Fortigate Cli v5.0
description
Transcript of Fortigate Cli v5.0
-
FortiOS CLI Reference for FortiOS 5.0
-
FortiOS CLI Reference for FortiOS 5.0
May 15, 2013
01-501-99686-20130515
Copyright 2013 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and FortiGuard, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
Technical Documentation docs.fortinet.com
Knowledge Base kb.fortinet.com
Customer Service & Support support.fortinet.com
Training Services training.fortinet.com
FortiGuard fortiguard.com
Document Feedback [email protected]
-
address, address6 ................................................................................................. 91
addrgrp, addrgrp6 ................................................................................................. 94auth-portal ............................................................................................................. 95
carrier-endpoint-bwl .............................................................................................. 96Contents
Introduction..................................................................................................... 19Availability of commands and options............................................................. 19
Whats new...................................................................................................... 20
alertemail......................................................................................................... 46setting .................................................................................................................... 47
antivirus........................................................................................................... 51heuristic ................................................................................................................. 52
mms-checksum ..................................................................................................... 53
notification ............................................................................................................. 54
profile ..................................................................................................................... 55config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp |
smtps | nntp | im} ........................................................................................... 56config nac-quar................................................................................................ 56
quarantine .............................................................................................................. 57
service.................................................................................................................... 60
settings .................................................................................................................. 61
application....................................................................................................... 62list .......................................................................................................................... 63
name ...................................................................................................................... 67
client-reputation ............................................................................................. 68profile ..................................................................................................................... 69
dlp .................................................................................................................... 71filepattern ............................................................................................................... 72
fp-doc-source ........................................................................................................ 74
fp-sensitivity........................................................................................................... 76
sensor .................................................................................................................... 77
settings .................................................................................................................. 81
endpoint-control............................................................................................. 82forticlient-registration-sync.................................................................................... 83
profile ..................................................................................................................... 84
settings .................................................................................................................. 88
firewall ............................................................................................................. 90Page 3
-
firewall (continued)carrier-endpoint-ip-filter......................................................................................... 98
central-nat.............................................................................................................. 99
deep-inspection-options ..................................................................................... 100config ftps ...................................................................................................... 101config https .................................................................................................... 102config imaps .................................................................................................. 102config pop3s .................................................................................................. 103config smtps .................................................................................................. 103config ssl........................................................................................................ 104config ssl-server............................................................................................. 104
dnstranslation ...................................................................................................... 106
DoS-policy ........................................................................................................... 107
gtp........................................................................................................................ 109
identity-based-route ............................................................................................ 125
interface-policy .................................................................................................... 126
interface-policy6 .................................................................................................. 128
ipmacbinding setting ........................................................................................... 130
ipmacbinding table .............................................................................................. 131
ippool, ippool6 ..................................................................................................... 132
ip-translation........................................................................................................ 134
ldb-monitor .......................................................................................................... 135
local-in-policy, local-in-policy6............................................................................ 137
mms-profile.......................................................................................................... 138config dupe {mm1 | mm4}.............................................................................. 145config flood {mm1 | mm4}.............................................................................. 147config log ....................................................................................................... 148config notification {alert-dupe-1 | alert-flood-1 | mm1 | mm3 | mm4 | mm7}. 148config notif-msisdn ........................................................................................ 152
multicast-address ................................................................................................ 153
multicast-policy ................................................................................................... 154
policy, policy46, policy6, policy64....................................................................... 156config identity-based-policy .......................................................................... 173
policy64 ............................................................................................................... 175
profile-group ........................................................................................................ 177
profile-protocol-options....................................................................................... 179config http...................................................................................................... 181config ftp........................................................................................................ 182config dns ...................................................................................................... 183config imap .................................................................................................... 183config mapi .................................................................................................... 184config pop3.................................................................................................... 184config smtp .................................................................................................... 185Fortinet Technologies Inc. Page 4 FortiOS - CLI Reference for FortiOS 5.0
-
firewall (continued)profile-protocol-options (continued)
config nntp ..................................................................................................... 186config im ........................................................................................................ 187config mail-signature ..................................................................................... 187
schedule onetime................................................................................................. 188
schedule recurring ............................................................................................... 189
schedule group .................................................................................................... 190
service category................................................................................................... 191
service custom..................................................................................................... 192
service group ....................................................................................................... 196
shaper per-ip-shaper ........................................................................................... 197
shaper traffic-shaper ........................................................................................... 199
sniffer ................................................................................................................... 200
sniff-interface-policy ............................................................................................ 203
sniff-interface-policy6 .......................................................................................... 205
ssl setting............................................................................................................. 208
ttl-policy ............................................................................................................... 209
vip ........................................................................................................................ 210
vip46 .................................................................................................................... 230
vip6 ...................................................................................................................... 232
vip64 .................................................................................................................... 234
vipgrp................................................................................................................... 236
