{"id":35,"date":"2022-03-04T00:29:34","date_gmt":"2022-03-04T05:29:34","guid":{"rendered":"https:\/\/opentextbc.ca\/fortigatefirewall\/chapter\/basic-settings\/"},"modified":"2023-08-29T16:26:05","modified_gmt":"2023-08-29T20:26:05","slug":"basic-settings","status":"publish","type":"chapter","link":"https:\/\/opentextbc.ca\/fortigatefirewall\/chapter\/basic-settings\/","title":{"raw":"1.1 Basic Settings","rendered":"1.1 Basic Settings"},"content":{"raw":"<div class=\"textbox textbox--learning-objectives\"><header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n\n<\/header>\n<div class=\"textbox__content\">\n<ul>\n \t<li>Create a basic configuration in FortiGate<\/li>\n \t<li>Identify CLI commands in FortiGate<\/li>\n \t<li>Create an IP access in FortiGate<\/li>\n \t<li>Create a DHCP server in FortiGate<\/li>\n \t<li>Restore previous configurations in FortiGate using backups<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: This exercise will access a FortiGate device using the command-line interface (CLI). Setup your GNS3 and try to connect to FortiGate through WebTerm.<\/div>\n\n[caption id=\"attachment_34\" align=\"aligncenter\" width=\"718\"]<img class=\"wp-image-24 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2022\/03\/1.jpg\" alt=\"main scenario\" width=\"718\" height=\"293\"> Figure 1.1: Main scenario[\/caption]\n<h2>Explore the CLI<\/h2>\nTo explore the CLI, from the GNS3 double click on FortiGate to open the console. In the Password field, type <strong>&lt;the default password is blank&gt;<\/strong>, and then press enter.\n\nEnter the following command:\n<div class=\"textbox shaded\" style=\"text-align: left;\"><em>get system status<\/em><\/div>\n\n[caption id=\"attachment_34\" align=\"aligncenter\" width=\"707\"]<img class=\"wp-image-25 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/2.jpg\" alt=\"get system status output\" width=\"707\" height=\"652\"> Figure 1.2: Get system status output[\/caption]\n\nThis command displays basic status information about FortiGate. The output includes FortiGate's serial number, operation mode, and a lot of useful information. When the More prompt appears on the CLI, do one of the following:\n<ul>\n \t<li>To continue scrolling, Space bar.<\/li>\n \t<li>To scroll one line at a time, Enter.<\/li>\n \t<li>Enter the following command: get ?<\/li>\n<\/ul>\n<div class=\"textbox\">The ? character is not displayed on the screen.<\/div>\nThis command shows all of the options that the CLI will accept after the # get command. Depending on the command, you may need to enter additional words to completely specify a configuration option.\n<ul>\n \t<li>Enter the following command: <strong>execute ? <\/strong><\/li>\n \t<li>This command lists all options that the CLI will accept after the execute command.<\/li>\n \t<li>Type exe, and then press the Tab key. Notice that the CLI completes the current word.<\/li>\n \t<li>Press the space bar and then press the Tab key three times.<\/li>\n \t<li>Each time you press the Tab key, the CLI replaces the second word with the next possible option for the execute command, in alphabetical order.<\/li>\n<\/ul>\n<div class=\"textbox\">\n\nYou can abbreviate most commands. In this book, many of the commands that you see will be in abbreviated form. For example, instead of typing execute, you can type exe.\n\nUse this technique to reduce the number of keystrokes that are required to enter a command. Often, experts can configure FortiGate faster using the CLI than the GUI.\n\n<\/div>\n<h3 id=\"configuration\">Configuration<\/h3>\n<table class=\"aligncenter\" style=\"border-collapse: collapse; width: 100%;\" border=\"0\"><caption>Table 1.1: Check configuration CLI<\/caption>\n<tbody>\n<tr>\n<th style=\"width: 25%;\" scope=\"col\">Action<\/th>\n<th style=\"width: 75%;\" scope=\"col\">Command<\/th>\n<\/tr>\n<tr>\n<td style=\"width: 25%;\">Check configuration<\/td>\n<td style=\"width: 75%;\"># show\n# show | grep xxxx\n# show full-configuration\n# show full-configuration | grep XXXX\n# show full-configuration | grep -f XXXX \u2190 display with tree view<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"network\">Network<\/h3>\n<table style=\"border-collapse: collapse; width: 100%;\" border=\"0\"><caption>Table 1.2: Routing and firewall policy CLI<\/caption>\n<tbody>\n<tr>\n<th style=\"width: 25%;\" scope=\"col\">Action<\/th>\n<th style=\"width: 75%;\" scope=\"col\">Command<\/th>\n<\/tr>\n<tr>\n<td style=\"width: 25%;\">Check Routing<\/td>\n<td style=\"width: 75%;\"># get router info routing-table detail\n# show router static# config router static\n(static) # show\n(static) # end<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 25%;\">Check Firewall Policy<\/td>\n<td style=\"width: 75%;\"># show firewall policy\n# show firewall policy XXXX# config firewall policy\n(policy) # show<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"hardware\">Hardware<\/h3>\n<table class=\"aligncenter\" style=\"border-collapse: collapse; width: 100%;\" border=\"0\"><caption>Table 1.3: Hardware CLI<\/caption>\n<tbody>\n<tr>\n<th style=\"width: 60%;\" scope=\"col\">Action<\/th>\n<th style=\"width: 40%;\" scope=\"col\">Command<\/th>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Check Hardware Information<\/td>\n<td style=\"width: 40%;\"># get hardware status<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Check Version, BIOS, Firmware, etc.