FortiGate Switch Standalone Kullanım(CLI)
FortiGate Switch'lerin standalone modda kurulumu, web arayüzü üzerinden oldukça kolay yapılsa da, CLI kullanımına alışkın olan ağ uzmanları için daha pratik olabilir. Bu yazıda, FortiGate Switch'i standalone modda yapılandırmak isteyenler için örnek bir CLI komut template’i hazırladım.
#####################################
1. Sistem Genel Ayarları
config system global
set hostname FORTI-SW
end
#####################################
2. Yönetici Hesap Ayarları
config system admin
edit <Username>
set accprofile super_admin
set password <Password>
set allow-remove-admin-session enable
end
#####################################
3. DNS Ayarları
config system dns
set primary 8.8.8.8
set secondary 8.8.4.4
set domain kn.local
end
#####################################
4. NTP Sunucu Ayarları
config ntpserver
edit 1
set server 10.1.1.1
next
end
#####################################
5. VLAN Tanımlamaları
config switch vlan
edit 1101
set description SW_MGMT_VLAN
next
edit 1102
set description DATA_VLAN
next
edit 1103
set description VOICE_VLAN
end
#####################################
6. Ağ Arayüz Erişim Ayarları
config system interface
edit SW_MGMT_VLAN
set alias SW_MGMT
set mode static
set ip 10.1.101.10 255.255.255.0
set allowaccess ping https ssh
set vlanid 1101
set interface internal
set status up
end
#####################################
7. Statik Yönlendirme Ayarları
config router static
edit 1
set comment Default_Gateway
set device SW_MGMT_VLAN
set dst 0.0.0.0 0.0.0.0
set gateway 10.1.101.1
next
end
#####################################
8. Forti Switch Port Ayarları (Access Port)
config switch interface
edit port5
set description Access-INT
set native-vlan 1102
set stp-bpdu-guard enabled
set rpvst-port enabled
next
end
#####################################
9. Forti Switch Port Ayarları (Uplink Port)
config switch interface
edit port48
set description UPLINK-INTERFACE
set allowed-vlans 1-4094
set stp-root-guard enabled
set rpvst-port enabled
end
#####################################
10. Fiziksel Port CDP Ayarları
config switch physical-port
edit port48
set cdp-status tx-rx
end
#####################################
11. PortChannel (TRUNK) Ayarları
config switch trunk
edit Forti_To_Cisco
set description LACP
set mode lacp-active
set members port23 port24
set port-selection-criteria src-dst-mac
set lacp-speed fast
next
end
config switch interface
edit Forti_To_Cisco
set description TRUNK-ALLOW
set allowed-vlans 1-4094
set dhcp-snooping trusted
set stp-root-guard enabled
set loop-guard enabled
set edge-port disabled
set rpvst-port enabled
next
end
12. SNMP Ayarları
config system snmp sysinfo
set contact-info IT
set description FORTIGATE-SW
set location ANKARA
set status enable
set trap-high-cpu-interval 1min
set trap-high-cpu-threshold 80
set trap-log-full-threshold 90
set trap-low-memory-threshold 80
set trap-temp-alarm-threshold 70
set trap-temp-warning-threshold 65
end
config system snmp community
edit 2
set events cpu-high mem-low log-full intf-ip ent-conf-change llv psu-status fan-detect sensor-alarm
config hosts
edit 2
set interface SW_MGMT_VLAN
set ip 10.1.x.x 255.255.255.0
next
end
set name SnmpCom
set query-v1-status disable
set trap-v1-status disable
set trap-v2c-status enable
set status enable
set query-v2c-status enable
set query-v2c-port 161
set trap-v2c-rport 162
set trap-v2c-lport 162
next
end