Fortigate - DNS and Hostname Configuration

fortinet fortigate firewall 
config system global
 set hostname <hostname>
 end

config system dns
 set primary <ip>
 set secondary <ip>
 end

[ # ]

Fortigate - Initial/Default Login

fortinet fortigate firewall 
Username: admin
Password: <empty>

[ # ]

Fortigate - Health Commands

fortinet fortigate 
get system status
get system performance status
diag hardware sysinfo memory
diagnose sys session stat
get system performance top 3 99    !! Let it run for 20-30 secs, then hit ctr + c to stop the command
diag debug crashlog read

[ # ]

Fortigate - Generate Tech Support Output

fortinet fortigate 
diag debug report

[ # ]

Fortigate - Force NAT VPN Traffic to Use Phase 2 Settings

fortinet fortigate vpn 
config vpn ipsec phase2
  edit "<Phase2-Name>"
    set use-natip <enable|disable>

Notes:

  • If NATing, enabled (default) will use the public IP of FortiGate as the source selector (encryption domain), disable will use what's configured in the phase 2 settings (src-start-ip/src-end-ip or src-subnet)

Documentation

[ # ]

Fortigate - View/Restart IPS Engine

fortinet fortigate 
diag test app ipsmonitor <#>
  • 1: Display IPS engine information
  • 2: Toggle IPS engine enable/disable status
  • 3: Display restart log
  • 4: Clear restart log
  • 5: Toggle bypass status
  • 97: Start all IPS engines
  • 98: Stop all IPS engines
  • 99: Restart all IPS engines and monitor

Documentation

[ # ]

ISS Proventia - Disable Firewall (Unload Policy)

iss proventia 
firewall-<disable|enable>

[ # ]

Cisco ASA - Threat Detection

cisco asa 
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address XXX.XXX.XXX.XXX 255.255.255.255   !! Exceptions, if needed
threat-detection scanning-threat shun duration 3600

Documentation

[ # ]

ISS Proventia - Unregister Device from Site Protector via CLI

iss proventia
  1. Log into the device as the root user

  2. Run the following:

    service iss-spa unregister

  3. Remove the registration and heartbeat files. The heartbeat file may not exist.

    rm -f /etc/lmi/spregistered rm -f /tmp/heartbeat_inprogress.lck

[ # ]

Cisco ASA - URL Filtering

cisco asa 
regex BlockedURLs “\.microsoft\.com|\.msn\.com|\.cnbc\.com”

access-list inside-traffic-filter deny <filter-bypass-IPs> any eq www
access-list inside-traffic-filter permit tcp any any eq www

class-map type inspect http match-all BlockedDomainsClass
  match request header host regex BlocedkDomainsList
  exit
class-map httptraffic
  match access-list inside-traffic-filter
  exit
policy-map type inspect http http_inspection_policy
  parameters
    match request method connect
      drop-connection log

policy-map url-packet-filter
  class httptraffic
    inspect http http_inspection_policy
service-policy <interface-to-apply-to>-policy interface <interface-to-apply-to>

Notes:

  • Untested
  • For 8.4(2)+, look into FQDN Network Objects if resources permit

[ # ]