<\/td>\n<td style=\"width: 40%;\"># get system status<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Check version<\/td>\n<td style=\"width: 40%;\"># get system status<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Display CPU \/ memory \/ line usage<\/td>\n<td style=\"width: 40%;\"># get system performance status<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Display of NTP server<\/td>\n<td style=\"width: 40%;\"># get system ntp<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Display the current time and the time of synchronization with the NTP server<\/td>\n<td style=\"width: 40%;\"># execute time<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Check interfaces status, Up or Down<\/td>\n<td style=\"width: 40%;\"># get system interface physical<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Check interfaces<\/td>\n<td style=\"width: 40%;\"># config system interface\n(interface) # show\n(interface) # end<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Display of ARP table<\/td>\n<td style=\"width: 40%;\"># get system arp<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"ha\">High Availability (HA)<\/h3>\n<table class=\"aligncenter\" style=\"border-collapse: collapse; width: 100%;\" border=\"0\"><caption>Table 1.4: High Availability CLI<\/caption>\n<tbody>\n<tr>\n<th style=\"width: 50%;\" scope=\"col\">Action<\/th>\n<th style=\"width: 50%;\" scope=\"col\">Command<\/th>\n<\/tr>\n<tr>\n<td style=\"width: 50%;\">Check HA Status<\/td>\n<td style=\"width: 50%;\"># get system ha status<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 50%;\">Check HA Configuration<\/td>\n<td style=\"width: 50%;\"># get system ha\n# show system ha<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"ntp\">Network Time Protocol (NTP)<\/h3>\n<div class=\"level4\">\n<div class=\"table sectionedit14\">\n<table style=\"border-collapse: collapse; width: 100%;\" border=\"0\"><caption>Table 1.5: NTP CLI<\/caption>\n<tbody>\n<tr>\n<th style=\"width: 50%;\" scope=\"col\">Action<\/th>\n<th style=\"width: 50%;\" scope=\"col\">Command<\/th>\n<\/tr>\n<tr style=\"height: 55px;\">\n<td style=\"width: 50%; height: 55px;\">Check NTP<\/td>\n<td style=\"width: 50%; height: 55px;\"># execute time\n# get system ntp\n# diagnose sys ntp status<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\nOn a fresh line, enter the following command to view the port3 interface configuration:\n<div class=\"textbox shaded\"><em>show system interface port3<\/em><\/div>\n<div>\n\n[caption id=\"attachment_26\" align=\"aligncenter\" width=\"461\"]<img class=\"wp-image-26\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/3.jpg\" alt=\"Configuration of port3\" width=\"461\" height=\"152\"> Figure 1.3: Configuration of port3[\/caption]\n\n<\/div>\nEnter the following command:\n<div class=\"textbox shaded\"><em>show full-configuration system interface port3<\/em><\/div>\n<div>\n\n[caption id=\"attachment_27\" align=\"aligncenter\" width=\"745\"]<img class=\"wp-image-27\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/4.jpg\" alt=\"show full-configuration system interface port3\" width=\"745\" height=\"530\"> Figure 1.4: Show full-configuration of port3[\/caption]\n\n<\/div>\nEnter the following command:\n<div class=\"textbox shaded\"><em>show system interface<\/em><\/div>\nFor setting an IP address on the port1:\n<div class=\"textbox shaded\"><em>config system interface<\/em>\n<em>edit port1<\/em>\n<em>set mode static<\/em>\n<em>set ip 192.168.10.1 255.255.255.0<\/em>\n<em>set allowaccess ping ssh http https<\/em>\n<em>end<\/em><\/div>\nNow you should be able to reach the firewall from port1. In browser, type http:\/\/192.168.10.1 and enter username and password.\n<div class=\"textbox\">In the licensed devices, you should type https:\/\/192.168.10.1 and then enter username and password.<\/div>\n<h2>Configuring Administrator Accounts<\/h2>\nFortiGate offers many options for configuring administrator privileges. For example, you can specify the IP addresses that administrators are allowed to connect from. In this exercise, you will work with administrator profiles and administrator user accounts. An administrator profile is a role that is assigned to an administrator user that defines what the user is permitted to do on the FortiGate GUI and CLI.\n<h3>Configure a User Administrator Profile<\/h3>\n<ol>\n \t<li>Click <strong>System &gt; Admin Profiles<\/strong>.<\/li>\n \t<li>Click<strong> Create New<\/strong>.<\/li>\n \t<li>In the Name field, type <strong>Security_Admin_Profile<\/strong>.<\/li>\n \t<li>In the permissions table, set Security Profile to <strong>Read-Write<\/strong>, but set all other permissions to Read.<\/li>\n \t<li>Click <strong>OK<\/strong> to save the changes.<\/li>\n<\/ol>\n[caption id=\"attachment_30\" align=\"aligncenter\" width=\"400\"]<img class=\"wp-image-28\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/user-profile-e1691185014412.jpg\" alt=\"Create a custom profile\" width=\"400\" height=\"569\"> Figure 1.5: Create a custom profile[\/caption]\n<h2>Create an Administrator Account<\/h2>\nNow, you will create a new administrator account. You will assign the account to the administrator profile you created previously. The administrator will have read-only access to most of the configuration settings. To create an administrator account Continuing on the Local-FortiGate GUI, click <strong>System &gt; Administrators<\/strong>. Click Create New and then click Administrator to add a new administrator account and assign the previous profile you have created to the administrator.\n\n[caption id=\"attachment_30\" align=\"aligncenter\" width=\"1000\"]<img class=\"wp-image-29 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/second.jpg\" alt=\"Create a local user\" width=\"1000\" height=\"585\"> Figure 1.6: Create a local user[\/caption]\n<h3>Test the New Administrator Account<\/h3>\nIn this procedure, you will confirm that the new administrator account has read-write access to only the security profiles configuration.