FortiGate CLI Reference - BENEICKE EDV … · Fortinet Technologies Inc. Page 5 FortiOS™ - CLI...
Transcript of FortiGate CLI Reference - BENEICKE EDV … · Fortinet Technologies Inc. Page 5 FortiOS™ - CLI...
-
FortiOS™ CLI Reference for FortiOS 5.0
-
FortiOS™ CLI Reference for FortiOS 5.0
August 31, 2016
01-509-99686-20160831
Copyright© 2016 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
Technical Documentation docs.fortinet.com
Knowledge Base kb.fortinet.com
Customer Service & Support support.fortinet.com
Training Services training.fortinet.com
FortiGuard fortiguard.com
Document Feedback [email protected]
http://docs.fortinet.comhttp://kb.fortinet.comhttps://support.fortinet.comhttp://training.fortinet.comhttp://www.fortiguard.com/mailto:[email protected]?Subject=Technical%20Documentation%20Feedback
-
Contents
Introduction..................................................................................................... 19How this guide is organized............................................................................. 19Availability of commands and options............................................................. 19
Managing Firmware with the FortiGate BIOS.............................................. 20Accessing the BIOS............................................................................................... 20
Navigating the menu........................................................................................ 20
Loading firmware ................................................................................................... 21Configuring TFTP parameters.......................................................................... 21Initiating TFTP firmware transfer...................................................................... 22
Booting the backup firmware ................................................................................ 22
What’s new...................................................................................................... 23
alertemail......................................................................................................... 55setting .................................................................................................................... 56
antivirus........................................................................................................... 60heuristic ................................................................................................................. 61
mms-checksum ..................................................................................................... 62
notification ............................................................................................................. 63
profile ..................................................................................................................... 64config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp |
smtps | nntp | im} ........................................................................................... 65config nac-quar................................................................................................ 66
quarantine .............................................................................................................. 67
service.................................................................................................................... 70
settings .................................................................................................................. 71
application....................................................................................................... 72custom ................................................................................................................... 73
list .......................................................................................................................... 74
name ...................................................................................................................... 78
client-reputation ............................................................................................. 79profile ..................................................................................................................... 80
dlp .................................................................................................................... 82filepattern ............................................................................................................... 83
fp-doc-source ........................................................................................................ 85
fp-sensitivity........................................................................................................... 87
sensor .................................................................................................................... 88
settings .................................................................................................................. 90
Page 3
-
endpoint-control............................................................................................. 91forticlient-registration-sync.................................................................................... 92
profile ..................................................................................................................... 93
settings .................................................................................................................. 98
firewall ............................................................................................................. 99address, address6 ............................................................................................... 100
addrgrp, addrgrp6 ............................................................................................... 103
auth-portal ........................................................................................................... 104
carrier-endpoint-bwl ............................................................................................ 105
carrier-endpoint-ip-filter....................................................................................... 107
central-nat............................................................................................................ 108
deep-inspection-options ..................................................................................... 109config ftps ...................................................................................................... 110config https .................................................................................................... 111config imaps .................................................................................................. 111config pop3s .................................................................................................. 112config smtps .................................................................................................. 112config ssl........................................................................................................ 113config ssl-server............................................................................................. 113
dnstranslation ...................................................................................................... 115
DoS-policy, DoS-policy6 ..................................................................................... 116
gtp........................................................................................................................ 118
identity-based-route ............................................................................................ 134
interface-policy .................................................................................................... 135
interface-policy6 .................................................................................................. 137
ipmacbinding setting ........................................................................................... 139
ipmacbinding table .............................................................................................. 140
ippool, ippool6 ..................................................................................................... 141
ip-translation........................................................................................................ 143
ipv6-eh-filter......................................................................................................... 144
ldb-monitor .......................................................................................................... 145
local-in-policy, local-in-policy6............................................................................ 147
mms-profile.......................................................................................................... 148config dupe {mm1 | mm4}.............................................................................. 155config flood {mm1 | mm4}.............................................................................. 157config log ....................................................................................................... 158config notification {alert-dupe-1 | alert-flood-1 | mm1 | mm3 | mm4 | mm7}. 158config notif-msisdn ........................................................................................ 162
multicast-address ................................................................................................ 163
multicast-policy ................................................................................................... 165
policy, policy6 ...................................................................................................... 167config identity-based-policy .......................................................................... 184
Fortinet Technologies Inc. Page 4 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
policy46, policy64 ................................................................................................ 186
profile-group ........................................................................................................ 188
profile-protocol-options....................................................................................... 190config http...................................................................................................... 192config ftp........................................................................................................ 193config dns ...................................................................................................... 194config imap .................................................................................................... 194config mapi .................................................................................................... 195config pop3.................................................................................................... 195config smtp .................................................................................................... 196config nntp ..................................................................................................... 197config im ........................................................................................................ 198config mail-signature ..................................................................................... 198
