FortiGate常用配置命令
一、命令结构
co
figCo
figureobject置
get
Getdy
amica
dsystemi
formatio

show
Showco
figuratio

diag
oseDiag
osefacility
executeExecutestaticcomma
ds
exit
ExittheCLI
对策略，对象等进行配
查看相关关对象的参数信息查看配置文件诊断命令
常用的工具命令，如pi
g退出
二、常用命令
1、配置接口地址FortiGateco
figsystemi
terfaceFortiGatei
terfaceeditla
FortiGatela
setip1921681009924FortiGatela
e
d
2、配置静态路由FortiGatestaticedit1FortiGate1setdevicewa
1
fFortiGate1setdst10000255000FortiGate1setgateway192168571FortiGate1e
d
3、配置默认路由FortiGate1setgateway192168571FortiGate1setdevicewa
1FortiGate1e
d
4、添加地址FortiGateco
figfirewalladdressFortiGateaddresseditclie
t
et
ewe
tryclie
t
etaddedFortiGateclie
t
etsetsub
et192168102552552550FortiGateclie
t
ete
d
5、添加ip池FortiGateippooledit
atpool
ewe
try
atpooladdedFortiGate
atpoolsetstartip1001001001FortiGate
atpoolsete
dip100100100100FortiGate
atpoole
d
f6、添加虚拟ipFortiGateco
figfirewallvipFortiGatevipeditwebserver
ewe
trywebserveraddedFortiGatewebserversetextip20200167FortiGatewebserversetexti
tfwa
1FortiGatewebserversetmappedip1921680168FortiGatewebservere
d
7、配置上网策略
FortiGateco
figfirewallpolicy
FortiGatepolicyedit1
FortiGate1setsrci
tfi
ter
al源接口
FortiGate1setdsti
tfwa
1目的接口
FortiGate1setsrcaddrall
源地址
FortiGate1setdstaddrall
目的地址
FortiGate1setactio
accept动作
FortiGate1setschedulealways时间
FortiGate1setserviceALL
服务
FortiGate1setlogtrafficdisable日志开关
FortiGate1set
ate
able
开启
at
fe
d
8、配置映射策略
FortiGateco
figfirewallpolicy
FortiGatepolicyedit2
FortiGate2setsrci
tfwa
1源接口
FortiGate2setdsti
tfi
ter
al目的接口
FortiGate2setsrcaddrall
源地址
FortiGate2setdstaddrFortiGate1目的地址，虚拟ip映射，事先添加好的
FortiGate2setactio
accept动作
FortiGate2setschedulealways时间
FortiGate2setserviceALL服务
FortiGate2setlogtrafficall日志开关
e
d
9、把i
ter
al交换接口修改为路由口确保关于i
ter
al口的路由、dhcp、防火墙策略都删除FortiGateco
figsystemglobalFortiGateglobalseti
ter
alswitchmodei
terfaceFortiGateglobale
d重启

f1、查看主机名，管理端口FortiGateshowsystemglobal
2、查看系统状态信息，当前资源信息FortiGategetsystemperforma
cestatus
3、查r