Fortigate 1800F seadme kasutamine

Allikas: Imre kasutab arvutit
Redaktsioon seisuga 14. märts 2023, kell 00:07 kasutajalt Imre (arutelu | kaastöö) (→‎Misc)
Mine navigeerimisribaleMine otsikasti

Sissejuhatus

TODO

Tööpõhimõte

TODO

Misc

TODO

Serial konsooli kasutamine - OpenBSD 

# dmesg
...
uftdi0 at uhub0 port 2 configuration 1 interface 0 "FTDI FT232R USB UART" rev 2.00/6.00 addr 2
ucom0 at uftdi0 portno 1
uftdi1 at uhub0 port 1 configuration 1 interface 0 "FTDI FT232R USB UART" rev 2.00/6.00 addr 7
ucom1 at uftdi1 portno 1

Konsoolile kinnitumiseks sobib öelda 

openbsd69-tookoht# cu -s 9600 -l cuaU1 
Connected to /dev/cuaU1 (speed 9600)

moraal-vasak login: admin
Password: 
Welcome!

moraal-vasak #

Serial konsooli kasutamine - Linux 

root@pve-moraal-x570:~# dmesg -w -T
...
[Sun Mar 12 19:15:50 2023] usb 1-5: new full-speed USB device number 3 using xhci_hcd
[Sun Mar 12 19:15:50 2023] usb 1-5: New USB device found, idVendor=0403, idProduct=6001, bcdDevice= 6.00
[Sun Mar 12 19:15:50 2023] usb 1-5: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[Sun Mar 12 19:15:50 2023] usb 1-5: Product: FT232R USB UART
[Sun Mar 12 19:15:50 2023] usb 1-5: Manufacturer: FTDI
[Sun Mar 12 19:15:50 2023] usb 1-5: SerialNumber: A9VMWTX8
[Sun Mar 12 19:15:50 2023] usbcore: registered new interface driver usbserial_generic
[Sun Mar 12 19:15:50 2023] usbserial: USB Serial support registered for generic
[Sun Mar 12 19:15:50 2023] usbcore: registered new interface driver ftdi_sio
[Sun Mar 12 19:15:50 2023] usbserial: USB Serial support registered for FTDI USB Serial Device
[Sun Mar 12 19:15:50 2023] ftdi_sio 1-5:1.0: FTDI USB Serial Device converter detected
[Sun Mar 12 19:15:50 2023] usb 1-5: Detected FT232RL
[Sun Mar 12 19:15:50 2023] usb 1-5: FTDI USB Serial Device converter now attached to ttyUSB0

Konsoolile kinnitumiseks sobib öelda 


imre@pve-moraal-x570:~$ cu -s 9600 -l /dev/ttyUSB0 
Connected.
CPU(00:00050657 bfebfbff): MP initialization 
CPU(01:00050657 bfebfbff): MP initialization 
CPU(02:00050657 bfebfbff): MP initialization 
CPU(03:00050657 bfebfbff): MP initialization 
CPU(04:00050657 bfebfbff): MP initialization 
CPU(05:00050657 bfebfbff): MP initialization 
CPU(06:00050657 bfebfbff): MP initialization 
CPU(07:00050657 bfebfbff): MP initialization 
CPU(10:00050657 bfebfbff): MP initialization 
CPU(11:00050657 bfebfbff): MP initialization 
CPU(12:00050657 bfebfbff): MP initialization 
CPU(13:00050657 bfebfbff): MP initialization 
CPU(14:00050657 bfebfbff): MP initialization 
CPU(15:00050657 bfebfbff): MP initialization 
CPU(16:00050657 bfebfbff): MP initialization 
CPU(17:00050657 bfebfbff): MP initialization 
Total RAM: 24560MB
Enabling cache...Done.
Scanning PCI bus...Done.
Allocating PCI resources...Done.
Enabling PCI resources...Done.
Zeroing IRQ settings...Done.
Verifying PIRQ tables...Done.
Boot up, boot device capacity: 28626MB.
Press any key to display configuration menu...
.............................

[C]:  Configure TFTP parameters.
[R]:  Review TFTP parameters.
[T]:  Initiate TFTP firmware transfer.
[F]:  Format boot device.
[B]:  Boot with backup firmware and set as default.
[I]:  System configuration and information.
[Q]:  Quit menu and continue to boot.
[H]:  Display this list of options.

