Fortigate 1800F seadme kasutamine: erinevus redaktsioonide vahel

Sissejuhatus

TODO

Tööpõhimõte

TODO

Misc

TODO

Serial konsooli kasutamine - OpenBSD

# dmesg
...
uftdi0 at uhub0 port 2 configuration 1 interface 0 "FTDI FT232R USB UART" rev 2.00/6.00 addr 2
ucom0 at uftdi0 portno 1
uftdi1 at uhub0 port 1 configuration 1 interface 0 "FTDI FT232R USB UART" rev 2.00/6.00 addr 7
ucom1 at uftdi1 portno 1

Konsoolile kinnitumiseks sobib öelda

openbsd69-tookoht# cu -s 9600 -l cuaU1 
Connected to /dev/cuaU1 (speed 9600)

moraal-vasak login: admin
Password: 
Welcome!

moraal-vasak #

Serial konsooli kasutamine - Linux

root@pve-moraal-x570:~# dmesg -w -T
...
[Sun Mar 12 19:15:50 2023] usb 1-5: new full-speed USB device number 3 using xhci_hcd
[Sun Mar 12 19:15:50 2023] usb 1-5: New USB device found, idVendor=0403, idProduct=6001, bcdDevice= 6.00
[Sun Mar 12 19:15:50 2023] usb 1-5: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[Sun Mar 12 19:15:50 2023] usb 1-5: Product: FT232R USB UART
[Sun Mar 12 19:15:50 2023] usb 1-5: Manufacturer: FTDI
[Sun Mar 12 19:15:50 2023] usb 1-5: SerialNumber: A9VMWTX8
[Sun Mar 12 19:15:50 2023] usbcore: registered new interface driver usbserial_generic
[Sun Mar 12 19:15:50 2023] usbserial: USB Serial support registered for generic
[Sun Mar 12 19:15:50 2023] usbcore: registered new interface driver ftdi_sio
[Sun Mar 12 19:15:50 2023] usbserial: USB Serial support registered for FTDI USB Serial Device
[Sun Mar 12 19:15:50 2023] ftdi_sio 1-5:1.0: FTDI USB Serial Device converter detected
[Sun Mar 12 19:15:50 2023] usb 1-5: Detected FT232RL
[Sun Mar 12 19:15:50 2023] usb 1-5: FTDI USB Serial Device converter now attached to ttyUSB0

Konsoolile kinnitumiseks sobib öelda

imre@pve-moraal-x570:~$ cu -s 9600 -l /dev/ttyUSB0 
Connected.
CPU(00:00050657 bfebfbff): MP initialization 
CPU(01:00050657 bfebfbff): MP initialization 
CPU(02:00050657 bfebfbff): MP initialization 
CPU(03:00050657 bfebfbff): MP initialization 
CPU(04:00050657 bfebfbff): MP initialization 
CPU(05:00050657 bfebfbff): MP initialization 
CPU(06:00050657 bfebfbff): MP initialization 
CPU(07:00050657 bfebfbff): MP initialization 
CPU(10:00050657 bfebfbff): MP initialization 
CPU(11:00050657 bfebfbff): MP initialization 
CPU(12:00050657 bfebfbff): MP initialization 
CPU(13:00050657 bfebfbff): MP initialization 
CPU(14:00050657 bfebfbff): MP initialization 
CPU(15:00050657 bfebfbff): MP initialization 
CPU(16:00050657 bfebfbff): MP initialization 
CPU(17:00050657 bfebfbff): MP initialization 
Total RAM: 24560MB
Enabling cache...Done.
Scanning PCI bus...Done.
Allocating PCI resources...Done.
Enabling PCI resources...Done.
Zeroing IRQ settings...Done.
Verifying PIRQ tables...Done.
Boot up, boot device capacity: 28626MB.
Press any key to display configuration menu...
.............................

[C]:  Configure TFTP parameters.
[R]:  Review TFTP parameters.
[T]:  Initiate TFTP firmware transfer.
[F]:  Format boot device.
[B]:  Boot with backup firmware and set as default.
[I]:  System configuration and information.
[Q]:  Quit menu and continue to boot.
[H]:  Display this list of options.

Enter C,R,T,F,B,I,Q,or H:

Image download port:	MGMT1
DHCP status:            disabled
Local VLAN ID:		none
Local IP address:       192.168.10.203
Local subnet mask:      255.255.255.0
Local gateway:          192.168.1.254
TFTP server IP address:	192.168.10.187
Firmware file name:	FGT_1800F-v6.M-build2000-FORTINET.out

Reading boot image 3192428 bytes.
Initializing firewall...
System is starting...

openbsd-tk# cu -s 9600 -l cuaU0 
Connected to /dev/cuaU0 (speed 9600)


FortiGate-1800F login: 

FortiGate-1800F login: admin
Password: 
Login incorrect


FortiGate-1800F login: admin
Password: 
You are forced to change your password. Please input a new password.
New Password: 
Confirm Password: 
Welcome!