vipgrp46............................................................................................................... 237
vipgrp64............................................................................................................... 238
ftp-proxy........................................................................................................ 239explicit.................................................................................................................. 240
gui .................................................................................................................. 241console ................................................................................................................ 242
icap ................................................................................................................ 243profile ................................................................................................................... 244
server ................................................................................................................... 245
imp2p............................................................................................................. 246aim-user............................................................................................................... 247
icq-user................................................................................................................ 248
msn-user.............................................................................................................. 249
old-version ........................................................................................................... 250
policy ................................................................................................................... 251
yahoo-user........................................................................................................... 252Fortinet Technologies Inc. Page 5 FortiOS - CLI Reference for FortiOS 5.0
-
ips .................................................................................................................. 253custom ................................................................................................................. 254
decoder................................................................................................................ 255
global ................................................................................................................... 256
rule ....................................................................................................................... 258
sensor .................................................................................................................. 259
setting .................................................................................................................. 263
log .................................................................................................................. 264custom-field......................................................................................................... 265
{disk | fortianalyzer | fortianalyzer2 | fortianalyzer3 | memory | syslogd | syslogd2 | syslogd3 | webtrends | fortiguard} filter ............................................................. 266
disk setting........................................................................................................... 271
eventfilter ............................................................................................................. 276
{fortianalyzer | syslogd} override-filter ................................................................. 277
fortianalyzer override-setting ............................................................................... 278
{fortianalyzer | fortianalyzer2 | fortianalyzer3} setting .......................................... 279
fortiguard setting.................................................................................................. 282
memory setting .................................................................................................... 283
memory global-setting......................................................................................... 284
setting .................................................................................................................. 285
syslogd override-setting ...................................................................................... 287
{syslogd | syslogd2 | syslogd3} setting................................................................ 289
trafficfilter ............................................................................................................. 291
webtrends setting ................................................................................................ 292
netscan.......................................................................................................... 293assets................................................................................................................... 294
settings ................................................................................................................ 296
pbx ................................................................................................................. 298dialplan ................................................................................................................ 299
did ........................................................................................................................ 301
extension ............................................................................................................. 302
global ................................................................................................................... 304
ringgrp.................................................................................................................. 306
voice-menu .......................................................................................................... 307
sip-trunk............................................................................................................... 308
report ............................................................................................................. 310chart..................................................................................................................... 311
dataset ................................................................................................................. 317
layout ................................................................................................................... 318
style...................................................................................................................... 323Fortinet Technologies Inc. Page 6 FortiOS - CLI Reference for FortiOS 5.0
-
summary .............................................................................................................. 327
theme................................................................................................................... 328
router ............................................................................................................. 331access-list, access-list6 ...................................................................................... 332
aspath-list ............................................................................................................ 334
auth-path ............................................................................................................. 335
bfd........................................................................................................................ 336
bgp....................................................................................................................... 337config router bgp ........................................................................................... 341config admin-distance ................................................................................... 344config aggregate-address, config aggregate-address6 ................................ 345config neighbor .............................................................................................. 346config network, config network6 ................................................................... 354config redistribute, config redistribute6......................................................... 355
community-list ..................................................................................................... 357
gwdetect .............................................................................................................. 359
isis........................................................................................................................ 360config isis-interface........................................................................................ 364config isis-net................................................................................................. 365config redistribute {bgp | connected | ospf | rip | static} ................................ 365config summary-address ............................................................................... 366
key-chain ............................................................................................................. 367
multicast .............................................................................................................. 369Sparse mode.................................................................................................. 369Dense mode................................................................................................... 370config router multicast ................................................................................... 372config interface .............................................................................................. 373config pim-sm-global..................................................................................... 377
multicast6 ............................................................................................................ 381
multicast-flow ...................................................................................................... 382
ospf ...................................................................................................................... 383config router ospf........................................................................................... 386config area ..................................................................................................... 388config distribute-list ....................................................................................... 393config neighbor .............................................................................................. 393config network ............................................................................................... 394config ospf-interface...................................................................................... 395config redistribute .......................................................................................... 398config summary-address ............................................................................... 399
ospf6 .................................................................................................................... 400
policy, policy6 ...................................................................................................... 406
prefix-list, prefix-list6 ........................................................................................... 410Fortinet Technologies Inc. Page 7 FortiOS - CLI Reference for FortiOS 5.0
-
router (continued)rip......................................................................................................................... 412
