Fortigate 1800F seadme kasutamine
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
Sissejuhatus
TODO
Tööpõhimõte
TODO
Misc
TODO
Serial konsooli kasutamine - OpenBSD
# dmesg ... uftdi0 at uhub0 port 2 configuration 1 interface 0 "FTDI FT232R USB UART" rev 2.00/6.00 addr 2 ucom0 at uftdi0 portno 1 uftdi1 at uhub0 port 1 configuration 1 interface 0 "FTDI FT232R USB UART" rev 2.00/6.00 addr 7 ucom1 at uftdi1 portno 1
Konsoolile kinnitumiseks sobib öelda
openbsd69-tookoht# cu -s 9600 -l cuaU1 Connected to /dev/cuaU1 (speed 9600) moraal-vasak login: admin Password: Welcome! moraal-vasak #
Serial konsooli kasutamine - Linux
root@pve-moraal-x570:~# dmesg -w -T ... [Sun Mar 12 19:15:50 2023] usb 1-5: new full-speed USB device number 3 using xhci_hcd [Sun Mar 12 19:15:50 2023] usb 1-5: New USB device found, idVendor=0403, idProduct=6001, bcdDevice= 6.00 [Sun Mar 12 19:15:50 2023] usb 1-5: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [Sun Mar 12 19:15:50 2023] usb 1-5: Product: FT232R USB UART [Sun Mar 12 19:15:50 2023] usb 1-5: Manufacturer: FTDI [Sun Mar 12 19:15:50 2023] usb 1-5: SerialNumber: A9VMWTX8 [Sun Mar 12 19:15:50 2023] usbcore: registered new interface driver usbserial_generic [Sun Mar 12 19:15:50 2023] usbserial: USB Serial support registered for generic [Sun Mar 12 19:15:50 2023] usbcore: registered new interface driver ftdi_sio [Sun Mar 12 19:15:50 2023] usbserial: USB Serial support registered for FTDI USB Serial Device [Sun Mar 12 19:15:50 2023] ftdi_sio 1-5:1.0: FTDI USB Serial Device converter detected [Sun Mar 12 19:15:50 2023] usb 1-5: Detected FT232RL [Sun Mar 12 19:15:50 2023] usb 1-5: FTDI USB Serial Device converter now attached to ttyUSB0
Konsoolile kinnitumiseks sobib öelda
imre@pve-moraal-x570:~$ cu -s 9600 -l /dev/ttyUSB0
Connected.
CPU(00:00050657 bfebfbff): MP initialization
CPU(01:00050657 bfebfbff): MP initialization
CPU(02:00050657 bfebfbff): MP initialization
CPU(03:00050657 bfebfbff): MP initialization
CPU(04:00050657 bfebfbff): MP initialization
CPU(05:00050657 bfebfbff): MP initialization
CPU(06:00050657 bfebfbff): MP initialization
CPU(07:00050657 bfebfbff): MP initialization
CPU(10:00050657 bfebfbff): MP initialization
CPU(11:00050657 bfebfbff): MP initialization
CPU(12:00050657 bfebfbff): MP initialization
CPU(13:00050657 bfebfbff): MP initialization
CPU(14:00050657 bfebfbff): MP initialization
CPU(15:00050657 bfebfbff): MP initialization
CPU(16:00050657 bfebfbff): MP initialization
CPU(17:00050657 bfebfbff): MP initialization
Total RAM: 24560MB
Enabling cache...Done.
Scanning PCI bus...Done.
Allocating PCI resources...Done.
Enabling PCI resources...Done.
Zeroing IRQ settings...Done.
Verifying PIRQ tables...Done.
Boot up, boot device capacity: 28626MB.
Press any key to display configuration menu...
.............................
[C]: Configure TFTP parameters.
[R]: Review TFTP parameters.
[T]: Initiate TFTP firmware transfer.
[F]: Format boot device.
[B]: Boot with backup firmware and set as default.
[I]: System configuration and information.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.
Enter C,R,T,F,B,I,Q,or H:
Image download port: MGMT1
DHCP status: disabled
Local VLAN ID: none
Local IP address: 192.168.10.203
Local subnet mask: 255.255.255.0
Local gateway: 192.168.1.254
TFTP server IP address: 192.168.10.187
Firmware file name: FGT_1800F-v6.M-build2000-FORTINET.out
Reading boot image 3192428 bytes.
Initializing firewall...
System is starting...
openbsd-tk# cu -s 9600 -l cuaU0
Connected to /dev/cuaU0 (speed 9600)
FortiGate-1800F login:
FortiGate-1800F login: admin
Password:
Login incorrect
FortiGate-1800F login: admin
Password:
You are forced to change your password. Please input a new password.
New Password:
Confirm Password:
Welcome!
