------- Executing time: 2013-10-21 16:21:43 ------

Starting log (Run on device)

 

FortiGate-VM64 #

config global

FortiGate-VM64 (global) # get system performance status

 

CPU states: 0% user 0% system 0% nice 100% idle

CPU0 states: 0% user 0% system 0% nice 100% idle

CPU1 states: 0% user 0% system 0% nice 100% idle

Memory states: 73% used

Average network usage: 0 kbps in 1 minute, 0 kbps in 10 minutes, 0 kbps in 30 minutes

Average sessions: 1 sessions in 1 minute, 2 sessions in 10 minutes, 2 sessions in 30 minutes

Average session setup rate: 0 sessions per second in last 1 minute, 0 sessions per second in last 10 minutes, 0 sessions per second in last 30 minutes

Virus caught: 0 total in 1 minute

IPS attacks blocked: 0 total in 1 minute

Uptime: 6 days, 1 hours, 34 minutes

 

FortiGate-VM64 (global) # end

FortiGate-VM64 #

------- The end of log ----------

 

#!

#Run on FortiOS v5.00

#This script will configure common global, user group and ntp settings

#if you do not want to set a parameter, comment the

#corresponding set command

#if you want to reset a parameter to it's default

#value, set it an empty string

puts [exec "# This is an example TCL script to configure global, user group and ntp setting of FortiGate\n" "# " 15 ]

 

# global

set sys_global(admintimeout) ""

# user group

set sys_user_group(authtimeout) 20

# ntp

set sys_ntp(source-ip) "0.0.0.0"

set sys_ntp(ntpsync) "enable"

#procedure to execute FortiGate command

proc fgt_cmd cmd {

puts -nonewline [exec "$cmd\n" "# " 30]

}

#config system global---begin

fgt_cmd "config global"

fgt_cmd "config system global"

foreach key [array names sys_global] {

if {$sys_global($key) ne ""} {

fgt_cmd "set $key $sys_global($key)"

} else {

fgt_cmd "unset $key"

}

}

fgt_cmd "end"

fgt_cmd "end"

#config system global---end

 

#config system user group---begin

fgt_cmd "config vdom"

fgt_cmd "edit root"

fgt_cmd "config user group"

fgt_cmd "edit groupname"

foreach key [array names sys_user_group] {

if {$sys_user_group($key) ne ""} {

fgt_cmd "set $key $sys_user_group($key)"

} else {

fgt_cmd "unset $key"

}

}

fgt_cmd "end"

fgt_cmd "end"

#config system user group---end

 

#config system ntp---begin

fgt_cmd "config global"

fgt_cmd "config system ntp"

foreach key [array names sys_ntp] {

if {$sys_ntp($key) ne ""} {

fgt_cmd "set $key $sys_ntp($key)"

} else {

fgt_cmd "unset $key"

}

}

fgt_cmd "end"

fgt_cmd "end"

#config system ntp---end

------- Executing time: 2013-10-22 09:12:57 ------

Starting log (Run on device)

 

FortiGate-VM64 # config global

FortiGate-VM64 (global) # config system global

FortiGate-VM64 (global) # unset admintimeout

FortiGate-VM64 (global) # end

FortiGate-VM64 (global) # end

FortiGate-VM64 # config vdom

FortiGate-VM64 (vdom) # edit root

current vf=root:0

FortiGate-VM64 (root) # config user group

FortiGate-VM64 (group) # edit groupname

FortiGate-VM64 (groupname) # set authtimeout 20

FortiGate-VM64 (groupname) # end

FortiGate-VM64 (root) # end

FortiGate-VM64 # config global

FortiGate-VM64 (global) # config system ntp

FortiGate-VM64 (ntp) # set ntpsync enable

FortiGate-VM64 (ntp) # set source-ip 0.0.0.0

FortiGate-VM64 (ntp) # end

FortiGate-VM64 (global) # end

FortiGate-VM64 #

------- The end of log ----------

#!