schedule onetime................................................................................................. 199
schedule recurring ............................................................................................... 200
schedule group .................................................................................................... 201
service category................................................................................................... 202
service custom..................................................................................................... 203
service group ....................................................................................................... 207
shaper per-ip-shaper ........................................................................................... 208
shaper traffic-shaper ........................................................................................... 210
sniffer ................................................................................................................... 211
sniff-interface-policy ............................................................................................ 214
sniff-interface-policy6 .......................................................................................... 217
ssl setting............................................................................................................. 220
ttl-policy ............................................................................................................... 221
vip ........................................................................................................................ 222
vip46 .................................................................................................................... 242
vip6 ...................................................................................................................... 244
vip64 .................................................................................................................... 246
vipgrp................................................................................................................... 248
vipgrp46............................................................................................................... 249
vipgrp64............................................................................................................... 250
ftp-proxy........................................................................................................ 251explicit.................................................................................................................. 252
gui .................................................................................................................. 253console ................................................................................................................ 254
icap ................................................................................................................ 255profile ................................................................................................................... 256
server ................................................................................................................... 257
Fortinet Technologies Inc. Page 5 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
imp2p............................................................................................................. 258aim-user............................................................................................................... 259
icq-user................................................................................................................ 260
msn-user.............................................................................................................. 261
old-version ........................................................................................................... 262
policy ................................................................................................................... 263
yahoo-user........................................................................................................... 264
ips .................................................................................................................. 265custom ................................................................................................................. 266
decoder................................................................................................................ 267
global ................................................................................................................... 268
rule ....................................................................................................................... 270
sensor .................................................................................................................. 271
setting .................................................................................................................. 276
log .................................................................................................................. 277custom-field......................................................................................................... 278
{disk | fortianalyzer | fortianalyzer2 | fortianalyzer3 | memory | syslogd | syslogd2 | syslogd3 | webtrends | fortiguard} filter ............................................................. 279
disk setting........................................................................................................... 283
eventfilter ............................................................................................................. 287
{fortianalyzer | syslogd} override-filter ................................................................. 288
fortianalyzer override-setting ............................................................................... 289
{fortianalyzer | fortianalyzer2 | fortianalyzer3} setting .......................................... 290
fortiguard setting.................................................................................................. 293
gui-display ........................................................................................................... 294
memory setting .................................................................................................... 295
memory global-setting......................................................................................... 296
setting .................................................................................................................. 297
syslogd override-setting ...................................................................................... 299
{syslogd | syslogd2 | syslogd3} setting................................................................ 301
webtrends setting ................................................................................................ 303
netscan.......................................................................................................... 304assets................................................................................................................... 305
settings ................................................................................................................ 307
pbx ................................................................................................................. 309dialplan ................................................................................................................ 310
did ........................................................................................................................ 312
extension ............................................................................................................. 313
global ................................................................................................................... 315
ringgrp.................................................................................................................. 317
Fortinet Technologies Inc. Page 6 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
voice-menu .......................................................................................................... 318
sip-trunk............................................................................................................... 319
report ............................................................................................................. 321chart..................................................................................................................... 322
dataset ................................................................................................................. 327
layout ................................................................................................................... 328
style...................................................................................................................... 333
summary .............................................................................................................. 337
theme................................................................................................................... 338
router ............................................................................................................. 341access-list, access-list6 ...................................................................................... 342
aspath-list ............................................................................................................ 344
auth-path ............................................................................................................. 345
bfd........................................................................................................................ 346
bgp....................................................................................................................... 347config router bgp ........................................................................................... 351config admin-distance ................................................................................... 354config aggregate-address, config aggregate-address6 ................................ 355config neighbor .............................................................................................. 356config network, config network6 ................................................................... 365config redistribute, config redistribute6......................................................... 366
