Tuesday, December 24, 2013

New Book - Getting Started with Fortigate

I recently had the chance to work with Fabrizio on a new book he was writing. Go ahead and check it out. Yours truly served as a technical reviewer :)

Getting Started with FortiGate

Thursday, December 5, 2013

Get a 'grep' on your config

I search configs a lot via the CLI. This saves time and sometimes downloading a config and searching it in Notepad++ is not an option.
When looking for particular pieces of a config you can use the UNIX style "grep" command to filter output, for example:

# show | grep 192.168.1.99      
      
  set ip 192.168.1.99 255.255.255.0

Great. Now we know that there is a line that contains the IP address. But where in the config is it? In FortiOS 5.0 the "FortiOS context" switch was introduced which helps in tracking this down.

# show | grep -f 192.168.1.99
config system interface
    edit "port10"
        set vdom "root"
        set ip 192.168.1.99 255.255.255.0 <---
        set type physical
        set snmp-index 10
    next
end


Notice that when using the -f switch the firewall shows the entire "context" that the string is used in. Also there's a handy little arrow on the right which points out where in the context the string exists.