Fortigate Cli 50
-
Upload
luis-arias -
Category
Documents
-
view
62 -
download
6
Transcript of Fortigate Cli 50
-
FortiOS CLI Reference for FortiOS 5.0
-
FortiOS CLI Reference for FortiOS 5.0
March 13, 2014
01-506-99686-20140313
Copyright 2014 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other resultsmay vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. Fortinet disclaims in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
Technical Documentation docs.fortinet.com
Knowledge Base kb.fortinet.com
Customer Service & Support support.fortinet.com
Training Services training.fortinet.com
FortiGuard fortiguard.com
Document Feedback [email protected]
-
fp-sensitivity........................................................................................................... 86sensor .................................................................................................................... 87
settings .................................................................................................................. 91Contents
Introduction..................................................................................................... 19How this guide is organized............................................................................. 19Availability of commands and options............................................................. 19
Managing Firmware with the FortiGate BIOS.............................................. 20Accessing the BIOS............................................................................................... 20
Navigating the menu........................................................................................ 20
Loading firmware ................................................................................................... 21Configuring TFTP parameters.......................................................................... 21Initiating TFTP firmware transfer...................................................................... 22
Booting the backup firmware ................................................................................ 22
Whats new...................................................................................................... 23
alertemail......................................................................................................... 54setting .................................................................................................................... 55
antivirus........................................................................................................... 59heuristic ................................................................................................................. 60
mms-checksum ..................................................................................................... 61
notification ............................................................................................................. 62
profile ..................................................................................................................... 63config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp |
smtps | nntp | im} ........................................................................................... 64config nac-quar................................................................................................ 65
quarantine .............................................................................................................. 66
service.................................................................................................................... 69
settings .................................................................................................................. 70
application....................................................................................................... 71custom ................................................................................................................... 72
list .......................................................................................................................... 73
name ...................................................................................................................... 77
client-reputation ............................................................................................. 78profile ..................................................................................................................... 79
dlp .................................................................................................................... 81filepattern ............................................................................................................... 82
fp-doc-source ........................................................................................................ 84Page 3
-
endpoint-control............................................................................................. 92forticlient-registration-sync.................................................................................... 93
profile ..................................................................................................................... 94
settings .................................................................................................................. 99
firewall ........................................................................................................... 101address, address6 ............................................................................................... 102
addrgrp, addrgrp6 ............................................................................................... 105
auth-portal ........................................................................................................... 106
carrier-endpoint-bwl ............................................................................................ 107
carrier-endpoint-ip-filter....................................................................................... 109
central-nat............................................................................................................ 110
deep-inspection-options ..................................................................................... 111config ftps ...................................................................................................... 112config https .................................................................................................... 113config imaps .................................................................................................. 113config pop3s .................................................................................................. 114config smtps .................................................................................................. 114config ssl........................................................................................................ 115config ssl-server............................................................................................. 115
dnstranslation ...................................................................................................... 117
DoS-policy, DoS-policy6 ..................................................................................... 118
gtp........................................................................................................................ 120
identity-based-route ............................................................................................ 136
interface-policy .................................................................................................... 137
interface-policy6 .................................................................................................. 139
ipmacbinding setting ........................................................................................... 141
ipmacbinding table .............................................................................................. 142
ippool, ippool6 ..................................................................................................... 143
ip-translation........................................................................................................ 145
ipv6-eh-filter......................................................................................................... 146
ldb-monitor .......................................................................................................... 147
local-in-policy, local-in-policy6............................................................................ 149
mms-profile.......................................................................................................... 150config dupe {mm1 | mm4}.............................................................................. 157config flood {mm1 | mm4}.............................................................................. 159config log ....................................................................................................... 160config notification {alert-dupe-1 | alert-flood-1 | mm1 | mm3 | mm4 | mm7}. 160config notif-msisdn ........................................................................................ 164
multicast-address ................................................................................................ 165
multicast-policy ................................................................................................... 167
policy, policy46, policy6, policy64....................................................................... 169config identity-based-policy .......................................................................... 186Fortinet Technologies Inc. Page 4 FortiOS - CLI Reference for FortiOS 5.0
-
firewall (continued)policy64 ............................................................................................................... 188
profile-group ........................................................................................................ 190
profile-protocol-options....................................................................................... 192config http...................................................................................................... 194config ftp........................................................................................................ 195config dns ...................................................................................................... 196config imap .................................................................................................... 196config mapi .................................................................................................... 197config pop3.................................................................................................... 197config smtp .................................................................................................... 198config nntp ..................................................................................................... 199config im ........................................................................................................ 200config mail-signature ..................................................................................... 200
