반응형
SMALL
get system sql
diagnose sql status
diagnose sql show db-size
diagnose log device
diagnose sql process list
diagnose dvm device list
diagose fortilogd msgrate-device
diagose fortilogd lograte
get system performance
get system status

 

execute log device logstore list

 

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

Palo Alto Firewall Appliance PA-VM - Useful Commands  (0) 2018.05.08
FortiGate FGSP  (0) 2018.05.08
fortigate File reached uncompressed size limit  (0) 2018.05.08
FortiGate 점검 CLI  (0) 2018.05.08
How-to: Automate FortiGate configuration backups  (0) 2018.05.08
반응형
SMALL
1.     get system performance status
-       현재 CPU & Memory, Traffic 사용량, Session수 및 Uptime 확인
2.     get system status
-       OS Version 및 Serial 정보 확인
3.     diag debug crashlog read
-       프로세서 Crash 내역 및 FortiGate의 주요 이슈 사항 확인
4.     diag log alertconsole list
-       관리자 계정 Login 실패 기록, 장비 재시작, 전원 off, FortiGuard 업데이트 내역 확인
5.     diag hardware device nic port1
-       해당 Port의 Speed/Duplex 및 Error확인 가능
6.     diag netlink device list
-       전체 Port에 대한 Error 확인
7.     get route info routing-table all
-       Routing Table 확인
8.     get sys arp
-       ARP Table 확인
9.     get system interface
-       Interface IP정보 확인
 
10. 기타
# excute tac report
 
# fnsysctl ls -l /dev/shm
# fnsysctl ls -l /tmp
# diagnose hardware sysinfo shm
# diagnose hardware sysinfo slab
# diagnose hardware sysinfo interrupt
# diagnose ip arp list
# diagnose ip rtcache list
# diagnose ip router command show show int
# diagnose ips anomaly list
# diagnose ips anomaly status
# diagnose ips dissector status
# diagnose ips packet status
# diagnose ips raw status
# get ips session
# diagnose sys session stat
# get system auto-update status
# get system auto-update versions
# diagnose test update info
# diagnose sys flash list
# fnsysctl df -k
# diagnose sys logdisk smart
# diagnose sys logdisk status
# diagnose sys ha status
# diagnose sys ha showcsum
# diagnose sys ha hadiff status
# diagnose sys ha dump-by all-vcluster
# diagnose sys ha dump-by rcache
# diagnose sys ha dump-by all-group
# diagnose sys ha dump-by memory
# diagnose sys ha dump-by vdom
# diagnose sys ha dump-by debug-zone
# diagnose sys ha dump-by kernel
# diagnose sys ha dump-by device
# get sys session-info statistics
# get system session-info ttl
# get system session-helper-info list
# diagnose netlink aggregate list
# diagnose netlink brctl list
# diagnose netlink device list
# diagnose firewall fqdn list
# diagnose firewall iplist list
# diagnose firewall ipmac list
# diagnose firewall ipmac status
# diagnose firewall iprope list
# get firewall proute
# diagnose firewall schedule list
# get system performance firewall statistics
# get router info routing-table all
# get router info routing-table database
# get vpn ipsec stats crypto
# get vpn ipsec tunnel details
# get vpn status ssl list
# get webfilter ftgd-statistics
# get webfilter status
# diagnose spamfilter fortishield statistics list
# diagnose spamfilter fortishield servers
# get hardware nic mgmt2
# get hardware nic mgmt1
# get hardware nic port32
# get test proxyacceptor 1
# get test proxyacceptor 4
# get test proxyworker 1
# get test proxyworker 4
# get test proxyworker 4444
# get test http 444
# get test http 11
# diagnose sys scanunit stats all
# get test urlfilter 10
# diagnose sys sip-proxy filter clear
# diagnose sys sip-proxy redirect list
# diagnose sys sip-proxy config list
# diagnose sys sip-proxy config profiles
# diagnose sys sip-proxy meters list
# diagnose sys sip-proxy stats proto
# diagnose sys sip-proxy stats call
# diagnose sys sip-proxy stats udp
# diagnose sys sip-proxy calls idle
# diagnose sys sip-proxy session list
# diagnose sys sccp-proxy stats list
# diagnose sys sccp-proxy phone list
# get test ipsmonitor 1
# get test ipsmonitor 3
# get test radiusd 5
# diagnose test application miglogd 6

 

# diagnose debug crashlog read

 