\n\nTo test the new administrator account Continuing on the Local-FortiGate GUI, click username (in my case, it's admin2) and then Logout to log out of the admin account's GUI session.\n\n[caption id=\"attachment_30\" align=\"aligncenter\" width=\"316\"]<img class=\"wp-image-30 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/logout.jpg\" alt=\"Logout option\" width=\"316\" height=\"247\"> Figure 1.7: Logout option[\/caption]\n\n<\/div>\nExplore the permissions that you have in the GUI. You should see that this account can configure only security profiles. Log out of the GUI once done.\n\n<\/div>\n<h2>Restrict Administrator Access<\/h2>\nNow, you will restrict access for FortiGate administrators. Only administrators connecting from a trusted subnet will be allowed access. This is useful if you need to restrict the access points from which administrators connect to FortiGate. To restrict administrator access.\n<ol>\n \t<li>Click <strong>System &gt; Administrators<\/strong>. Edit the admin account.<\/li>\n \t<li>Enable Restrict login to trusted hosts, and set <strong>Trusted Host 1<\/strong> to the address\n<strong>192.168.10.100\/32<\/strong>.<\/li>\n \t<li>Click <strong>OK<\/strong> to save the changes.<\/li>\n<\/ol>\n[caption id=\"attachment_34\" align=\"aligncenter\" width=\"999\"]<img class=\"wp-image-31 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/administrator.jpg\" alt=\"create a trusted host for the user\" width=\"999\" height=\"650\"> Figure 1.8: Create a trusted host for the user[\/caption]\n<h3>To test the restricted access<\/h3>\n<ol>\n \t<li>Continuing on Local-Windows, log out of the Local-FortiGate GUI session as the admin user.<\/li>\n \t<li>Try to log in to the admin2 account again with password &lt; Your password&gt;. Because you are trying to connect from the 192.168.10.101 address, you shouldn't be able to connect.<\/li>\n \t<li>Log in as admin with password &lt;Your password&gt;. Enter the following CLI commands to add <strong>192.168.10.101\/32<\/strong> as the second trusted IP subnet (Trusted Host 2) to the admin account:\n<div class=\"textbox shaded\"><em>config system admin<\/em>\n<em>edit admin<\/em>\n<em>set trusthost2 192.168.10.101\/32<\/em>\n<em>end<\/em><\/div><\/li>\n \t<li>Try to log in to the Local-FortiGate GUI at &lt;IP address&gt; with the username admin and password &lt;Your password&gt;. You should be able to log in. (<strong>Hint:<\/strong> add the IP address 192.168.10.101 to WebTerm and try to reach to the firewall.)<\/li>\n<\/ol>\n[caption id=\"attachment_34\" align=\"aligncenter\" width=\"618\"]<img class=\"wp-image-32 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/System-111.jpg\" alt=\"System settings\" width=\"618\" height=\"443\"> Figure 1.9: System settings[\/caption]\n<h2>Configuration Backups<\/h2>\nThe configuration files produced by backups allow you to restore to an earlier FortiGate configuration.\n<h3>Backup &amp; Restore<\/h3>\n<p style=\"text-align: left;\">Always back up the configuration file before making changes to FortiGate (even if the change seems minor or unimportant). There is no undo. You should carefully consider the pros and cons of an encrypted backup before you begin encrypting backups. While your configuration, including things like private keys, remains private, an encrypted file hampers troubleshooting because Fortinet support cannot read the file. Consider saving backups in plain-text and storing them in a secure place instead. Now, you will create an encrypted file with the backup of the FortiGate's current configuration.<\/p>\n\n<h3>To save an encrypted configuration backup<\/h3>\nContinuing on the Local-FortiGate GUI, in the upper-right corner, click <strong>admin<\/strong>, and then click <strong>Configuration &gt; Backup<\/strong>. On the Backup System Configuration page, enable Encryption. In the Password field, enter <strong>fortigate<\/strong> and repeat in the Confirm password field.\n\n[caption id=\"attachment_34\" align=\"aligncenter\" width=\"453\"]<img class=\"wp-image-33 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/backup.jpg\" alt=\"Backup System Configuration\" width=\"453\" height=\"241\"> Figure 1.10: Backup System Configuration[\/caption]\n\nClick <strong>OK<\/strong>.\n\nSelect <strong>Save File<\/strong> and click <strong>OK<\/strong>.\n<h3>To restore an encrypted configuration backup<\/h3>\nContinuing on the Local-FortiGate GUI, in the upper-right corner, click admin, and then click <strong>Configuration &gt; Restore<\/strong>. On the Restore System Configuration page, click Upload. Browse to your <strong>Downloads<\/strong> folder and select the configuration file that you created in the previous procedure. In the Password field, type <strong>fortigate<\/strong>, and then click <strong>OK.<\/strong>\n<h2>DHCP (Dynamic Host Configuration Protocol)<\/h2>\nYou can configure one or more DHCP servers on any FortiGate interface. A DHCP server dynamically assigns IP addresses to hosts on the network connected to the interface. The host computers must be configured to obtain their IP addresses using DHCP.\n<h3 style=\"text-align: left;\">Configure DHCP on the FortiGate<\/h3>\n<p style=\"text-align: left;\">To add a DHCP server on the GUI:<\/p>\n\n<ol>\n \t<li>Go to <strong>Network &gt; Interfaces<\/strong>.<\/li>\n \t<li>Edit an interface.<\/li>\n \t<li>Enable the DHCP Server option and configure the settings.