config router rip.............................................................................................. 413config distance............................................................................................... 415config distribute-list ....................................................................................... 415config interface .............................................................................................. 416config neighbor .............................................................................................. 418config network ............................................................................................... 419config offset-list ............................................................................................. 419config redistribute .......................................................................................... 420
ripng..................................................................................................................... 421config distance............................................................................................... 423
route-map ............................................................................................................ 427Using route maps with BGP .......................................................................... 429
setting .................................................................................................................. 434
static .................................................................................................................... 435
static6 .................................................................................................................. 437
spamfilter ...................................................................................................... 438bwl ....................................................................................................................... 439
bword................................................................................................................... 442
dnsbl .................................................................................................................... 444
fortishield ............................................................................................................. 446
iptrust................................................................................................................... 448
mheader............................................................................................................... 449
options ................................................................................................................. 451
profile ................................................................................................................... 452config {imap | imaps | mapi | pop3 | pop3s | smtp | smtps}........................... 454config {gmail | msn-hotmail | yahoo-mail}...................................................... 455
switch-controller .......................................................................................... 456managed-switch .................................................................................................. 457
vlan ...................................................................................................................... 458
system ........................................................................................................... 4593g-modem custom .............................................................................................. 460
accprofile ............................................................................................................. 461
admin ................................................................................................................... 464
amc ...................................................................................................................... 473
arp-table .............................................................................................................. 474
auto-install ........................................................................................................... 475
autoupdate push-update ..................................................................................... 476
autoupdate schedule ........................................................................................... 477
autoupdate tunneling........................................................................................... 478Fortinet Technologies Inc. Page 8 FortiOS - CLI Reference for FortiOS 5.0
-
system (continued)aux ....................................................................................................................... 479
bug-report............................................................................................................ 480
bypass ................................................................................................................. 481
central-management............................................................................................ 482
console ................................................................................................................ 484
ddns..................................................................................................................... 485
dedicated-mgmt .................................................................................................. 487
dhcp reserved-address........................................................................................ 488
dhcp server .......................................................................................................... 489
dhcp6 server ........................................................................................................ 494
dns ....................................................................................................................... 496
dns-database....................................................................................................... 497
dns-server............................................................................................................ 499
elbc ...................................................................................................................... 500
email-server ......................................................................................................... 501
fips-cc .................................................................................................................. 503
fortiguard ............................................................................................................. 504
geoip-override...................................................................................................... 509
gi-gk..................................................................................................................... 510
global ................................................................................................................... 511
gre-tunnel............................................................................................................. 528
ha ......................................................................................................................... 529
interface ............................................................................................................... 540
ipv6-tunnel ........................................................................................................... 566
mac-address-table .............................................................................................. 567
modem................................................................................................................. 568
monitors............................................................................................................... 572
nat64 .................................................................................................................... 574
network-visibility .................................................................................................. 575
npu....................................................................................................................... 576
ntp........................................................................................................................ 577
object-tag ............................................................................................................ 578
password-policy .................................................................................................. 579
port-pair ............................................................................................................... 580
probe-response ................................................................................................... 581
proxy-arp ............................................................................................................. 582
pstn ...................................................................................................................... 583
replacemsg admin ............................................................................................... 585
replacemsg alertmail............................................................................................ 586Fortinet Technologies Inc. Page 9 FortiOS - CLI Reference for FortiOS 5.0
-
system (continued)replacemsg auth .................................................................................................. 588
replacemsg ec ..................................................................................................... 592
replacemsg fortiguard-wf .................................................................................... 594
replacemsg ftp..................................................................................................... 596
replacemsg http................................................................................................... 598
replacemsg im ..................................................................................................... 601
replacemsg mail................................................................................................... 603
replacemsg mm1 ................................................................................................. 606
replacemsg mm3 ................................................................................................. 609
replacemsg mm4 ................................................................................................. 611
replacemsg mm7 ................................................................................................. 613
replacemsg-group ............................................................................................... 616
replacemsg-group ............................................................................................... 618
replacemsg-image ............................................................................................... 621
replacemsg nac-quar........................................................................................... 622
replacemsg nntp .................................................................................................. 624
replacemsg spam ................................................................................................ 626
replacemsg sslvpn............................................................................................... 629
replacemsg traffic-quota ..................................................................................... 630
replacemsg utm ................................................................................................... 631
replacemsg webproxy ......................................................................................... 633
resource-limits ..................................................................................................... 634
server-probe ........................................................................................................ 636
session-helper ..................................................................................................... 637
session-sync........................................................................................................ 639
session-ttl ............................................................................................................ 641
settings ................................................................................................................ 643
sit-tunnel .............................................................................................................. 649
