Fortigate Cli 52
description
Transcript of Fortigate Cli 52
-
FortiOS CLI Reference for FortiOS 5.2
-
FortiOS CLI Reference for FortiOS 5.2
October 17, 2014
01-520-99686-20141017
Copyright 2014 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other resultsmay vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. Fortinet disclaims in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
Technical Documentation docs.fortinet.com
Knowledge Base kb.fortinet.com
Customer Service & Support support.fortinet.com
Training Services training.fortinet.com
FortiGuard fortiguard.com
Document Feedback [email protected]
-
ContentsIntroduction..................................................................................................... 19
How this guide is organized............................................................................. 19Availability of commands and options............................................................. 19
Managing Firmware with the FortiGate BIOS.............................................. 20Accessing the BIOS............................................................................................... 20
Navigating the menu........................................................................................ 20
Loading firmware ................................................................................................... 21Configuring TFTP parameters.......................................................................... 21Initiating TFTP firmware transfer...................................................................... 22
Booting the backup firmware ................................................................................ 22
Whats new...................................................................................................... 23
alertemail......................................................................................................... 35setting .................................................................................................................... 36
antivirus........................................................................................................... 40heuristic ................................................................................................................. 41
mms-checksum ..................................................................................................... 42
notification ............................................................................................................. 43
profile ..................................................................................................................... 44config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp |
smtps | nntp}.................................................................................................. 45config nac-quar................................................................................................ 46
quarantine .............................................................................................................. 47
settings .................................................................................................................. 50
application....................................................................................................... 51custom ................................................................................................................... 52
list .......................................................................................................................... 53
name ...................................................................................................................... 56
dlp .................................................................................................................... 57filepattern ............................................................................................................... 58
fp-doc-source ........................................................................................................ 60
fp-sensitivity........................................................................................................... 62
sensor .................................................................................................................... 63
settings .................................................................................................................. 65
endpoint-control............................................................................................. 66forticlient-registration-sync.................................................................................... 67
profile ..................................................................................................................... 68
settings .................................................................................................................. 73Fortinet Technologies Inc. Page 3 FortiOS - CLI Reference for FortiOS 5.2
-
extender-controller ........................................................................................ 74extender................................................................................................................. 75
firewall ............................................................................................................. 77address, address6 ................................................................................................. 78
addrgrp, addrgrp6 ................................................................................................. 81
auth-portal ............................................................................................................. 82
carrier-endpoint-bwl .............................................................................................. 83
carrier-endpoint-ip-filter......................................................................................... 85
central-nat.............................................................................................................. 86
dnstranslation ........................................................................................................ 87
DoS-policy, DoS-policy6 ....................................................................................... 88
explicit-proxy-policy .............................................................................................. 90
gtp.......................................................................................................................... 97
identity-based-route ............................................................................................ 113
interface-policy .................................................................................................... 114
interface-policy6 .................................................................................................. 116
ipmacbinding setting ........................................................................................... 118
ipmacbinding table .............................................................................................. 119
ippool, ippool6 ..................................................................................................... 120
ip-translation........................................................................................................ 122
ipv6-eh-filter......................................................................................................... 123
ldb-monitor .......................................................................................................... 124
local-in-policy, local-in-policy6............................................................................ 126
mms-profile.......................................................................................................... 127config dupe {mm1 | mm4}.............................................................................. 134config flood {mm1 | mm4}.............................................................................. 136config log ....................................................................................................... 137config notification {alert-dupe-1 | alert-flood-1 | mm1 | mm3 | mm4 | mm7}. 137config notif-msisdn ........................................................................................ 141
multicast-address ................................................................................................ 142
multicast-policy ................................................................................................... 144
policy, policy6 ...................................................................................................... 146
policy46, policy64 ................................................................................................ 162
profile-group ........................................................................................................ 164
profile-protocol-options....................................................................................... 166config http...................................................................................................... 169config ftp........................................................................................................ 171config dns ...................................................................................................... 172config imap .................................................................................................... 172config mapi .................................................................................................... 173config pop3.................................................................................................... 174config smtp .................................................................................................... 175Fortinet Technologies Inc. Page 4 FortiOS - CLI Reference for FortiOS 5.2
-
config nntp ..................................................................................................... 176config mail-signature ..................................................................................... 177
schedule onetime................................................................................................. 178
schedule recurring ............................................................................................... 179
schedule group .................................................................................................... 180
service category................................................................................................... 181
service custom..................................................................................................... 182
service group ....................................................................................................... 186
shaper per-ip-shaper ........................................................................................... 187
shaper traffic-shaper ........................................................................................... 189