community-list ..................................................................................................... 367
gwdetect .............................................................................................................. 369
isis........................................................................................................................ 370config isis-interface........................................................................................ 374config isis-net................................................................................................. 375config redistribute {bgp | connected | ospf | rip | static} ................................ 375config summary-address ............................................................................... 376
key-chain ............................................................................................................. 377
multicast .............................................................................................................. 379Sparse mode.................................................................................................. 379Dense mode................................................................................................... 380config router multicast ................................................................................... 382config interface .............................................................................................. 383config pim-sm-global..................................................................................... 386
multicast6 ............................................................................................................ 391
multicast-flow ...................................................................................................... 392
ospf ...................................................................................................................... 393config router ospf........................................................................................... 396config area ..................................................................................................... 398config distribute-list ....................................................................................... 403config neighbor .............................................................................................. 404
Fortinet Technologies Inc. Page 7 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
config network ............................................................................................... 405config ospf-interface...................................................................................... 405config redistribute .......................................................................................... 409config summary-address ............................................................................... 410
ospf6 .................................................................................................................... 411
policy, policy6 ...................................................................................................... 417
prefix-list, prefix-list6 ........................................................................................... 421
rip......................................................................................................................... 423config router rip.............................................................................................. 424config distance............................................................................................... 426config distribute-list ....................................................................................... 426config interface .............................................................................................. 427config neighbor .............................................................................................. 429config network ............................................................................................... 430config offset-list ............................................................................................. 430config redistribute .......................................................................................... 431
ripng..................................................................................................................... 432config distance............................................................................................... 434
route-map ............................................................................................................ 438Using route maps with BGP .......................................................................... 440
setting .................................................................................................................. 445
static .................................................................................................................... 446
static6 .................................................................................................................. 448
spamfilter ...................................................................................................... 449bwl ....................................................................................................................... 450
bword................................................................................................................... 453
dnsbl .................................................................................................................... 455
fortishield ............................................................................................................. 457
iptrust................................................................................................................... 459
mheader............................................................................................................... 460
options ................................................................................................................. 462
profile ................................................................................................................... 463config {imap | imaps | mapi | pop3 | pop3s | smtp | smtps}........................... 465config {gmail | msn-hotmail | yahoo-mail}...................................................... 466
switch-controller .......................................................................................... 467managed-switch .................................................................................................. 468
vlan ...................................................................................................................... 469
system ........................................................................................................... 4703g-modem custom .............................................................................................. 472
accprofile ............................................................................................................. 473
admin ................................................................................................................... 476
amc ...................................................................................................................... 485
Fortinet Technologies Inc. Page 8 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
arp-table .............................................................................................................. 486
auto-install ........................................................................................................... 487
autoupdate push-update ..................................................................................... 488
autoupdate schedule ........................................................................................... 489
autoupdate tunneling........................................................................................... 490
aux ....................................................................................................................... 491
bug-report............................................................................................................ 492
bypass ................................................................................................................. 493
central-management............................................................................................ 494
console ................................................................................................................ 496
ddns..................................................................................................................... 497
dedicated-mgmt .................................................................................................. 499
dhcp reserved-address........................................................................................ 500
dhcp server .......................................................................................................... 501
dhcp6 server ........................................................................................................ 506
dns ....................................................................................................................... 508
dns-database....................................................................................................... 509
dns-server............................................................................................................ 512
elbc ...................................................................................................................... 513
email-server ......................................................................................................... 514
fips-cc .................................................................................................................. 515
fortiguard ............................................................................................................. 516
fortisandbox......................................................................................................... 520
geoip-override...................................................................................................... 521
gi-gk..................................................................................................................... 522
global ................................................................................................................... 523
gre-tunnel............................................................................................................. 542
ha ......................................................................................................................... 543
interface ............................................................................................................... 555