FortiGate-1800F #
FortiGate-1800F # config system interface
FortiGate-1800F (interface) # edit mgmt1
FortiGate-1800F (mgmt1) # show
config system interface
edit "mgmt1"
set vdom "root"
set ip 192.168.1.99 255.255.255.0
set allowaccess ping https ssh fgfm
set type physical
set dedicated-to management
set role lan
set snmp-index 1
next
end
FortiGate-1800F (mgmt1) # set ip 192.168.10.206/24
FortiGate-1800F (mgmt1) # end
FortiGate-1800F # config router static
FortiGate-1800F (static) # show
config router static
end
FortiGate-1800F (static) # edit 1
new entry '1' added
FortiGate-1800F (1) # set gateway 192.168.10.254
FortiGate-1800F (1) # set device mgmt1
FortiGate-1800F (1) # end
Firmware kasutamine
Image download port: MGMT1 DHCP status: disabled Local VLAN ID: none Local IP address: 192.168.10.203 Local subnet mask: 255.255.255.0 Local gateway: 192.168.1.254 TFTP server IP address: 192.168.10.187 Firmware file name: FGT_1800F-v6.M-build2000-FORTINET.out Enter C,R,T,F,B,I,Q,or H: Please connect TFTP server to Ethernet port "MGMT1". MAC: AC:71:2E:0B:25:72 ######################################################################## Total 76228962 bytes data downloaded. Verifying the integrity of the firmware image. This firmware image is certified. Total 262144kB unzipped. Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?b Programming the boot device now. ................................................................................................................................................................................................................................................................Open boot device failed.
Tarkvara uuendamine
Kui webgui kaudu tarkvara uuendada, siis tegelikult lülitutakse kahe tõmmise vahel, uuemaga asendatakse mitte-aktiivne
moraal-vasak # diag sys flash list Partition Image TotalSize(KB) Used(KB) Use% Active 1 FG180F-7.00-FW-build0450-230221 253871 107322 42% Yes 2 FG180F-7.02-FW-build1396-230131 253871 107096 42% No 3 EXDB-1.00000 28327040 61196 0% No
Töötava süsteemi saab käivitada alternatiivse abil selliselt, arvestades, et
- partitsioon 1 - primary
- partitsioon 2 - secondary
- partitsioon ei ole antud juhul seotud scsi plokkseadme nn fdisk partitsiooniga
execute set-next-reboot secondary execute reboot
FortiOS kontakti saab v. 7.x keskkonnas fnsysctl utiliidiga, nt
moraal-vasak # fnsysctl df -h Filesystem Size Used Available Use% Mounted on none 20.0G 3.3M 19.9G 0% /tmp none 20.0G 1004.0K 20.0G 0% /dev/shm none 20.0G 407.3M 19.6G 2% /dev/cmdb /dev/sda1 247.9M 104.8M 130.3M 45% /data /dev/sda3 27.0G 59.7M 25.5G 0% /data2
Peale uuendamist võiks küsida
diag debug crashlog read get system startup-error-log FortiGate-1800F # diagnose debug config-error-log read init_vendor_mac: ret=-9 (madb format id version error) ffdb_app_map_process-3325: wrong word 5530 ffdb_app_map_process-3325: wrong word 43 ffdb_app_map_process-3325: wrong word 4303 ffdb_app_map_process-3325: wrong word 194 ffdb_app_map_process-3325: wrong word 47 >>> "config" "firewall" "policy64" @ root:command parse error (error -61) >>> "config" "firewall" "policy46" @ root:command parse error (error -61) FortiGate-1800F # diagnose debug config-error-log read >>> "set" "management-port-use-admin-sport" "disable" @ global.system.global:command parse error (error -61) >>> "end" @ global.system.replacemsg.webproxy.ztna-block:failed command (error -56) >>> "end" @ global.system.replacemsg.auth.auth-proxy-reject-page:failed command (error -56) >>> "end" @ global.system.replacemsg.utm.external-blocklist-html:failed command (error -56) >>> "end" @ global.system.replacemsg.utm.external-blocklist-text:failed command (error -56) >>> "end" @ global.system.replacemsg.utm.ems-threat-feed-html:failed command (error -56) >>> "end" @ global.system.replacemsg.utm.ems-threat-feed-text:failed command (error -56) >>> "end" @ global.system.replacemsg.utm.inline-scan-timeout-html:failed command (error -56) >>> "end" @ global.system.replacemsg.utm.inline-scan-timeout-text:failed command (error -56) >>> "end" @ global.system.replacemsg.utm.inline-scan-error-html:failed command (error -56) >>> "end" @ global.system.replacemsg.utm.inline-scan-error-text:failed command (error -56) >>> "end" @ global.system.replacemsg.utm.icap-block-text:failed command (error -56) >>> "end" @ global.system.replacemsg.utm.icap-error-text:failed command (error -56) >>> "end" @ global.system.replacemsg.utm.icap-http-error:failed command (error -56) >>> "config" "system" "replacemsg" "automation" "automation-email" @ global:command parse error (error -61) >>> "config" "log" "tap-device" @ global:command parse error (error -61) >>> "config" "cluster-peer" @ global.system.standalone-cluster:command parse error (error -61) >>> "end" @ global:command parse error (error -61) >>> "next" @ global.endpoint-control.fctems.1:failed command (error 1) >>> "next" @ global.endpoint-control.fctems.2:failed command (error 1) >>> "next" @ global.endpoint-control.fctems.3:failed command (error 1) >>> "next" @ global.endpoint-control.fctems.4:failed command (error 1) >>> "next" @ global.endpoint-control.fctems.5:failed command (error 1) >>> "next" @ global.endpoint-control.fctems.6:failed command (error 1) ...
Misc
Factory reset
FortiGate-1800F (global) # execute factoryreset2 Factoryreset2 will bring down all the npu-vlinks This operation will reset the system to factory default except system.global.vdom-mode/system.global.long-vdom-name/VDOMs/system.virtual-switch/system.interface/system.settings/router.static/router.static6! Do you want to continue? (y/n)y System is resetting to factory default (factoryreset2) ... ...
Kasulikud lisamaterjalid
- TODO