schedule onetime................................................................................................. 201
schedule recurring ............................................................................................... 202
schedule group .................................................................................................... 203
service category................................................................................................... 204
service custom..................................................................................................... 205
service group ....................................................................................................... 209
shaper per-ip-shaper ........................................................................................... 210
shaper traffic-shaper ........................................................................................... 212
sniffer ................................................................................................................... 213
sniff-interface-policy ............................................................................................ 216
sniff-interface-policy6 .......................................................................................... 219
ssl setting............................................................................................................. 222
ttl-policy ............................................................................................................... 223
vip ........................................................................................................................ 224
vip46 .................................................................................................................... 244
vip6 ...................................................................................................................... 246
vip64 .................................................................................................................... 248
vipgrp................................................................................................................... 250
vipgrp46............................................................................................................... 251
vipgrp64............................................................................................................... 252
ftp-proxy........................................................................................................ 253explicit.................................................................................................................. 254
gui .................................................................................................................. 255console ................................................................................................................ 256
icap ................................................................................................................ 257profile ................................................................................................................... 258
server ................................................................................................................... 259Fortinet Technologies Inc. Page 5 FortiOS - CLI Reference for FortiOS 5.0
-
imp2p............................................................................................................. 260aim-user............................................................................................................... 261
icq-user................................................................................................................ 262
msn-user.............................................................................................................. 263
old-version ........................................................................................................... 264
policy ................................................................................................................... 265
yahoo-user........................................................................................................... 266
ips .................................................................................................................. 267custom ................................................................................................................. 268
decoder................................................................................................................ 269
global ................................................................................................................... 270
rule ....................................................................................................................... 272
sensor .................................................................................................................. 273
setting .................................................................................................................. 278
log .................................................................................................................. 279custom-field......................................................................................................... 280
{disk | fortianalyzer | fortianalyzer2 | fortianalyzer3 | memory | syslogd | syslogd2 | syslogd3 | webtrends | fortiguard} filter ............................................................. 281
disk setting........................................................................................................... 285
eventfilter ............................................................................................................. 290
{fortianalyzer | syslogd} override-filter ................................................................. 291
fortianalyzer override-setting ............................................................................... 292
{fortianalyzer | fortianalyzer2 | fortianalyzer3} setting .......................................... 293
fortiguard setting.................................................................................................. 296
gui-display ........................................................................................................... 297
memory setting .................................................................................................... 298
memory global-setting......................................................................................... 299
setting .................................................................................................................. 300
syslogd override-setting ...................................................................................... 302
{syslogd | syslogd2 | syslogd3} setting................................................................ 304
webtrends setting ................................................................................................ 306
netscan.......................................................................................................... 307assets................................................................................................................... 308
settings ................................................................................................................ 310
pbx ................................................................................................................. 312dialplan ................................................................................................................ 313
did ........................................................................................................................ 315
extension ............................................................................................................. 316
global ................................................................................................................... 318
ringgrp.................................................................................................................. 320Fortinet Technologies Inc. Page 6 FortiOS - CLI Reference for FortiOS 5.0
-
voice-menu .......................................................................................................... 321
sip-trunk............................................................................................................... 322
report ............................................................................................................. 324chart..................................................................................................................... 325
dataset ................................................................................................................. 330
layout ................................................................................................................... 331
style...................................................................................................................... 336
summary .............................................................................................................. 340
theme................................................................................................................... 341
router ............................................................................................................. 344access-list, access-list6 ...................................................................................... 345
aspath-list ............................................................................................................ 347
auth-path ............................................................................................................. 348
bfd........................................................................................................................ 349
bgp....................................................................................................................... 350config router bgp ........................................................................................... 354config admin-distance ................................................................................... 357config aggregate-address, config aggregate-address6 ................................ 358config neighbor .............................................................................................. 359config network, config network6 ................................................................... 368config redistribute, config redistribute6......................................................... 369
community-list ..................................................................................................... 370
gwdetect .............................................................................................................. 372
isis........................................................................................................................ 373config isis-interface........................................................................................ 377config isis-net................................................................................................. 378config redistribute {bgp | connected | ospf | rip | static} ................................ 378config summary-address ............................................................................... 379
