반응형
SMALL
Configure FortiGate A interfaces
 
config system interface
edit port2
set 10.0.0.1/24
next
edit port3
config ipv6
set ip6-address fec0::0001:209:0fff:fe83:25f3/64
end
 
Configure FortiGate A IPsec settings
config vpn ipsec phase1-interface
edit toB
set interface port2
set remote-gw 10.0.1.1
set dpd enable
set psksecret maryhadalittlelamb
set proposal 3des-md5 3des-sha1
end
 
config vpn ipsec phase2-interface
edit toB2
set phase1name toB
set proposal 3des-md5 3des-sha1
set pfs enable
set replay enable
set src-addr-type subnet6
set dst-addr-type subnet6
end
 
Configure FortiGate A security policies
 
config firewall policy6
edit 1
set srcintf port3
set dstintf toB
set srcaddr all6
set dstaddr all6
set action accept
set service ANY
set schedule always
next
 
edit 2
set srcintf toB
set dstintf port3
set srcaddr all6
set dstaddr all6
set action accept
set service ANY
set schedule always
end
Configure FortiGate A routing
 
edit 1
set device toB
set dst fec0:0000:0000:0004::/64
end
config router static
edit 1
set device port2
set dst 0.0.0.0/0
set gateway 10.0.0.254
end
 
Configure FortiGate B
 
config system interface
edit port2
set 10.0.1.1/24
next
edit port3
config ipv6
set ip6-address fec0::0004:209:0fff:fe83:2569/64
end
config vpn ipsec phase1-interface
edit toA
set interface port2
set remote-gw 10.0.0.1
set dpd enable
set psksecret maryhadalittlelamb
set proposal 3des-md5 3des-sha1
end
config vpn ipsec phase2-interface
edit toA2
set phase1name toA
set proposal 3des-md5 3des-sha1
set pfs enable
set replay enable
set src-addr-type subnet6
set dst-addr-type subnet6
end
config firewall policy6
edit 1
set srcintf port3
set dstintf toA
set srcaddr all6
set dstaddr all6
set action accept
set service ANY
set schedule always
next
edit 2
set srcintf toA
set dstintf port3
set srcaddr all6
set dstaddr all6
set action accept
set service ANY
set schedule always
end
config router static6
edit 1
set device toA
set dst fec0:0000:0000:0000::/64
end
config router static
edit 1
set device port2
set gateway 10.0.1.254
end

 

 
반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

FortiGate DNS Translation  (0) 2018.05.08
[FortiGate의 자주 쓰는 debug 명령]  (0) 2018.05.08
FortiGate Service Objects Category별 우선 순위  (0) 2018.05.08
FortiSandbox Cluster  (0) 2018.05.08
FortiAuthenticator FSSO 설정  (0) 2018.05.08
반응형
SMALL
  1. Macbinding Table 생성
config firewall ipmacbinding table
    edit 1
        set mac 사용자맥주소1
        set name "사용자명1"
        set status enable
    next
    edit 2
        set mac 사용자맥주소2
        set name "사용자명2"
        set status enable
    next
    …
end
  1. Macbinding 옵션 설정 및 적용
config firewall ipmacbinding setting
    set bindthroughfw enable
    set bindtofw enable
    set undefinedhost block
end
config system interface
    edit "port1"
        set vdom "root"
        set ip 1.1.1.1 255.255.255.0
        set allowaccess ping https ssh snmp
        set ipmac enable
        set type physical
        set snmp-index 5
    next
end

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

Fortigate SSLVPN Host Check  (0) 2018.05.08
FortiAnalyzer SQL database delete and rebuild  (0) 2018.05.08
Fortinet Open Ports Diagram  (0) 2018.05.08
FortiSandbox diagram  (0) 2018.05.08
FortiSandbox Flow  (0) 2017.08.08
반응형
SMALL

USERS-FW2 # config firewall ipmacbinding setting
USERS-FW2 (setting) # show full-configuration
config firewall ipmacbinding setting
set bindthroughfw enable
set bindtofw enable
set undefinedhost block
end

USERS-FW2 # config firewall ipmacbinding table
USERS-FW2 (table) # show full-configuration
config firewall ipmacbinding table
edit 1
set ip 10.10.10.100
set mac 00:e0:4c:50:22:f2
set name "sbbaek"
set status enable
next
end

USERS-FW2 # config system interface
USERS-FW2 (interface) # edit mgmt2
set ipmac enable
next
end

 

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

FortiGate 점점 CLI  (2) 2015.12.28
Fortigate Auto backup configuration  (0) 2015.12.28
Spam Blacklist 확인 사이트  (0) 2015.12.28
Fortigate SIP ALG / Fortinet SIP ALG  (0) 2013.03.10
Juniper Firewall DHCP Server Configuration  (0) 2013.03.10

+ Recent posts

티스토리툴바