sniffer ................................................................................................................... 190
ssl setting............................................................................................................. 193
ssl-ssh-profile ...................................................................................................... 194config {ftps | https | imaps | pop3s | smtps} .................................................. 195config ssh....................................................................................................... 196config ssl........................................................................................................ 196config ssl-exempt .......................................................................................... 197config ssl-server............................................................................................. 197
ttl-policy ............................................................................................................... 199
vip ........................................................................................................................ 200
vip46 .................................................................................................................... 220
vip6 ...................................................................................................................... 222
vip64 .................................................................................................................... 224
vipgrp................................................................................................................... 226
vipgrp46............................................................................................................... 227
vipgrp64............................................................................................................... 228
ftp-proxy........................................................................................................ 229explicit.................................................................................................................. 230
gui .................................................................................................................. 231console ................................................................................................................ 232
icap ................................................................................................................ 233profile ................................................................................................................... 234
server ................................................................................................................... 235
ips .................................................................................................................. 236custom ................................................................................................................. 237
decoder................................................................................................................ 238
global ................................................................................................................... 239
rule ....................................................................................................................... 241
sensor .................................................................................................................. 242
setting .................................................................................................................. 247Fortinet Technologies Inc. Page 5 FortiOS - CLI Reference for FortiOS 5.2
-
log .................................................................................................................. 248custom-field......................................................................................................... 249
{disk | fortianalyzer | fortianalyzer2 | fortianalyzer3 | memory | syslogd | syslogd2 | syslogd3 | webtrends | fortiguard} filter ............................................................. 250
disk setting........................................................................................................... 254
eventfilter ............................................................................................................. 258
{fortianalyzer | syslogd} override-filter ................................................................. 259
fortianalyzer override-setting ............................................................................... 260
{fortianalyzer | fortianalyzer2 | fortianalyzer3} setting .......................................... 261
fortiguard setting.................................................................................................. 264
gui-display ........................................................................................................... 265
memory setting .................................................................................................... 266
memory global-setting......................................................................................... 267
setting .................................................................................................................. 268
syslogd override-setting ...................................................................................... 270
{syslogd | syslogd2 | syslogd3} setting................................................................ 272
threat-weight........................................................................................................ 274
webtrends setting ................................................................................................ 276
netscan.......................................................................................................... 277assets................................................................................................................... 278
settings ................................................................................................................ 280
pbx ................................................................................................................. 282dialplan ................................................................................................................ 283
did ........................................................................................................................ 285
extension ............................................................................................................. 286
global ................................................................................................................... 288
ringgrp.................................................................................................................. 290
voice-menu .......................................................................................................... 291
sip-trunk............................................................................................................... 292
report ............................................................................................................. 294chart..................................................................................................................... 295
dataset ................................................................................................................. 300
layout ................................................................................................................... 301
style...................................................................................................................... 306
summary .............................................................................................................. 310
theme................................................................................................................... 311
router ............................................................................................................. 314access-list, access-list6 ...................................................................................... 315
aspath-list ............................................................................................................ 317
auth-path ............................................................................................................. 318Fortinet Technologies Inc. Page 6 FortiOS - CLI Reference for FortiOS 5.2
-
router (continued)bfd........................................................................................................................ 319
bgp....................................................................................................................... 320config router bgp ........................................................................................... 324config admin-distance ................................................................................... 327config aggregate-address, config aggregate-address6 ................................ 328config neighbor .............................................................................................. 329config network, config network6 ................................................................... 338config redistribute, config redistribute6......................................................... 339
community-list ..................................................................................................... 340
isis........................................................................................................................ 342config isis-interface........................................................................................ 346config isis-net................................................................................................. 347config redistribute {bgp | connected | ospf | rip | static} ................................ 347config summary-address ............................................................................... 348
key-chain ............................................................................................................. 349
multicast .............................................................................................................. 351Sparse mode.................................................................................................. 351Dense mode................................................................................................... 352config router multicast ................................................................................... 354config interface .............................................................................................. 355config pim-sm-global..................................................................................... 358
multicast6 ............................................................................................................ 363
