FortiOS CLI Config (Misc)

Quick Notes for Fortigate/FortiWifi settings

  • Set up Bridge Interface of multiple physical interfaces:
  • config system switch-interface edit new_internal
    set member internal wifiset type switch set vdom root end
  • Reserved DHCP Address
    • Enter the following command Config System DHCP Reserved-Address and press enter, prompt will change and will have (reserved-address) in parenthesis.
    • The name of the new reservation item needs to be entered: Type in Edit “name of device” and press enter – note you need the quotation mark
      • Now you need to assign the IP and MAC address using the command Set ip 192.168.x.x – press enter. x is the last two octets – Set mac 00:XX:XX:XX:XX:XX – press enter
      • Type in the command next and then end
      • Confirm the setting by typing in the command Show : – you should see a response with the new settings
  • Daily Restart (via CLI)
    • config system global
      set daily-restart enable
      set restart-time 05:06
      end
  • Setup PPTP Server
    • Assume Internal Trusted Zone is 192.168.1.x
    • Let's Assign 192.168.10.x for PPTP client
    • Create a user
      • config user local
            edit "pptp_user"
                set type password
                set passwd
           next
        end
         
    • Create a user group
      • config user group
            edit "PPTP_group"
                set member "pptp_user"
            next
        end
         
    • Enable PPTP server
      • config vpn pptp
            set status enable
            set eip 192.168.10.100
            set sip 192.168.10.1
            set usrgrp "PPTP_group"
        end
         
    • Create a Firewall Object for the PPTP client on WAN interface
      • config firewall address
            edit "pptp_client"
                set associated-interface "wan1"
                set subnet 192.168.10.0 255.255.255.0
            next
        end
    • Create Firewall Policy - PPTP client to Internet (WAN)
      In this way, we can use PPTP as a VPN service to access other Internet
      • config firewall policy
            edit 1
                set srcintf "wan1"
                set dstintf "wan1"
                set srcaddr "pptp_client"
                set dstaddr "all"
                set action accept
                set schedule "always"
                set service "ALL"
                set nat enable
            next
        end
         
    • Check if PPTP client can be connected
      • FWF60C # diagnose vpn pptp status
        VDOM = root 0 State = 1, IP-mode = manual IP = 192.168.10.1-192.168.10.100
        -------------------------- Client --------------------------
        Index = 1 Pid = 594 Remote = xxx.xxx.xxx.xxx Local = yyy.yyy.yyy.yyy Assigned = 192.168.10.2
    • Reference: https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-system-administration-54/PPTP-L2TP/PPTP_L2TP.htm
References:
  • http://adsl.hinet.net/3ip/download/FW60C-QSG.pdf
  • https://mercit.wordpress.com/2014/11/17/how-to-assign-a-reserved-ip-address-on-fortigate-60c/

Email Post

Comments

Post a Comment