check config after restore

diagnose debug config-error-log read

migrate line

1. change ip address
2. static route
3. vpn
4. virtual ip , existing public ip
5. email public ip

VPN dial up

must use if fortigate behind nat either public ip or private ip

from the log source is fortigate public ip
and remote ip is gateway fortigate public ip , means isp do nat or have mikrotik

checklist fortigate

1. interface
      pppoe - want distance priority
      vlan - wireless
      unifi password
  if have phone eg DVG5004S can't bypass tm wireless router. must DMZ to wan fortigate ip.
  wan fortigate ip using private ip. Can't use wireless router
2. dns
    fortiddns
 3. static route
    policy route

2. system
         2.1 add itwin admin
        2.2 firmware - start from lowest version
        2.3 register fortiguard

3. policy
    want user authentication
    3.2 add all subnet, group ip address
    3.3 security profile, app and web
    3.4 vip

4. vpn
    4.1 request info ipsec , gw ip, local and dest address, phase1 , phase 2
    4.2 sslvpn -  group user
    4.3 sslvpn portal must change ip address if required

5. user
   5.1 user and group
   5.
2. user authentication

fortigate route, priotiry dhcp, pppoe

fortigate use distance >> route

1. it will check distance if same route higher distance will appear in table route

show table route
Get router info routing-table all

2. then it will check priority , priority will appear in table route but lower priority will appear
pppoe, dhcp priority is default 0
- route not selected can be using by route policy

pppoe, dhcp changed, in CLI go to the interface and “set priority xx”
configure system interface
edit XXX        XXX = interface name
set priority YY     YY = priority value
end

sangfor vpn

https://21.93.104.13:4430 using port 4430

sophos reset and default password

1. console
2. login admin password reset
choose no 4

default admin  / admin