ipip-tunnel ............................................................................................................ 583
ips-urlfilter-dns..................................................................................................... 584
ipv6-neighbor-cache............................................................................................ 585
ipv6-tunnel ........................................................................................................... 586
mac-address-table .............................................................................................. 587
modem................................................................................................................. 588
monitors............................................................................................................... 592
nat64 .................................................................................................................... 594
network-visibility .................................................................................................. 595
np6....................................................................................................................... 596
npu....................................................................................................................... 600
Fortinet Technologies Inc. Page 9 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
ntp........................................................................................................................ 601
object-tag ............................................................................................................ 602
password-policy .................................................................................................. 603
physical-switch .................................................................................................... 604
port-pair ............................................................................................................... 605
probe-response ................................................................................................... 606
proxy-arp ............................................................................................................. 607
pstn ...................................................................................................................... 608
replacemsg admin ............................................................................................... 610
replacemsg alertmail............................................................................................ 611
replacemsg auth .................................................................................................. 613
replacemsg device-detection-portal.................................................................... 617
replacemsg ec ..................................................................................................... 618
replacemsg fortiguard-wf .................................................................................... 620
replacemsg ftp..................................................................................................... 622
replacemsg http................................................................................................... 624
replacemsg im ..................................................................................................... 627
replacemsg mail................................................................................................... 629
replacemsg mm1 ................................................................................................. 632
replacemsg mm3 ................................................................................................. 635
replacemsg mm4 ................................................................................................. 637
replacemsg mm7 ................................................................................................. 639
replacemsg-group ............................................................................................... 642
replacemsg-group ............................................................................................... 644
replacemsg-image ............................................................................................... 647
replacemsg nac-quar........................................................................................... 648
replacemsg nntp .................................................................................................. 650
replacemsg spam ................................................................................................ 652
replacemsg sslvpn............................................................................................... 655
replacemsg traffic-quota ..................................................................................... 656
replacemsg utm ................................................................................................... 657
replacemsg webproxy ......................................................................................... 659
resource-limits ..................................................................................................... 660
server-probe ........................................................................................................ 662
session-helper ..................................................................................................... 663
session-sync........................................................................................................ 665
session-ttl ............................................................................................................ 668
settings ................................................................................................................ 670
sit-tunnel .............................................................................................................. 677
sflow..................................................................................................................... 678
Fortinet Technologies Inc. Page 10 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
sms-server ........................................................................................................... 679
snmp community ................................................................................................. 680
snmp sysinfo........................................................................................................ 684
snmp user ............................................................................................................ 686
sp ......................................................................................................................... 689
storage................................................................................................................. 691
stp ........................................................................................................................ 692
switch-interface ................................................................................................... 693
tos-based-priority ................................................................................................ 695
vdom-dns............................................................................................................. 696
vdom-link ............................................................................................................. 697
vdom-property ..................................................................................................... 698
vdom-radius-server ............................................................................................. 701
vdom-sflow .......................................................................................................... 702
virtual-switch........................................................................................................ 703
wccp .................................................................................................................... 704
zone ..................................................................................................................... 707
user ................................................................................................................ 708Configuring users for authentication.................................................................... 709
Configuring users for password authentication............................................. 709Configuring peers for certificate authentication............................................. 709
ban....................................................................................................................... 710
device .................................................................................................................. 713
device-access-list................................................................................................ 714
device-category ................................................................................................... 715
device-group........................................................................................................ 716
fortitoken.............................................................................................................. 717
fsso ...................................................................................................................... 718
fsso-polling .......................................................................................................... 720
group.................................................................................................................... 722
ldap ...................................................................................................................... 726
local ..................................................................................................................... 729
password-policy .................................................................................................. 731
peer...................................................................................................................... 732
peergrp ................................................................................................................ 734
radius ................................................................................................................... 735
setting .................................................................................................................. 740
tacacs+ ................................................................................................................ 742
voip ................................................................................................................ 743profile ................................................................................................................... 744
Fortinet Technologies Inc. Page 11 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