multicast-flow ...................................................................................................... 364
ospf ...................................................................................................................... 365config router ospf........................................................................................... 368config area ..................................................................................................... 370config distribute-list ....................................................................................... 375config neighbor .............................................................................................. 376config network ............................................................................................... 377config ospf-interface...................................................................................... 378config redistribute .......................................................................................... 381config summary-address ............................................................................... 382
ospf6 .................................................................................................................... 383
policy, policy6 ...................................................................................................... 389
prefix-list, prefix-list6 ........................................................................................... 393
rip......................................................................................................................... 395config router rip.............................................................................................. 396config distance............................................................................................... 398config distribute-list ....................................................................................... 398config interface .............................................................................................. 399config neighbor .............................................................................................. 401config network ............................................................................................... 402config offset-list ............................................................................................. 402Fortinet Technologies Inc. Page 7 FortiOS - CLI Reference for FortiOS 5.2
-
config redistribute .......................................................................................... 403
ripng..................................................................................................................... 404config distance............................................................................................... 406
route-map ............................................................................................................ 410Using route maps with BGP .......................................................................... 412
setting .................................................................................................................. 417
static .................................................................................................................... 418
static6 .................................................................................................................. 420
spamfilter ...................................................................................................... 421bwl ....................................................................................................................... 422
bword................................................................................................................... 425
dnsbl .................................................................................................................... 427
fortishield ............................................................................................................. 429
iptrust................................................................................................................... 431
mheader............................................................................................................... 432
options ................................................................................................................. 434
profile ................................................................................................................... 435config {imap | imaps | mapi | pop3 | pop3s | smtp | smtps}........................... 437config {gmail | msn-hotmail | yahoo-mail}...................................................... 438
switch-controller .......................................................................................... 439managed-switch .................................................................................................. 440
vlan ...................................................................................................................... 441
system ........................................................................................................... 4423g-modem custom .............................................................................................. 444
accprofile ............................................................................................................. 445
admin ................................................................................................................... 448
amc ...................................................................................................................... 457
arp-table .............................................................................................................. 458
auto-install ........................................................................................................... 459
autoupdate push-update ..................................................................................... 460
autoupdate schedule ........................................................................................... 461
autoupdate tunneling........................................................................................... 462
aux ....................................................................................................................... 463
bug-report............................................................................................................ 464
bypass ................................................................................................................. 465
central-management............................................................................................ 466
console ................................................................................................................ 468
custom-language................................................................................................. 469
ddns..................................................................................................................... 470
dedicated-mgmt .................................................................................................. 472Fortinet Technologies Inc. Page 8 FortiOS - CLI Reference for FortiOS 5.2
-
system (continued)dhcp reserved-address........................................................................................ 473
dhcp server .......................................................................................................... 474
dhcp6 server ........................................................................................................ 479
dns ....................................................................................................................... 481
dns-database....................................................................................................... 482
dns-server............................................................................................................ 485
dscp-based-priority ............................................................................................. 486
elbc ...................................................................................................................... 487
email-server ......................................................................................................... 488
fips-cc .................................................................................................................. 489
fortiguard ............................................................................................................. 490
fortisandbox......................................................................................................... 495
geoip-override...................................................................................................... 496
gi-gk..................................................................................................................... 497
global ................................................................................................................... 498
gre-tunnel............................................................................................................. 518
ha ......................................................................................................................... 519
interface ............................................................................................................... 531
ipip-tunnel ............................................................................................................ 558
ips-urlfilter-dns..................................................................................................... 559
ipv6-neighbor-cache............................................................................................ 560
ipv6-tunnel ........................................................................................................... 561
link-monitor.......................................................................................................... 562
lte-modem ........................................................................................................... 563
mac-address-table .............................................................................................. 564
modem................................................................................................................. 565
monitors............................................................................................................... 570
nat64 .................................................................................................................... 572
netflow ................................................................................................................. 573
network-visibility .................................................................................................. 574
np6....................................................................................................................... 575
