FORTIGATEHQIP简单操作文档.docx

1、FORTIGATEHQIP简单操作文档FORTIGATE HQIP简单操作文档Fortigate-100A 3.00,build0474,061228 技术部 王俊 2007-12-7目的：飞塔防火墙出现问题时用于设备硬件状态的一种手段前期准备：首先下载思科TFTP服务器模拟器 地址：然后去 去下载做HQIP所需的文件 注：文件后缀名*.imgHQIP文件要放到TFTP服务器的根目录下那么现在可以正式开始了第一步：打开TFTP服务器图-1标题栏的地址是192.168.1.96 这个地址是本机的地方 即：把基本模拟成TFTP服务器 这个地址要是192.168.1.0网段 即和FORTIGATE的

2、内网口地址一个网段，先把它晾这里。第二步：打开超级终端开始-程序-附件-通讯超级终端图-2这里的名字可以随便填图-3这里选COM 1口图-4这里点以下还原为默认值图-5随后就正式进入超级终端界面了这是可以帮FORTIGATE通电了通电后出现以下界面图-6通电后不停按空格键（其实是按任意键）然后选个GFBCQH这里我们做的是HQIP所以选择G图-7第一个选项输入TFTP标题栏的地址第二个选项输入FORTIGATE内网口地址第三个文件是之前准备好的HQIP文件然后按回车TFTP服务器中会有进度显示图-8一直到成功！图-9超级终端会让你选择DBR选择R在选择R的同时用交叉线把所有接口一对一连起来 以

3、FORTIGATE 100A为例FortiGate-100A: INTERNAL +-+ 4 3 2 1 DMZ2 DMZ1 WAN2 WAN1 + + + + + + + + | | | +-+ | | | | | +-+ | | | +-+ | +-+ 飞塔网站上有各个型号的不同接法供参考一直到出现这个界面= Fortinet Hardware Quick Inspection Report = BIOS Integrity Check: PASS PCI Device Check: PASS System Configuration Verification: PASS Memory T

4、est: PASS CPU Test: PASS CPU/MEM Performance Test: PASS USB Test: FAIL FortiASIC Device Test: PASS IDE Test: PASS Network Controller Test: PASS = Fortinet Hardware Quick Inspection FAILED =USB Test requires loopback cables.Failure on this test may be caused by bad cable or poor connection.Check wiri

5、ngs before taking further actions.这里可以根据分析结果来判断设备问题 下面是一份完整的 飞塔60 HQIP记录FGT60 (11:24-04.25.2005) Ver:04000000 Serial number:FGT-603907503437 RAM activation Total RAM: 128MB Enabling cache.Done. Scanning PCI bus.Done. Allocating PCI resources.Done. Enabling PCI resources.Done. Zeroing IRQ settings.Do

6、ne. Verifying PIRQ tables.Done. Boot up, boot device capacity: 30MB. Press any key to display configuration menu. . G: Get firmware image from TFTP server. F: Format boot device. Q: Quit menu and continue to boot with default firmware. H: Display this list of options Enter G,F,Q,or H: Enter G,F,Q,or

7、 H: Enter TFTP server address 192.168.1.168: 192.168.1.96 Enter local address 192.168.1.188: 192.168.1.99 Enter firmware image file name image.out: FG-60-HQIP.img MAC:00:09:0f:17:57:d8 # Total 3876448 bytes data downloaded. Verifying the integrity of the firmware image. Total 28000kB unzipped. Save

8、as Default firmware/Run image without saving:D/R? . Reading boot image 1970152 bytes. Initializing firewall. Initializing eth0, MAC:00:09:0F:17:5 Initializing eth1, MAC:00:09:0F:17:57:DA Initializing eth2, MAC:00:09:0F:17:57:D9 Initializing eth3, MAC:00:09:0F:17:57:D8 4 interface(s) initialized. NET

