Hello everybody,
As in topic, I got FortiGate 600E
I'm looking for a solution to get list of all reserved address (from each vlan) preferably to some txt flat file, as well as get device inventory list (with last seen column) to match those list compare in some external tool.
Regards
diag ip add list >> shows IPs assigned to interfaces
diag ip arp list >> shows the mac address and arp lists currently active
show system dhcp server >> will show you the IP ranges used by DHCP servers
( show system dhcp server | grep start -A1 )
Thank You Alex,
As for the suggested commands - second one is more sutiable, hoever is not exacly what I mean,
first of all I want to get list of all active addresses (it's similar to a device inventory from web-access Dashboard/users&Devices -> but in CLI and with information about 'last seen' time of the address)
second,
'IP Address Assignment Rules' find in interface/VLAN/Advanced.
This also possible export to a flat txt file
Regards
I don't think that is possible at the moment in the FortiOS, but sounds like a good feature request. Other products lige FAZ or FortiSOAR may be able to handle this natively.
On the FortiOS I think there are some limitations to that, given the fact that the device-identification feature needs to store data on a database that takes up memory (and link these IPs to traffic logs). For a small network that shouldn't be a problem, but the FortiOS is consistent over several ranges of devices. Enabling such feature on a device handling thousands of clients, even by mistake, may cause instant filling of memory and bring down the device.
What do you mean by "reserved addresses" ? IP addresses configured on the interfaces/VLANs of the FGT, addresses created in FIrewall -> Objects, addresses used in Security rules ?
Tahnks Yuri for Yor reply,
I mean:
'IP Address Assignment Rules' find in interface/VLAN/Advanced.
I want to export this list to a flat txt file.
You may also find a list of assigned DHCP addresses here (again, not an automatic export):
exec dhcp lease-list
Hey Krzysztof,
this is technically doable via API, but would very likely need some scripting.
You can have a look at what information is available via API:
1. Log into admin GUI
2. Access these URLs:
https://<FortiGate>/api/v2/cmdb/system.dhcp/server
-> gives you all DHCP servers, which include a subsection 'reserved-address', essentially the same as 'config system dhcp server/show'
https://<FortiGate>/api/v2/monitor/dhcp
-> all DHCP and DHCP6 leases, with a 'reserved' boolean attribute (is this a reserved IP or not)
-> you can filter for reserved entries:
-> https://<FortiGate>/api/v2/monitor/dhcp?filter=reserved==true
https://<FortiGate>/api/v2/monitor/user/device/query
-> all detected devices
-> includes information on "last seen" (in epoch time, https://www.epochconverter.com/)
-> you can filter for online status:
-> https://<FortiGate>/api/v2/monitor/user/device/query?filter=is_online==true
-> depending on firmware version, the query would be
https://<FortiGate>/api/v2/monitor/detected-device
instead
If that provides an easier format to work with and/or you are comfortable with scripting, API might be the way for you to get the information into a text file and compare
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.