npu....................................................................................................................... 576
ntp........................................................................................................................ 577
object-tag ............................................................................................................ 578
password-policy .................................................................................................. 579
physical-switch .................................................................................................... 580
port-pair ............................................................................................................... 581
probe-response ................................................................................................... 582
proxy-arp ............................................................................................................. 583Fortinet Technologies Inc. Page 9 FortiOS - CLI Reference for FortiOS 5.2
-
system (continued)pstn ...................................................................................................................... 584
replacemsg admin ............................................................................................... 586
replacemsg alertmail............................................................................................ 587
replacemsg auth .................................................................................................. 589
replacemsg device-detection-portal.................................................................... 593
replacemsg ec ..................................................................................................... 594
replacemsg fortiguard-wf .................................................................................... 596
replacemsg ftp..................................................................................................... 598
replacemsg http................................................................................................... 600
replacemsg im ..................................................................................................... 603
replacemsg mail................................................................................................... 605
replacemsg mm1 ................................................................................................. 608
replacemsg mm3 ................................................................................................. 611
replacemsg mm4 ................................................................................................. 613
replacemsg mm7 ................................................................................................. 615
replacemsg-group ............................................................................................... 618
replacemsg-group ............................................................................................... 620
replacemsg-image ............................................................................................... 623
replacemsg nac-quar........................................................................................... 624
replacemsg nntp .................................................................................................. 626
replacemsg spam ................................................................................................ 628
replacemsg sslvpn............................................................................................... 631
replacemsg traffic-quota ..................................................................................... 632
replacemsg utm ................................................................................................... 633
replacemsg webproxy ......................................................................................... 635
resource-limits ..................................................................................................... 636
session-helper ..................................................................................................... 638
session-sync........................................................................................................ 640
session-ttl ............................................................................................................ 643
settings ................................................................................................................ 645
sit-tunnel .............................................................................................................. 652
sflow..................................................................................................................... 653
sms-server ........................................................................................................... 654
snmp community ................................................................................................. 655
snmp sysinfo........................................................................................................ 659
snmp user ............................................................................................................ 661
sp ......................................................................................................................... 664
storage................................................................................................................. 666
stp ........................................................................................................................ 667Fortinet Technologies Inc. Page 10 FortiOS - CLI Reference for FortiOS 5.2
-
system (continued)switch-interface ................................................................................................... 668
tos-based-priority ................................................................................................ 670
vdom-dns............................................................................................................. 671
vdom-link ............................................................................................................. 672
vdom-property ..................................................................................................... 673
vdom-radius-server ............................................................................................. 676
vdom-sflow .......................................................................................................... 677
virtual-switch........................................................................................................ 678
virtual-wan-link .................................................................................................... 679
wccp .................................................................................................................... 682
zone ..................................................................................................................... 685
user ................................................................................................................ 686Configuring users for authentication.................................................................... 687
Configuring users for password authentication............................................. 687Configuring peers for certificate authentication............................................. 687
ban....................................................................................................................... 688
device .................................................................................................................. 691
device-access-list................................................................................................ 692
device-category ................................................................................................... 693
device-group........................................................................................................ 694
fortitoken.............................................................................................................. 695
fsso ...................................................................................................................... 696
fsso-polling .......................................................................................................... 698
group.................................................................................................................... 700
ldap ...................................................................................................................... 704
local ..................................................................................................................... 707
password-policy .................................................................................................. 709
peer...................................................................................................................... 710
peergrp ................................................................................................................ 712
pop3..................................................................................................................... 713
radius ................................................................................................................... 714
security-exempt-list ............................................................................................. 719
setting .................................................................................................................. 720
tacacs+ ................................................................................................................ 722
voip ................................................................................................................ 723profile ................................................................................................................... 724
config sip ....................................................................................................... 726config sccp .................................................................................................... 735Fortinet Technologies Inc. Page 11 FortiOS - CLI Reference for FortiOS 5.2
-
vpn ................................................................................................................. 736certificate ca ........................................................................................................ 737
certificate crl ........................................................................................................ 738
certificate local..................................................................................................... 740
certificate ocsp-server ......................................................................................... 742
certificate remote................................................................................................. 743
