Fortinet/CLI: Unterschied zwischen den Versionen
Aus SchnallIchNet
Cbs (Diskussion | Beiträge) |
Cbs (Diskussion | Beiträge) |
||
Zeile 5: | Zeile 5: | ||
=== Address Objects === | === Address Objects === | ||
+ | |||
+ | show firewall address | grep -i PATTERN | ||
+ | edit "Hostobject" | ||
+ | set comment "bla" | ||
+ | set associated-interface "wan2" | ||
+ | set subnet 1.2.3.4 255.255.255.255 | ||
+ | next | ||
<pre> | <pre> |
Version vom 18. Februar 2017, 13:21 Uhr
Inhaltsverzeichnis
CLI
Address Objects
show firewall address | grep -i PATTERN edit "Hostobject" set comment "bla" set associated-interface "wan2" set subnet 1.2.3.4 255.255.255.255 next
show firewall addrgrp "GRP Name" config firewall addrgrp edit "GRP Name" set member "Hostobject 1" "Hostobject 2" "Hostobject X" ... next end
Policy
config firewall policy edit 81 set srcintf "port1" set dstintf "wan1" set srcaddr "Netz1" "Netz 2" "Netz ..." set dstaddr "Netz - DST" set action ipsec set schedule "always" set service "ALL" set logtraffic all set natip 10.x.y.0 255.255.255.0 set comments "ACHTUNG NAT-Adresse via CLI hinzugefuegt" set outbound enable set natoutbound enable set vpntunnel "PH1NAME" next end config firewall policy edit 238 set srcintf "port7" set dstintf "wan1" set srcaddr "NETZ SRC" set dstaddr "Netz DST" set action ipsec set schedule "always" set service "ALL" set logtraffic all set natip 10.x.y.0 255.255.255.0 set comments "Outbound NAT! set natip 10.x.y.0 255.255.255.0" set inbound enable set outbound enable set natoutbound enable set vpntunnel "PH1NAME" next end
Packet Capture
diag sniffer packet "<interface-name|any>" "host <IP> and port 3389" 4
4 = verbose level (1-6)