<\/li>\n<\/ol>\n[caption id=\"attachment_34\" align=\"aligncenter\" width=\"710\"]<img class=\"wp-image-34 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/DHCP.jpg\" alt=\"Enable DHCP Server\" width=\"710\" height=\"807\"> Figure 1.11: Enable DHCP Server[\/caption]\n\nTo do it through command line, use following commands:\n<div class=\"textbox shaded\" style=\"padding-left: 40px;\">\n<div><em>FGVM01TM19008000 # config system dhcp server<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (server) # edit 1<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (1) # set dns-service default<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (1) # set netmask 255.255.255.0<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (1) # config ip-range<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (ip-range) # edit 1<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (1) # set start-ip 192.168.1.1<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (1) # set end-ip 192.168.1.1<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (1) # next<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (ip-range) # edit 2<\/em><\/div>\n<div><em>new entry '2' added<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (2) # set start-ip 192.168.1.20<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (2) # set end-ip 192.168.1.30<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (2) # next<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (ip-range) # end<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (1) # next<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (server) # end<\/em><\/div>\n<div><\/div>\n<\/div>\n<div class=\"textbox\">If you are looking for a specific configuration or CLI, the <a href=\"https:\/\/docs.fortinet.com\/product\/fortigate\">FortiGate document library<\/a> has full resources.<\/div>\n<h2>Resources<\/h2>\n<ul>\n \t<li><a href=\"https:\/\/cmdref.net\/hardware\/fortigate\/index.html\">Fortinet Fortigate CLI Commands<\/a><\/li>\n \t<li><a href=\"https:\/\/docs.fortinet.com\/product\/fortigate\/7.2\">FortiGate document library<\/a><\/li>\n<\/ul>","rendered":"<div class=\"textbox textbox--learning-objectives\">\n<header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n<\/header>\n<div class=\"textbox__content\">\n<ul>\n<li>Create a basic configuration in FortiGate<\/li>\n<li>Identify CLI commands in FortiGate<\/li>\n<li>Create an IP access in FortiGate<\/li>\n<li>Create a DHCP server in FortiGate<\/li>\n<li>Restore previous configurations in FortiGate using backups<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: This exercise will access a FortiGate device using the command-line interface (CLI). Setup your GNS3 and try to connect to FortiGate through WebTerm.<\/div>\n<figure id=\"attachment_34\" aria-describedby=\"caption-attachment-34\" style=\"width: 718px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-24 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2022\/03\/1.jpg\" alt=\"main scenario\" width=\"718\" height=\"293\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/03\/1.jpg 718w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/03\/1-300x122.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/03\/1-65x27.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/03\/1-225x92.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/03\/1-350x143.jpg 350w\" sizes=\"auto, (max-width: 718px) 100vw, 718px\" \/><figcaption id=\"caption-attachment-34\" class=\"wp-caption-text\">Figure 1.1: Main scenario<\/figcaption><\/figure>\n<h2>Explore the CLI<\/h2>\n<p>To explore the CLI, from the GNS3 double click on FortiGate to open the console. In the Password field, type <strong>&lt;the default password is blank&gt;<\/strong>, and then press enter.<\/p>\n<p>Enter the following command:<\/p>\n<div class=\"textbox shaded\" style=\"text-align: left;\"><em>get system status<\/em><\/div>\n<figure id=\"attachment_34\" aria-describedby=\"caption-attachment-34\" style=\"width: 707px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-25 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/2.jpg\" alt=\"get system status output\" width=\"707\" height=\"652\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/2.jpg 707w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/2-300x277.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/2-65x60.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/2-225x207.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/2-350x323.jpg 350w\" sizes=\"auto, (max-width: 707px) 100vw, 707px\" \/><figcaption id=\"caption-attachment-34\" class=\"wp-caption-text\">Figure 1.2: Get system status output<\/figcaption><\/figure>\n<p>This command displays basic status information about FortiGate. The output includes FortiGate&#8217;s serial number, operation mode, and a lot of useful information. When the More prompt appears on the CLI, do one of the following:<\/p>\n<ul>\n<li>To continue scrolling, Space bar.<\/li>\n<li>To scroll one line at a time, Enter.<\/li>\n<li>Enter the following command: get ?<\/li>\n<\/ul>\n<div class=\"textbox\">The ? character is not displayed on the screen.<\/div>\n<p>This command shows all of the options that the CLI will accept after the # get command. Depending on the command, you may need to enter additional words to completely specify a configuration option.<\/p>\n<ul>\n<li>Enter the following command: <strong>execute ? <\/strong><\/li>\n<li>This command lists all options that the CLI will accept after the execute command.<\/li>\n<li>Type exe, and then press the Tab key. Notice that the CLI completes the current word.<\/li>\n<li>Press the space bar and then press the Tab key three times.