execute router clear bgp ip 203.0.113.241 soft

01_asd (aspath-list) # show
config router aspath-list
edit “AS-Azure”
config rule
edit 1
set action permit
set regexp “_12076$”
next
end
next
edit “AS-AWS”
config rule
edit 1
set action permit
set regexp “_9059$”
next
end
next
end

01_asd (aspath-list) # end

01_asd (CF) # config router route-map

01_asd (route-map) # show
config router route-map
edit “RM-To-VPN1”
config rule
edit 1
set match-ip-address “To_VPN1”
next
end
next
edit “RM-To-EIC”
config rule
edit 1
set action deny
set match-ip-address “RFC1918”
next
edit 2
set action deny
set match-ip-address “DEFAULT-GATEWAY”
next
edit 3
set match-as-path “AS-AWS”
set set-aspath-action replace
set set-aspath “9059”
next
edit 4
next
end
next
edit “RM-From-EIC”
config rule
edit 1
set match-as-path “AS-Azure”
set set-aspath-action replace
set set-aspath “12076”
next
end
next
edit “RM_From_EIC”
config rule
edit 1
set action deny
set match-ip-address “RFC1918”
next
edit 2
set action deny
set match-ip-address “DEFAULT-GATEWAY”
next
edit 3
next
end
next
end

---

 

4200064574

router bgp 64574
!
address-family ipv4 vrf ABC
neighbor 203.0.113.254 remote-as 4200064574

!
address-family ipv4 vrf ABC
neighbor 203.0.113.246 remote-as 4200064574

get router info bgp neighbors 203.0.113.241 advertised-routes

execute router clear bgp all soft (in/out)

clear bgp vrf 29595 ipv4 unicast 203.0.113.246

sh bgp vpnv4 unicast vrf ABC| inc 10.5
sh bgp vpnv4 unicast vrf ABC neighbors 203.0.113.246 advertised-routes

config router route-map
edit “EIC_Blue”
config rule
edit 1
set match-as-path “Azure”
set set-aspath “12076”
next
end
next
end

config router aspath-list
edit “From-Azure”
config rule
edit 1
set action permit
set regexp “_12076$”
next
end
next
end

config router route-map
edit “EIC_Blue”
config rule
edit 1
set match-as-path “Azure”
set set-aspath “12076”
next
end
next
end

onfig router route-map
edit “EIC-Blue”
config rule
edit 1
set match-as-path “From-Azure”
set set-aspath-action replace
set set-aspath “12076”
next
end
next
end

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-Configure-Netflow/ta-p/196080?externalID=FD36460

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Sflow-and-netflow-issues/ta-p/192171?externalID=FD50662

 

In some cases, the requirement is to bring up a FortiSwitch in FortiLink mode, but the FortiSwitch is not directly connected to the FortiGate.

There is a layer 3 network between FortiGate and FortiSwitch.

 

Read the below link before starting the configuration:

https://docs.fortinet.com/document/fortiswitch/7.2.4/fortilink-guide/801182/fortilink-mode-over-a-la…

https://docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios/801182/fortilink-mod…

 

Note that the layer3 FortiLink config has changed from the 7.2.x version and above.

 

Refer to the below configuration:

FortiGate v7.2.4.

FortiSwitch v7.2.3.

 

 

https://docs.fortinet.com/document/fortigate/6.4.5/administration-guide/229573

https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD46111&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=164542366&stateId=0%200%20164540878%27

https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD46242&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=164542366&stateId=0%200%20164540878%27

Ansible :

https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html
https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
https://docs.ansible.com/ansible/latest/modules/fortios_system_email_server_module.html#status

https://help.github.com/en/github/setting-up-and-managing-your-github-user-account/setting-your-commit-email-address

https://github.com/ansible/ansible/issues/48859

https://docs.ansible.com/ansible/latest/user_guide/vault.html

IOS:

https://docs.ansible.com/ansible/latest/network/user_guide/platform_ios.html
https://docs.ansible.com/ansible/latest/plugins/connection/network_cli.html

Fortigate:

Modules (overzicht)
https://ftnt-ansible-docs.readthedocs.io/en/latest/fortios_modules.html
https://docs.ansible.com/ansible/latest/modules/fortios_ipv4_policy_module.html

https://galaxy.ansible.com/fortinet/fortios
https://pypi.org/project/fortiosapi/
https://docs.ansible.com/ansible/latest/modules/fortios_alertemail_setting_module.html
https://ftnt-ansible-docs.readthedocs.io/en/latest/fortios_playbooks/fortios_alertemail_setting.html

Fortios playbooks

Policy’s

Fortigate RestAPI Config Backup – FortiOS 6.0.4

https://yurisk.info/2010/03/26/fortigate-bgp-configure-and-debug/index.html

 

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/150448/troubleshooting-for-dns-filter

NPU info : https://help.fortinet.com/cli/fos50hlp/54/Content/FortiOS/fortiOS-cli-ref-54/config/system/npu.htm 

https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-hardware-acceleration/NP6.htm

https://docs.fortinet.com/document/fortigate/6.0.5/hardware-acceleration/177344/np6-and-np6lite-acceleration

• Technical Tip: How to query specific VDOMs using SNMPv1/v2
  • https://kb.fortinet.com/kb/documentLink.do?externalID=FD45872
• per VDOM SNMP OID’s to monitor CPU, Mem etc
  • https://forum.fortinet.com/tm.aspx?m=163412

Fortigate MIB:

OIDs for the Fortinet-FortiGate-MIB

SNMPb

https://sourceforge.net/projects/snmpb/

5.4/HA/Fixing+Sync+Problems