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

FortiAnalyzer CLI  (0) 2018.05.08
fortigate File reached uncompressed size limit  (0) 2018.05.08
How-to: Automate FortiGate configuration backups  (0) 2018.05.08
Scheduled Daily Reboot of FortiGate  (0) 2018.05.08
FortiGate DNS Translation  (0) 2018.05.08
반응형
SMALL
Firemon Firmware 8.15.x 이상에서 Interface 정보 변경 방법
fmos config --e 또는 https://firemon_ip:55555
 
AS / DC 연동
AS : fmos shareconf export
AS : scp 파일명 firemon@IP:/home/firemon
DC : fmos shareconf import 파일명
 
또는
AS : fmsh_registerdc 1.1.1.1(DC IP) 실행하면 DataCollector_1_1_1_1.xml 파일 생김
DC : fmsh_importdcxml DataCollector_1_1_1_1.xml
 
Firemon 데이터 삭제
fmsh_purgedata
 
sudo rm-rf /etc/localtime
sudo ln -s /usr/share/zoneinfo/Asia???Seoul /etc/localtime
sudo date -s "20170210 15:21:00"
sudo vi /etc/hosts FQDN 등록
 
 
fmos status
fmos restart all
 
sudo tail -F /var/log/firemon/dc/Datacommector.log
 
tcpdump -ni eno16777728 host 192.168.200.254 and port 514 -nnxs 0 -vv | grep Msg | grep info
 
fmos install wireshark
fmos install wireshark --source FMOS-8.9.1.iso
sudo gpasswd -a firemon wireshark
fmos restart all
 
tshark -D
ip link show
tshark -i 3 host 192.168.0.21
tshark -i 3 host 192.168.0.22
tshark -i 3 host 192.168.0.23
 
fmos redeploy all
 
 
1. Firemon 정보 학인 : fmsh_fmversion
 
2. ifconfig 정보 설정 및 확인 : fmsh_ifconfig
fmsh_ifconfig help
fmsh_ifconfig <int> <address> <netmask>
fmsh_ifconfig <int> dhcp
fmsh_ifconfig <int> disabled
 
fmsh_ifconfig <int> status
fmsh_ifconfig all status
 
3. G/W 설정 : fmsh_gateway <gateway>
 
4. hostname설정 : fmsh_hostname <hostname>
 
5. Firemon 방화벽 확인 / 정지 / 시작
fmsh_fwstatus
fmsh_fwstop
fmsh_fwstart
 
6. Firemon 데몬 확인 / 정지 / 시작 / 재시작
fmsh_fmstatus
fmsh_fmstop
fmsh_fmstart
fmsh_fmrestart
 
7. DC Debug 모드 동작
fmsh_dclogprofile <profile> Profiles: info / dugall
 
8. Firemon 장비 off / reboot
fmsh_reboot
fmsh_shutdown
 
9. FMOS 업데이트
fmsh_update file <filename>
 
10. Firemon Data 복구
fmsh_restorebackup <filename> [--no-verify]
 
11. Firemon Data 백업
명령어 : /opt/firemon/JAS/fm-server.sh -backup -filename <backupfilename>
백업경로 : /opt/firemon/backup
 
12. CVE업데이트
fmsh_cveupdate
 
15. 기타 주요 명령어
 
[root@device-pack JAS]$ ./fm-server.sh
[-showdcs] ## 등록된 DC 목록 확인
[-showlicense]
[-adddc ipaddress]
[-deldc ipaddress] ## 등록된 DC 삭제
[-showdn]
[-backup -filename backupfilename ] ## 데이터 백업 (위치 : /opt/firemon/backup)
[-restorebackup -filename backupfilename -outputdir destinationDirectory]
[-consolidate]
[-installCert -alias certAlias -filename certFilename]
[-deleteCert -alias certAlias]
[-listCerts]
[-uc]
[-upt]
 
 
 
fmos install wireshark
sudo gpasswd -a wireshark firemon
sudo gpasswd -a firemon wireshark
fmos install traceroute
fmos install bind-utils
fmos install net-tools
 
sudo tshark -nni eth0 host 192.168.234.2
sudo tshark -nni 3 host 192.168.234.2
 
curl -v telnet://192.168.234.253:22

 

curl -v telnet://192.168.234.253:443

 

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > 정책관리솔루션' 카테고리의 다른 글

Gigamon HC Series의 Inline Concept  (48) 2024.10.15
Firemon SIQL  (1) 2018.05.08
Firemon 웹로그인유저 패스워드 복구방법  (0) 2018.05.08
Firemon SIQL  (0) 2017.08.08
반응형
SMALL

diagnose debug enable
diagnose debug flow show console enable
diagnose debug flow filter add 10.10.20.30
diagnose debug flow trace start 100


fg60cxadsl # diagnose sys session filter src 192.168.1.110
fg60cxadsl # diagnose sys session filter dport 80


Next it's time to clear the session by issuing thesession clear command as follows:

fg60cxadsl # diagnose sys session clear
Step 3: Sniffer trace

Take a sniffer trace as per the following examples when running a constant ping (or TCP connection) from PC1 to PC2.
This will answer the following questions:
- Is traffic arriving to the FortiGate and does it arrive on the expected port?- Is the ARP resolution correct for the targeted next-hop?- Is the traffic exiting the FortiGate to the destination?- Is the traffic sent back to the source?

