Saturday, December 1, 2012

Fortinet's Fortigate 300c firewall Troubleshooting tips

to set the lockout threshold to one attempt and a five minute (300 second) duration
before the administrator can try again to log in enter the command:

#config system global
#set admin-lockout-threshold 1
#set admin-lockout-duration 300
#end


To delete local lo's

# execute log filter device 0
# execute log filter category 3# execute log delete
This will delete webfilter log
Do you want to continue? (y/n) y

2- Example to delete logs from memory for only WEB Filtering entries (*):

# execute log filter device 1

# execute log filter category 3

# execute log delete
This will delete webfilter log
Do you want to continue? (y/n) y

    3- Example to delete all local logs ( memory and local disk ) :

# execute log delete-all
This will delete all local logs
Do you want to continue? (y/n) y
(*)_Note : To get the device and category list, type the filter command without argument .

# execute  log filter device
Available devices:
 0: disk
 1: memory
 2: faz
 4: fds

# execute  log filter category
Available categories:
10: application control
 9: dlp
 6: content
 5: spam
 4: ids
 3: webfilter
 2: virus
 1: event
 0: traffic



fortigate daily restart script


config system global
    set daily-restart enable
    set restart-time 05:06
end



for stop running process

#diagnose sys kill 11 <process id>

diag sys process

diag firewall statistic show
diag sys session full-stat




Enable log gui from fortianalyzer

# config log gui
# set log-device memory
# end

# config log gui
# set log-device fortianalyzer
# end





Enable login access Banner

#config system global
#set access-banner enable
#end

system > config > replacement Message > administration > login disclaimer


display hardware info

#diag hardware sysinfo memory

No comments:

Post a Comment