9、work Burn-in Test(netbt) device loaded. Test program loading(61,Build044,May 4 2005 15:50:22) . Starting test 61. Test Begin at Thu Oct 25 01:33:53 2007 Model Name: FGT-60 Unit BIOS Version: 04000000 Unit Fortinet SN: FGT-603907503437 Unit OEM SN: FGT-603907503437 Unit First MAC: 00090f1757d8 BIOS I

10、ntegrity Check PASS. Checking PCI devices. Looking for 0x06011106(VT8601 Apollo ProMedia) at 00:00.00 .Found. Looking for 0x86011106(VT8601 Apollo ProMedia AGP) at 00:01.00 .Found. Looking for 0x400115BC(FortiASIC CP2) at 00:0D.00 . No device 0x400115BC(FortiASIC CP2) found at 00:0D.00(0x400510CA).

11、PCI devices check failed. Gathering system information. Gathering system information OK! Verify system configuartion Verify system configuartion PASS 1. System information model name : VIA Samuel 2 CPU number : 1 CPU MHz : 400 CPU MIPS : 799 Compact Flash : 32MB CompactFlash Card size : 30 MB Compac

12、t Flash : 32MB CompactFlash Card size : 30 MB Total Memory : 125188 KB Total 4 net port(s) found. internal(eth3) macaddress: 00:09:0F:17:57:D8 dmz(eth2) macaddress: 00:09:0F:17:57:D9 wan1(eth1) macaddress: 00:09:0F:17:57:DA wan2(eth0) macaddress: 00:09:0F:17:57:DB 2. Memory test Free memory is 88060

13、KB. pagesize=4096, pagesizemask=FFFFF000 Detecting memory(117MB). Done, 63MB will be tested STRESS-MEM- 1.Stuck Address. STRESS-MEM- 1.Stuck Address PASSED. STRESS-MEM- 2.Random value. STRESS-MEM- 2.Random value PASSED. STRESS-MEM- 3.XOR comparison. STRESS-MEM- 3.XOR comparison PASSED. STRESS-MEM- 4

14、.SUB comparison. STRESS-MEM- 4.SUB comparison PASSED. STRESS-MEM- 5.MUL comparison. STRESS-MEM- 5.MUL comparison PASSED. STRESS-MEM- 6.DIV comparison. STRESS-MEM- 6.DIV comparison PASSED. STRESS-MEM- 7.OR comparison. STRESS-MEM- 7.OR comparison PASSED. STRESS-MEM- 8.AND comparison. STRESS-MEM- 8.AND

15、 comparison PASSED. STRESS-MEM- 9.Sequential Increment. STRESS-MEM- 9.Sequential Increment PASSED. STRESS-MEM- Round 0 completed in 53 seconds (0 errors). Release memory done. 3. CPU test OK ! Free memory is 87960KB. 4. Stream test vvvvvvvvvv Function Rate (MB/s) RMS time Min time Max time Copy: 96.

16、6554 0.3311 0.3311 0.3312 Scale: 147.0623 0.2177 0.2176 0.2183 Add: 154.6935 0.3103 0.3103 0.3103 Triad: 132.0655 0.3635 0.3 5. Test ASIC DES Encrypt and Decrypt. Open device /dev/fpga0 error:No such device 6. Test Compact Flash and Harddisk. Compact Flash(/dev/hda) Model:32MB CompactFlash Card Size

17、:32112640(bytes) Testing write/read to compact flash(/dev/hda): vvvvvvv Read/write test PASS. Write/Read Rate: 1.35MBPS/ 4.17MBPS 7. Test USB ports. Testing device /dev/ttyusb0 . :FAILED in open device(No such device). Testing device /dev/ttyusb1 . :FAILED in open device(No such device). 8. Test Net

