Scribd
Upload
30 views5 pages

Plantilla para Configuracion Fortinet 40f

The document outlines the configuration of a network system, including virtual switches, firewall policies, DHCP settings, and routing protocols. It details the setup of TACACS for user authentication and SNMP community settings for network monitoring. Key configurations include interface settings, traffic shaping policies, and firewall rules for traffic management.

Uploaded by

rrondon926
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
30 views5 pages

Plantilla para Configuracion Fortinet 40f

The document outlines the configuration of a network system, including virtual switches, firewall policies, DHCP settings, and routing protocols. It details the setup of TACACS for user authentication and SNMP community settings for network monitoring. Key configurations include interface settings, traffic shaping policies, and firewall rules for traffic management.

Uploaded by

rrondon926
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

--------------------------------------------------------------------------

config system virtual-switch


edit "lan"
set physical-switch "sw0"
config port
delete lan1
next
end

get system status


config system interface
edit "lan"
unset ip
next
edit "fortilink"
unset member
next
end
config system dhcp server
purge
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!seleccionar (YES)!!!!!!!!!!!!!!!!!!!!!!!!!!!!
end

config firewall policy


delete 1
end
config firewall address
delete lan
end

config system global


set hostname "BOTICAS-IP-CD246092"
set timezone 11
end

config system interface


edit "wan"
set vdom "root"
set allowaccess ping https ssh snmp telnet
set type physical
set alias "WAN |BOTICAS IP | CD=246092"
set estimated-upstream-bandwidth 5120
set estimated-downstream-bandwidth 5120
set role wan
set snmp-index 1
set speed 1000full
next

edit "SUBINTWAN"
set vdom "root"
set mode static
set ip 10.139.5.138 255.255.255.252
set alias "WAN |BOTICAS IP | CD=246092"
set allowaccess ping https ssh snmp telnet
set device-identification enable
set estimated-upstream-bandwidth 5120
set estimated-downstream-bandwidth 5120
set monitor-bandwidth enable
set role wan
set snmp-index 7
set interface "wan"
set vlanid 39
next
edit "lan1"
set vdom "root"
set ip 172.20.254.253 255.255.255.0
set allowaccess ping telnet ssh snmp
set type physical
set vrrp-virtual-mac enable
config vrrp
edit 10
set vrgrp 10
set vrip 172.20.254.1
set priority 95
set vrdst 10.100.0.46
set vrdst-priority 85
next
end
next
end

config router bgp


set as 65487
set router-id 10.139.5.138
set keepalive-timer 10
set holdtime-timer 30
config neighbor
edit "10.139.5.137"
set soft-reconfiguration enable
set remote-as 6147
set update-source "wan"
next
end
config network
edit 1
set prefix 172.20.254.253 255.255.255.0
next
end

config firewall shaper traffic-shaper


edit "Voz"
set guaranteed-bandwidth 1000
set maximum-bandwidth 5000
set priority high
set per-policy enable
set diffserv enable
set diffservcode 101000
next
edit "Plata"
set guaranteed-bandwidth 1000
set maximum-bandwidth 5000
set priority medium
set per-policy enable
set diffserv enable
set diffservcode 001010
next
end

config firewall service custom


edit "VOIP RTP"
set tcp-portrange 5060
set tcp-portrange 1720
set udp-portrange 16384-32767
next
end

config firewall policy


edit 1
set name "LAN_TO_WAN"
set uuid 151ffbec-7dde-51ee-fc8e-275a364d0871
set srcintf "lan"
set dstintf "SUBINTWAN"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set nat disable
next
edit 2
set name "WAN_TO_LAN"
set uuid 153f8f2a-7dde-51ee-cbb4-d8e1c9911f59
set srcintf "SUBINTWAN"
set dstintf "lan"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
next
end
config firewall shaping-policy
edit 1
set name "Voz"
set comment "Precedencia 5"
set service "VOIP RTP"
set dstintf "SUBINTWAN"
set tos-mask 0xfc
set traffic-shaper "Voz"
set srcaddr "lan"
set dstaddr "all"
next
edit 2
set name "Plata"
set comment "Precedencia 1"
set service "ALL"
set dstintf "SUBINTWAN"
set tos-mask 0xfc
set traffic-shaper "Plata"
set srcaddr "all"
set dstaddr "all"
next
end

-----------------------------------------------------

TACACS VPN FORTINET:

config user tacacs+


edit "My-Tacacs-Server"
set server "10.125.25.17"
set key redip
next
end

config user group


edit "My-Tacacs-Group"
set group-type firewall
set member "My-Tacacs-Server"
next
end

config system admin


edit "My-Tacacs-User"
set remote-auth enable
set accprofile "super_admin"
set vdom "root"
set wildcard enable
set remote-group "My-Tacacs-Group"
next
end

config system admin

delete admin

edit "tp_gics_provisi"
set remote-auth enable
set accprofile "super_admin"
set vdom "root"
set remote-group "My-Tacacs-Group"
set password provision@gics
next
end

---------------------------------------------------------------

SNMP:

config system snmp community


edit 1
set name "pubcgrc"
config hosts
edit 1
set ip 10.28.128.0 255.255.255.0
next
end
next
end

-------------------------------------------------------------------

You might also like