You are on page 1of 5

(http://www.ipspace.

eu)

Home (http://www.ipspace.eu/) About (http://www.ipspace.eu/about-2/) Contact (http://www.ipspace.eu/contact/) <

Home (http://www.ipspace.eu) Cisco (http://www.ipspace.eu/category/cisco/) Fortinet (http://www.ipspace.eu/category/fortinet/) Genera !ecurity (http://www.ipspace.eu/category/genera -security/) "inu# (http://www.ipspace.eu/category/ inu#/) $ews (http://www.ipspace.eu/category/news/) %i&erbe' (http://www.ipspace.eu/category/ri&erbe'/) !cripts (http://www.ipspace.eu/category/scripts/) (in'ows (http://www.ipspace.eu/category/win'ows/)

Fortigate )ips an' )ric*s


January 27th, 2012 admin

MetaFlows - PF_Ring
Multithreaded IPS Systems And Purpose Built PF_Ring Appliances
www.metaflows.com

Fortigate )ips an' )ric*s (http://www.ipspace.eu/fortinet/fortigate-tips-an'-tric*s/) This article presents some useful commands/tricks that you can do to your Fortigate.

+ebug A''resses: any times it happens that !e ha"e a lot of fire!all policies for one address defined in our address #ool. $et%s take an e&ample' (e ha"e )(((,!er&er* defined !ith the +# of -.2.-/.-.-0. To see !hat policies are using this ,ddress !e can use the follo!ing' #diag sys checkused firewall.address:name 'WWW_Server'
(http://www.ipspace.eu/wp-content/ga ery/fortiguar'/chec*use'.1pg)

From the output you clearly see that the policy that is using this address is policy "14" n case our address is in an address group! we can find out where that address group is used "y e#ecuting the following commands: #diag sys checkused firewall.addgrp:name 'Server_Groups'

The fire!all from Fortinet has also sniffing capa-ilities.take that (ireshark /' #diag de"ug packet test nterface_$ame 'host %_&ost' '

+f !e !ould like to sniff all the interfaces on port 07 or 01 23# !e can try the follo!ing. #diag sniff packet any 'udp port () or udp port (*' ( To stop the sniffing issue C)%"2C. 3o not use t!ice or your putty session !ill die

Fortigate C34 or 5emory at -006 From time to time !e disco"er -ugs, or the 4#2/ emory goes to 1005 usage. Then !e are left !ith a re-oot and if that does not fi& it !e need to check !hat process is using all the memory. To do this !e can use the follo!ing' #diag de"ug en #get sys status #get sys perf status #diag sys top + +,, 67 let it run for 10618 seconds and then stop it -y pressing )9*. #diag hard sys mem
(http://www.ipspace.eu/wp-content/ga ery/fortigate-anti&irus/systop.1pg)

$et%s say !e found out that the process )auth'* is using 1005 of the process. To re-oot it !e can use the follo!ing' :diag sys kill 11 proccess;id +n our case !e !ill perform the follo!ing command' :diag sys kill 11 81 This command !ill re6spa!n the auth' process. <ome other <ignal;+3s' 7 ca !8G98"" -: ca !8G);%5

3rob ems with Authentication< To test the authentication !e can use the follo!ing commands' ='iag test auth >type? >ser&er,name? >chap @ pap @ mschap @ mschap2? >username? >pw'? $ets say !e !ant to test an users= $3,# username and #,<<(>?3 !e !ill test !ith the follo!ing' ='iag test authser&er 'ap ser&er >ser&er,name? >username? >pw'?
f the authentication is succesful then that means that we are good to go- .he pro"lem is somewhere else.