FGT# diagnose sniffer packet any "host <PC1> or host <PC2>" 4

or

FGT# diagnose sniffer packet any "(host <PC1> or host <PC2>) and icmp" 4


Including the ARP protocol in the filter may be useful to troubleshoot a failure in the ARP resolution (for instance PC2 may be down and not responding to the FortiGate ARP requests)

FGT# diagnose sniffer packet any "host <PC1> or host <PC2> or arp" 4


To stop the sniffer, type CTRL+C.

Step 4: Debug flow

Traffic should come in and leave the FortiGate. If not, proceed with a debug flow as follows:

diag debug enable
diag debug flow filter add <PC1>    or    diag debug flow filter add <PC2>
diag debug flow show console enable
diag debug flow trace start 100          <== this will display 100 packets for this flow
diag debug enable


To stop all other debug, type "diag debug flow trace stop".

Step 5: Session list

diag sys session filter src PC1
diag sys session list 

or 

diag sys session filter dst PC1
diag sys session list 

To clear all sessions corresponding to a filter:

diag sys session filter dst PC1
diag sys session clear

 

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

Fortigate SIP ALG / Fortinet SIP ALG  (0) 2015.12.28
FortiAP Configuration  (0) 2015.12.28
FortiGate FGSP  (0) 2015.12.28
FortiAnalyzer 점검 CLI  (0) 2015.12.28
fortigate File reached uncompressed size limit  (0) 2015.12.28
반응형
SMALL

1.     get system performance status
-       현재 CPU & Memory, Traffic 사용량, Session수 및 Uptime 확인
2.     get system status
-       OS Version 및 Serial 정보 확인
3.     diag debug crashlog read
-       프로세서 Crash 내역 및 FortiGate의 주요 이슈 사항 확인
4.     diag log alertconsole list
-       관리자 계정 Login 실패 기록, 장비 재시작, 전원 off, FortiGuard 업데이트 내역 확인
5.     diag hardware device nic port1
-       해당 Port의 Speed/Duplex 및 Error확인 가능
6.     diag netlink device list
-       전체 Port에 대한 Error 확인
7.     get route info routing-table all
-       Routing Table 확인
8.     get sys arp
-       ARP Table 확인
9.     get system interface
-       Interface IP정보 확인

10. 기타
# excute tac report

# fnsysctl ls -l /dev/shm
# fnsysctl ls -l /tmp
# diagnose hardware sysinfo shm
# diagnose hardware sysinfo slab
# diagnose hardware sysinfo interrupt
# diagnose ip arp list
# diagnose ip rtcache list
# diagnose ip router command show show int
# diagnose ips anomaly list
# diagnose ips anomaly status
# diagnose ips dissector status
# diagnose ips packet status
# diagnose ips raw status
# get ips session
# diagnose sys session stat
# get system auto-update status
# get system auto-update versions
# diagnose test update info
# diagnose sys flash list
# fnsysctl df -k
# diagnose sys logdisk smart
# diagnose sys logdisk status
# diagnose sys ha status
# diagnose sys ha showcsum
# diagnose sys ha hadiff status
# diagnose sys ha dump-by all-vcluster
# diagnose sys ha dump-by rcache
# diagnose sys ha dump-by all-group
# diagnose sys ha dump-by memory
# diagnose sys ha dump-by vdom
# diagnose sys ha dump-by debug-zone
# diagnose sys ha dump-by kernel
# diagnose sys ha dump-by device
# get sys session-info statistics
# get system session-info ttl
# get system session-helper-info list
# diagnose netlink aggregate list
# diagnose netlink brctl list
# diagnose netlink device list
# diagnose firewall fqdn list
# diagnose firewall iplist list
# diagnose firewall ipmac list
# diagnose firewall ipmac status
# diagnose firewall iprope list
# get firewall proute
# diagnose firewall schedule list
# get system performance firewall statistics
# get router info routing-table all
# get router info routing-table database
# get vpn ipsec stats crypto
# get vpn ipsec tunnel details
# get vpn status ssl list
# get webfilter ftgd-statistics
# get webfilter status
# diagnose spamfilter fortishield statistics list
# diagnose spamfilter fortishield servers
# get hardware nic mgmt2
# get hardware nic mgmt1
# get hardware nic port32
# get test proxyacceptor 1
# get test proxyacceptor 4
# get test proxyworker 1
# get test proxyworker 4
# get test proxyworker 4444
# get test http 444
# get test http 11
# diagnose sys scanunit stats all
# get test urlfilter 10
# diagnose sys sip-proxy filter clear
# diagnose sys sip-proxy redirect list
# diagnose sys sip-proxy config list
# diagnose sys sip-proxy config profiles
# diagnose sys sip-proxy meters list
# diagnose sys sip-proxy stats proto
# diagnose sys sip-proxy stats call
# diagnose sys sip-proxy stats udp
# diagnose sys sip-proxy calls idle
# diagnose sys sip-proxy session list
# diagnose sys sccp-proxy stats list
# diagnose sys sccp-proxy phone list
# get test ipsmonitor 1
# get test ipsmonitor 3
# get test radiusd 5
# diagnose test application miglogd 6
# diagnose debug crashlog read