config sip ....................................................................................................... 746config sccp .................................................................................................... 755
vpn ................................................................................................................. 756certificate ca ........................................................................................................ 757
certificate crl ........................................................................................................ 758
certificate local..................................................................................................... 760
certificate ocsp-server ......................................................................................... 762
certificate remote................................................................................................. 763
certificate setting ................................................................................................. 764
ipsec concentrator ............................................................................................... 765
ipsec forticlient..................................................................................................... 766
ipsec manualkey .................................................................................................. 767
ipsec manualkey-interface................................................................................... 770
ipsec phase1........................................................................................................ 773
ipsec phase1-interface ........................................................................................ 782
ipsec phase2........................................................................................................ 796
ipsec phase2-interface ........................................................................................ 803
l2tp ....................................................................................................................... 812
pptp ..................................................................................................................... 814
ssl settings ........................................................................................................... 816
ssl web host-check-software............................................................................... 820
ssl web portal....................................................................................................... 822
ssl web realm....................................................................................................... 831
ssl web user......................................................................................................... 832
ssl web virtual-desktop-app-list .......................................................................... 834
wanopt........................................................................................................... 835auth-group ........................................................................................................... 836
peer...................................................................................................................... 837
profile ................................................................................................................... 838
settings ................................................................................................................ 842
ssl-server ............................................................................................................. 843
storage................................................................................................................. 846
webcache ............................................................................................................ 847
webfilter......................................................................................................... 850content................................................................................................................. 851
content-header .................................................................................................... 853
fortiguard ............................................................................................................. 854
ftgd-local-cat ....................................................................................................... 856
ftgd-local-rating ................................................................................................... 857
ftgd-warning ........................................................................................................ 858
Fortinet Technologies Inc. Page 12 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
ips-urlfilter-cache-setting..................................................................................... 860
ips-urlfilter-setting................................................................................................ 861
override ................................................................................................................ 862
override-user........................................................................................................ 863
profile ................................................................................................................... 865config ftgd-wf................................................................................................. 869config override ............................................................................................... 871config quota ................................................................................................... 871config web ..................................................................................................... 872
search-engine ...................................................................................................... 873
urlfilter .................................................................................................................. 874
web-proxy ..................................................................................................... 876explicit.................................................................................................................. 877
forward-server ..................................................................................................... 881
forward-server-group........................................................................................... 882
global ................................................................................................................... 883
url-match.............................................................................................................. 885
wireless-controller ....................................................................................... 886ap-status.............................................................................................................. 887
global ................................................................................................................... 888
setting .................................................................................................................. 889
timers ................................................................................................................... 890
vap ....................................................................................................................... 891
wids-profile .......................................................................................................... 895
wtp ....................................................................................................................... 897
wtp-profile............................................................................................................ 901
execute .......................................................................................................... 906backup ................................................................................................................. 907
batch.................................................................................................................... 910
bypass-mode....................................................................................................... 911
carrier-license ...................................................................................................... 912
central-mgmt ....................................................................................................... 913
cfg reload............................................................................................................. 914
cfg save ............................................................................................................... 915
clear system arp table ......................................................................................... 916
cli check-template-status .................................................................................... 917
cli status-msg-only .............................................................................................. 918
client-reputation................................................................................................... 919
date...................................................................................................................... 920
disk ...................................................................................................................... 921
Fortinet Technologies Inc. Page 13 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
disk raid ............................................................................................................... 922
dhcp lease-clear .................................................................................................. 923
dhcp lease-list ..................................................................................................... 924
disconnect-admin-session .................................................................................. 925
enter..................................................................................................................... 926
erase-disk ............................................................................................................ 927
factoryreset .......................................................................................................... 928
factoryreset2........................................................................................................ 929
formatlogdisk ....................................................................................................... 930
forticarrier-license ................................................................................................ 931
forticlient .............................................................................................................. 932