AA!8C CB55A$+! To sho! the ,?# ta-le' #diag ip arp list To sho! the routing ta-le' #diag ip route list To check the @+4 status on the Fortigate' #diag hard dev nic port ###oA' #diag de"ug en #diag de"ug app ppp '

Bope this helpsC

Bappy fire!alling and please comment if you ha"e any Duestions. ThanksC

%e ate' 3osts
Fortinet 4sefu "in*s (http://www.ipspace.eu/fortinet/fortinet-usefu - in*s/) Creating a Fortigate C3$ (http://www.ipspace.eu/fortinet/creating-a-fortigate-&pn/) Fortigate )roub eshooting D C3$ (http://www.ipspace.eu/fortinet/fortigate-troub eshooting-&pn/) #osted in Fortigate (http://www.ipspace.eu/category/fortinet/fortigate/), Fortinet (http://www.ipspace.eu/category/fortinet/) Tags' fortigate tips (http://www.ipspace.eu/tag/fortigate-tips/), fortigate troub eshooting (http://www.ipspace.eu/tag/fortigatetroub eshooting/), fortigate tutoria (http://www.ipspace.eu/tag/fortigate-tutoria /), fortigate &pn (http://www.ipspace.eu/tag/fortigate-&pn/), fortinet tips (http://www.ipspace.eu/tag/fortinet-tips/), fortinet troub eshooting (http://www.ipspace.eu/tag/fortinet-troub eshooting/), fortinet tutoria (http://www.ipspace.eu/tag/fortinet-tutoria /) E Fortigate @ Fortinet Anti&irus (http://www.ipspace.eu/fortinet/fortigatefortinet-anti&irus/) 8nsecure 5agaEine (http://www.ipspace.eu/news/insecure-magaEine/) F Gou can ea&e a response (=respon'), or trac*bac* (http://www.ipspace.eu/fortinet/fortigate-tips-an'-tric*s/trac*bac*/) from your o!n site.

"ea&e a %ep y
@ame .reDuired/

ail .! ill not -e pu-lished/ .reDuired/

(e-site

<u-mit 4omment <earch


(=) (http://www.a''this.com/boo*mar*.php<&F2:0GwinnameFa''thisGpubF#a-HaI:e-'7Jc'.:e7HGsourceFtb#2:0G ngFfrGsF'e iciousGur Fhttp6JA62F62Fwww.ipspace.eu62Ffortinet62Ffortigate-tips-an'tric*s62FGtit eFFortigate620)ips620an'620)ric*s6206.C620$etwor*62062I620!ecurity620A ogGateFA)-#aHaI:e-'7Jc'.:e7H/-/-/:00Ib2fJJ022cJ7I/-GfrommenuF-Gui'F:00Ib2fJ2'f2cff0GctF-GttF0) (=) (http://www.a''this.com/boo*mar*.php<&F2:0GwinnameFa''thisGpubF#aHaI:e-'7Jc'.:e7HGsourceFtb#2:0G ngFfrGsF'iggGur Fhttp6JA62F62Fwww.ipspace.eu62Ffortinet62Ffortigate-tips-an'tric*s62FGtit eFFortigate620)ips620an'620)ric*s6206.C620$etwor*62062I620!ecurity620A ogGateFA)-#a-HaI:e-'7Jc'.:e7H/-//:00Ib2fJJ022cJ7I/2GfrommenuF-Gui'F:00Ib2fJ0c0b7I':GctF-GttF0) (http://www.a''this.com/boo*mar*.php< &F2:0GwinnameFa''thisGpubF#a-HaI:e-'7Jc'.:e7HGsourceFtb#2:0G ngFfrGsFstumb euponGur Fhttp6JA62F62Fwww.ipspace.eu62Ffortinet62Ffortigate-tips-an'tric*s62FGtit eFFortigate620)ips620an'620)ric*s6206.C620$etwor*62062I620!ecurity620A ogGateFA)-#a-HaI:e-'7Jc'.:e7H//-/:00Ib2fJJ022cJ7I/JGfrommenuF-Gui'F:00Ib2fJJaIe.JafGctF-GttF0) (=) (=)