sflow..................................................................................................................... 650
sms-server ........................................................................................................... 651
snmp community ................................................................................................. 652
snmp sysinfo........................................................................................................ 655
snmp user ............................................................................................................ 657
sp ......................................................................................................................... 660
storage................................................................................................................. 662
stp ........................................................................................................................ 663
switch-interface ................................................................................................... 664
tos-based-priority ................................................................................................ 666
vdom-dns............................................................................................................. 667Fortinet Technologies Inc. Page 10 FortiOS - CLI Reference for FortiOS 5.0
-
system (continued)vdom-link ............................................................................................................. 668
vdom-property ..................................................................................................... 669
vdom-radius-server ............................................................................................. 672
vdom-sflow .......................................................................................................... 673
virtual-switch........................................................................................................ 674
wccp .................................................................................................................... 675
zone ..................................................................................................................... 678
user ................................................................................................................ 679Configuring users for password authentication............................................. 679Configuring peers for certificate authentication............................................. 680
ban....................................................................................................................... 681
device .................................................................................................................. 684
device-access-list................................................................................................ 685
device-category ................................................................................................... 686
device-group........................................................................................................ 687
fortitoken.............................................................................................................. 688
fsso ...................................................................................................................... 689
fsso-polling .......................................................................................................... 691
group.................................................................................................................... 693
ldap ...................................................................................................................... 697
local ..................................................................................................................... 700
password-policy .................................................................................................. 702
peer...................................................................................................................... 703
peergrp ................................................................................................................ 705
radius ................................................................................................................... 706
setting .................................................................................................................. 711
tacacs+ ................................................................................................................ 713
voip ................................................................................................................ 714profile ................................................................................................................... 715
config sip ....................................................................................................... 717config sccp .................................................................................................... 726
vpn ................................................................................................................. 727certificate ca ........................................................................................................ 728
certificate crl ........................................................................................................ 729
certificate local..................................................................................................... 731
certificate ocsp-server ......................................................................................... 733
certificate remote................................................................................................. 734
certificate setting ................................................................................................. 735
ipsec concentrator ............................................................................................... 736Fortinet Technologies Inc. Page 11 FortiOS - CLI Reference for FortiOS 5.0
-
vpn (continued)ipsec forticlient..................................................................................................... 737
ipsec manualkey .................................................................................................. 738
ipsec manualkey-interface................................................................................... 741
ipsec phase1........................................................................................................ 744
ipsec phase1-interface ........................................................................................ 753
ipsec phase2........................................................................................................ 767
ipsec phase2-interface ........................................................................................ 774
l2tp ....................................................................................................................... 783
pptp ..................................................................................................................... 785
ssl settings ........................................................................................................... 787
ssl web host-check-software............................................................................... 791
ssl web portal....................................................................................................... 793
ssl web realm....................................................................................................... 802
ssl web user......................................................................................................... 803
ssl web virtual-desktop-app-list .......................................................................... 805
wanopt........................................................................................................... 806auth-group ........................................................................................................... 807
peer...................................................................................................................... 808
profile ................................................................................................................... 809
settings ................................................................................................................ 813
ssl-server ............................................................................................................. 814
storage................................................................................................................. 817
webcache ............................................................................................................ 818config cache-exemption-list .......................................................................... 820
webfilter......................................................................................................... 821content................................................................................................................. 822
content-header .................................................................................................... 824
fortiguard ............................................................................................................. 825
ftgd-local-cat ....................................................................................................... 827
ftgd-local-rating ................................................................................................... 828
ftgd-warning ........................................................................................................ 829
ips-urlfilter-cache-setting..................................................................................... 830
ips-urlfilter-setting................................................................................................ 831
override ................................................................................................................ 832
override-user........................................................................................................ 834
profile ................................................................................................................... 836config ftgd-wf................................................................................................. 840config override ............................................................................................... 842config quota ................................................................................................... 842config web ..................................................................................................... 843Fortinet Technologies Inc. Page 12 FortiOS - CLI Reference for FortiOS 5.0
-
search-engine ...................................................................................................... 844
urlfilter .................................................................................................................. 845
web-proxy ..................................................................................................... 847explicit.................................................................................................................. 848
forward-server ..................................................................................................... 852
global ................................................................................................................... 853
wireless-controller ....................................................................................... 855ap-status.............................................................................................................. 856
global ................................................................................................................... 857
setting .................................................................................................................. 858