key-chain ............................................................................................................. 380
multicast .............................................................................................................. 382Sparse mode.................................................................................................. 382Dense mode................................................................................................... 383config router multicast ................................................................................... 385config interface .............................................................................................. 386config pim-sm-global..................................................................................... 389
multicast6 ............................................................................................................ 394
multicast-flow ...................................................................................................... 395
ospf ...................................................................................................................... 396config router ospf........................................................................................... 399config area ..................................................................................................... 402config distribute-list ....................................................................................... 407config neighbor .............................................................................................. 408Fortinet Technologies Inc. Page 7 FortiOS - CLI Reference for FortiOS 5.0
-
router (continued)config network ............................................................................................... 408config ospf-interface...................................................................................... 409config redistribute .......................................................................................... 413config summary-address ............................................................................... 413
ospf6 .................................................................................................................... 415
policy, policy6 ...................................................................................................... 421
prefix-list, prefix-list6 ........................................................................................... 425
rip......................................................................................................................... 427config router rip.............................................................................................. 428config distance............................................................................................... 430config distribute-list ....................................................................................... 430config interface .............................................................................................. 431config neighbor .............................................................................................. 433config network ............................................................................................... 434config offset-list ............................................................................................. 434config redistribute .......................................................................................... 435
ripng..................................................................................................................... 436config distance............................................................................................... 438
route-map ............................................................................................................ 442Using route maps with BGP .......................................................................... 444
setting .................................................................................................................. 449
static .................................................................................................................... 450
static6 .................................................................................................................. 452
spamfilter ...................................................................................................... 453bwl ....................................................................................................................... 454
bword................................................................................................................... 457
dnsbl .................................................................................................................... 459
fortishield ............................................................................................................. 461
iptrust................................................................................................................... 463
mheader............................................................................................................... 464
options ................................................................................................................. 466
profile ................................................................................................................... 467config {imap | imaps | mapi | pop3 | pop3s | smtp | smtps}........................... 469config {gmail | msn-hotmail | yahoo-mail}...................................................... 470
switch-controller .......................................................................................... 471managed-switch .................................................................................................. 472
vlan ...................................................................................................................... 473
system ........................................................................................................... 4743g-modem custom .............................................................................................. 475
accprofile ............................................................................................................. 476
admin ................................................................................................................... 479Fortinet Technologies Inc. Page 8 FortiOS - CLI Reference for FortiOS 5.0
-
system (continued)amc ...................................................................................................................... 488
arp-table .............................................................................................................. 489
auto-install ........................................................................................................... 490
autoupdate push-update ..................................................................................... 491
autoupdate schedule ........................................................................................... 492
autoupdate tunneling........................................................................................... 493
aux ....................................................................................................................... 494
bug-report............................................................................................................ 495
bypass ................................................................................................................. 496
central-management............................................................................................ 497
console ................................................................................................................ 499
ddns..................................................................................................................... 500
dedicated-mgmt .................................................................................................. 502
dhcp reserved-address........................................................................................ 503
dhcp server .......................................................................................................... 504
dhcp6 server ........................................................................................................ 509
dns ....................................................................................................................... 511
dns-database....................................................................................................... 512
dns-server............................................................................................................ 514
elbc ...................................................................................................................... 515
email-server ......................................................................................................... 516
fips-cc .................................................................................................................. 518
fortiguard ............................................................................................................. 519
fortisandbox......................................................................................................... 524
geoip-override...................................................................................................... 525
gi-gk..................................................................................................................... 526
global ................................................................................................................... 527
gre-tunnel............................................................................................................. 546
ha ......................................................................................................................... 547
interface ............................................................................................................... 558
ipip-tunnel ............................................................................................................ 586
ips-urlfilter-dns..................................................................................................... 587
ipv6-neighbor-cache............................................................................................ 588
ipv6-tunnel ........................................................................................................... 589
mac-address-table .............................................................................................. 590
modem................................................................................................................. 591
