7 lutego 2019

firewall

diagnose firewall acl

Firmware – FortiOS: 5.4
This command is used to display information about the access control list feature.

Syntax
diagnose firewall acl {counter | counter6 | clearcounter | clearcounter6}

Options
counter: Shows the number of packets dropped by ACL
counter6: Shows the number of packets dropped by IPv6 ACL
clearcounter: Clears the ACL packet counter
clearcounter6: Clears the IPv6 packet counter


diagnose firewall auth list

Firmware – FortiOS: 5.0 5.2 5.4
Use this command to list all the authorized users on this system.

Syntax
diagnose firewall auth list

Command
diagnose firewall auth list
Output

—– 0 listed, 0 filtered ——


diagnose firewall clear

Firmware – FortiOS: 5.0 5.2 5.4
This command is used to clear authenticated IPv4 users.

Syntax
diagnose firewall auth clear

Command
diagnose firewall auth clear

Output

—– all cleared ——


diagnose firewall filter

Firmware – FortiOS: 5.0 5.2 5.4

Syntax
diagnose firewall auth filter clear — Clear all filters.
diagnose firewall auth filter group — Group name.
diagnose firewall auth filter method — method
diagnose firewall auth filter method policy — Policy ID.
diagnose firewall auth filter source — IPv4 source address.
diagnose firewall auth filter source6 – IPv6 source (range from)> — IPv6 source address.
diagnose firewall auth filter user — User name.


diagnose firewall fqdn flush

Firmware – FortiOS: 5.0 5.2 5.4

Syntax
diagnose firewall fqdn flush name — Fully qualified domain name.


diagnose firewall gtp runtime-stat

Firmware – FortiOS: 6.0
Command used to show the shared tunnel limiters

Syntax
diagnose firewall gtp runtime-stat


diagnose firewall gtp stat

Firmware -FortiOS: 6.0

Syntax
diagnose firewall gtp stat


diagnose firewall gtp tunnel

Firmware – FortiOS: 5.6.3< 6.0 The command is used to filter, list and flush all versions of GTP tunnels, including v0, v1, and v2.

Syntax
diagnose firewall gtp tunnel list
diagnose firewall gtp tunnel flush
diagnose firewall gtp tunnel filter version {0 | 1 | 2}
diagnose firewall gtp tunnel filter f-teid-c {teid | addr}
diagnose firewall gtp tunnel filter f-teid-u {teid | addr}

Options
Firewall gtp tunnel


diagnose firewall gtp tunnel-limit list

Firmware – FortiOS: 6.0
Command used to show the shared tunnel limiters

Syntax
diagnose firewall gtp tunnel-limit list

Example
diagnose firewall gtp tunnel-limit list

name=gtp-tl-1 tunnel_limit=50 tunnel_count=0


diagnose firewall ip-translation
Firmware – FortiOS: 5.0 5.2 5.4
This command can be used to list or flush IP translation table.

Syntax
Flush IP translation table
diagnose firewall ip-translation flush

List IP translation table
diagnose firewall ip-translation list


diagnose firewall ipgeo copyright-notice

Firmware – FortiOS: 5.0 5.2 5.4 5.6
This command shows the copyright notice.

Syntax
diagnose firewall ipgeo copyright-notice

Command
diagnose firewall ipgeo copyright-notice

Output
GEIP 2.004 Copyright (c) 2017 Fortinet Inc. All Rights Reserved


diagnose firewall ipgeo country-list

Firmware – FortiOS: 5.0 5.2 5.4 5.6
This command is used to display a listing of all the countries in the available.

Syntax
diagnose firewall ipgeo country-list

Example
The example command output shows that a firewall address has been added for China.

Command
diagnose firewall ipgeo country-list

Output

Total countries loaded:1
CN



diagnose firewall ipgeo ip-list

Firmware – FortiOS: 5.0 5.2 5.4 5.6
This command shows the IP addresses of a specified country or all of the countries added to firewall addresses. Input the two letter country id or type ‚all’ for all IP ranges.

Syntax
diagnose firewall ipgeo ip-list

Make sure that the country ID uses capitalized letters. Using lower case letters will give a response of

Country name:cn Total IP Range:0

Command
diagnose firewall ipgeo ip-list CA

Output

4.15.16.0 – 4.15.23.255
4.15.77.132 – 4.15.77.135
4.16.48.0 – 4.16.55.255
4.26.255.0 – 4.26.255.255
4.28.136.0 – 4.28.143.255
.
.
.
.
.
217.21.138.0 – 217.21.139.255
217.21.141.0 – 217.21.143.255
220.243.216.0 – 220.243.216.255
220.243.219.0 – 220.243.219.255
220.243.223.0 – 220.243.223.255
Country name:CA Total IP Range:6451



diagnose firewall ipgeo override

Firmware – FortiOS: 5.0 5.2 5.4 5.6
This command prints out all user defined IPgeo data.

Syntax
diagnose firewall ipgeo override — Print out all user defined IP geolocation data.

Command
diagnose firewall ipgeo override

Output
Location: geotest, code: A0 (ip-ranges 1)
range 1: 192.168.3.1 – 192.168.3.14


diagnose firewall iplist

FortiOS: 5.0 5.2 5.4

Syntax
Flush
diagnose firewall iplist flush

List optimized iplist
diagnose firewall iplist list optimized


diagnose firewall proute

Firmware – FortiOS: 5.0 5.2 5.4
This command is used to display policy routing.

Syntax
diagnose firewall proute list

Command
diagnose firewall proute list

Output
list route policy info(vf=root):


diagnose firewall statistic

Firmware – FortiOS: 5.0 5.2 5.4
This command ca be used to display throughput information for the firewall broken down into categories, by both packets and bytes. It can also be used to clear and reset the throughput information.

Syntax
diagnose firewall statistic

Options
Show traffic stats
Use the show command to display throughput information for the firewall broken down, into categories, by both packets and bytes. Categories include common applications such as DNS, FTP, IM, P2P, and VoIP and also includes the lower level protocols — TCP, UDP, ICMP, and IP.

diagnose firewall statistic show

Clear traffic stats
Use the clear command to clear and reset the throughput information.

diagnose firewall statistic clear

Command
diagnose firewall statistic show

Output

getting traffic statistics…
Browsing: 64116 packets, 34710998 bytes
DNS: 20304 packets, 2807191 bytes
E-Mail: 0 packets, 0 bytes
FTP: 0 packets, 0 bytes
Gaming: 0 packets, 0 bytes
IM: 0 packets, 0 bytes
Newsgroups: 0 packets, 0 bytes
P2P: 0 packets, 0 bytes
Streaming: 0 packets, 0 bytes
TFTP: 0 packets, 0 bytes
VoIP: 0 packets, 0 bytes
Generic TCP: 206718 packets, 22202746 bytes
Generic UDP: 32546 packets, 8492940 bytes
Generic ICMP: 2 packets, 124 bytes
Generic IP: 41 packets, 1671 bytes

Command
diagnose firewall statistic clear

Output
clearing traffic statistics…
Done


diagnose firewall vip realserver

Firmware – FortiOS: 5.0 5.2 5.4 5.6 6.0

Syntax
diagnose firewall vip realserver down — IP address.
diagnose firewall vip realserver flush — flush
diagnose firewall vip realserver healthcheck stats clear — Clear health check statistics.
diagnose firewall vip realserver healthcheck stats show — Show health check statistics.
diagnose firewall vip realserver list — list
diagnose firewall vip realserver up — Change address up.