root"
set ip 192.168.100.99 255.255.255.0
set allowaccess ping https ssh snmp http telnet
set type physical
next
end
9. 可以用“show full-configuration”命令显示当前完全配置:
FGT50B3 # config system interface
FGT50B3 (interface) # edit internal
FGT50B3 (internal) # show full-configuration
config system interface
edit "internal"
set vdom "root"
set mode static
set dhcp-relay-service disable
unset dhcp-relay-ip
set dhcp-relay-type regular
set ip 192.168.100.99 255.255.255.0
set allowaccess ping https ssh snmp http telnet
set gwdetect disable
unset detectserver
set ha-priority 0
set pptp-client disable
set arpforward enable
set broadcast-forward disable
set bfd global
set l2forward disable
set icmp-redirect enable
set vlanforward enable
set stpforward disable
set ident-accept disable
set ipmac disable
set subst disable
set log disable
set fdp disable
set dDNS disable
set status up
set netbios-forward disable
set wins-ip 0.0.0.0
set type physical
set tcp-mss 0
set inbandwidth 0
set outbandwidth 0
set description ''
set alias ''
set l2tp-client disable
config ipv6
set autoconf disable
set ip6-address ::/0
unset ip6-allowaccess
set ip6-default-life 1800
set ip6-hop-limit 0
set ip6-link-mtu 0
set ip6-manage-flag disable
set ip6-max-interval 600
set ip6-min-interval 198
set ip6-other-flag disable
set ip6-reachable-time 0
set ip6-retrans-time 0
set ip6-send-adv disable
end
set idle-timeout 0
unset macaddr
set mtu-override disable
next
end
10. 执行某些命令,例如:
execute factoryreset
execute ping
execute backup
execute traceroute
execute reboot
文章题目:Fortinet防火墙命令行概述
路径分享:http://cdiso.cn/article/iioeep.html