config log syslogd setting set status enable set server <ip> end
- For additional syslog servers, replace 'syslogd' with syslogd2 or syslogd3
- Max of 3 syslog servers
config system global set hostname <hostname> end config system dns set primary <ip> set secondary <ip> end
config system global set admin-sport 8443 set sslvpn-sport 443 end
config admin edit <username> set accprofile "super_admin" set password <password> set trusthost1 <ip>/<cidr> set trusthost2 <ip>/<cidr> // Add as many as required end
config system interface edit wan1 // Some name set ip <ip>/<cidr> set allowaccess ping https ssh !! All protocols needed, usually need ping ssh and https access end !! Aggregate interfaces using LACP 802.3AD (example: assign port8 and port9 to \"aggr1\", aggr1 is a name we can make up, then assign IP like above as normal) config system interface edit aggr1 set member "port8" "port9" end !! Add VLAN to Aggregate or interface (create int aggr1_30 and assign IP and VLAN 30) configure system interface edit aggr1_30 set ip <ip>/<cidr> set interface "aggr1" set vlanid 30 end !! Configure a zone (zones are optional, not required unless desired) config system zone edit <some zone name> set interface <interface1> <interface2> <etc> set intrazone allow // Only enable if needed as it is insecure (allows 2 ints in the same zone talk to each other without a policy) end
execute factoryreset execute formatlogdisk
- 'execute formatlogdisk' formats the optional hard drive
!! Set Default Route conf router static edit <some name, like 1> set gateway <gateway IP> end !! Set static route config router static edit <some name, usually number> set device <interface> set dst <ip> <netmask> set gateway <ip> end
fw log -l -t -n <log file>
- The log file is optional. Defaults to $FWDIR/log/fw.log.
- If all logging connections are active, the firewall is unlikely to be logging locally. This command only works when the device is logging locally.
- -n - Do not perform DNS resolution
- -f -t - Similar to 'tail -f' on the file