Entries Tagged as ''

Change Switch Mode to Interface Mode in Fortigate

There are 3 steps involved in this process.

  1. Complete the prerequisites
  2. Change the mode from Switch mode to interface mode
  3. Configure the network and allow access to a particular network port.

FGxxxxxxxxxxxxxx # config system global
FGxxxxxxxxxxxxxx # set internalswitch-mode interface
FGxxxxxxxxxxxxxx # end
Changing switch mode will reboot the system!
Do you want to continue? (y/n) y

FGxxxxxxxxxxxxxx #

Rename default admin account in Fortinet appliances

A good practice to enhance firewall security is to rename the default administrator account of the box. On Fortigate, default administrator username is admin. If you leave your admin as ‘admin’, then the leftover part of the brute-force password cracking is just a piece of cake.

 This tutorial is to show you know to rename default ‘admin’ of a Fortinet box (FortiMail, FortiGate Firewall,…)

You need to finish these steps within command line mode. The best way to manage Fortinet devices is using SSH or Serial terminal. If you need help of how to connect to a Fortinet box using Serial terminal, click here.

Fortinet will prevent you from changing your currently logged in account. I assume that you are logged in under the default “admin”. You could not rename “admin” to “yourname” if you are logging under “admin”, it’s reasonable, isn’t it?

  • So, the first step is to create a new administrator account.
  • Next step is to login using the new account.
  • Final step is from the new account, execute the rename command to change “admin” to something else.

Create new administrator account on Fortinet

Do these steps while you are already in privilege mode (logged in as “admin”):

CUSTOMER_FW01# config system admin
 CUSTOMER_FW01(admin) # edit newadmin
 new entry ‘newadmin’ added

CUSTOMER_FW01(newadmin) # set password Myn3w-password
CUSTOMER_FW01(newadmin) # set accprofile super_admin
CUSTOMER_FW01(newadmin) # end
CUSTOMER_FW01# exit
 Auto backup config …
 login.c-__config

CUSTOMER_FW01login: newadmin
 Password: **************
 Welcome !

CUSTOMER_FW01#

Rename Fortinet default “admin”

To rename your Fortinet default “admin”, follow these steps:

CUSTOMER_FW01 # config system admin
CUSTOMER_FW01 (admin) # rename admin to nimda
CUSTOMER_FW01 (admin) #

Nmap Cheat Sheet

Nmap Target Selection

Scan a single IP nmap 192.168.10.1
Scan a host nmap www.testhost.com
Scan a range of IPs nmap 192.168.10.1-20
Scan a subnet nmap 192.168.10.0/24
Scan targets from a text file nmap -iL list-of-ips.txt

Nmap Port Selection

Scan a single Port nmap -p 22 192.168.10.1
Scan a range of ports nmap -p 1-100 192.168.10.1
Scan 100 most common ports (Fast) nmap -F 192.168.10.1
Scan all 65535 ports nmap -p- 192.168.10.1

Nmap Port Scan types

Scan using TCP connect nmap -sT 192.168.10.1
Scan using TCP SYN scan (default) nmap -sS 192.168.10.1
Scan UDP ports nmap -sU -p 123,161,162 192.168.10.1
Scan selected ports – ignore discovery nmap -Pn -F 192.168.10.1

Service and OS Detection

Detect OS and Services nmap -A 192.168.10.1
Standard service detection nmap -sV 192.168.10.1
More aggressive Service Detection nmap -sV –version-intensity 5 192.168.10.1
Lighter banner grabbing detection nmap -sV –version-intensity 0 192.168.10.1

Nmap Output Formats

Save default output to file nmap -oN outputfile.txt 192.168.10.1
Save results as XML nmap -oX outputfile.xml 192.168.10.1
Save results in a format for grep nmap -oG outputfile.txt 192.168.10.1
Save in all formats nmap -oA outputfile 192.168.10.1

Digging deeper with NSE Scripts

Scan using default safe scripts nmap -sV -sC 192.168.10.1
Get help for a script nmap –script-help=ssl-heartbleed
Scan using a specific NSE script nmap -sV -p 443 –script=ssl-heartbleed.nse 192.168.10.1
Scan with a set of scripts nmap -sV –script=smb* 192.168.10.1

A scan to search for DDOS reflection UDP services

Scan for UDP DDOS reflectors nmap –sU –A –PN –n –pU:19,53,123,161
–script=ntp-monlist,dns-recursion,snmp-sysdescr 192.168.10.0/24

HTTP Service Information

Gather page titles from HTTP services nmap –script=http-title 192.168.10.0/24
Get HTTP headers of web services nmap –script=http-headers 192.168.10.0/24
Find web apps from known paths nmap –script=http-enum 192.168.10.0/24

Detect Heartbleed SSL Vulnerability

Heartbleed Testing nmap -sV -p 443 –script=ssl-heartbleed 192.168.10.0/24

IP Address information

Find Information about IP address nmap –script=asn-query,whois,ip-geolocation-maxmind 192.168.10.0/24