FortiGate-1800F # 

FortiGate-1800F # config system interface

FortiGate-1800F (interface) # edit mgmt1

FortiGate-1800F (mgmt1) # show
config system interface
    edit "mgmt1"
        set vdom "root"
        set ip 192.168.1.99 255.255.255.0
        set allowaccess ping https ssh fgfm
        set type physical
        set dedicated-to management
        set role lan
        set snmp-index 1
    next
end

FortiGate-1800F (mgmt1) # set ip 192.168.10.206/24

FortiGate-1800F (mgmt1) # end


FortiGate-1800F # config router static

FortiGate-1800F (static) # show
config router static
end

FortiGate-1800F (static) # edit 1
new entry '1' added

FortiGate-1800F (1) # set gateway 192.168.10.254

FortiGate-1800F (1) # set device mgmt1

FortiGate-1800F (1) # end

Firmware kasutamine

Image download port:	MGMT1
DHCP status:            disabled
Local VLAN ID:		none
Local IP address:       192.168.10.203
Local subnet mask:      255.255.255.0
Local gateway:          192.168.1.254
TFTP server IP address:	192.168.10.187
Firmware file name:	FGT_1800F-v6.M-build2000-FORTINET.out

Enter C,R,T,F,B,I,Q,or H:

Please connect TFTP server to Ethernet port "MGMT1".
MAC:         AC:71:2E:0B:25:72
########################################################################
Total 76228962 bytes data downloaded.
Verifying the integrity of the firmware image.
This firmware image is certified.

Total 262144kB unzipped.
Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?b
Programming the boot device now.
................................................................................................................................................................................................................................................................Open boot device failed.

Tarkvara uuendamine

Kui webgui kaudu tarkvara uuendada, siis tegelikult lülitutakse kahe tõmmise vahel, uuemaga asendatakse mitte-aktiivne

moraal-vasak # diag sys flash list
Partition  Image                                     TotalSize(KB)  Used(KB)  Use%  Active
1          FG180F-7.00-FW-build0450-230221                  253871    107322   42%  Yes   
2          FG180F-7.02-FW-build1396-230131                  253871    107096   42%  No    
3          EXDB-1.00000                                   28327040     61196    0%  No  

Töötava süsteemi saab käivitada alternatiivse abil selliselt, arvestades, et

• partitsioon 1 - primary
• partitsioon 2 - secondary
• partitsioon ei ole antud juhul seotud scsi plokkseadme nn fdisk partitsiooniga

execute set-next-reboot secondary
execute reboot

FortiOS kontakti saab v. 7.x keskkonnas fnsysctl utiliidiga, nt

moraal-vasak # fnsysctl df -h
Filesystem                 Size       Used  Available Use% Mounted on
none                      20.0G       3.3M      19.9G   0% /tmp
none                      20.0G    1004.0K      20.0G   0% /dev/shm
none                      20.0G     407.3M      19.6G   2% /dev/cmdb
/dev/sda1                247.9M     104.8M     130.3M  45% /data
/dev/sda3                 27.0G      59.7M      25.5G   0% /data2

Peale uuendamist võiks küsida

diag debug crashlog read get system startup-error-log

FortiGate-1800F # diagnose debug config-error-log read
init_vendor_mac: ret=-9 (madb format id version error)
ffdb_app_map_process-3325: wrong word 5530
ffdb_app_map_process-3325: wrong word 43
ffdb_app_map_process-3325: wrong word 4303
ffdb_app_map_process-3325: wrong word 194
ffdb_app_map_process-3325: wrong word 47
>>>  "config" "firewall" "policy64" @ root:command parse error (error -61)
>>>  "config" "firewall" "policy46" @ root:command parse error (error -61)


FortiGate-1800F # diagnose debug config-error-log read
>>>  "set" "management-port-use-admin-sport" "disable" @ global.system.global:command parse error (error -61)
>>>  "end" @ global.system.replacemsg.webproxy.ztna-block:failed command (error -56)
>>>  "end" @ global.system.replacemsg.auth.auth-proxy-reject-page:failed command (error -56)
>>>  "end" @ global.system.replacemsg.utm.external-blocklist-html:failed command (error -56)
>>>  "end" @ global.system.replacemsg.utm.external-blocklist-text:failed command (error -56)
>>>  "end" @ global.system.replacemsg.utm.ems-threat-feed-html:failed command (error -56)
>>>  "end" @ global.system.replacemsg.utm.ems-threat-feed-text:failed command (error -56)
>>>  "end" @ global.system.replacemsg.utm.inline-scan-timeout-html:failed command (error -56)
>>>  "end" @ global.system.replacemsg.utm.inline-scan-timeout-text:failed command (error -56)
>>>  "end" @ global.system.replacemsg.utm.inline-scan-error-html:failed command (error -56)
>>>  "end" @ global.system.replacemsg.utm.inline-scan-error-text:failed command (error -56)
>>>  "end" @ global.system.replacemsg.utm.icap-block-text:failed command (error -56)
>>>  "end" @ global.system.replacemsg.utm.icap-error-text:failed command (error -56)
>>>  "end" @ global.system.replacemsg.utm.icap-http-error:failed command (error -56)
>>>  "config" "system" "replacemsg" "automation" "automation-email" @ global:command parse error (error -61)
>>>  "config" "log" "tap-device" @ global:command parse error (error -61)
>>>  "config" "cluster-peer" @ global.system.standalone-cluster:command parse error (error -61)
>>>  "end" @ global:command parse error (error -61)
>>>  "next" @ global.endpoint-control.fctems.1:failed command (error 1)
>>>  "next" @ global.endpoint-control.fctems.2:failed command (error 1)
>>>  "next" @ global.endpoint-control.fctems.3:failed command (error 1)
>>>  "next" @ global.endpoint-control.fctems.4:failed command (error 1)
>>>  "next" @ global.endpoint-control.fctems.5:failed command (error 1)
>>>  "next" @ global.endpoint-control.fctems.6:failed command (error 1)
...

Misc

Factory reset

FortiGate-1800F (global) # execute factoryreset2 

Factoryreset2 will bring down all the npu-vlinks
This operation will reset the system to factory default except system.global.vdom-mode/system.global.long-vdom-name/VDOMs/system.virtual-switch/system.interface/system.settings/router.static/router.static6!
Do you want to continue? (y/n)y


System is resetting to factory default (factoryreset2) ...
...

Kasulikud lisamaterjalid

• TODO