#SDN #Routing #Switching #Firewall #NAC #Proxy #Mail Gateway #SDWAN

Its easy to configure sflow for fortigate device. config system interface         edit internal         set sflow-sampler enable         set sample-rate 512         set polling-interval 20     next config system sflow     set collector-ip <X.X.X.X>     set collector-port 9997     set source-ip 0.0.0.0 end After configuring the same you can make use of SFlowTrend from inMon which is  free.

#: diag test application snmpd 44 SNMP Daemon Test Usage 1: display daemon pid 2: display snmp statistics 3: clear snmp statistics 4: generate test trap (oid: 999) 5: generate deploy traps 99: restart daemon

If you have lost the admin password for a Fortigate you can reset it if you have physical access to the box. Heads up: You have to type the userid and password within a 15 seconds of the login prompt first appearing. If you take too much time you should reboot the firewall again. Connect the console cable to the Fortigate and fire up your favorite terminal emulator Reboot the firewall unit. At the console login prompt, type in " maintainer " as the userid. Type in bcpbFGTxxxxxxxxxxxxx as the password. xxxxxxxxxxxxx will be the S/N of the Fortigate. The serial number is case sensitive so for example you should use FGT60 B , not FGT60 b . After logging in, change the admin password: config system admin edit admin set password next end

USE THE FOLLOWING FNRANCID FILE FOR BACKING UP FORTIGATE DEVICES WITHOUT RSA KEYS AND PASSWORD ENCRYPTION. NOTE:SUGGESTED TO CHECK THE SCRIPT ONTEST FIREWALL vi fnrancid #! /usr/bin/perl use Getopt::Std; getopts('dflV'); if ($opt_V) {     print "@PACKAGE@ @VERSION@\n";     exit(0); } $log = $opt_l; $debug = $opt_d; #$debug = 1; $file = $opt_f; $host = $ARGV[0]; $found_end = 0; $timeo = 90; # fnlogin timeout in seconds my(@commandtable, %commands, @commands);# command lists my($aclsort) = ("ipsort"); # ACL sorting mode my($filter_commstr); # SNMP community string filtering my($filter_pwds); # password filtering mode # This routine is used to print out the router configuration sub ProcessHistory {     my($new_hist_tag,$new_command,$command_string,@string) = (@_);     if ((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) && scalar(%history)) { print eval "$command \%history"; undef %history;     }     if (($new_hist_ta

Warning: Client NAT Port Number threshold of 85 percents reached, NAT address x.x.x.x Question: What is the meaning of the following error? WARNING Client NAT Port Number threshold of 85 percents reached, NAT address x.x.x.x What is the meaning of the following error? WARNING No more free dynamic NAT ports Answer: These errors mean For this specific NAT IP, 85% of its ports are used. There are no more free ports. To configure the number of ports per Client NAT via WBM: From the device menu, select Services > Tuning > Device . Modify the value for Client NAT Ports Per Address .

144 is the  UNRATED category ================================= config webfilter ftgd-local-rating                 edit "cvlindia.com"                         set rating 144                         set status enable                 next

======================================================= Fortigate GRE Tunnel ======================================================= config system gre-tunnel     edit "OKHLA_NEW_DELHI"         set interface "SIFY-MPLS"    (System interface under which to create VPN)         set local-gw 192.168.90.130  (Tunnel Wan sOURCE)         set remote-gw 192.168.91.162  (Tunnel Wan Destiation)     next end edit "OKHLA_NEW_DELHI"  (Main Tunnel interface under WAN)         set ip 6.6.6.10 255.255.255.255  (Tunnel IP Address)         set type tunnel         set remote-ip 6.6.6.9  (Set Remote Tunnel ip Address)         set interface "SIFY-MPLS" (Main ISP INterface) next ================================================= CISCO GRE Tunnel ================================================= interface Tunnel301  bandwidth 1024  ip address 6.6.6.9 255.255.255.252  tunnel source 192.168.91.162  tunnel destination 192.168.90.130

FortiGate v4.0 Description This article describes the Traffic Shaping features that have been implemented in FortiOS 4.0 In FortiOS version 4.0, the traffic shaping has been enhanced. Diagnose commands allowing to verify each traffic shaper's usage and giving more configuration flexibility. See also the related articles at the end of this page for additional information. Solution Summary 1- Traffic shaping configuration is dissociated from the Firewall policies allowing multiple policies to use common configurations 2- Possibility to use independent configurations in policies for forward and reverse traffic directions 3- The P2P shaping capabilities are now defined at the application control level 4- Troubleshooting packet loss with statistics on traffic shaping configurations 5- Troubleshooting packet loss with the debug flow diagnose commands 6- Session list details with dual traffic shaper (forward and reverse traffic) 1- Traffic shaping configuration is di

How to configure a 3G modem: Firstly, ensure that your modem is firmly plugged into a USB Port on the back of the Fortigate, and that you've power-cycled the unit to detect the modem. You'll need to enable the modem with the following command: config system modem set status enable end Next, try and detect the custom vendor and product IDs with the following command. Be sure to note it down, as you'll need it later! FortiGate # diagnose sys modem wireless-id vendor: 0x12d1, product: 0x1003, registered: yes Next, we'll configure the modem settings in our FortiGate to activate the modem connection: config system modem set status enable set dial-on-demand enable set connect-timeout 30 set wireless-custom-vendor-id 0x12d1 set wireless-custom-product-id 0x1003 set modem-dev1 pcmcia-wireless set phone1 "*99#" set username1 "3services" # Set this to your provider's APN set altmode disable end We're almost there!

#diagnose system top 5 10. Use this command to display: • up time (Run Time) • current total processor and memory usage • current free memory • a list of the top most resource-intense currently running system processes and daemons, with respect to their memory (RAM) and processor (CPU) usage The first two lines of the display indicate the up time, and the processor and memory usage. Processor and memory usages on the second line have abbreviated labels, highlighted below in bold. Run Time: 0 days, 21 hours and 3 minutes 0U, 4S, 95I; 1035792T, 646920F Table 10: Abbreviations for processor and memory usage Letter Description U User CPU usage (%) S System CPU usage (%) I Idle CPU usage (%) T Total memory (KB) F Free memory (KB) The remaining lines contain the process list, which has the following columns. Table 11: Process list columns Column 1