monitors............................................................................................................... 595
nat64 .................................................................................................................... 597
network-visibility .................................................................................................. 598Fortinet Technologies Inc. Page 9 FortiOS - CLI Reference for FortiOS 5.0
-
system (continued)npu....................................................................................................................... 599
ntp........................................................................................................................ 600
object-tag ............................................................................................................ 601
password-policy .................................................................................................. 602
port-pair ............................................................................................................... 603
probe-response ................................................................................................... 604
proxy-arp ............................................................................................................. 605
pstn ...................................................................................................................... 606
replacemsg admin ............................................................................................... 608
replacemsg alertmail............................................................................................ 609
replacemsg auth .................................................................................................. 611
replacemsg device-detection-portal.................................................................... 615
replacemsg ec ..................................................................................................... 616
replacemsg fortiguard-wf .................................................................................... 618
replacemsg ftp..................................................................................................... 620
replacemsg http................................................................................................... 622
replacemsg im ..................................................................................................... 625
replacemsg mail................................................................................................... 627
replacemsg mm1 ................................................................................................. 630
replacemsg mm3 ................................................................................................. 633
replacemsg mm4 ................................................................................................. 635
replacemsg mm7 ................................................................................................. 637
replacemsg-group ............................................................................................... 640
replacemsg-group ............................................................................................... 642
replacemsg-image ............................................................................................... 645
replacemsg nac-quar........................................................................................... 646
replacemsg nntp .................................................................................................. 648
replacemsg spam ................................................................................................ 650
replacemsg sslvpn............................................................................................... 653
replacemsg traffic-quota ..................................................................................... 654
replacemsg utm ................................................................................................... 655
replacemsg webproxy ......................................................................................... 657
resource-limits ..................................................................................................... 658
server-probe ........................................................................................................ 660
session-helper ..................................................................................................... 661
session-sync........................................................................................................ 663
session-ttl ............................................................................................................ 666
settings ................................................................................................................ 668
sit-tunnel .............................................................................................................. 674Fortinet Technologies Inc. Page 10 FortiOS - CLI Reference for FortiOS 5.0
-
system (continued)sflow..................................................................................................................... 675
sms-server ........................................................................................................... 676
snmp community ................................................................................................. 677
snmp sysinfo........................................................................................................ 681
snmp user ............................................................................................................ 683
sp ......................................................................................................................... 686
storage................................................................................................................. 688
stp ........................................................................................................................ 689
switch-interface ................................................................................................... 690
tos-based-priority ................................................................................................ 692
vdom-dns............................................................................................................. 693
vdom-link ............................................................................................................. 694
vdom-property ..................................................................................................... 695
vdom-radius-server ............................................................................................. 698
vdom-sflow .......................................................................................................... 699
virtual-switch........................................................................................................ 700
wccp .................................................................................................................... 701
zone ..................................................................................................................... 704
user ................................................................................................................ 705Configuring users for authentication.................................................................... 706
Configuring users for password authentication............................................. 706Configuring peers for certificate authentication............................................. 706
ban....................................................................................................................... 707
device .................................................................................................................. 710
device-access-list................................................................................................ 711
device-category ................................................................................................... 712
device-group........................................................................................................ 713
fortitoken.............................................................................................................. 714
fsso ...................................................................................................................... 715
fsso-polling .......................................................................................................... 717
group.................................................................................................................... 719
ldap ...................................................................................................................... 723
local ..................................................................................................................... 726
password-policy .................................................................................................. 728
peer...................................................................................................................... 729
peergrp ................................................................................................................ 731
radius ................................................................................................................... 732
setting .................................................................................................................. 737
tacacs+ ................................................................................................................ 739Fortinet Technologies Inc. Page 11 FortiOS - CLI Reference for FortiOS 5.0
-
voip ................................................................................................................ 740profile ................................................................................................................... 741
config sip ....................................................................................................... 743config sccp .................................................................................................... 752
vpn ................................................................................................................. 753certificate ca ........................................................................................................ 754
certificate crl ........................................................................................................ 755
certificate local..................................................................................................... 757
certificate ocsp-server ......................................................................................... 759
certificate remote................................................................................................. 760
certificate setting ................................................................................................. 761
ipsec concentrator ............................................................................................... 762
