FortiGate Configuration Reference
1 | config user radius |
2 | edit "Radius-1" |
3 | set server {{ ip }} |
4 | set secret {{ key }} |
5 | set radius-port 1645 |
6 | set auth-type ms_chap_v2 |
7 | set secondary-server {{ sec_ip }} |
8 | set secondary-secret {{ sec_key }} |
9 | next |
10 | |
11 | config user group |
12 | edit {{ group }} |
13 | set member "Radius-1" |
14 | config match |
15 | edit 1 |
16 | set server-name "Radius-1" |
17 | set group-name {{ group }} |
18 | end |
1 | config system global |
2 | set vdom-admin enable |
3 | end |
4 | |
5 | config vdom |
6 | edit {{ vdom_name }} |
7 | end |
1 | config system global |
2 | set hostname {{ host_name }} |
3 | end |
4 | |
5 | config system ha |
6 | set group-id {{ number }} |
7 | set group-name "{{ name }}" |
8 | set mode a-p |
9 | set password |
10 | set hbdev "portX" 50 "portY" 50 |
11 | set session-pickup enable |
12 | set ha-mgmt-status enable |
13 | set ha-mgmt-interface "mgmt1" ****make sure no references (DHCP-server, route) |
14 | set ha-mgmt-interface-gateway {{ gateway_ip }} |
15 | set override disable |
16 | set ha-direct enable |
17 | end |
18 | |
19 | config system interface |
20 | edit mgmt1 ****** This is an individual IP address to login to the specific unit |
21 | set ip {{ ip }} {{ subnet }} |
22 | set dedicated-to management |
23 | set allowaccess ping https ssh fgfm |
24 | next |
25 | |
26 | edit "mgmt2" **** This is a VIP only logs into active |
27 | set vdom |
28 | set ip |
29 | set allowaccess ping https ssh snmp fgfm |
30 | set role |
31 | next |
1 | config system settings |
2 | set central-nat enable |
3 | end |
4 | |
5 | config firewall central-snat-map |
6 | edit {{ number }} |
7 | set orig-addr {{ source_ip }} |
8 | set dst-addr "all" |
9 | set nat-ippool {{ nat_ip }} |
10 | next |
11 | |
12 | config firewall ippool |
13 | edit {{ description }} |
14 | set startip {{ start_ip }} |
15 | set endip {{ end_ip }} |
16 | set arp-reply enable |
17 | set arp-intf {{ arp_int }} |
18 | end |
1 | config system interface |
2 | set vdom {{ vdom }} |
3 | set alias {{ description }} |
4 | set allowaccess {{ ping|ssh|https }} |
5 | set role {{ role }} |
6 | edit {{ port }} |
7 | set ip {{ ip }} |
8 | end |
1 | config router static |
2 | edit 1 |
3 | set gateway {{ ip }} |
4 | set device {{ interface }} |
5 | end |
1 | config firewall policy |
2 | edit 15 |
3 | set name {{ description }} |
4 | set srcintf {{ src_interface }} |
5 | set dstintf {{ dest_interface }} |
6 | set srcaddr {{ src_ip }} |
7 | set dstaddr "all" |
8 | set action accept |
9 | set schedule "always" |
10 | set service "ALL" |
11 | set nat enable |
12 | set utm-status enable |
13 | set logtraffic all |
14 | set logtraffic-start enable |
15 | set comments {{ comments }} |
16 | set av-profile {{ av }} |
17 | set webfilter-profile {{ web }} |
18 | set ips-sensor {{ ips }} |
19 | set application-list {{ application }} |
20 | end |