Fortigate Notes
Jump to navigation
Jump to search
Contents
1 Split internal interface into multiple ports
- connect serial console to fortigate
screen -L /dev/ttyUSB0 9600,-parenb1,-cstopb1,cs8
FGT90D # config system dhcp server FGT90D (server) # show FGT90D (server) # delete 1 FGT90D (server) # end FGT90D # config firewall policy FGT90D (policy) # show FGT90D (policy) # delete 1 FGT90D (policy) # end FGT90D # config system global FGT90D (global) # set internal-switch-mode interface FGT90D (global) # end
- unit will reboot now
FGT90D # config system interface FGT90D (interface) # edit internal1 FGT90D (internal1) # set ip 192.168.1.99 255.255.255.0 FGT90D (internal1) # set allowaccess https ssh ping FGT90D (internal1) # end
2 Create Cluster
2.1 Configure Master FW
- Dashboard > Hostname: Firewall1
- Config > HA
- Mode: Active-Passive
- Device Priority: 255
- Reserve Management Port for Cluster Member: NO
- Group Name: FW-Cluster1
- Password: "eq admin"
- Enable Session Pick-up: NO
- Heartbeat config
- WAN 1: PortMonitoring (X), Enable (X), Priority 50 # to switch
- INT 13: PortMonitoring ( ), Enable (X), Priority 100 # crossover
- Dashboard > shutdown
2.2 Configure Slave FW
- Dashboard > Hostname: Firewall2
- Config > HA
- Mode: Active-Passive
- Device Priority: 128
- Reserve Management Port for Cluster Member: NO
- Group Name: FW-Cluster1
- Password: "eq admin"
- Enable Session Pick-up: NO
- Heartbeat config
- WAN 1: PortMonitoring (X), Enable (X), Priority 50 # to switch
- INT 13: PortMonitoring ( ), Enable (X), Priority 100 # crossover
- Dashboard > shutdown
3 First Cluster Start
- start cbfw1, wait 2 minutes
- start cbfw2, wait 2 minutes
- Login to FW Cluster: https://ip-of-master-fw
- Check Cluster Status on: Dashboard > Config > HA
- https://ip-of-master-fw/system/ha/statistics
4 Reboot via Cron Job
crontab -e 30 1 * * * /usr/bin/ssh admin@10.0.0.1 'execute reboot ^My' >/dev/null 2>&1 # CTRL-v, CTRL-m
5 Backup to local USB Stick by CronJob
cronteb -e 1 3 * * * /usr/bin/ssh admin@10.0.0.1 "execute backup full-config usb backup2usb" >/dev/null
6 Restore Config by Serial Console
fw1 # exec usb-disk list 2014-09-05 12:29:48 1072227 backup2usb
fw1 # exec restore config usb backup2usb This operation will overwrite the current settings! Do you want to continue? (y/n)
7 Get Config Backup by scp
scp admin@10.0.0.1:sys_config /backup/Firewall/