Enter C,R,T,F,B,I,Q,or H:

Image download port:	MGMT1
DHCP status:            disabled
Local VLAN ID:		none
Local IP address:       192.168.10.203
Local subnet mask:      255.255.255.0
Local gateway:          192.168.1.254
TFTP server IP address:	192.168.10.187
Firmware file name:	FGT_1800F-v6.M-build2000-FORTINET.out

Reading boot image 3192428 bytes.
Initializing firewall...
System is starting...

openbsd-tk# cu -s 9600 -l cuaU0 
Connected to /dev/cuaU0 (speed 9600)


FortiGate-1800F login: 

FortiGate-1800F login: admin
Password: 
Login incorrect


FortiGate-1800F login: admin
Password: 
You are forced to change your password. Please input a new password.
New Password: 
Confirm Password: 
Welcome!

FortiGate-1800F # 

FortiGate-1800F # config system interface

FortiGate-1800F (interface) # edit mgmt1

FortiGate-1800F (mgmt1) # show
config system interface
    edit "mgmt1"
        set vdom "root"
        set ip 192.168.1.99 255.255.255.0
        set allowaccess ping https ssh fgfm
        set type physical
        set dedicated-to management
        set role lan
        set snmp-index 1
    next
end

FortiGate-1800F (mgmt1) # set ip 192.168.10.206/24

FortiGate-1800F (mgmt1) # end


FortiGate-1800F # config router static

FortiGate-1800F (static) # show
config router static
end

FortiGate-1800F (static) # edit 1
new entry '1' added

FortiGate-1800F (1) # set gateway 192.168.10.254

FortiGate-1800F (1) # set device mgmt1

FortiGate-1800F (1) # end

Firmware kasutamine 

Image download port:	MGMT1
DHCP status:            disabled
Local VLAN ID:		none
Local IP address:       192.168.10.203
Local subnet mask:      255.255.255.0
Local gateway:          192.168.1.254
TFTP server IP address:	192.168.10.187
Firmware file name:	FGT_1800F-v6.M-build2000-FORTINET.out

Enter C,R,T,F,B,I,Q,or H:

Please connect TFTP server to Ethernet port "MGMT1".
MAC:         AC:71:2E:0B:25:72
########################################################################
Total 76228962 bytes data downloaded.
Verifying the integrity of the firmware image.
This firmware image is certified.

Total 262144kB unzipped.
Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?b
Programming the boot device now.
................................................................................................................................................................................................................................................................Open boot device failed.

Tarkvara uuendamine

Kui webgui kaudu tarkvara uuendada, siis tegelikult lülitutakse kahe tõmmise vahel, uuemaga asendatakse mitte-aktiivne 

moraal-vasak # diag sys flash list
Partition  Image                                     TotalSize(KB)  Used(KB)  Use%  Active
1          FG180F-7.00-FW-build0450-230221                  253871    107322   42%  Yes   
2          FG180F-7.02-FW-build1396-230131                  253871    107096   42%  No    
3          EXDB-1.00000                                   28327040     61196    0%  No

Töötava süsteemi saab käivitada alternatiivse abil selliselt, arvestades, et

  • partitsioon 1 - primary
  • partitsioon 2 - secondary
  • partitsioon ei ole antud juhul seotud scsi plokkseadme nn fdisk partitsiooniga
execute set-next-reboot secondary
execute reboot

FortiOS kontakti saab v. 7.x keskkonnas fnsysctl utiliidiga, nt 

moraal-vasak # fnsysctl df -h
Filesystem                 Size       Used  Available Use% Mounted on
none                      20.0G       3.3M      19.9G   0% /tmp
none                      20.0G    1004.0K      20.0G   0% /dev/shm
none                      20.0G     407.3M      19.6G   2% /dev/cmdb
/dev/sda1                247.9M     104.8M     130.3M  45% /data
/dev/sda3                 27.0G      59.7M      25.5G   0% /data2

Peale uuendamist võiks küsida 

diag debug crashlog read get system startup-error-log

Kasulikud lisamaterjalid

  • TODO
Pärit leheküljelt "https://www.auul.pri.ee/wiki/index.php?title=Fortigate_1800F_seadme_kasutamine&oldid=584"