timers ................................................................................................................... 859
vap ....................................................................................................................... 860
wids-profile .......................................................................................................... 864
wtp ....................................................................................................................... 866
wtp-profile............................................................................................................ 869
execute .......................................................................................................... 873backup ................................................................................................................. 874
batch.................................................................................................................... 877
bypass-mode....................................................................................................... 878
carrier-license ...................................................................................................... 879
central-mgmt ....................................................................................................... 880
cfg reload............................................................................................................. 881
cfg save ............................................................................................................... 882
clear system arp table ......................................................................................... 883
cli check-template-status .................................................................................... 884
cli status-msg-only .............................................................................................. 885
client-reputation................................................................................................... 886
date...................................................................................................................... 887
disk ...................................................................................................................... 888
disk raid ............................................................................................................... 889
dhcp lease-clear .................................................................................................. 890
dhcp lease-list ..................................................................................................... 891
disconnect-admin-session .................................................................................. 892
enter..................................................................................................................... 893
factoryreset .......................................................................................................... 894
factoryreset2........................................................................................................ 895
formatlogdisk ....................................................................................................... 896
forticlient .............................................................................................................. 897
fortiguard-log ....................................................................................................... 898
fortitoken.............................................................................................................. 899Fortinet Technologies Inc. Page 13 FortiOS - CLI Reference for FortiOS 5.0
-
execute (continued)fortitoken-mobile.................................................................................................. 900
fsso refresh .......................................................................................................... 901
ha disconnect ...................................................................................................... 902
ha manage ........................................................................................................... 903
ha synchronize..................................................................................................... 904
interface dhcpclient-renew .................................................................................. 905
interface pppoe-reconnect .................................................................................. 906
log client-reputation-report.................................................................................. 907
log convert-oldlogs.............................................................................................. 908
log delete-all ........................................................................................................ 909
log delete-oldlogs ................................................................................................ 910
log delete-rolled................................................................................................... 911
log display............................................................................................................ 912
log filter ................................................................................................................ 913
log fortianalyzer test-connectivity........................................................................ 915
log list................................................................................................................... 916
log rebuild-sqldb.................................................................................................. 917
log recreate-sqldb ............................................................................................... 918
log-report reset .................................................................................................... 919
log roll .................................................................................................................. 920
log upload-progress ............................................................................................ 921
modem dial .......................................................................................................... 922
modem hangup.................................................................................................... 923
modem trigger ..................................................................................................... 924
mrouter clear........................................................................................................ 925
netscan ................................................................................................................ 926
pbx....................................................................................................................... 927
ping ...................................................................................................................... 929
ping-options, ping6-options ................................................................................ 930
ping6 .................................................................................................................... 932
policy-packet-capture delete-all.......................................................................... 933
reboot .................................................................................................................. 934
report ................................................................................................................... 935
report-config reset ............................................................................................... 936
restore.................................................................................................................. 937
revision................................................................................................................. 941
router clear bfd session ....................................................................................... 942
router clear bgp ................................................................................................... 943
router clear ospf process..................................................................................... 944Fortinet Technologies Inc. Page 14 FortiOS - CLI Reference for FortiOS 5.0
-
execute (continued)router restart ........................................................................................................ 945
send-fds-statistics ............................................................................................... 946
set system session filter ...................................................................................... 947
set-next-reboot.................................................................................................... 949
sfp-mode-sgmii ................................................................................................... 950
shutdown ............................................................................................................. 951
ssh ....................................................................................................................... 952
sync-session........................................................................................................ 953
tac report ............................................................................................................. 954
telnet .................................................................................................................... 955
time ...................................................................................................................... 956
traceroute............................................................................................................. 957
tracert6................................................................................................................. 958
update-ase........................................................................................................... 959
update-av............................................................................................................. 960
update-geo-ip ...................................................................................................... 961
update-ips............................................................................................................ 962
update-now.......................................................................................................... 963
update-src-vis...................................................................................................... 964
upd-vd-license..................................................................................................... 965
upload.................................................................................................................. 966
usb-device ........................................................................................................... 967
usb-disk ............................................................................................................... 968
vpn certificate ca ................................................................................................. 969
vpn certificate crl ................................................................................................. 970
vpn certificate local.............................................................................................. 971
vpn certificate remote .......................................................................................... 974
vpn ipsec tunnel down......................................................................................... 975
vpn ipsec tunnel up ............................................................................................. 976
vpn sslvpn del-all ................................................................................................. 977
vpn sslvpn del-tunnel........................................................................................... 978
vpn sslvpn del-web.............................................................................................. 979
vpn sslvpn list ...................................................................................................... 980