<\/li>\n<li>Each time you press the Tab key, the CLI replaces the second word with the next possible option for the execute command, in alphabetical order.<\/li>\n<\/ul>\n<div class=\"textbox\">\n<p>You can abbreviate most commands. In this book, many of the commands that you see will be in abbreviated form. For example, instead of typing execute, you can type exe.<\/p>\n<p>Use this technique to reduce the number of keystrokes that are required to enter a command. Often, experts can configure FortiGate faster using the CLI than the GUI.<\/p>\n<\/div>\n<h3 id=\"configuration\">Configuration<\/h3>\n<table class=\"aligncenter\" style=\"border-collapse: collapse; width: 100%;\">\n<caption>Table 1.1: Check configuration CLI<\/caption>\n<tbody>\n<tr>\n<th style=\"width: 25%;\" scope=\"col\">Action<\/th>\n<th style=\"width: 75%;\" scope=\"col\">Command<\/th>\n<\/tr>\n<tr>\n<td style=\"width: 25%;\">Check configuration<\/td>\n<td style=\"width: 75%;\"># show<br \/>\n# show | grep xxxx<br \/>\n# show full-configuration<br \/>\n# show full-configuration | grep XXXX<br \/>\n# show full-configuration | grep -f XXXX \u2190 display with tree view<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"network\">Network<\/h3>\n<table style=\"border-collapse: collapse; width: 100%;\">\n<caption>Table 1.2: Routing and firewall policy CLI<\/caption>\n<tbody>\n<tr>\n<th style=\"width: 25%;\" scope=\"col\">Action<\/th>\n<th style=\"width: 75%;\" scope=\"col\">Command<\/th>\n<\/tr>\n<tr>\n<td style=\"width: 25%;\">Check Routing<\/td>\n<td style=\"width: 75%;\"># get router info routing-table detail<br \/>\n# show router static# config router static<br \/>\n(static) # show<br \/>\n(static) # end<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 25%;\">Check Firewall Policy<\/td>\n<td style=\"width: 75%;\"># show firewall policy<br \/>\n# show firewall policy XXXX# config firewall policy<br \/>\n(policy) # show<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"hardware\">Hardware<\/h3>\n<table class=\"aligncenter\" style=\"border-collapse: collapse; width: 100%;\">\n<caption>Table 1.3: Hardware CLI<\/caption>\n<tbody>\n<tr>\n<th style=\"width: 60%;\" scope=\"col\">Action<\/th>\n<th style=\"width: 40%;\" scope=\"col\">Command<\/th>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Check Hardware Information<\/td>\n<td style=\"width: 40%;\"># get hardware status<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Check Version, BIOS, Firmware, etc.<\/td>\n<td style=\"width: 40%;\"># get system status<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Check version<\/td>\n<td style=\"width: 40%;\"># get system status<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Display CPU \/ memory \/ line usage<\/td>\n<td style=\"width: 40%;\"># get system performance status<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Display of NTP server<\/td>\n<td style=\"width: 40%;\"># get system ntp<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Display the current time and the time of synchronization with the NTP server<\/td>\n<td style=\"width: 40%;\"># execute time<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Check interfaces status, Up or Down<\/td>\n<td style=\"width: 40%;\"># get system interface physical<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Check interfaces<\/td>\n<td style=\"width: 40%;\"># config system interface<br \/>\n(interface) # show<br \/>\n(interface) # end<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 60%;\">Display of ARP table<\/td>\n<td style=\"width: 40%;\"># get system arp<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"ha\">High Availability (HA)<\/h3>\n<table class=\"aligncenter\" style=\"border-collapse: collapse; width: 100%;\">\n<caption>Table 1.4: High Availability CLI<\/caption>\n<tbody>\n<tr>\n<th style=\"width: 50%;\" scope=\"col\">Action<\/th>\n<th style=\"width: 50%;\" scope=\"col\">Command<\/th>\n<\/tr>\n<tr>\n<td style=\"width: 50%;\">Check HA Status<\/td>\n<td style=\"width: 50%;\"># get system ha status<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 50%;\">Check HA Configuration<\/td>\n<td style=\"width: 50%;\"># get system ha<br \/>\n# show system ha<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"ntp\">Network Time Protocol (NTP)<\/h3>\n<div class=\"level4\">\n<div class=\"table sectionedit14\">\n<table style=\"border-collapse: collapse; width: 100%;\">\n<caption>Table 1.5: NTP CLI<\/caption>\n<tbody>\n<tr>\n<th style=\"width: 50%;\" scope=\"col\">Action<\/th>\n<th style=\"width: 50%;\" scope=\"col\">Command<\/th>\n<\/tr>\n<tr style=\"height: 55px;\">\n<td style=\"width: 50%; height: 55px;\">Check NTP<\/td>\n<td style=\"width: 50%; height: 55px;\"># execute time<br \/>\n# get system ntp<br \/>\n# diagnose sys ntp status<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>On a fresh line, enter the following command to view the port3 interface configuration:<\/p>\n<div class=\"textbox shaded\"><em>show system interface port3<\/em><\/div>\n<div>\n<figure id=\"attachment_26\" aria-describedby=\"caption-attachment-26\" style=\"width: 461px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-26\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/3.jpg\" alt=\"Configuration of port3\" width=\"461\" height=\"152\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/3.jpg 658w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/3-300x99.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/3-65x21.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/3-225x74.