Friday, March 20, 2020
Wednesday, March 18, 2020
VPN setup between Fortinet and Meraki - Part 2
Fortigate CLI on 5.6.12
config vpn ipsec phase1-interface
edit meraki1
set interface "port1"
set keylife 28800
set peertype any
set proposal 3des-sha1
set dpd disable
set dhgrp 2
set nattraversal disable
set remote-gw 64.65.66.67
set psksecret
end
config vpn ipsec phase2-interface
edit meraki1
set phase1name meraki1
set proposal aes256-sha1
set pfs disable
set keylifeseconds 28800
set src-subnet 10.111.0.0 255.255.255.0
set dst-subnet 10.222.0.0 255.255.255.0
end
config router static
edit 0
set dst 10.222.0.0 255.255.0.0
set device meraki1
end
Fortigate SNMP to get sessions with specific IP address
I have a need to keep a count of sessions from the Internet to a specific IP address.
snmpwalk -c mycommunity 10.1.2.3 1.3.6.1.4.1.12356.101.11.2.1.1.5 | grep 64.65.66.67 | wc
This one liner does the trick for now. 64.65.66.67 is the destination IP address on my network.
***
The example below will list all the session on the Fortigate and took about two minutes to complete with 1628 sessions.
snmpwalk -c mycommunity 10.1.2.3 1.3.6.1.4.1.12356.101.11.2.1.1.5
snmpwalk -c mycommunity 10.1.2.3 1.3.6.1.4.1.12356.101.11.2.1.1.5 | grep 64.65.66.67 | wc
This one liner does the trick for now. 64.65.66.67 is the destination IP address on my network.
***
The example below will list all the session on the Fortigate and took about two minutes to complete with 1628 sessions.
snmpwalk -c mycommunity 10.1.2.3 1.3.6.1.4.1.12356.101.11.2.1.1.5
SNMPv2-SMI::enterprises.12356.101.11.2.1.1.5.1624 = IpAddress: 10.1.2.3
SNMPv2-SMI::enterprises.12356.101.11.2.1.1.5.1625 = IpAddress: 10.1.3.1
SNMPv2-SMI::enterprises.12356.101.11.2.1.1.5.1626 = IpAddress: 10.1.4.2
SNMPv2-SMI::enterprises.12356.101.11.2.1.1.5.1627 = IpAddress: 10.1.5.5
SNMPv2-SMI::enterprises.12356.101.11.2.1.1.5.1628 = IpAddress: 199.232.32.21
Subscribe to:
Posts (Atom)