ipsec forticlient..................................................................................................... 763
ipsec manualkey .................................................................................................. 764
ipsec manualkey-interface................................................................................... 767
ipsec phase1........................................................................................................ 770
ipsec phase1-interface ........................................................................................ 779
ipsec phase2........................................................................................................ 793
ipsec phase2-interface ........................................................................................ 800
l2tp ....................................................................................................................... 809
pptp ..................................................................................................................... 811
ssl settings ........................................................................................................... 813
ssl web host-check-software............................................................................... 817
ssl web portal....................................................................................................... 819
ssl web realm....................................................................................................... 828
ssl web user......................................................................................................... 829
ssl web virtual-desktop-app-list .......................................................................... 831
wanopt........................................................................................................... 832auth-group ........................................................................................................... 833
peer...................................................................................................................... 834
profile ................................................................................................................... 835
settings ................................................................................................................ 839
ssl-server ............................................................................................................. 840
storage................................................................................................................. 843
webcache ............................................................................................................ 844config cache-exemption-list .......................................................................... 846
webfilter......................................................................................................... 847content................................................................................................................. 848
content-header .................................................................................................... 850
fortiguard ............................................................................................................. 851Fortinet Technologies Inc. Page 12 FortiOS - CLI Reference for FortiOS 5.0
-
ftgd-local-cat ....................................................................................................... 853
ftgd-local-rating ................................................................................................... 854
ftgd-warning ........................................................................................................ 855
ips-urlfilter-cache-setting..................................................................................... 856
ips-urlfilter-setting................................................................................................ 857
override ................................................................................................................ 858
override-user........................................................................................................ 860
profile ................................................................................................................... 862config ftgd-wf................................................................................................. 866config override ............................................................................................... 868config quota ................................................................................................... 868config web ..................................................................................................... 869
search-engine ...................................................................................................... 870
urlfilter .................................................................................................................. 871
web-proxy ..................................................................................................... 873explicit.................................................................................................................. 874
forward-server ..................................................................................................... 878
forward-server-group........................................................................................... 879
global ................................................................................................................... 880
url-match.............................................................................................................. 882
wireless-controller ....................................................................................... 883ap-status.............................................................................................................. 884
global ................................................................................................................... 885
setting .................................................................................................................. 886
timers ................................................................................................................... 887
vap ....................................................................................................................... 888
wids-profile .......................................................................................................... 892
wtp ....................................................................................................................... 894
wtp-profile............................................................................................................ 898
execute .......................................................................................................... 903backup ................................................................................................................. 904
batch.................................................................................................................... 907
bypass-mode....................................................................................................... 908
carrier-license ...................................................................................................... 909
central-mgmt ....................................................................................................... 910
cfg reload............................................................................................................. 911
cfg save ............................................................................................................... 912
clear system arp table ......................................................................................... 913
cli check-template-status .................................................................................... 914
cli status-msg-only .............................................................................................. 915Fortinet Technologies Inc. Page 13 FortiOS - CLI Reference for FortiOS 5.0
-
execute (continued)client-reputation................................................................................................... 916
date...................................................................................................................... 917
disk ...................................................................................................................... 918
disk raid ............................................................................................................... 919
dhcp lease-clear .................................................................................................. 920
dhcp lease-list ..................................................................................................... 921
disconnect-admin-session .................................................................................. 922
enter..................................................................................................................... 923
erase-disk ............................................................................................................ 924
factoryreset .......................................................................................................... 925
factoryreset2........................................................................................................ 926
formatlogdisk ....................................................................................................... 927
forticarrier-license ................................................................................................ 928
forticlient .............................................................................................................. 929
fortiguard-log ....................................................................................................... 930
fortisandbox test-connectivity ............................................................................. 931
fortitoken.............................................................................................................. 932
fortitoken-mobile.................................................................................................. 933
fsso refresh .......................................................................................................... 934
ha disconnect ...................................................................................................... 935
ha ignore-hardware-revision................................................................................ 936
ha manage ........................................................................................................... 937
ha synchronize..................................................................................................... 938
interface dhcpclient-renew .................................................................................. 939
