Scripts – FortiManager 5.2

Syntax applicable for vpn console table

config vpnmgr vpntable edit xxxx set topology star|meshed|dial set psk-auto-generate enable|disable set psksecret xxxx set ike1proposal 3des-sha1 3des-md5 … set ike1dhgroup XXXX set ike1keylifesec 28800 set ike1mode aggressive|main set ike1dpd enable|disable set ike1nattraversal enable|disable set ike1natkeepalive 10 set ike2proposal 3des-sha1 3des-md5 set ike2dhgroup 5

set ike2keylifetype seconds|kbyte|both set ike2keylifesec 1800 set ike2keylifekbs 5120 set ike2keepalive enable|disable set replay enable|disable set pfs enable|disable set ike2autonego enable|disable set fcc-enforcement enable|disable

set localid-type auto|fqdn|user-fqdn|keyid|addressasn1dn set authmethod psk|signature set inter-vdom enable|disable set certificate XXXX

next

end

Syntax applicable for vpn console node

config vpnmgr node edit “1” set vpntable “<table_name>” set role hub|spoke set iface xxxx set hub_iface xxxx

set automatic_routing enable|disable set extgw_p2_per_net enable|disable set banner xxxx

set route-overlap use-old|use-new|allow

history

set dns-mode manual|auto set domain xxxx set local-gw x.x.x.x set unity-support enable|disable set xauthtype disable|client|pap|chap|auto

set authusr xxxx set authpasswd xxxx set authusrgrp xxxx set public-ip x.x.x.x config protected_subnet edit 1 set addr xxxx xxxx … next

end

Syntax applicable for setting installation target on policy package

config firewall policy edit x

…regular policy command here…

set _scope “<dev_name>”-“<vdom_name>”

next

end

Syntax applicable for global policy config global header policy

…regular policy command here…

end config global footer policy

…regular policy command here… end

This entry was posted in Administration Guides, FortiManager and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.