(https://twitter.com/ip!pace,eu)Fo ow 5e on )witterK (https://twitter.com/ip!pace,eu)

<earch
(http://fee's.fee'burner.com/ipspace/&Hc5)

Certifications

%ecent 3osts
Fortinet 4sefu "in*s
(http://www.ipspace.eu/fortinet/fortinet-usefu - in*s/)

CC8; !ecurity &H A ueprint is out (http://www.ipspace.eu/cisco/asa/ccie-security-&H-b ueprint-is-out/) Creating a Fortigate C3$ (http://www.ipspace.eu/fortinet/creating-a-fortigate-&pn/) ip!pace Forum < (http://www.ipspace.eu/news/ipspace-forum/) "inu# Fi e !ystem (http://www.ipspace.eu/ inu#/ inu#-fi e-system/)

Categories
A!A (http://www.ipspace.eu/category/cisco/asa/) Ca 5anager (http://www.ipspace.eu/category/cisco/ca manager/) Fortigate (http://www.ipspace.eu/category/fortinet/fortigate/) Fortinet (http://www.ipspace.eu/category/fortinet/) Genera !ecurity (http://www.ipspace.eu/category/genera -security/) "inu# (http://www.ipspace.eu/category/ inu#/) $ews (http://www.ipspace.eu/category/news/) (in'ows (http://www.ipspace.eu/category/win'ows/)

A ogro
+anie s CC8; b og (http:// ostintransit.se) +arrenLs CC8; mission (http://me ow'.co.u*/ccie/) +e&irusare (http://'e&irusare.com/)

%ecent Comments
%outer!ecure (http://routersecure.com) on )witter Account (http://www.ipspace.eu/news/twitter-account/=comment-H./2) +anie (http://www.ipspace.eu) on Fortigate 83! (http://www.ipspace.eu/fortinet/fortigate/fortigate-ips/=comment-H.07) H-lastman on Fortigate 83! (http://www.ipspace.eu/fortinet/fortigate/fortigate-ips/=comment-H.0/) +anie (http://www.ipspace.eu) on Creating a Fortigate C3$ (http://www.ipspace.eu/fortinet/creating-a-fortigate&pn/=comment-HI.7)

A e# (http://a e#amaran'ei.ca) on 8nsecure 5agaEine (http://www.ipspace.eu/news/insecure-magaEine/=comment-H2/:)

Archi&es
Mune 20-2 (http://www.ipspace.eu/20-2/0I/) 5ay 20-2 (http://www.ipspace.eu/20-2/0:/) Apri 20-2 (http://www.ipspace.eu/20-2/0H/) 5arch 20-2 (http://www.ipspace.eu/20-2/0J/) February 20-2 (http://www.ipspace.eu/20-2/02/) Manuary 20-2 (http://www.ipspace.eu/20-2/0-/)

Feature' Ci'eo

4opyright I $etwor* G !ecurity A og (http://www.ipspace.eu) 6 +t=s all a-out <ecurity #o!ered -y (or'3ress (http://wor'press.org/) J 3esigned -y' !hare3oint Hosting (http://www.appsHrent.com/sharepoint.htm ) J Thanks to Ausiness ;mai Hosting (http://businessemai hosting.com/), 3ro1ect !er&er Hosting (http://pro1ectser&erhosting.com/) and Hoste' Cirtua +es*top (http://&irtua 'es*topon ine.com/hoste'-'es*top/) A!A (http://www.ipspace.eu/category/cisco/asa/) Ca 5anager (http://www.ipspace.eu/category/cisco/ca manager/) Cata yst !witches (http://www.ipspace.eu/category/cisco/switches/) FortiAna yEer (http://www.ipspace.eu/category/fortinet/fortiana yEer-fortinet/) Fortigate (http://www.ipspace.eu/category/fortinet/fortigate/) Fortimai (http://www.ipspace.eu/category/fortinet/fortimai /)