Work environment
- FortiGate 60E
- version 7.0.2
Configure the interface with the CLI
When configuring the interface with the CLI, the config system interface is the target of the configuration.
The config of each interface is represented by edit and is treated as one object.
config system interface
edit "wan1"
set ...
next
edit "wan2"
set ...
next
edit "dmz"
set ...
next
edit "internal1"
set ...
next
edit "internal2"
set ...
next
...
endNot only physical interfaces but also logical interfaces such as aggregate interface and vlan interface are set in this config.
The typical setting items related to the interface are described below.
IP address setting
To set a static IP address, set the mode to static and then set the IP address.
config system interface
edit "<interface-name>"
set mode static
set ip <ip-address> <subnet-mask>
next
end
#e.g.
config system interface
edit "internal1"
set mode static
set ip 10.1.20.1 255.255.255.0
next
endIf you want to configure the DHCP client, set the mode to dhcp.
config system interface
edit "<interface-name>"
set mode dhcp
next
endInterface status settings
Bring the interface up or shut the interface down.
config system interface
edit "<interface-name>"
set status <up|down>
next
end
#e.g.
config system interface
edit "internal1"
set status up
next
endInterface role settings
config system interface
edit "<interface-name>"
set role <role>
next
end
#e.g.
config system interface
edit "internal1"
set role lan
next
end
# set role
lan Connected to local network of endpoints.
wan Connected to Internet.
dmz Connected to server zone.
undefined Interface has no specific role.Management access permission settings
In order to accept management access such as https, ssh, ping, snmp on the interface, it is necessary to explicitly allow it. The setting item for this is allowaccess.
config system interface
edit "<interface-name>"
set allowaccess <service-list>
next
end
#e.g.
config system interface
edit "internal1"
set allowaccess ping https ssh
next
end
# set allowaccess
ping PING access.
https HTTPS access.
ssh SSH access.
snmp SNMP access.
http HTTP access.
telnet TELNET access.
fgfm FortiManager access.
radius-acct RADIUS accounting access.
probe-response Probe access.
fabric Security Fabric access.
ftm FTM access.
speed-test Speed test access.SNMP Index settings
Permanent SNMP Index of the interface.
config system interface
edit "<interface-name>"
set snmp-index <1-2147483647>
next
end
#e.g.
config system interface
edit "internal1"
set snmp-index 4
next
endInterface status check command
get system interface physical
FortiGate-60E # get system interface physical
== [onboard]
==[dmz]
mode: static
ip: 10.10.10.1 255.255.255.0
ipv6: ::/0
status: up
speed: 1000Mbps (Duplex: full)
==[internal1]
mode: static
ip: 10.1.20.1 255.255.255.0
ipv6: ::/0
status: up
speed: 100Mbps (Duplex: full)
==[internal2]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: down
speed: n/a
==[internal3]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: down
speed: n/a
==[internal4]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: down
speed: n/a
==[internal5]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: down
speed: n/a
==[internal6]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: down
speed: n/a
==[internal7]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: down
speed: n/a
==[wan1]
mode: dhcp
ip: 10.1.10.8 255.255.255.0
ipv6: ::/0
status: down
speed: n/a
==[wan2]
mode: dhcp
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: down
speed: n/a
==[modem]
mode: pppoe
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: down
speed: n/aget hardware nic <interface-name>
FortiGate-60E # get hardware nic dmz
Description :FortiASIC NP6LITE Adapter
Driver Name :FortiASIC NP6LITE Driver
Board :60E
lif id :2
lif oid :66
netdev oid :66
tx group :0
Current_HWaddr 04:d5:90:07:f6:00
Permanent_HWaddr 04:d5:90:07:f6:00
========== Link Status ==========
Admin :up
netdev status :up
autonego_setting:1
link_setting :0
speed_setting :10
duplex_setting :0
Speed :1000
Duplex :Full
link_status :Up
============ Counters ===========
Rx Pkts :79563
Rx Bytes :20032236
Tx Pkts :57168
Tx Bytes :36269107
Host Rx Pkts :79568
Host Rx Bytes :18918662
Host Tx Pkts :57170
Host Tx Bytes :36269287
Host Tx dropped :0
FragTxCreate :0
FragTxOk :0
FragTxDrop :0References
https://docs.fortinet.com/document/fortigate/7.0.2/cli-reference/8620/config-system-interface
docs.fortinet.com
Comments