interface pppoe-reconnect .................................................................................. 940
log client-reputation-report.................................................................................. 941
log convert-oldlogs.............................................................................................. 942
log delete-all ........................................................................................................ 943
log delete-oldlogs ................................................................................................ 944
log delete-rolled................................................................................................... 945
log display............................................................................................................ 946
log filter ................................................................................................................ 947
log fortianalyzer test-connectivity........................................................................ 948
log list................................................................................................................... 949
log rebuild-sqldb.................................................................................................. 950
log recreate-sqldb ............................................................................................... 951
log-report reset .................................................................................................... 952
log roll .................................................................................................................. 953
log upload-progress ............................................................................................ 954Fortinet Technologies Inc. Page 14 FortiOS - CLI Reference for FortiOS 5.0
-
execute (continued)modem dial .......................................................................................................... 955
modem hangup.................................................................................................... 956
modem trigger ..................................................................................................... 957
mrouter clear........................................................................................................ 958
netscan ................................................................................................................ 959
pbx....................................................................................................................... 960
ping ...................................................................................................................... 962
ping-options, ping6-options ................................................................................ 963
ping6 .................................................................................................................... 965
policy-packet-capture delete-all.......................................................................... 966
reboot .................................................................................................................. 967
report ................................................................................................................... 968
report-config reset ............................................................................................... 969
restore.................................................................................................................. 970
revision................................................................................................................. 974
router clear bfd session ....................................................................................... 975
router clear bgp ................................................................................................... 976
router clear ospf process..................................................................................... 977
router restart ........................................................................................................ 978
send-fds-statistics ............................................................................................... 979
set system session filter ...................................................................................... 980
set-next-reboot.................................................................................................... 982
sfp-mode-sgmii ................................................................................................... 983
shutdown ............................................................................................................. 984
ssh ....................................................................................................................... 985
sync-session........................................................................................................ 986
tac report ............................................................................................................. 987
telnet .................................................................................................................... 988
time ...................................................................................................................... 989
traceroute............................................................................................................. 990
tracert6................................................................................................................. 991
update-ase........................................................................................................... 992
update-av............................................................................................................. 993
update-geo-ip ...................................................................................................... 994
update-ips............................................................................................................ 995
update-now.......................................................................................................... 996
update-src-vis...................................................................................................... 997
upd-vd-license..................................................................................................... 998
upload.................................................................................................................. 999Fortinet Technologies Inc. Page 15 FortiOS - CLI Reference for FortiOS 5.0
-
execute (continued)usb-device ......................................................................................................... 1000
usb-disk ............................................................................................................. 1001
vpn certificate ca ............................................................................................... 1002
vpn certificate crl ............................................................................................... 1003
vpn certificate local............................................................................................ 1004
vpn certificate remote ........................................................................................ 1007
vpn ipsec tunnel down....................................................................................... 1008
vpn ipsec tunnel up ........................................................................................... 1009
vpn sslvpn del-all ............................................................................................... 1010
vpn sslvpn del-tunnel......................................................................................... 1011
vpn sslvpn del-web............................................................................................ 1012
vpn sslvpn list .................................................................................................... 1013
webfilter quota-reset.......................................................................................... 1014
wireless-controller delete-wtp-image ................................................................ 1015
wireless-controller list-wtp-image ..................................................................... 1016
wireless-controller reset-wtp ............................................................................. 1017
wireless-controller restart-acd........................................................................... 1018
wireless-controller restart-wtpd......................................................................... 1019
wireless-controller upload-wtp-image............................................................... 1020
get ................................................................................................................ 1021endpoint-control app-detect ............................................................................. 1022
firewall dnstranslation ........................................................................................ 1024
firewall iprope appctrl ........................................................................................ 1025
firewall iprope list ............................................................................................... 1026
firewall proute, proute6...................................................................................... 1027
firewall service custom ...................................................................................... 1028
firewall shaper.................................................................................................... 1029
grep.................................................................................................................... 1030
gui console status.............................................................................................. 1031
gui topology status ............................................................................................ 1032
hardware cpu..................................................................................................... 1033
hardware memory.............................................................................................. 1035
hardware nic ...................................................................................................... 1036
hardware npu..................................................................................................... 1037
hardware status ................................................................................................. 1040
ips decoder status ............................................................................................. 1041
ips rule status..................................................................................................... 1042
ips session ......................................................................................................... 1043
ipsec tunnel........................................................................................................ 1044Fortinet Technologies Inc. Page 16 FortiOS - CLI Reference for FortiOS 5.0
-