#Run on FortiOS v5.00

#This script will configure log syslogd setting and

#filter

#key-value pairs for 'config log syslogd setting', no

#value means default value.

set setting_list {{status enable} {csv enable}

{facility alert} {port} {server 1.1.1.2}}

#key-value pairs for 'config log syslogd filter', no

#value means default value.

puts [exec "# This is an example TCL script to configure log syslogd setting and filter setting of FortiGate\n" "# " 15 ]

set filter_list {{attack enable} {email enable} {severity} {traffic enable} {virus disable}

{web enable}}

#set the number of syslogd server, "", "2" or "3"

set syslogd_no "2"

#procedure to execute FortiGate CLI command

proc fgt_cmd cmd {

puts -nonewline [exec "$cmd\n" "# "]

}

#procedure to set a series of key-value pairs

proc set_kv kv_list {

foreach kv $kv_list {

set len [llength $kv]

if {$len == 0} {

continue

} elseif {$len == 1} {

fgt_cmd "unset [lindex $kv 0]"

} else {

fgt_cmd "set [lindex $kv 0] [lindex $kv 1]"

}

}

}

#configure log syslogd setting---begin

fgt_cmd "config global"

fgt_cmd "config log syslogd$syslogd_no setting"

set_kv $setting_list

fgt_cmd "end"

#configure log syslogd setting---end

#configure log syslogd filter---begin

fgt_cmd "config log syslogd$syslogd_no filter"

set_kv $filter_list

fgt_cmd "end"

#configure log syslogd filter---end

Starting log (Run on device)

 

FortiGate-VM64 # config global

FortiGate-VM64 (global) # config log syslogd2 setting

FortiGate-VM64 (setting) # set status enable

FortiGate-VM64 (setting) # set csv enable

FortiGate-VM64 (setting) # set facility alert

FortiGate-VM64 (setting) # unset port

FortiGate-VM64 (setting) # set server 1.1.1.2

FortiGate-VM64 (setting) # end

 

FortiGate-VM64 (global) # config log syslogd2 filter

FortiGate-VM64 (filter) # set attack enable

FortiGate-VM64 (filter) # set email enable

FortiGate-VM64 (filter) # unset severity

FortiGate-VM64 (filter) # set traffic enable

FortiGate-VM64 (filter) # set virus disable

FortiGate-VM64 (filter) # set web enable

FortiGate-VM64 (filter) # end

FortiGate-VM64 (global) #

 

------- The end of log ----------

#!

#This script will configure the FortiGate device to

#communicate with a FortiAnalyzer unit

#Enter the following key-value pairs for 'config

#system fortianalyzer'

set status enable

set enc-algorithm high

#localid will be set as the hostname automatically

#later

puts [exec "# This is an example TCL script to configure the FortiGate to communicate with a FortiAnalyzer\n" "# " 15 ]

set server 1.1.1.1

#for fortianalyzer, fortianalyzer2 or

#fortianalyzer3, enter the corresponding value "",

#"2", "3"

set faz_no ""

#keys used for 'config system fortianalyzer', if you

#do not want to change the value of a key, do not put

#it in the list

set key_list {status enc-algorithm localid server }

##procedure to get system status from a FortiGate

proc get_sys_status aname {

upvar $aname a

set input [split [exec "get system status\n" "# "] \n]

foreach line $input {

if {![regexp {([^:]+):(.*)} $line dummy key value]} continue

set a([string trim $key]) [string trim $value]

}

}

#procedure to execute FortiGate command

proc fgt_cmd cmd {

puts -nonewline [exec "$cmd\n" "# "]

}

#set the localid as the FortiGate's hostname

get_sys_status sys_status

set localid $sys_status(Hostname)

#config system fortianalyzer---begin

fgt_cmd "config global"

fgt_cmd "config log fortianalyzer$faz_no setting"

foreach key $key_list {

if [info exists $key] {

fgt_cmd "set $key [set $key]"

} else {

fgt_cmd "unset $key"

}

}

fgt_cmd "end"

fgt_cmd "end"

#config system fortianalyzer---end

Starting log (Run on device)

FortiGate-VM64 # config global

FortiGate-VM64 (global) # config log fortianalyzer setting

FortiGate-VM64 (setting) # set status enable

FortiGate-VM64 (setting) # set enc-algorithm high

FortiGate-VM64 (setting) # set localid FortiGate-VM64

FortiGate-VM64 (setting) # set server 1.1.1.1

FortiGate-VM64 (setting) # end

FortiGate-VM64 (global) # end

FortiGate-VM64 #

------- The end of log ---------

#!