fortiguard-log ....................................................................................................... 933
fortisandbox test-connectivity ............................................................................. 934
fortitoken.............................................................................................................. 935
fortitoken-mobile.................................................................................................. 936
fsso refresh .......................................................................................................... 937
ha disconnect ...................................................................................................... 938
ha ignore-hardware-revision................................................................................ 939
ha manage ........................................................................................................... 940
ha synchronize..................................................................................................... 941
interface dhcpclient-renew .................................................................................. 942
interface pppoe-reconnect .................................................................................. 943
log client-reputation-report.................................................................................. 944
log convert-oldlogs.............................................................................................. 945
log delete-all ........................................................................................................ 946
log delete-oldlogs ................................................................................................ 947
log display............................................................................................................ 948
log filter ................................................................................................................ 949
log fortianalyzer test-connectivity........................................................................ 950
log list................................................................................................................... 951
log rebuild-sqldb.................................................................................................. 952
log recreate-sqldb ............................................................................................... 953
log-report reset .................................................................................................... 954
log roll .................................................................................................................. 955
log upload-progress ............................................................................................ 956
modem dial .......................................................................................................... 957
modem hangup.................................................................................................... 958
modem trigger ..................................................................................................... 959
mrouter clear........................................................................................................ 960
netscan ................................................................................................................ 961
Fortinet Technologies Inc. Page 14 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
pbx....................................................................................................................... 962
ping ...................................................................................................................... 964
ping-options, ping6-options ................................................................................ 965
ping6 .................................................................................................................... 967
policy-packet-capture delete-all.......................................................................... 968
reboot .................................................................................................................. 969
report ................................................................................................................... 970
report-config reset ............................................................................................... 971
restore.................................................................................................................. 972
revision................................................................................................................. 976
router clear bfd session ....................................................................................... 977
router clear bgp ................................................................................................... 978
router clear ospf process..................................................................................... 979
router restart ........................................................................................................ 980
send-fds-statistics ............................................................................................... 981
set system session filter ...................................................................................... 982
set-next-reboot.................................................................................................... 984
sfp-mode-sgmii ................................................................................................... 985
shutdown ............................................................................................................. 986
ssh ....................................................................................................................... 987
sync-session........................................................................................................ 988
tac report ............................................................................................................. 989
telnet .................................................................................................................... 990
time ...................................................................................................................... 991
traceroute............................................................................................................. 992
tracert6................................................................................................................. 993
update-ase........................................................................................................... 994
update-av............................................................................................................. 995
update-geo-ip ...................................................................................................... 996
update-ips............................................................................................................ 997
update-now.......................................................................................................... 998
update-src-vis...................................................................................................... 999
upd-vd-license................................................................................................... 1000
upload................................................................................................................ 1001
usb-device ......................................................................................................... 1002
usb-disk ............................................................................................................. 1003
vpn certificate ca ............................................................................................... 1004
vpn certificate crl ............................................................................................... 1005
vpn certificate local............................................................................................ 1006
vpn certificate remote ........................................................................................ 1009
Fortinet Technologies Inc. Page 15 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
vpn ipsec tunnel down....................................................................................... 1010
vpn ipsec tunnel up ........................................................................................... 1011
vpn sslvpn del-all ............................................................................................... 1012
vpn sslvpn del-tunnel......................................................................................... 1013
vpn sslvpn del-web............................................................................................ 1014
vpn sslvpn list .................................................................................................... 1015
webfilter quota-reset.......................................................................................... 1016
wireless-controller delete-wtp-image ................................................................ 1017
wireless-controller list-wtp-image ..................................................................... 1018
wireless-controller reset-wtp ............................................................................. 1019
wireless-controller restart-acd........................................................................... 1020
wireless-controller restart-wtpd......................................................................... 1021
wireless-controller upload-wtp-image............................................................... 1022
get ................................................................................................................ 1023endpoint-control app-detect ............................................................................. 1024
firewall dnstranslation ........................................................................................ 1026
firewall iprope appctrl ........................................................................................ 1027
firewall iprope list ............................................................................................... 1028
firewall proute, proute6...................................................................................... 1029
firewall service custom ...................................................................................... 1030
firewall shaper.................................................................................................... 1031
grep.................................................................................................................... 1032
gui console status.............................................................................................. 1033
