route get <ip address>
region

[ # ]

  1. Log into Sidewinder Admin
  2. High Availability -> Select the current standby (backup) firewall
  3. Set the Mode to Primary
  4. Login CLI and reboot the firewall we are setting to primary (master)
  5. When the firewall comes back up, reboot the previous master (do not set firewall as standby in sidewinder admin)

[ # ]

show configuration security ike
show configuration security ipsec
show security ike security-associations
show security ipsec security-associations
show security ipsec satatisticss index <IndexFromSA>
clear security ike security-associations
clear security ipsec security-associations

[ # ]

!! Node A - Master
set nsrp rto-mirror sync
set nsrp monitor interface eth1
set nsrp monitor interface eth3
set nsrp cluster id 1
set nsrp vsd-group id 0 priority 100

!! Node B - Backup
set nsrp rto-mirror sync
set nsrp monitor interface eth1
set nsrp monitor interface eth3
set nsrp cluster id 1
set nsrp vsd-group id 0 priority 90
save
exec nsrp sync global-config save  !! Performed on the backup device

Notes:

  • Configure the interfaces PRIOR to performing NSRP configuration
  • After syncing config, reboot the secondary firewall

[ # ]

config admin
 edit <username>
  set accprofile "super_admin"
  set password <password>
  set trusthost1 <ip>/<cidr>
  set trusthost2 <ip>/<cidr>  // Add as many as required
  end

[ # ]

diagnose sys flash list   !! View current partitions
execute set-next-reboot <primary|secondary>

Notes:

  • Fortigate 100 and larger models support multiple partitions

Documentation

[ # ]

execute factoryreset
execute formatlogdisk

Notes:

  • 'execute formatlogdisk' formats the optional hard drive

[ # ]

config log syslogd setting
 set status enable
 set server <ip>
 end

Notes:

  • For additional syslog servers, replace 'syslogd' with syslogd2 or syslogd3
  • Max of 3 syslog servers

[ # ]

!! Set Default Route
conf router static
 edit <some name, like 1>
  set gateway <gateway IP>
  end

!! Set static route
config router static
 edit <some name, usually number>
 set device <interface>
 set dst <ip> <netmask>
 set gateway <ip>
 end

[ # ]

execute date
execute time

config system global
 set timezone 25
 end
configure system global
 set dst disable
 end
execute date <year>-<month>-<day>
execute time <24hour>:<minutes>:<seconds>

config system ntp
 config ntpserver
  edit 1    !! Keep going, edit 2, etc for each additional
   set server <ntp-server-ip>
   end
config system ntp
 set ntpsync enable
 end

Notes:

  • This configuration is for UTC, disabling DST

[ # ]