#Run on FortiOS v5.00

#This script will create custom ips signatures and

#change the settings for the custom ips signatures

 

puts [exec "# This is an example TCL script to create custom ips signatures and change the settings for the custom ips signatures on a FortiGate\n" "# " 15 ]

#Enter custom ips signatures, signature names are the

#names of array elements

set custom_sig(c1) {"F-SBID(--protocol icmp;--icmp_type 10; )"}

set custom_sig(c2) {"F-SBID(--protocol icmp;--icmp_type 0; )"}

#Enter custom ips settings

set custom_rule(c1) {{status enable} {action block} {log enable} {log-packet} {severity high}}

set custom_rule(c2) {{status enable} {action pass} {log} {log-packet disable} {severity low}}

#procedure to execute FortiGate command

proc fgt_cmd cmd {

puts -nonewline [exec "$cmd\n" "# "]

}

#procedure to set a series of key-value pairs

proc set_kv kv_list {

foreach kv $kv_list {

set len [llength $kv]

if {$len == 0} {

continue

} elseif {$len == 1} {

fgt_cmd "unset [lindex $kv 0]"

} else {

fgt_cmd "set [lindex $kv 0] [lindex $kv 1]"

}

} }

#config ips custom---begin

fgt_cmd "config vdom"

fgt_cmd "edit root"

fgt_cmd "config ips custom"

foreach sig_name [array names custom_sig] {

fgt_cmd "edit $sig_name"

fgt_cmd "set signature $custom_sig($sig_name)"

fgt_cmd "next"

}

fgt_cmd "end"

#config ips custom settings---begin

foreach rule_name [array names custom_rule] {

fgt_cmd "config ips custom"

fgt_cmd "edit $rule_name"

set_kv $custom_rule($rule_name)

fgt_cmd "end"

}

fgt_cmd "end"

#config ips custom settings---end

Starting log (Run on device)

FortiGate-VM64 # config vdom

FortiGate-VM64 (vdom) # edit root

current vf=root:0

FortiGate-VM64 (root) # config ips custom

FortiGate-VM64 (custom) # edit c1

set signature "F-SBID(--protocol icmp;--icmp_type 10; )"

FortiGate-VM64 (c1) # set signature "F-SBID(--protocol icmp;--icmp_type 10; )"

FortiGate-VM64 (c1) # next

FortiGate-VM64 (custom) # edit c2

FortiGate-VM64 (c2) # set signature "F-SBID(--protocol icmp;--icmp_type 0; )"

FortiGate-VM64 (c2) # next

FortiGate-VM64 (custom) # end

FortiGate-VM64 (root) # config ips custom

FortiGate-VM64 (custom) # edit c1

FortiGate-VM64 (c1) # set status enable

FortiGate-VM64 (c1) # set action block

FortiGate-VM64 (c1) # set log enable

FortiGate-VM64 (c1) # unset log-packet

FortiGate-VM64 (c1) # set severity high

FortiGate-VM64 (c1) # end

FortiGate-VM64 (root) # config ips custom

FortiGate-VM64 (custom) # edit c2

FortiGate-VM64 (c2) # set status enable

FortiGate-VM64 (c2) # set action pass

FortiGate-VM64 (c2) # unset log

FortiGate-VM64 (c2) # set log-packet disable

FortiGate-VM64 (c2) # set severity low

FortiGate-VM64 (c2) # end

FortiGate-VM64 (root) # end

FortiGate-VM64 #

------- The end of log ----------