gui topology status ............................................................................................ 1034
hardware cpu..................................................................................................... 1035
hardware memory.............................................................................................. 1037
hardware nic ...................................................................................................... 1038
hardware npu..................................................................................................... 1039
hardware status ................................................................................................. 1042
ips decoder status ............................................................................................. 1043
ips rule status..................................................................................................... 1044
ips session ......................................................................................................... 1045
ipsec tunnel........................................................................................................ 1046
ips view-map ..................................................................................................... 1047
mgmt-data status .............................................................................................. 1048
netscan settings................................................................................................. 1049
pbx branch-office .............................................................................................. 1050
pbx dialplan ....................................................................................................... 1051
pbx did............................................................................................................... 1052
pbx extension .................................................................................................... 1053
Fortinet Technologies Inc. Page 16 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
pbx ftgd-voice-pkg ............................................................................................ 1054
pbx global .......................................................................................................... 1055
pbx ringgrp ........................................................................................................ 1056
pbx sip-trunk...................................................................................................... 1057
pbx voice-menu ................................................................................................. 1058
report database schema.................................................................................... 1059
router info bfd neighbor ..................................................................................... 1060
router info bgp ................................................................................................... 1061
router info gwdetect........................................................................................... 1064
router info isis .................................................................................................... 1065
router info kernel................................................................................................ 1066
router info multicast ........................................................................................... 1067
router info ospf .................................................................................................. 1069
router info protocols .......................................................................................... 1071
router info rip ..................................................................................................... 1072
router info routing-table .................................................................................... 1073
router info vrrp ................................................................................................... 1074
router info6 bgp ................................................................................................. 1075
router info6 interface.......................................................................................... 1076
router info6 kernel.............................................................................................. 1077
router info6 ospf ................................................................................................ 1078
router info6 protocols ........................................................................................ 1079
router info6 rip ................................................................................................... 1080
router info6 routing-table ................................................................................... 1081
system admin list ............................................................................................... 1082
system admin status.......................................................................................... 1083
system arp ......................................................................................................... 1084
system auto-update........................................................................................... 1085
system central-management ............................................................................. 1086
system checksum.............................................................................................. 1087
system cmdb status .......................................................................................... 1088
system fortianalyzer-connectivity ...................................................................... 1089
system fortiguard-log-service status ................................................................. 1090
system fortiguard-service status ....................................................................... 1091
system ha-nonsync-csum ................................................................................. 1092
system ha status................................................................................................ 1093
system info admin ssh ....................................................................................... 1096
system info admin status................................................................................... 1097
system interface physical .................................................................................. 1098
system mgmt-csum........................................................................................... 1099
Fortinet Technologies Inc. Page 17 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
system performance firewall.............................................................................. 1100
system performance status ............................................................................... 1101
system performance top.................................................................................... 1102
system session list............................................................................................. 1103
system session status ....................................................................................... 1104
system session-helper-info list .......................................................................... 1105
system session-info ........................................................................................... 1106
system source-ip ............................................................................................... 1107
system startup-error-log.................................................................................... 1108
system status..................................................................................................... 1109
test ..................................................................................................................... 1110
user adgrp.......................................................................................................... 1112
vpn ike gateway ................................................................................................. 1113
vpn ipsec tunnel details ..................................................................................... 1114
vpn ipsec tunnel name....................................................................................... 1115
vpn ipsec stats crypto ....................................................................................... 1116
vpn ipsec stats tunnel........................................................................................ 1117
vpn ssl monitor .................................................................................................. 1118
vpn status l2tp ................................................................................................... 1119
vpn status pptp.................................................................................................. 1120
vpn status ssl ..................................................................................................... 1121
webfilter ftgd-statistics ...................................................................................... 1122
webfilter status .................................................................................................. 1124
wireless-controller rf-analysis ............................................................................ 1125
wireless-controller scan..................................................................................... 1126
wireless-controller status................................................................................... 1127
wireless-controller vap-status ........................................................................... 1128
wireless-controller wlchanlistlic ......................................................................... 1129
wireless-controller wtp-status ........................................................................... 1132
tree............................................................................................................... 1134
Fortinet Technologies Inc. Page 18 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
Introduction
This document describes FortiOS™ 5.0 CLI commands used to configure and manage a FortiGate unit from the command line interface (CLI).
How this guide is organized
Most of the chapters in this document describe the commands for each configuration branch of the FortiOS™ CLI. The command branches and commands are in alphabetical order.
This document also contains the following sections:
Managing Firmware with the FortiGate BIOS describes how to change firmware at the console during FortiGate unit boot-up.
What’s new describes changes to the 5.0 CLI.
config chapters describe the config commands.
execute describes execute commands.
get describes get commands.
tree describes the tree command.