wireless-controller delete-wtp-image .................................................................. 981
wireless-controller list-wtp-image ....................................................................... 982
wireless-controller reset-wtp ............................................................................... 983
wireless-controller restart-acd............................................................................. 984
wireless-controller restart-wtpd........................................................................... 985
wireless-controller upload-wtp-image................................................................. 986Fortinet Technologies Inc. Page 15 FortiOS - CLI Reference for FortiOS 5.0
-
get .................................................................................................................. 987endpoint-control app-detect ............................................................................... 988
firewall dnstranslation .......................................................................................... 990
firewall iprope appctrl .......................................................................................... 991
firewall iprope list ................................................................................................. 992
firewall proute, proute6........................................................................................ 993
firewall service predefined ................................................................................... 994
firewall shaper...................................................................................................... 995
grep...................................................................................................................... 996
gui console status................................................................................................ 997
gui topology status .............................................................................................. 998
hardware cpu....................................................................................................... 999
hardware memory.............................................................................................. 1001
hardware nic ...................................................................................................... 1002
hardware npu..................................................................................................... 1003
hardware status ................................................................................................. 1006
ips decoder status ............................................................................................. 1007
ips rule status..................................................................................................... 1008
ips session ......................................................................................................... 1009
ipsec tunnel list .................................................................................................. 1010
netscan scan...................................................................................................... 1011
netscan settings................................................................................................. 1012
pbx branch-office .............................................................................................. 1013
pbx dialplan ....................................................................................................... 1014
pbx did............................................................................................................... 1015
pbx extension .................................................................................................... 1016
pbx ftgd-voice-pkg ............................................................................................ 1017
pbx global .......................................................................................................... 1018
pbx ringgrp ........................................................................................................ 1019
pbx sip-trunk...................................................................................................... 1020
pbx voice-menu ................................................................................................. 1021
report database schema.................................................................................... 1022
router info bfd neighbor ..................................................................................... 1023
router info bgp ................................................................................................... 1024
router info gwdetect........................................................................................... 1027
router info isis .................................................................................................... 1028
router info kernel................................................................................................ 1029
router info multicast ........................................................................................... 1030
router info ospf .................................................................................................. 1032
router info protocols .......................................................................................... 1034Fortinet Technologies Inc. Page 16 FortiOS - CLI Reference for FortiOS 5.0
-
get (continued)router info rip ..................................................................................................... 1035
router info routing-table .................................................................................... 1036
router info vrrp ................................................................................................... 1037
router info6 bgp ................................................................................................. 1038
router info6 interface.......................................................................................... 1039
router info6 kernel.............................................................................................. 1040
router info6 ospf ................................................................................................ 1041
router info6 protocols ........................................................................................ 1042
router info6 rip ................................................................................................... 1043
router info6 routing-table ................................................................................... 1044
system admin list ............................................................................................... 1045
system admin status.......................................................................................... 1046
system arp ......................................................................................................... 1047
system auto-update........................................................................................... 1048
system central-management ............................................................................. 1049
system checksum.............................................................................................. 1050
system cmdb status .......................................................................................... 1051
system fortianalyzer-connectivity ...................................................................... 1052
system fortiguard-log-service status ................................................................. 1053
system fortiguard-service status ....................................................................... 1054
system ha-nonsync-csum ................................................................................. 1055
system ha status................................................................................................ 1056
system info admin ssh ....................................................................................... 1059
system info admin status................................................................................... 1060
system interface physical .................................................................................. 1061
system mgmt-csum........................................................................................... 1062
system performance firewall.............................................................................. 1063
system performance status ............................................................................... 1064
system performance top.................................................................................... 1065
system session list............................................................................................. 1066
system session status ....................................................................................... 1067
system session-helper-info list .......................................................................... 1068
system session-info ........................................................................................... 1069
system source-ip ............................................................................................... 1070
system startup-error-log.................................................................................... 1071
system status..................................................................................................... 1072
test ..................................................................................................................... 1073
user adgrp.......................................................................................................... 1075
vpn ike gateway ................................................................................................. 1076Fortinet Technologies Inc. Page 17 FortiOS - CLI Reference for FortiOS 5.0
-
get (continued)vpn ipsec tunnel details ..................................................................................... 1077
vpn ipsec tunnel name....................................................................................... 1078
vpn ipsec stats crypto ....................................................................................... 1079
vpn ipsec stats tunnel........................................................................................ 1080
vpn ssl monitor .................................................................................................. 1081
vpn status l2tp ................................................................................................... 1082
vpn status pptp.................................................................................................. 1083
vpn status ssl ..................................................................................................... 1084
webfilter ftgd-statistics ...................................................................................... 1085
webfilter status .................................................................................................. 1087
wireless-controller rf-analysis ............................................................................ 1088
wireless-controller scan..................................................................................... 1089
wireless-controller status................................................................................... 1090
wireless-controller vap-status ........................................................................... 1091
wireless-controller wlchanlistlic ......................................................................... 1092
wireless-controller wtp-status ........................................................................... 1095
tree............................................................................................................... 1097Fortinet Technologies Inc. Page 18 FortiOS - CLI Reference for FortiOS 5.0
-
Introduction
This document describes FortiOS 5.0 CLI commands used to configure and manage a FortiGate unit from the command line interface (CLI).