certificate setting ................................................................................................. 744
ipsec concentrator ............................................................................................... 745
ipsec forticlient..................................................................................................... 746
ipsec manualkey .................................................................................................. 747
ipsec manualkey-interface................................................................................... 750
ipsec phase1........................................................................................................ 753
ipsec phase1-interface ........................................................................................ 763
ipsec phase2........................................................................................................ 777
ipsec phase2-interface ........................................................................................ 784
l2tp ....................................................................................................................... 793
pptp ..................................................................................................................... 795
ssl settings ........................................................................................................... 797
ssl web host-check-software............................................................................... 803
ssl web portal....................................................................................................... 805
ssl web realm....................................................................................................... 813
ssl web user-bookmark ....................................................................................... 814
ssl web virtual-desktop-app-list .......................................................................... 817
wanopt........................................................................................................... 818auth-group ........................................................................................................... 819
peer...................................................................................................................... 820
profile ................................................................................................................... 821
settings ................................................................................................................ 825
ssl-server ............................................................................................................. 826
storage................................................................................................................. 829
webcache ............................................................................................................ 830
webfilter......................................................................................................... 833content................................................................................................................. 834
content-header .................................................................................................... 836
fortiguard ............................................................................................................. 837
ftgd-local-cat ....................................................................................................... 839
ftgd-local-rating ................................................................................................... 840
ftgd-warning ........................................................................................................ 841
ips-urlfilter-cache-setting..................................................................................... 843
ips-urlfilter-setting................................................................................................ 844Fortinet Technologies Inc. Page 12 FortiOS - CLI Reference for FortiOS 5.2
-
override ................................................................................................................ 845
override-user........................................................................................................ 846
profile ................................................................................................................... 848config ftgd-wf................................................................................................. 852config override ............................................................................................... 854config quota ................................................................................................... 854config web ..................................................................................................... 855
search-engine ...................................................................................................... 856
urlfilter .................................................................................................................. 857
web-proxy ..................................................................................................... 859explicit.................................................................................................................. 860
forward-server ..................................................................................................... 864
forward-server-group........................................................................................... 865
global ................................................................................................................... 866
profile ................................................................................................................... 868
url-match.............................................................................................................. 869
wireless-controller ....................................................................................... 870ap-status.............................................................................................................. 871
global ................................................................................................................... 872
setting .................................................................................................................. 873
timers ................................................................................................................... 874
vap ....................................................................................................................... 875
wids-profile .......................................................................................................... 880
wtp ....................................................................................................................... 883
wtp-profile............................................................................................................ 887
execute .......................................................................................................... 893backup ................................................................................................................. 894
batch.................................................................................................................... 897
bypass-mode....................................................................................................... 898
carrier-license ...................................................................................................... 899
central-mgmt ....................................................................................................... 900
cfg reload............................................................................................................. 901
cfg save ............................................................................................................... 902
clear system arp table ......................................................................................... 903
cli check-template-status .................................................................................... 904
cli status-msg-only .............................................................................................. 905
client-reputation................................................................................................... 906
date...................................................................................................................... 907
disk ...................................................................................................................... 908
disk raid ............................................................................................................... 909Fortinet Technologies Inc. Page 13 FortiOS - CLI Reference for FortiOS 5.2
-
execute (continued)dhcp lease-clear .................................................................................................. 910
dhcp lease-list ..................................................................................................... 911
disconnect-admin-session .................................................................................. 912
enter..................................................................................................................... 913
erase-disk ............................................................................................................ 914
factoryreset .......................................................................................................... 915
factoryreset2........................................................................................................ 916
formatlogdisk ....................................................................................................... 917
forticarrier-license ................................................................................................ 918
forticlient .............................................................................................................. 919
FortiClient-NAC.................................................................................................... 920
fortiguard-log ....................................................................................................... 921
fortitoken.............................................................................................................. 922
fortitoken-mobile.................................................................................................. 923
fsso refresh .......................................................................................................... 924
ha disconnect ...................................................................................................... 925
ha ignore-hardware-revision................................................................................ 926