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/3-350x115.jpg 350w\" sizes=\"auto, (max-width: 461px) 100vw, 461px\" \/><figcaption id=\"caption-attachment-26\" class=\"wp-caption-text\">Figure 1.3: Configuration of port3<\/figcaption><\/figure>\n<\/div>\n<p>Enter the following command:<\/p>\n<div class=\"textbox shaded\"><em>show full-configuration system interface port3<\/em><\/div>\n<div>\n<figure id=\"attachment_27\" aria-describedby=\"caption-attachment-27\" style=\"width: 745px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-27\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/4.jpg\" alt=\"show full-configuration system interface port3\" width=\"745\" height=\"530\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/4.jpg 885w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/4-300x214.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/4-768x547.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/4-65x46.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/4-225x160.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/4-350x249.jpg 350w\" sizes=\"auto, (max-width: 745px) 100vw, 745px\" \/><figcaption id=\"caption-attachment-27\" class=\"wp-caption-text\">Figure 1.4: Show full-configuration of port3<\/figcaption><\/figure>\n<\/div>\n<p>Enter the following command:<\/p>\n<div class=\"textbox shaded\"><em>show system interface<\/em><\/div>\n<p>For setting an IP address on the port1:<\/p>\n<div class=\"textbox shaded\"><em>config system interface<\/em><br \/>\n<em>edit port1<\/em><br \/>\n<em>set mode static<\/em><br \/>\n<em>set ip 192.168.10.1 255.255.255.0<\/em><br \/>\n<em>set allowaccess ping ssh http https<\/em><br \/>\n<em>end<\/em><\/div>\n<p>Now you should be able to reach the firewall from port1. In browser, type http:\/\/192.168.10.1 and enter username and password.<\/p>\n<div class=\"textbox\">In the licensed devices, you should type https:\/\/192.168.10.1 and then enter username and password.<\/div>\n<h2>Configuring Administrator Accounts<\/h2>\n<p>FortiGate offers many options for configuring administrator privileges. For example, you can specify the IP addresses that administrators are allowed to connect from. In this exercise, you will work with administrator profiles and administrator user accounts. An administrator profile is a role that is assigned to an administrator user that defines what the user is permitted to do on the FortiGate GUI and CLI.<\/p>\n<h3>Configure a User Administrator Profile<\/h3>\n<ol>\n<li>Click <strong>System &gt; Admin Profiles<\/strong>.<\/li>\n<li>Click<strong> Create New<\/strong>.<\/li>\n<li>In the Name field, type <strong>Security_Admin_Profile<\/strong>.<\/li>\n<li>In the permissions table, set Security Profile to <strong>Read-Write<\/strong>, but set all other permissions to Read.<\/li>\n<li>Click <strong>OK<\/strong> to save the changes.<\/li>\n<\/ol>\n<figure id=\"attachment_30\" aria-describedby=\"caption-attachment-30\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-28\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/user-profile-e1691185014412.jpg\" alt=\"Create a custom profile\" width=\"400\" height=\"569\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/user-profile-e1691185014412.jpg 553w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/user-profile-e1691185014412-211x300.jpg 211w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/user-profile-e1691185014412-65x92.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/user-profile-e1691185014412-225x320.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/user-profile-e1691185014412-350x497.jpg 350w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-30\" class=\"wp-caption-text\">Figure 1.5: Create a custom profile<\/figcaption><\/figure>\n<h2>Create an Administrator Account<\/h2>\n<p>Now, you will create a new administrator account. You will assign the account to the administrator profile you created previously. The administrator will have read-only access to most of the configuration settings. To create an administrator account Continuing on the Local-FortiGate GUI, click <strong>System &gt; Administrators<\/strong>. Click Create New and then click Administrator to add a new administrator account and assign the previous profile you have created to the administrator.<\/p>\n<figure id=\"attachment_30\" aria-describedby=\"caption-attachment-30\" style=\"width: 1000px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-29 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/second.jpg\" alt=\"Create a local user\" width=\"1000\" height=\"585\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/second.jpg 1000w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/second-300x176.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/second-768x449.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/second-65x38.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/second-225x132.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/second-350x205.jpg 350w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-30\" class=\"wp-caption-text\">Figure 1.6: Create a local user<\/figcaption><\/figure>\n<h3>Test the New Administrator Account<\/h3>\n<p>In this procedure, you will confirm that the new administrator account has read-write access to only the security profiles configuration.<\/p>\n<p>To test the new administrator account Continuing on the Local-FortiGate GUI, click username (in my case, it&#8217;s admin2) and then Logout to log out of the admin account&#8217;s GUI session.<\/p>\n<figure id=\"attachment_30\" aria-describedby=\"caption-attachment-30\" style=\"width: 316px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-30 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/logout.jpg\" alt=\"Logout option\" width=\"316\" height=\"247\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/logout.jpg 316w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/logout-300x234.