How this guide is organized
Most of the chapters in this document describe the commands for each configuration branch of the FortiOS CLI. The command branches and commands are in alphabetical order.
This document also contains the following sections:
Whats new describes changes to the 5.0 CLI.
config chapters describe the config commands.
execute describes execute commands.
get describes get commands.
tree describes the tree command.
Availability of commands and options
Some FortiOS CLI commands and options are not available on all FortiGate units. The CLI displays an error message if you attempt to enter a command or option that is not available. You can use the question mark ? to verify the commands and options that are available.
Commands and options may not be available for the following reasons:
FortiGate model. All commands are not available on all FortiGate models. For example, low end FortiGate models do not support the aggregate option of the config system interface command.
Hardware configuration. For example, some AMC module commands are only available when an AMC module is installed.
FortiOS Carrier, FortiGate Voice, FortiWiFi etc. Commands for extended functionality are not available on all FortiGate models. The CLI Reference includes commands only available for FortiWiFi units, FortiOS Carrier, and FortiGate Voice unitsPage 19
-
set popularity New field. Sets application popularity levels.
config client-reputation profile New command. Configure client reputation tracking. config dlp compound Command removed. Whats new
As the FortiOS Handbook has developed, the FortiGate CLI Reference for FortiOS 5.0 has become a dictionary of FortiOS CLI commands defining each command and its options, ranges, defaults and dependencies. The CLI Reference now includes FortiOS Carrier commands and future versions will include FortiGate Voice commands.
The table below lists the CLI commands and options in FortiOS v3 that have changed since the last major release of FortiOS.
Command Change
config antivirus profileedit
set block-botnet-connections New field. Enables blocking connections to known botnet servers.
set ftgd-analytics New field. Enables FortiGuard Analytics. set inspection-mode New field. Selects proxy or flow-based antivirus
operation.
config httpset avdb Field removed.
config mapi New subcommand. Configures MAPI protocol options.
config smb New subcommand. config antivirus quarantine
set drop-infected pop3 mapi New options. Support MAPI, POP3 protocols. set store-infected imaps smtps pop3s
https ftpsNew options. Support IMAPS, SMTPS, POP3S, HTTPS, FTPS protocols.
set enable-auto-submitset sel-statusset use-fpatset use-status
Fields removed. Quarantine auto-submit feature removed.
config antivirus quarfilepattern Command removed. FortiGaurd quarantine auto-submit feature was removed.
config antivirus settingsset default-db flow-based Option removed. Use inspection-mode in
antivirus profile. config application list
set log Field removed. Use traffic log application sensor name and application action fields instead.
config entriesedit Page 20
-
config dlp filepatternedit
config entriesedit
set action Field removed. set filter-by encrypted New option. Catches files that could not be scanned
because of encryption.
set active Field removed. config dlp rule Command removed. See config dlp sensor. config dlp settings
set cache-mem-percent New field. Sets amount of available memory used for caching.
config endpoint-control app-detect rule-list
Command removed.
config endpoint-control forticlient-registration-sync
New command. Configures peer FortiGate units for synchronization of Endpoint license registration.
config endpoint-control profileedit
config forticlient-winmac-settingsconfig forticlient-android-settingsconfig forticlient-ios-settings
New subcommands. Profile re-organized into separate sections for Windows/Mac, Android, and iOS.
set forticlient-config-deployment New field. Enables deployment of FortiClient settings from Endpoint Control profile.
set forticlient-log-upload New field. Enable sending of FortiClient logs to a FortiAnalyzer unit via the FortiGate unit.
