FortiGate Configuration Scripter | FortiOS 7.0/7.2
Vul alleen de eerste 3 octetten in, de laatste wordt ingevuld door het script!
Model:
FortiGate 40F
FortiGate 60F-81F
MGMT Network:
Customer Network:
VoIP Network:
Guest Network:
Facility Network:
Password:
DialUp PSK:
Copy script
config system interface edit "" set alias "Werkplekken" set vdom root set ip .254/24 set interface set vlanid 0 next edit "vlan172" set alias "Beheer" set vdom root set ip .254/24 set interface set vlanid 172 next edit "vlan20" set alias "VoIP" set vdom root set ip .254/24 set interface set vlanid 20 next edit "vlan30" set alias "Gasten" set vdom root set ip .254/24 set interface set vlanid 30 next edit "vlan40" set alias "Facilitair" set vdom root set ip .254/24 set interface set vlanid 40 next end config system dhcp server edit 1 set lease-time 28800 set default-gateway .254 set netmask 255.255.255.0 set interface "" config ip-range edit 1 set start-ip .100 set end-ip .200 next end set dns-server1 8.8.8.8 set dns-server2 8.8.4.4 next edit 1 set dns-server1 8.8.8.8 set dns-server2 8.8.4.4 next edit 3 set lease-time 86400 set default-gateway .254 set netmask 255.255.255.0 set interface "vlan172" config ip-range edit 1 set start-ip .100 set end-ip .200 next end set dns-server1 8.8.8.8 set dns-server2 8.8.4.4 next edit 4 set lease-time 86400 set default-gateway .254 set netmask 255.255.255.0 set interface "vlan20" config ip-range edit 1 set start-ip .100 set end-ip .200 next end set dns-server1 8.8.8.8 set dns-server2 8.8.4.4 next edit 5 set lease-time 7200 set default-gateway .254 set netmask 255.255.255.0 set interface "vlan30" config ip-range edit 1 set start-ip .50 set end-ip .200 next end set dns-server1 8.8.8.8 set dns-server2 8.8.4.4 next edit 6 set lease-time 86400 set default-gateway .254 set netmask 255.255.255.0 set interface "vlan40" config ip-range edit 1 set start-ip .100 set end-ip .200 next end set dns-server1 8.8.8.8 set dns-server2 8.8.4.4 next end config firewall policy delete 1 end config system sdwan set status enable config members edit 1 set interface "" next edit 2 set interface "wan2" set cost 20 set priority 2 next end config health-check edit "Failover" set server "8.8.8.8" "8.8.4.4" set update-static-route disable set members 0 config sla edit 1 set latency-threshold 50 set jitter-threshold 10 set packetloss-threshold 5 next end next end next end config router static edit 1 set distance 1 set sdwan-zone "virtual-wan-link" next end config firewall policy edit 1 set name "INTERNET" set srcintf "" "vlan172" "vlan20" "vlan30" "vlan40" set dstintf "virtual-wan-link" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set logtraffic all set nat enable next end config system settings set sip-expectation disable set sip-nat-trace disable set default-voip-alg-mode kernel-helper-based end config system session-helper delete 13 end config firewall address edit "EXT_MatenICT1" set subnet 83.136.199.112 255.255.255.255 next edit "EXT_MatenICT2" set subnet 91.192.38.14 255.255.255.255 next edit "EXT_MatenICT3" set subnet 92.70.240.248 255.255.255.255 next end config firewall addrgrp edit "MGMT_External" set member "EXT_MatenICT1" "EXT_MatenICT2" "EXT_MatenICT3" next end config firewall service custom edit "FG_MGMT" set tcp-portrange 666 next end config firewall local-in-policy edit 1 set intf "" set srcaddr "MGMT_External" set srcaddr-negate enable set dstaddr "all" set service "FG_MGMT" set schedule "always" next end config system global set admin-sport 666 end config system interface edit "" set allowaccess https next end config system settings set gui-multiple-interface-policy enable end config system admin edit "adm_matenict" set accprofile "super_admin" set password next end config system global set timezone 26 set gui-theme onyx next end config user group edit FortiClientVPN config match next end config firewall address edit "C2S-IPRange" set type iprange set start-ip 10.100.200.101 set end-ip 10.100.200.150 next end config firewall addrgrp edit C2S-SplitNetworks next end config vpn ipsec phase1-interface edit "C2S-FortiClient" set type dynamic set interface "wan1" set ike-version 2 set peertype any set mode-cfg enable set eap enable set eap-identity send-request set authusrgrp "FortiClientVPN" set assign-ip enable set assign-ip-from range set ipv4-start-ip 10.100.200.101 set ipv4-end-ip 10.100.200.150 set ipv4-netmask 255.255.255.255 set dns-mode manual set ipv4-dns-server1 1.1.1.1 set ipv4-split-include "C2S-SplitNetworks" set proposal aes256-sha256 set dhgrp 20 set dpd on-demand set dpd-retryinterval 20 set psksecret next end config vpn ipsec phase2-interface edit "C2S-FortiClient" set phase1name "C2S-FortiClient" set proposal aes256-sha256 set dhgrp 20 set pfs enable set keylifeseconds 43200 set src-subnet 0.0.0.0 0.0.0.0 set dst-subnet 0.0.0.0 0.0.0.0 set encapsulation tunnel-mode next end config firewall policy edit 2 set name "CLIENT-VPN" set srcintf C2S-FortiClient set dstintf set action accept set srcaddr "C2S-IPRange" set dstaddr "all" set schedule "always" set service "ALL" set logtraffic all set nat disable next end