get (continued)ips view-map ..................................................................................................... 1045
mgmt-data status .............................................................................................. 1046
netscan settings................................................................................................. 1047
pbx branch-office .............................................................................................. 1048
pbx dialplan ....................................................................................................... 1049
pbx did............................................................................................................... 1050
pbx extension .................................................................................................... 1051
pbx ftgd-voice-pkg ............................................................................................ 1052
pbx global .......................................................................................................... 1053
pbx ringgrp ........................................................................................................ 1054
pbx sip-trunk...................................................................................................... 1055
pbx voice-menu ................................................................................................. 1056
report database schema.................................................................................... 1057
router info bfd neighbor ..................................................................................... 1058
router info bgp ................................................................................................... 1059
router info gwdetect........................................................................................... 1062
router info isis .................................................................................................... 1063
router info kernel................................................................................................ 1064
router info multicast ........................................................................................... 1065
router info ospf .................................................................................................. 1067
router info protocols .......................................................................................... 1069
router info rip ..................................................................................................... 1070
router info routing-table .................................................................................... 1071
router info vrrp ................................................................................................... 1072
router info6 bgp ................................................................................................. 1073
router info6 interface.......................................................................................... 1074
router info6 kernel.............................................................................................. 1075
router info6 ospf ................................................................................................ 1076
router info6 protocols ........................................................................................ 1077
router info6 rip ................................................................................................... 1078
router info6 routing-table ................................................................................... 1079
system admin list ............................................................................................... 1080
system admin status.......................................................................................... 1081
system arp ......................................................................................................... 1082
system auto-update........................................................................................... 1083
system central-management ............................................................................. 1084
system checksum.............................................................................................. 1085
system cmdb status .......................................................................................... 1086
system fortianalyzer-connectivity ...................................................................... 1087Fortinet Technologies Inc. Page 17 FortiOS - CLI Reference for FortiOS 5.0
-
get (continued)system fortiguard-log-service status ................................................................. 1088
system fortiguard-service status ....................................................................... 1089
system ha-nonsync-csum ................................................................................. 1090
system ha status................................................................................................ 1091
system info admin ssh ....................................................................................... 1094
system info admin status................................................................................... 1095
system interface physical .................................................................................. 1096
system mgmt-csum........................................................................................... 1097
system performance firewall.............................................................................. 1098
system performance status ............................................................................... 1099
system performance top.................................................................................... 1100
system session list............................................................................................. 1101
system session status ....................................................................................... 1102
system session-helper-info list .......................................................................... 1103
system session-info ........................................................................................... 1104
system source-ip ............................................................................................... 1105
system startup-error-log.................................................................................... 1106
system status..................................................................................................... 1107
test ..................................................................................................................... 1108
user adgrp.......................................................................................................... 1110
vpn ike gateway ................................................................................................. 1111
vpn ipsec tunnel details ..................................................................................... 1112
vpn ipsec tunnel name....................................................................................... 1113
vpn ipsec stats crypto ....................................................................................... 1114
vpn ipsec stats tunnel........................................................................................ 1115
vpn ssl monitor .................................................................................................. 1116
vpn status l2tp ................................................................................................... 1117
vpn status pptp.................................................................................................. 1118
vpn status ssl ..................................................................................................... 1119
webfilter ftgd-statistics ...................................................................................... 1120
webfilter status .................................................................................................. 1122
wireless-controller rf-analysis ............................................................................ 1123
wireless-controller scan..................................................................................... 1124
wireless-controller status................................................................................... 1125
wireless-controller vap-status ........................................................................... 1126
wireless-controller wlchanlistlic ......................................................................... 1127
wireless-controller wtp-status ........................................................................... 1130
tree............................................................................................................... 1132Fortinet Technologies Inc. Page 18 FortiOS - CLI Reference for FortiOS 5.0
-
Introduction
This document describes FortiOS 5.0 CLI commands used to configure and manage a FortiGate unit from the command line interface (CLI).
How this guide is organized
Most of the chapters in this document describe the commands for each configuration branch of the FortiOS CLI. The command branches and commands are in alphabetical order.
This document also contains the following sections:
Managing Firmware with the FortiGate BIOS describes how to change firmware at the console during FortiGate unit boot-up.
Whats new describes changes to the 5.0 CLI.
config chapters describe the config commands.
execute describes execute commands.
get describes get commands.
tree describes the tree command.
Availability of commands and options
Some FortiOS CLI commands and options are not available on all FortiGate units. The CLI displays an error message if you attempt to enter a command or option that is not available. You can use the question mark ? to verify the commands and options that are available.
Commands and options may not be available for the following reasons:
FortiGate model. All commands are not available on all FortiGate models. For example, low end FortiGate models do not support the aggregate interface type option of the config system interface command.
Hardware configuration. For example, some AMC module commands are only available when an AMC module is installed.
FortiOS Carrier, FortiGate Voice, FortiWiFi etc. Commands for extended functionality are not available on all FortiGate models. The CLI Reference includes commands only available for FortiWiFi units, FortiOS Carrier, and FortiGate Voice unitsPage 19
-
which you can enter simply by pressing Return. For example,
Enter image download port number [WAN1]:In most menus, typing H re-lists the menu options and typing Q returns to the previous menu.Managing Firmware with the FortiGate BIOS
FortiGate units are shipped with firmware installed. Usually firmware upgrades are performed through the web-based manager or by using the CLI execute restore command. From the console, you can also interrupt the FortiGate units boot-up process to load firmware using the BIOS firmware that is a permanent part of the unit.