set forticlient-settings-lockset forticlient-settings-lock-passwd
New fields. Locks FortiClient settings and sets password to unlock them.
set forticlient-vpn-provisioning config forticlient-vpn-settingsset forticlient-advanced-vpnset forticlient-advanced-vpn-buffer
New fields. Configure VPNs on FortiClient endpoints.
set type network-service New option. config service New subcommand. Configures network-service
address.
config endpoint-control settingsset endpoint-profile New field. Sets which endpoint profile to apply. set forticlient-reg-key-enforce set forticlient-reg-key
New fields. Enable enforcement of FortiClient registration.
set forticlient-reg-timeout New field. Sets timeout of FortiClient registration. set forticlient-temp-authorization-
timeoutNew field. Sets duration of temporary authorization.
set registration-password New field. Sets a password for FortiClient updates. config firewall addrgrp, addrgrp6 An address group can be a member of another
address group.
Command ChangeFortinet Technologies Inc. Page 21 FortiOS - CLI Reference for FortiOS 5.0v3
-
config firewall auth-portal New command. Adds an external authentication portal.
config firewall deep-inspection-options New command. Sets deep inspection options for secure protocols, such as HTTPS, FTPS, etc.
config firewall DoS-policy New command. Replaces config ips DoS. config firewall gtp
edit set unknown-version-action New field. Allow or deny traffic with GTP version > 1.
config firewall identity-based-route New command. Configures identity-based routes. config firewall ippool
set arp-enableset arp-intf
New fields. Can limit ARP requests to one interface or disable them completely.
set source-startipset source-endip
New fields. Define the source IP range for fixed port range mapping.
set type Field added. Select type of mapping. config firewall ippool6 New command. Configures IPv6 IP pools. config firewall ip-translation New command. Configures IP address translation. config firewall multicast-address New command. Configures multicast firewall
addresses.
config firewall multicast-policyedit
set dstaddr This field now accepts multicast address names defined in firewall multicast-address.
set srcaddr This field now accepts address names defined in firewall address, address6.
config firewall policy, policy46, policy6, policy64
edit
The nat, ippool and poolname fields now also apply to policy6.
set application-list This field is now also available in IPv6 policies. set auth-portal New field. Enables use of external authentication
portal defined in firewall auth-portal. set block-notification New field. Enables Fortinet Bar notification of blocked
files.
set capture-packet New field. Enables packet capture in policy. set client-reputation New field. Enables Client Reputation in policy. set device-detection-portal New field. Enables the Device Detection portal. set dstaddr-negate New field. Negates dstaddr selection. set dynamic-profileset dynamic-profile-group
Fields removed. Dynamic profile is controlled in the interface.
set dynamic-profile-access Field removed. RADIUS SSO replaces dynamic profile feature.
set email-collection-portal New field. Enables email collection from new devices. set fall-through-unauthenticated New field. Enables unauthenticated user to skip
authentication rules and possibly match another policy.
Command ChangeFortinet Technologies Inc. Page 22 FortiOS - CLI Reference for FortiOS 5.0v3
-
config firewall policy, policy46, policy6, policy64 (continued)set forticlient-compliance-devices New field. Select device types to which FortiClient
enforcement applies.
set deep-inspection-options New field. Applies a deep inspection options profile. set forticlient-compliance-
enforcement-portalNew field. Enables the FortiClient portal.
set identity-based-route New field. Enables use of identity-based route defined in firewall identity-based-route.
set identity-from New field. Selects whether identity comes from authenticated user or device.
set ips-DoS-statusset ips-DoS
Fields removed. Use config firewall DoS-policy command.
set ips-sensor This field is now also available in IPv6 policies. set logtraffic-start New field. Enables logging of session start and end. set netscan-discover-hosts New field. Enables host discovery for hostname
visibility feature.
set srcaddr6set dstaddr6
New fields. Set IPv6 addresses for source and destination.
set per-ip-shaper This field is now also available for IPv6 policies. set permit-any-hostset permit-stun-host
New fields. These can help support the FaceTime application on NATd iPhones.
set require-tfa New field. Makes identity-based policy require two-factor authentication.
set rsso New field. Enables RADIUS-based single sign on for this policy.
set send-deny-packet New field. Enables sending a reply packet to denied TCP, UDP or ICMP traffic. If deny-tcp-with-icmp is enabled in system settings, a Communication Prohibited ICMP packet is sent. Otherwise, denied TCP traffic is sent a TCP reset.
set service-negate New field. Negates service selection. set srcaddr-negate New field. Negates srcaddr selecti