ha manage ........................................................................................................... 927
ha synchronize..................................................................................................... 928
interface dhcpclient-renew .................................................................................. 929
interface pppoe-reconnect .................................................................................. 930
log client-reputation-report.................................................................................. 931
log convert-oldlogs.............................................................................................. 932
log delete-all ........................................................................................................ 933
log delete-oldlogs ................................................................................................ 934
log detail .............................................................................................................. 935
log display............................................................................................................ 936
log downgrade-log............................................................................................... 937
log filter ................................................................................................................ 938
log fortianalyzer test-connectivity........................................................................ 939
log list................................................................................................................... 940
log rebuild-sqldb.................................................................................................. 941
log recreate-sqldb ............................................................................................... 942
log-report reset .................................................................................................... 943
log roll .................................................................................................................. 944
log upload-progress ............................................................................................ 945
modem dial .......................................................................................................... 946
modem hangup.................................................................................................... 947
modem trigger ..................................................................................................... 948Fortinet Technologies Inc. Page 14 FortiOS - CLI Reference for FortiOS 5.2
-
execute (continued)mrouter clear........................................................................................................ 949
netscan ................................................................................................................ 950
pbx....................................................................................................................... 951
ping ...................................................................................................................... 953
ping-options, ping6-options ................................................................................ 954
ping6 .................................................................................................................... 956
policy-packet-capture delete-all.......................................................................... 957
reboot .................................................................................................................. 958
report ................................................................................................................... 959
report-config reset ............................................................................................... 960
restore.................................................................................................................. 961
revision................................................................................................................. 965
router clear bfd session ....................................................................................... 966
router clear bgp ................................................................................................... 967
router clear ospf process..................................................................................... 968
router restart ........................................................................................................ 969
send-fds-statistics ............................................................................................... 970
set system session filter ...................................................................................... 971
set-next-reboot.................................................................................................... 973
sfp-mode-sgmii ................................................................................................... 974
shutdown ............................................................................................................. 975
ssh ....................................................................................................................... 976
sync-session........................................................................................................ 977
system custom-language import ......................................................................... 978
system fortisandbox test-connectivity................................................................. 979
tac report ............................................................................................................. 980
telnet .................................................................................................................... 981
time ...................................................................................................................... 982
traceroute............................................................................................................. 983
tracert6................................................................................................................. 984
update-av............................................................................................................. 985
update-geo-ip ...................................................................................................... 986
update-ips............................................................................................................ 987
update-list............................................................................................................ 988
update-now.......................................................................................................... 989
update-src-vis...................................................................................................... 990
upd-vd-license..................................................................................................... 991
upload.................................................................................................................. 992
usb-device ........................................................................................................... 993Fortinet Technologies Inc. Page 15 FortiOS - CLI Reference for FortiOS 5.2
-
execute (continued)usb-disk ............................................................................................................... 994
vpn certificate ca ................................................................................................. 995
vpn certificate crl ................................................................................................. 996
vpn certificate local export .................................................................................. 997
vpn certificate local generate............................................................................... 998
vpn certificate local import ................................................................................ 1000
vpn certificate remote ........................................................................................ 1001
vpn ipsec tunnel down....................................................................................... 1002
vpn ipsec tunnel up ........................................................................................... 1003
vpn sslvpn del-all ............................................................................................... 1004
vpn sslvpn del-tunnel......................................................................................... 1005
vpn sslvpn del-web............................................................................................ 1006
vpn sslvpn list .................................................................................................... 1007
webfilter quota-reset.......................................................................................... 1008
wireless-controller delete-wtp-image ................................................................ 1009
wireless-controller list-wtp-image ..................................................................... 1010
wireless-controller reset-wtp ............................................................................. 1011
wireless-controller restart-acd........................................................................... 1012
wireless-controller restart-wtpd......................................................................... 1013
wireless-controller upload-wtp-image............................................................... 1014
get ................................................................................................................ 1015endpoint-control app-detect ............................................................................. 1016
firewall dnstranslation ........................................................................................ 1018
firewall iprope appctrl ........................................................................................ 1019
firewall iprope list ............................................................................................... 1020
firewall proute, proute6...................................................................................... 1021
firewall service custom ...................................................................................... 1022
firewall shaper.................................................................................................... 1023
grep.................................................................................................................... 1024
gui console status.............................................................................................. 1025
gui topology status ............................................................................................ 1026