Using the BIOS, you can:
view system information
format the boot device
load firmware and reboot (see Loading firmware on page 21)
reboot the FortiGate unit from the backup firmware, which then becomes the default firmware (see Booting the backup firmware on page 22)
Accessing the BIOS
The BIOS menu is available only through direct connection to the FortiGate units Console port. During boot-up, Press any key appears briefly. If you press any keyboard key at this time, boot-up is suspended and the BIOS menu appears. If you are too late, the boot-up process continues as usual.
Navigating the menu
The main BIOS menu looks like this:
[C]: Configure TFTP parameters[R]: Review TFTP paramters[T]: Initiate TFTP firmware transfer[F]: Format boot device[Q]: Quit menu and continue to boot[I]: System Information[B]: Boot with backup firmare and set as default[Q]: Quit menu and continue to boot[H]: Display this list of options
Enter C,R,T,F,I,B,Q,or H:Typing the bracketed letter selects the option. Input is case-sensitive. Most options present a submenu. An option value in square brackets at the end of the Enter line is the default value Page 20
-
Loading firmware
The BIOS can download firmware from a TFTP server that is reachable from a FortiGate unit network interface. You need to know the IP address of the server and the name of the firmware file to download.
The downloaded firmware can be saved as either the default or backup firmware. It is also possible to boot the downloaded firmware without saving it.
Configuring TFTP parameters
Starting from the main BIOS menu
[C]: Configure TFTP parameters.
Selecting the VLAN (if VLANs are used)
[V]: Set local VLAN ID.
Choose port and whether to use DHCP
[P]: Set firmware download port.The options listed depend on the FortiGate model. Choose the network interface through which the TFTP server can be reached. For example:
[0]: Any of port 1 - 7[1]: WAN1[2]: WAN2Enter image download port number [WAN1]:
[D]: Set DHCP mode.Please select DHCP setting[1]: Enable DHCP[2]: Disable DHCP
If there is a DHCP server on the network, select [1]. This simplifies configuration. Otherwise, select [2].
Non-DHCP steps
[I]: Set local IP address.Enter local IP address [192.168.1.188]:
This is a temporary IP address for the FortiGate unit network interface. Use a unique address on the same subnet to which the network interface connects. [S]: Set local subnet mask.
Enter local subnet mask [255.255.252.0]:[G]: Set local gateway.
The local gateway IP address is needed if the TFTP server is on a different subnet than the one to which the FortiGate unit is connected.
TFTP and filename
[T]: Set remote TFTP server IP address.Enter remote TFTP server IP address [192.168.1.145]:
[F]: Set firmware file name.Enter firmware file name [image.out]:
Enter [Q] to return to the main menu.Fortinet Technologies Inc. Page 21 FortiOS - CLI Reference for FortiOS 5.0
-
Initiating TFTP firmware transfer
Starting from the main BIOS menu
[T]: Initiate TFTP firmware transfer.Please connect TFTP server to Ethernet port 'WAN1'.
MAC: 00:09:0f:b5:55:28
Connect to tftp server 192.168.1.145 ...
##########################################################Image Received.Checking image... OKSave as Default firmware/Backup firmware/Run image withoutsaving:[D/B/R]?
After you choose any option, the FortiGate unit reboots. If you choose [D] or [B], there is first a pause while the firmware is copied:
Programming the boot device now.................................................................................................................................
Booting the backup firmware
You can reboot the FortiGate unit from the backup firmware, which then becomes the default firmware.
Starting from the main BIOS menu
[B]: Boot with backup firmware and set as default.If the boot device contains backup firmware, the FortiGate unit reboots. Otherwise the unit responds:
Failed to mount filesystem. . .Mount back up partition failed.Back up image open failed.Press Y or y to boot default image.Fortinet Technologies Inc. Page 22 FortiOS - CLI Reference for FortiOS 5.0
-
DNS, HTTP, ICMP, SSL. config entriesedit
set popularity New field. Sets application popularity levels. Whats new
As the FortiOS Handbook has developed, the FortiGate CLI Reference for FortiOS 5.0 has become a dictionary of FortiOS CLI commands defining each command and i