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/logout-65x51.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/logout-225x176.jpg 225w\" sizes=\"auto, (max-width: 316px) 100vw, 316px\" \/><figcaption id=\"caption-attachment-30\" class=\"wp-caption-text\">Figure 1.7: Logout option<\/figcaption><\/figure>\n<\/div>\n<p>Explore the permissions that you have in the GUI. You should see that this account can configure only security profiles. Log out of the GUI once done.<\/p>\n<\/div>\n<h2>Restrict Administrator Access<\/h2>\n<p>Now, you will restrict access for FortiGate administrators. Only administrators connecting from a trusted subnet will be allowed access. This is useful if you need to restrict the access points from which administrators connect to FortiGate. To restrict administrator access.<\/p>\n<ol>\n<li>Click <strong>System &gt; Administrators<\/strong>. Edit the admin account.<\/li>\n<li>Enable Restrict login to trusted hosts, and set <strong>Trusted Host 1<\/strong> to the address<br \/>\n<strong>192.168.10.100\/32<\/strong>.<\/li>\n<li>Click <strong>OK<\/strong> to save the changes.<\/li>\n<\/ol>\n<figure id=\"attachment_34\" aria-describedby=\"caption-attachment-34\" style=\"width: 999px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-31 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/administrator.jpg\" alt=\"create a trusted host for the user\" width=\"999\" height=\"650\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/administrator.jpg 999w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/administrator-300x195.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/administrator-768x500.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/administrator-65x42.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/administrator-225x146.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/administrator-350x228.jpg 350w\" sizes=\"auto, (max-width: 999px) 100vw, 999px\" \/><figcaption id=\"caption-attachment-34\" class=\"wp-caption-text\">Figure 1.8: Create a trusted host for the user<\/figcaption><\/figure>\n<h3>To test the restricted access<\/h3>\n<ol>\n<li>Continuing on Local-Windows, log out of the Local-FortiGate GUI session as the admin user.<\/li>\n<li>Try to log in to the admin2 account again with password &lt; Your password&gt;. Because you are trying to connect from the 192.168.10.101 address, you shouldn&#8217;t be able to connect.<\/li>\n<li>Log in as admin with password &lt;Your password&gt;. Enter the following CLI commands to add <strong>192.168.10.101\/32<\/strong> as the second trusted IP subnet (Trusted Host 2) to the admin account:\n<div class=\"textbox shaded\"><em>config system admin<\/em><br \/>\n<em>edit admin<\/em><br \/>\n<em>set trusthost2 192.168.10.101\/32<\/em><br \/>\n<em>end<\/em><\/div>\n<\/li>\n<li>Try to log in to the Local-FortiGate GUI at &lt;IP address&gt; with the username admin and password &lt;Your password&gt;. You should be able to log in. (<strong>Hint:<\/strong> add the IP address 192.168.10.101 to WebTerm and try to reach to the firewall.)<\/li>\n<\/ol>\n<figure id=\"attachment_34\" aria-describedby=\"caption-attachment-34\" style=\"width: 618px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-32 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/System-111.jpg\" alt=\"System settings\" width=\"618\" height=\"443\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/System-111.jpg 618w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/System-111-300x215.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/System-111-65x47.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/System-111-225x161.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/System-111-350x251.jpg 350w\" sizes=\"auto, (max-width: 618px) 100vw, 618px\" \/><figcaption id=\"caption-attachment-34\" class=\"wp-caption-text\">Figure 1.9: System settings<\/figcaption><\/figure>\n<h2>Configuration Backups<\/h2>\n<p>The configuration files produced by backups allow you to restore to an earlier FortiGate configuration.<\/p>\n<h3>Backup &amp; Restore<\/h3>\n<p style=\"text-align: left;\">Always back up the configuration file before making changes to FortiGate (even if the change seems minor or unimportant). There is no undo. You should carefully consider the pros and cons of an encrypted backup before you begin encrypting backups. While your configuration, including things like private keys, remains private, an encrypted file hampers troubleshooting because Fortinet support cannot read the file. Consider saving backups in plain-text and storing them in a secure place instead. Now, you will create an encrypted file with the backup of the FortiGate&#8217;s current configuration.<\/p>\n<h3>To save an encrypted configuration backup<\/h3>\n<p>Continuing on the Local-FortiGate GUI, in the upper-right corner, click <strong>admin<\/strong>, and then click <strong>Configuration &gt; Backup<\/strong>. On the Backup System Configuration page, enable Encryption. In the Password field, enter <strong>fortigate<\/strong> and repeat in the Confirm password field.<\/p>\n<figure id=\"attachment_34\" aria-describedby=\"caption-attachment-34\" style=\"width: 453px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-33 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/backup.jpg\" alt=\"Backup System Configuration\" width=\"453\" height=\"241\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/backup.jpg 453w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/backup-300x160.