show configuration security ike
show configuration security ipsec
show security ike security-associations
show security ipsec security-associations
show security ipsec satatisticss index <IndexFromSA>
clear security ike security-associations
clear security ipsec security-associations

[ # ]

set log exclude-id <#> user-id <username> event-type <event-id> scr-ip <ip> src-netmask <netmask> dst-ip <ip> dst-netmask <netmask> dst-port <port> <success|failure>

You can set any of the above options to attempt to hide specific log messages. For instance, let's assume I wanted to stop logging the following admin login messages:

Feb 10 00:00:01 192.168.1.1 LocalFirewall: NetScreen device_id=LocalFirewall [Root]system-information-00519: ADM: Local admin authentication successful for login name admin (2014-02-10 00:00:01)

The following would work to suppress all successful logins with mesage id 00519 for the 'admin' user

set log exclude-id 1 user-id "admin" event-type 519 success

Notes

  • ScreenOS version 6.2+ required
  • A maximum of 10 exclude rules are allowed

Documentation

[ # ]

get log traffic src-ip <ip> dst-ip <ip>
get session src-ip <src IP> dst-ip <dst IP>

[ # ]

tail -f /var/log/messages | grep vpn  !! View VPN logs
echo /config/userdb/list | igcli -n   !! View VPN Users
service sslvpn-plus status            !! View SSL VPN status
tail -f /var/log/messages | grep sslvpnstatslogd  !! View SSL VPN user logs

!! View VPN Tunnels
echo /config/sad/salist | igcli -n

echo "/config/sad/saflush *" | igcli -n           !! Teardown ALL ipsec SAs
echo /config/sad/saflush <vpn name> | igcli -n  !! Teardown a specific ipsec SA
echo /config/ike/saflush | igcli -n             !! Teardown ALL ike SAs

[ # ]

!! Set Default Route
conf router static
 edit <some name, like 1>
  set gateway <gateway IP>
  end

!! Set static route
config router static
 edit <some name, usually number>
 set device <interface>
 set dst <ip> <netmask>
 set gateway <ip>
 end

[ # ]

diagnose sys flash list   !! View current partitions
execute set-next-reboot <primary|secondary>

Notes:

  • Fortigate 100 and larger models support multiple partitions

Documentation

[ # ]

execute factoryreset
execute formatlogdisk

Notes:

  • 'execute formatlogdisk' formats the optional hard drive

[ # ]

config log syslogd setting
 set status enable
 set server <ip>
 end

Notes:

  • For additional syslog servers, replace 'syslogd' with syslogd2 or syslogd3
  • Max of 3 syslog servers

[ # ]

execute ha manage <device-id>

Notes:

  • You can question mark after 'manage' to view available devices and their IDs

Documentation

[ # ]

config system interface
 edit wan1    // Some name
  set ip <ip>/<cidr>
  set allowaccess ping https ssh    !! All protocols needed, usually need ping ssh and https access
  end

!! Aggregate interfaces using LACP 802.3AD (example: assign port8 and port9 to \"aggr1\", aggr1 is a name we can make up, then assign IP like above as normal)
config system interface
 edit aggr1
  set member "port8" "port9"
  end

!! Add VLAN to Aggregate or interface (create int aggr1_30 and assign IP and VLAN 30)
configure system interface
 edit aggr1_30
  set ip <ip>/<cidr>
  set interface "aggr1"
  set vlanid 30
  end

!! Configure a zone (zones are optional, not required unless desired)
config system zone
 edit <some zone name>
  set interface <interface1> <interface2> <etc>
  set intrazone allow     // Only enable if needed as it is insecure (allows 2 ints in the same zone talk to each other without a policy)
  end

[ # ]