hardware cpu..................................................................................................... 1027
hardware memory.............................................................................................. 1029
hardware nic ...................................................................................................... 1030
hardware npu..................................................................................................... 1031
hardware status ................................................................................................. 1034
ips decoder status ............................................................................................. 1035
ips rule status..................................................................................................... 1036
ips session ......................................................................................................... 1037Fortinet Technologies Inc. Page 16 FortiOS - CLI Reference for FortiOS 5.2
-
get (continued)ipsec tunnel........................................................................................................ 1038
ips view-map ..................................................................................................... 1039
mgmt-data status .............................................................................................. 1040
netscan settings................................................................................................. 1041
pbx branch-office .............................................................................................. 1042
pbx dialplan ....................................................................................................... 1043
pbx did............................................................................................................... 1044
pbx extension .................................................................................................... 1045
pbx ftgd-voice-pkg ............................................................................................ 1046
pbx global .......................................................................................................... 1047
pbx ringgrp ........................................................................................................ 1048
pbx sip-trunk...................................................................................................... 1049
pbx voice-menu ................................................................................................. 1050
router info bfd neighbor ..................................................................................... 1051
router info bgp ................................................................................................... 1052
router info gwdetect........................................................................................... 1055
router info isis .................................................................................................... 1056
router info kernel................................................................................................ 1057
router info multicast ........................................................................................... 1058
router info ospf .................................................................................................. 1060
router info protocols .......................................................................................... 1062
router info rip ..................................................................................................... 1063
router info routing-table .................................................................................... 1064
router info vrrp ................................................................................................... 1065
router info6 bgp ................................................................................................. 1066
router info6 interface.......................................................................................... 1067
router info6 kernel.............................................................................................. 1068
router info6 ospf ................................................................................................ 1069
router info6 protocols ........................................................................................ 1070
router info6 rip ................................................................................................... 1071
router info6 routing-table ................................................................................... 1072
system admin list ............................................................................................... 1073
system admin status.......................................................................................... 1074
system arp ......................................................................................................... 1075
system auto-update........................................................................................... 1076
system central-management ............................................................................. 1077
system checksum.............................................................................................. 1078
system cmdb status .......................................................................................... 1079
system fortianalyzer-connectivity ...................................................................... 1080Fortinet Technologies Inc. Page 17 FortiOS - CLI Reference for FortiOS 5.2
-
get (continued)system fortiguard-log-service status ................................................................. 1081
system fortiguard-service status ....................................................................... 1082
system ha-nonsync-csum ................................................................................. 1083
system ha status................................................................................................ 1084
system info admin ssh ....................................................................................... 1087
system info admin status................................................................................... 1088
system interface physical .................................................................................. 1089
system mgmt-csum........................................................................................... 1090
system performance firewall.............................................................................. 1091
system performance status ............................................................................... 1092
system performance top.................................................................................... 1093
system session list............................................................................................. 1094
system session status ....................................................................................... 1095
system session-helper-info list .......................................................................... 1096
system session-info ........................................................................................... 1097
system source-ip ............................................................................................... 1098
system startup-error-log.................................................................................... 1099
system status..................................................................................................... 1100
test ..................................................................................................................... 1101
user adgrp.......................................................................................................... 1103
vpn ike gateway ................................................................................................. 1104
vpn ipsec tunnel details ..................................................................................... 1105
vpn ipsec tunnel name....................................................................................... 1106
vpn ipsec stats crypto ....................................................................................... 1107
vpn ipsec stats tunnel........................................................................................ 1108
vpn ssl monitor .................................................................................................. 1109
vpn status l2tp ................................................................................................... 1110
vpn status pptp.................................................................................................. 1111
vpn status ssl ..................................................................................................... 1112
webfilter ftgd-statistics ...................................................................................... 1113
webfilter status .................................................................................................. 1115
wireless-controller rf-analysis ............................................................................ 1116
wireless-controller scan..................................................................................... 1117
wireless-controller status................................................................................... 1118
wireless-controller vap-status ........................................................................... 1119
wireless-controller wlchanlistlic ......................................................................... 1120
wireless-controller wtp-status ........................................................................... 1123
tree............................................................................................................... 1125Fortinet Technologies Inc. Page 18 FortiOS - CLI Reference for FortiOS 5.2
-
Introduction
This document describes FortiOS 5.2 CLI commands used to configure and manage a FortiGate unit from the command line interface (CLI).
How this guide is organized
Most of the chapters in this document describe the commands for each configuration branch of the FortiOS CLI. The command branches and commands are in alphabetical order.
This document also contains the following sections:
Managing Firmware with the FortiGate BIOS describes how to change firmware at the console during FortiGate unit boot-up.
Whats new describes changes to the 5.2 CLI.
config chapters describe the config commands.
execute describes execute commands.
get describes get commands.
tree describes the tree command.
Availability of commands and options
Some FortiOS CLI commands and options are not available on all FortiGate units. The CLI displays an error message if you attempt to enter a command or option that is not available. You can use the question mark ? to verify the commands and options that are available.