Availability of commands and options
Some FortiOS™ CLI commands and options are not available on all FortiGate units. The CLI displays an error message if you attempt to enter a command or option that is not available. You can use the question mark ‘?’ to verify the commands and options that are available.
Commands and options may not be available for the following reasons:
• FortiGate model. All commands are not available on all FortiGate models. For example, low end FortiGate models do not support the aggregate interface type option of the config system interface command.
• Hardware configuration. For example, some AMC module commands are only available when an AMC module is installed.
• FortiOS Carrier, FortiGate Voice, FortiWiFi etc. Commands for extended functionality are not available on all FortiGate models. The CLI Reference includes commands only available for FortiWiFi units, FortiOS Carrier, and FortiGate Voice units
Page 19
-
Managing Firmware with the FortiGate BIOS
FortiGate units are shipped with firmware installed. Usually firmware upgrades are performed through the web-based manager or by using the CLI execute restore command. From the console, you can also interrupt the FortiGate unit’s boot-up process to load firmware using the BIOS firmware that is a permanent part of the unit.
Using the BIOS, you can:
• view system information
• format the boot device
• load firmware and reboot (see “Loading firmware” on page 21)
• reboot the FortiGate unit from the backup firmware, which then becomes the default firmware (see “Booting the backup firmware” on page 22)
Accessing the BIOS
The BIOS menu is available only through direct connection to the FortiGate unit’s Console port. During boot-up, “Press any key” appears briefly. If you press any keyboard key at this time, boot-up is suspended and the BIOS menu appears. If you are too late, the boot-up process continues as usual.
Navigating the menu
The main BIOS menu looks like this:
[C]: Configure TFTP parameters
[R]: Review TFTP paramters
[T]: Initiate TFTP firmware transfer
[F]: Format boot device
[Q]: Quit menu and continue to boot
[I]: System Information
[B]: Boot with backup firmare and set as default
[Q]: Quit menu and continue to boot
[H]: Display this list of options
Enter C,R,T,F,I,B,Q,or H:
Typing the bracketed letter selects the option. Input is case-sensitive. Most options present a submenu. An option value in square brackets at the end of the “Enter” line is the default value which you can enter simply by pressing Return. For example,
Enter image download port number [WAN1]:
In most menus, typing H re-lists the menu options and typing Q returns to the previous menu.
Page 20
-
Loading firmware
The BIOS can download firmware from a TFTP server that is reachable from a FortiGate unit network interface. You need to know the IP address of the server and the name of the firmware file to download.
The downloaded firmware can be saved as either the default or backup firmware. It is also possible to boot the downloaded firmware without saving it.
Configuring TFTP parameters
Starting from the main BIOS menu
[C]: Configure TFTP parameters.
Selecting the VLAN (if VLANs are used)
[V]: Set local VLAN ID.
Choose port and whether to use DHCP
[P]: Set firmware download port.
The options listed depend on the FortiGate model. Choose the network interface through which the TFTP server can be reached. For example:
[0]: Any of port 1 - 7
[1]: WAN1
[2]: WAN2
Enter image download port number [WAN1]:
[D]: Set DHCP mode.
Please select DHCP setting
[1]: Enable DHCP
[2]: Disable DHCP
If there is a DHCP server on the network, select [1]. This simplifies configuration. Otherwise, select [2].
Non-DHCP steps
[I]: Set local IP address.
Enter local IP address [192.168.1.188]:
This is a temporary IP address for the FortiGate unit network interface. Use a unique address on the same subnet to which the network interface connects. [S]: Set local subnet mask.
Enter local subnet mask [255.255.252.0]:
[G]: Set local gateway.
The local gateway IP address is needed if the TFTP server is on a different subnet than the one to which the FortiGate unit is connected.
TFTP and filename
[T]: Set remote TFTP server IP address.
Enter remote TFTP server IP address [192.168.1.145]:
[F]: Set firmware file name.
Enter firmware file name [image.out]:
Enter [Q] to return to the main menu.
Fortinet Technologies Inc. Page 21 FortiOS™ - CLI Reference for FortiOS 5.0
http://www.fortinet.com/
-
Initiating TFTP firmware transfer
Starting from the main BIOS menu
[T]: Initiate TFTP firmware transfer.
Please connect TFTP server to Ethernet port 'WAN1'.
MAC: 00