Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 61
83. Lecture-83: Fundamental CLI Commands in FortiGate Firewall.
Some basic and fundamental CLIA command, you have to know how to troubleshoot easily for the Great Firewall. Those are like a good system, a status sorting system status. Does this my system Werdum this my belt? No, this the warez database, IPIS database and everything and netted more time. His name is Firewall and odd digital issuing here to figure out something. If you need a good system performance status, it will show you the performance, CPU utilization and utilization and everything. If you need for some reason you can use this command. Good system, but mama, stop, stop is the next command to use against CPU utilization and other application utilization. And also this command is in LDM far forward and many other things. You will use this command control issue to break it. They system session, fullscale session alstott, it will show you session databased, you did maybe session is fullagar.
Something is wrong with the session so you can use this command to figure out the issue. Either diagnosed system, there is another command, what was diagnosis, dumb question me see top it was no, I need decision related to station. Nationalist Saudization. Diagnosed system, there was one command to see decision yet decisions Altius decision and left this to command to see all this patient related stuff. And also useful in troubleshowing, good system are detailed. This is also very important to see, and these are a system which is connected and there are detailer here. They are hardware, dressmaker’s, an IP address and unreachable. They are connected. This is also very important to figure out. If you want to clear them, execute clear systems or clear, clear, clear the system are stable now is clear. If you check again, there is nothing, only one which is their own make address and their detail. Also, if you need to check routing table, you did get trüpel info routing Table Sturdee, which I told you. And if you need, I’ll just drive all to see all the routing detail to figure out what is the issue routing table there. Their honor for a specific one. You can type like suppose if somebody is going to eight eight eight eight eight. There is a command, if I mention here, which will show you specificity is detail, sorry, before the Tour de de de de de de de de de de. If you want to check for a specific, then you have to like this for a specific destination. They’re detailed, geometric, their distance, their full detail, how it is going.
So, it’s also a good command to troubleshoot routing issue. Also, there is weapon related troubleshowing because we don’t have a weapon, so you can diagnose VPN related issue. This one, phase one and phase two related diagnostic weapon issue, you can use these command snipper I alluded to above. You can use this command full configuration. It will show you all the configuration, execute reboot to execute this system, execute being. This is also very important to check. Like, I suppose anything is working on an order to execute pain control, see to stop them if you want before and through system business. If you want to check the DNS system DNS, it will show you DNS detail. And if you say get system DNS, it will show you the difference between short and ghetto’s, will show me the configuration, copy and paste. It will work straight away. You know, that’s the configuration. But get to me that your primary audience is this one, this two DNS, SSL is this one and all the details are mentioned related to DNS. There’s the some basic command and configuration I already told you to configure something if you want to configure hostname, to command, to configure interfaces, to command, to configure DNS, just the command static it out and packet capture to enable packet capture, which I will show you graphically. No. But from this command, I already told you, you don’t need to be worry if you don’t know any command, just type in Google and also any we are Bordier, anything is configured right. Click and at UCLA, it will show you all the configuration command if you want to check it out addresses as well. Right. Click and edit initialized or how to edit.
So, that means we need to go to configure firewall address, then edit and give them any name. And this the way to configure by the way, configure a firewall address a set. Unicode is circler insert subnet and necessary sorry and etc..
So, everywhere just right click and you will get the command.
So, no need to worry about the command that if you don’t know what troubleshowing normally happen in real world to command this. The only question because you cannot do most of the stuff. But all in all, any firewall really what you do, troubleshoot the best approaches to UCLA. And as quick as well, by the way, in the beginning, you will be afraid that I don’t know the camera, but after some time you will be good to go to use the command rather than to die. Trust me, it’s so easy compared to you. I do troubleshowing. Okay, so these are some basic common.
84. Lecture-84: Configure and Verify Packet Capture in FortiGate.
How to configure Pacard Gibson, you know, some time you need for troubleshowing purposes to capture the biggest.
So, if you want to capture the picture, go to network and they respected capture, nothing is configured to create new and unregenerate air traffic. Will commissaire from then this might end and to face the same maximum peek at how many picture do you want to capture? It’s a good thing supposed to only capture for. Now this air filter. Do you want to specify specific either anything coming online? No idea. No one nine two two one 68 one that one. When this host is coming for the board number 80 reelin, we don’t help and protocol that using PXP is six. You remember I told you the error from zero to five five protocol protocol. No TCP is coming under which is true. This one PCP’s six.
So, I said protocol number six will and we don’t have to include libraries spicket years and include none. I suppose if you want an okay.
So, Protocol number six or number eight be a host is this one. If they’re coming online, if they’re reached to four precourt regard them but they are not running. It means we have to run them a.k.a. now is running but no parent is coming. I need to generate from server one some traffic on board urgently only enable one, two, three. And then it ended. Traficon hated it and suppose I put them ideating so.
So, one pick a description to pick a description rental automatically stop maximum security, three, pick a description. Now it’s running automatically and then my job is then open it and it’s done and download an open and wireshark beekeeper’s a wider extension. Look at 190 to 160. That one was going at it. And it’s true. I was going to edit for board number eighty DCB, but TCP Retransmit was. But nobody answered them. And it’s true this way is black in color and you can Martinelli’s that only cinches sent but no response is coming at me. This sa does not treat you well right. There’s something else if you need, but I’ll just add this one. If you want to filter out the whole subnet you can use and you can range Camarda as well or no idea, 443 three. Whatever you want to do.
So, this is course to mention, okay, and if you want to refresh so you can say that I want to refresh and start again to download one, how many people do want to capture you want to filter them specifically? Either there, just want any picture.
So, it will like this one. You can use both real and detailed protocol, including six and non IP like ICMP in any other protocol you can mention. And what is done to it will show you and it’s running. You can stop them from here as well. Now it stop so you will not utilize your time. And also you can use this command to enable them config firewall policy. Why it’s so easy. Right. Click here, okay. And they don’t have some of the command. They don’t help.
So, I thought maybe some some of them they don’t have like this one.
So, I thought I will copy from there.
So, you can enable it from the ACLU as well. Okay, and last you can clone it, you can edit and you can delete it even if you don’t need bechard capture.