18、work interface controller. Wire the network ports as follow for NIC loopback test. INTERNAL +-+ 4 3 2 1 DMZ WAN1 WAN2 V + + + + + + | | +-+ | | | +-+ | +-+ Initializing eth0, MAC:00:09:0F:17:57:DB Initializing eth1, MAC:00:09:0F:17:57:DA Initializing eth2, MAC:00:09:0F:17:57:D9 Initializing eth3, MA

19、C:00:09:0F:17:57: 4 interface(s) initialized. Network traffic test between internal and dmz. Try to start netbt device. Interface eth3 pair: me 00:09:0F:17:57:D8 he 00:09:0F:17:57:D9 Interface eth2 pair: me 00:09:0F:17:57:D9 he 00:09:0F:17:57:D8 Total 2 pairs configurated. NETBT device started. - In

20、terface | packets | bytes |dropped|errors|pks/sec| M bps eth2.tx: 154596 9275760 0 eth2.rx: 154596 9275760 0 0 15459 9 0 eth3.tx: 154596 9275760 0 0 15459 9 eth3.rx: 154596 9275760 0 0 15459 9 0 - Interface | packets | bytes |dropped|errors|pks/sec| M bps eth2.tx: 136496 16925440 0 0 13649 15 eth2.r

21、x: 136496 16925440 0 0 13649 15 0 eth3.tx: 136496 16925440 0 0 13649 15 eth3.rx: 136496 16925440 0 0 13649 15 0 - Interface | packets | bytes |dropped|errors|pks/sec| M bps eth2.tx: 112159 28263940 0 0 11215 23 eth2.rx: 112159 28263940 0 0 11215 23 0 eth3.tx: 112159 28263940 0 0 11215 23 eth3.rx: 11

22、2159 28263940 0 0 11215 23 0 - Interface | packets | bytes |dropped|errors|pks/sec| M bps eth2.tx: 79733 40504108 0 0 7973 33 eth2.rx: 79733 40504108 0 0 7973 33 0 eth3.tx: 79733 40504108 0 0 7973 33 eth3.rx: 79733 40504108 0 0 7973 33 0 - Interface | packets | bytes |dropped|errors|pks/sec| M bps e

23、th2.tx: 49612 50603728 0 0 4961 40 eth2.rx: 49612 50603728 0 0 4961 40 0 eth3.tx: 49612 50603728 0 0 4961 40 eth3.rx: 49612 50603728 0 0 4961 40 0 - Interface | packets | bytes |dropped|errors|pks/sec| M bps eth2.tx: 35982 54476254 0 0 3598 43 eth2.rx: 35982 54476254 0 0 3598 43 0 eth3.tx: 35982 544

24、76254 0 0 3598 43 eth3.rx: 35982 54476254 0 0 3598 43 0 - Interface | packets | bytes |dropped|errors|pks/sec| M bps eth2.tx: 155166 9311414 0 0 15516 9 eth2.rx: 155145 9310154 0 0 15514 9 0 eth3.tx: 155166 9311414 0 0 15516 9 eth3.rx: 155166 9311414 0 0 15516 9 0 Stop netbt device. PASSED Network t

25、raffic test between internal and wan1. Try to start netbt device. Interface eth3 pair: me 00:09:0F:17:57:D8 he 00:09:0F:17:57:DA Interface eth1 pair: me 00:09:0F:17:57:DA he 00:09:0F:17:57:D8 Total 2 pairs configurated. NETBT device started. - Interface | packets | bytes |dropped|errors|pks/sec| M b

26、ps eth1.tx: 153289 9197340 0 0 15328 9 eth1.rx: 153289 9197340 0 0 15328 9 0 eth3.tx: 153289 9197340 0 0 15328 9 eth3.rx: 153289 9197340 0 0 15328 9 0 - Interface | packets | bytes |dropped|errors|pks/sec| M bps eth1.tx: 134640 16695296 0 0 13464 15 eth1.rx: 134640 16695296 0 0 13464 15 0 eth3.tx: 134640 16695296 0 0 13464 15 eth3.rx: 134640 1669