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/backup-65x35.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/backup-225x120.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/backup-350x186.jpg 350w\" sizes=\"auto, (max-width: 453px) 100vw, 453px\" \/><figcaption id=\"caption-attachment-34\" class=\"wp-caption-text\">Figure 1.10: Backup System Configuration<\/figcaption><\/figure>\n<p>Click <strong>OK<\/strong>.<\/p>\n<p>Select <strong>Save File<\/strong> and click <strong>OK<\/strong>.<\/p>\n<h3>To restore an encrypted configuration backup<\/h3>\n<p>Continuing on the Local-FortiGate GUI, in the upper-right corner, click admin, and then click <strong>Configuration &gt; Restore<\/strong>. On the Restore System Configuration page, click Upload. Browse to your <strong>Downloads<\/strong> folder and select the configuration file that you created in the previous procedure. In the Password field, type <strong>fortigate<\/strong>, and then click <strong>OK.<\/strong><\/p>\n<h2>DHCP (Dynamic Host Configuration Protocol)<\/h2>\n<p>You can configure one or more DHCP servers on any FortiGate interface. A DHCP server dynamically assigns IP addresses to hosts on the network connected to the interface. The host computers must be configured to obtain their IP addresses using DHCP.<\/p>\n<h3 style=\"text-align: left;\">Configure DHCP on the FortiGate<\/h3>\n<p style=\"text-align: left;\">To add a DHCP server on the GUI:<\/p>\n<ol>\n<li>Go to <strong>Network &gt; Interfaces<\/strong>.<\/li>\n<li>Edit an interface.<\/li>\n<li>Enable the DHCP Server option and configure the settings.<\/li>\n<\/ol>\n<figure id=\"attachment_34\" aria-describedby=\"caption-attachment-34\" style=\"width: 710px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-34 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/DHCP.jpg\" alt=\"Enable DHCP Server\" width=\"710\" height=\"807\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/DHCP.jpg 710w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/DHCP-264x300.jpg 264w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/DHCP-65x74.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/DHCP-225x256.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/DHCP-350x398.jpg 350w\" sizes=\"auto, (max-width: 710px) 100vw, 710px\" \/><figcaption id=\"caption-attachment-34\" class=\"wp-caption-text\">Figure 1.11: Enable DHCP Server<\/figcaption><\/figure>\n<p>To do it through command line, use following commands:<\/p>\n<div class=\"textbox shaded\" style=\"padding-left: 40px;\">\n<div><em>FGVM01TM19008000 # config system dhcp server<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (server) # edit 1<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (1) # set dns-service default<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (1) # set netmask 255.255.255.0<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (1) # config ip-range<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (ip-range) # edit 1<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (1) # set start-ip 192.168.1.1<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (1) # set end-ip 192.168.1.1<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (1) # next<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (ip-range) # edit 2<\/em><\/div>\n<div><em>new entry &#8216;2&#8217; added<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (2) # set start-ip 192.168.1.20<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (2) # set end-ip 192.168.1.30<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (2) # next<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (ip-range) # end<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (1) # next<\/em><\/div>\n<div><\/div>\n<div><em>FGVM01TM19008000 (server) # end<\/em><\/div>\n<div><\/div>\n<\/div>\n<div class=\"textbox\">If you are looking for a specific configuration or CLI, the <a href=\"https:\/\/docs.fortinet.com\/product\/fortigate\">FortiGate document library<\/a> has full resources.<\/div>\n<h2>Resources<\/h2>\n<ul>\n<li><a href=\"https:\/\/cmdref.net\/hardware\/fortigate\/index.html\">Fortinet Fortigate CLI Commands<\/a><\/li>\n<li><a href=\"https:\/\/docs.fortinet.com\/product\/fortigate\/7.2\">FortiGate document library<\/a><\/li>\n<\/ul>\n","protected":false},"author":124,"menu_order":1,"template":"","meta":{"pb_show_title":"on","pb_short_title":"","pb_subtitle":"","pb_authors":[],"pb_section_license":""},"chapter-type":[],"contributor":[],"license":[],"class_list":["post-35","chapter","type-chapter","status-publish","hentry"],"part":23,"_links":{"self":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/35","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters"}],"about":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/types\/chapter"}],"author":[{"embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/users\/124"}],"version-history":[{"count":1,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/35\/revisions"}],"predecessor-version":[{"id":36,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/35\/revisions\/36"}],"part":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/parts\/23"}],"metadata":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/35\/metadata\/"}],"wp:attachment":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/media?parent=35"}],"wp:term":[{"taxonomy":"chapter-type","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapter-type?post=35"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/contributor?post=35"},{"taxonomy":"license","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/license?post=35"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}