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

FortiAnalyzer 점검 CLI  (0) 2015.12.28
fortigate File reached uncompressed size limit  (0) 2015.12.28
Fortigate Auto backup configuration  (0) 2015.12.28
FortiGate IP MAC Binding  (0) 2015.12.28
Spam Blacklist 확인 사이트  (0) 2015.12.28
반응형
SMALL

 

Juniper Firewall TroubleShooting Command

-. 주니퍼 방화벽 장비를 사용하는데 있어 사용되는 ScreenOS 명령어 입니다.

    문제 발생시에 사용되는 명령어로써 장비 정보확인을 하는데 있어 기본/유용한
    명령어 입니다.

---------------------------------------------------------------------------

Trouble Shooting Command for Juniper Firewalls (ScreenOS)

SCREENOS NOTES
Session & Interface counters  
get session  
get interface  
get counter stat  
get couter stat <interface>  
clear counter stat  
Debug & Snoop  
debug flow basic creates debugs in detail file name : /var/log/security-trace
more info-debug flow basic
set ff Packet-drop is a feature that will be added
get ff  
get debug  
get db stream monitor stop' stops real-time view , but debugs are still collected in log files
clear db Use 'file delete <filename> to actually delete file>
undebug <debug> (stops collecting debugs) Deactivate makes it easier to enable/disable.
Use activate traceoptions to activate.
undebug all  
debug ike detail creates debugs in default file name: kmd
snoop (packets THRU the JUNOS device) Not supported on SRX 3x00/5x00 yet
snoop (packets TO the JUNOS device) Only captures traffic destined for the RE of router itself.
Excludes PING .
Event Logs  
get event   
get event | include <string>
 Note: There is not an equivalent command for 'get event include <string>'.
match displays only the lines that contains the string
find displays output starting from the first occurrence of the string
clear event  
Config & Software upgrade  
get config  
get license  
get chassis (serial numbers) show chas environment
show chas routing-engine
unset all more info-unset all
reset  
load config from tftp <tftp_server><configfile> TFTP is not supported. USE only FTP.HTTP or SCP
load software from tftp <tftp_server><screenosimage> to flash TFTP is not supported. USE only FTP.HTTP or SCP
Use 'request system software rollback' to rollback to previous s/w package
save  
reset  
Policy  
get policy  
get policy from <zone> to <zone>  
VPN  
get ike cookie  
get sa  
clear ike cookie  
clear sa  
NSRP  
get nsrp  
exec nsrp vsd <vsd> mode backup (on master) see KB5885  
DHCP  
get dhcp client  
exec dhcp client <int> renew  
Routing  
get route  
get route ip <ipaddress>  
get vr untrust-vr route  
get ospf nei  
set route 0.0.0.0/0 int <int> gateway <ip>  
NAT  
get vip  
get mip  
get dip  
Others  
get perf cpu  
get net-pak s  
get file  
get alg  
get service  
get tech  
set console page 0 

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

NSRP Monitor Track IP Configuration Examples  (0) 2011.11.17
Juniper Firewall Transparent mode config (Example)  (0) 2011.11.04
Juniper ISG Series Integrated Security Gateways  (0) 2011.09.27
Juniper Netscreen 204...  (0) 2011.08.19
Juniper ISG 2000  (0) 2011.07.31

+ Recent posts

티스토리툴바