Tips and Tricks on Fortigate firewalls
Tips and Tricks on Fortigate firewalls
Check configuration informations:
- How to get ip address:
FortiGate-VM64-HV # diagnose ip address list
IP=10.152.8.141->10.222.333.444/255.255.255.0 index=3 devname=port1
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=5 devname=root
IP=10.255.1.1->10.255.1.1/255.255.255.0 index=9 devname=fortilink
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=10 devname=vsys_ha
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=12 devname=vsys_fgfm
- To view the ARP cache in the CLI:
FortiGate-VM64-HV # get system arp
Address Age(min) Hardware Addr Interface
10.222.333.444 0 7c:21:4a:24:16:c0 port1
10.152.8.1 0 f4:bd:9e:6d:67:75 port1
- To view the ARP cache in the system in the CLI:
FortiGate-VM64-HV # diagnose ip arp list
index=3 ifname=port1 10.222.333.444 7c:21:4a:24:16:c0 state=00000002 use=76 confirm=72 update=1714 ref=2
index=5 ifname=root 0.0.0.0 00:00:00:00:00:00 state=00000040 use=244817 confirm=244817 update=1832657 ref=2
index=3 ifname=port1 10.152.8.1 f4:bd:9e:6d:67:75 state=00000002 use=282 confirm=280 update=280 ref=28
- To remove the ARP cache:
execute clear system arp table
- To remove a single ARP entry:
diagnose ip arp delete <interface name> <IP address>
- To add static ARP entries:
config system arp-table