config log syslogd setting
 set status enable
 set server <ip>
 end

Notes:

  • For additional syslog servers, replace 'syslogd' with syslogd2 or syslogd3
  • Max of 3 syslog servers

[ # ]

Username: admin
Password: <empty>

[ # ]

config system global
 set hostname <hostname>
 end

config system dns
 set primary <ip>
 set secondary <ip>
 end

[ # ]

config system global
 set admin-sport 8443
 set sslvpn-sport 443
 end

[ # ]

config admin
 edit <username>
  set accprofile "super_admin"
  set password <password>
  set trusthost1 <ip>/<cidr>
  set trusthost2 <ip>/<cidr>  // Add as many as required
  end

[ # ]

config system interface
 edit wan1    // Some name
  set ip <ip>/<cidr>
  set allowaccess ping https ssh    !! All protocols needed, usually need ping ssh and https access
  end

!! Aggregate interfaces using LACP 802.3AD (example: assign port8 and port9 to \"aggr1\", aggr1 is a name we can make up, then assign IP like above as normal)
config system interface
 edit aggr1
  set member "port8" "port9"
  end

!! Add VLAN to Aggregate or interface (create int aggr1_30 and assign IP and VLAN 30)
configure system interface
 edit aggr1_30
  set ip <ip>/<cidr>
  set interface "aggr1"
  set vlanid 30
  end

!! Configure a zone (zones are optional, not required unless desired)
config system zone
 edit <some zone name>
  set interface <interface1> <interface2> <etc>
  set intrazone allow     // Only enable if needed as it is insecure (allows 2 ints in the same zone talk to each other without a policy)
  end

[ # ]

execute factoryreset
execute formatlogdisk

Notes:

  • 'execute formatlogdisk' formats the optional hard drive

[ # ]

execute restore image <firmware_filename> <tftp server ip>

[ # ]

!! Set Default Route
conf router static
 edit <some name, like 1>
  set gateway <gateway IP>
  end

!! Set static route
config router static
 edit <some name, usually number>
 set device <interface>
 set dst <ip> <netmask>
 set gateway <ip>
 end

[ # ]

fw log -l -t -n <log file>

Notes:

  • The log file is optional. Defaults to $FWDIR/log/fw.log.
  • If all logging connections are active, the firewall is unlikely to be logging locally. This command only works when the device is logging locally.
  • -n - Do not perform DNS resolution
  • -f -t - Similar to 'tail -f' on the file

[ # ]