Commands and options may not be available for the following reasons:
FortiGate model. All commands are not available on all FortiGate models. For example, low end FortiGate models do not support the aggregate interface type option of the config system interface command.
Hardware configuration. For example, some AMC module commands are only available when an AMC module is installed.
FortiOS Carrier, FortiGate Voice, FortiWiFi etc. Commands for extended functionality are not available on all FortiGate models. The CLI Reference includes commands only available for FortiWiFi units, FortiOS Carrier, and FortiGate Voice unitsPage 19
-
which you can enter simply by pressing Return. For example,
Enter image download port number [WAN1]:
In most menus, typing H re-lists the menu options and typing Q returns to the previous menu.Managing Firmware with the FortiGate BIOS
FortiGate units are shipped with firmware installed. Usually firmware upgrades are performed through the web-based manager or by using the CLI execute restore command. From the console, you can also interrupt the FortiGate units boot-up process to load firmware using the BIOS firmware that is a permanent part of the unit.
Using the BIOS, you can:
view system information
format the boot device
load firmware and reboot (see Loading firmware on page 21)
reboot the FortiGate unit from the backup firmware, which then becomes the default firmware (see Booting the backup firmware on page 22)
Accessing the BIOS
The BIOS menu is available only through direct connection to the FortiGate units Console port. During boot-up, Press any key appears briefly. If you press any keyboard key at this time, boot-up is suspended and the BIOS menu appears. If you are too late, the boot-up process continues as usual.
Navigating the menu
The main BIOS menu looks like this:
[C]: Configure TFTP parameters
[R]: Review TFTP paramters
[T]: Initiate TFTP firmware transfer
[F]: Format boot device
[Q]: Quit menu and continue to boot
[I]: System Information
[B]: Boot with backup firmare and set as default
[Q]: Quit menu and continue to boot
[H]: Display this list of options
Enter C,R,T,F,I,B,Q,or H:
Typing the bracketed letter selects the option. Input is case-sensitive. Most options present a submenu. An option value in square brackets at the end of the Enter line is the default value Page 20
-
Loading firmware
The BIOS can download firmware from a TFTP server that is reachable from a FortiGate unit network interface. You need to know the IP address of the server and the name of the firmware file to download.
The downloaded firmware can be saved as either the default or backup firmware. It is also possible to boot the downloaded firmware without saving it.
Configuring TFTP parameters
Starting from the main BIOS menu
[C]: Configure TFTP parameters.
Selecting the VLAN (if VLANs are used)
[V]: Set local VLAN ID.
Choose port and whether to use DHCP
[P]: Set firmware download port.
The options listed depend on the FortiGate model. Choose the network interface through which the TFTP server can be reached. For example:
[0]: Any of port 1 - 7
[1]: WAN1
[2]: WAN2
Enter image download port number [WAN1]:
[D]: Set DHCP mode.
Please select DHCP setting
[1]: Enable DHCP
[2]: Disable DHCP
If there is a DHCP server on the network, select [1]. This simplifies configuration. Otherwise, select [2].
Non-DHCP steps
[I]: Set local IP address.
Enter local IP address [192.168.1.188]:
This is a temporary IP address for the FortiGate unit network interface. Use a unique address on the same subnet to which the network interface connects. [S]: Set local subnet mask.
Enter local subnet mask [255.255.252.0]:
[G]: Set local gateway.
The local gateway IP address is needed if the TFTP server is on a different subnet than the one to which the FortiGate unit is connected.
TFTP and filename
[T]: Set remote TFTP server IP address.
Enter remote TFTP server IP address [192.168.1.145]:
[F]: Set firmware file name.
Enter firmware file name [image.out]:
Enter [Q] to return to the main menu.Fortinet Technologies Inc. Page 21 FortiOS - CLI Reference for FortiOS 5.2
-
Initiating TFTP firmware transfer
Starting from the main BIOS menu
[T]: Initiate TFTP firmware transfer.
Please connect TFTP server to Ethernet port 'WAN1'.
MAC: 00:09:0f:b5:55:28
Connect to tftp server 192.168.1.145 ...
##########################################################
Image Received.
Checking image... OK
Save as Default firmware/Backup firmware/Run image without
saving:[D/B/R]?
After you choose any option, the FortiGate unit reboots. If you choose [D] or [B], there is first a pause while the firmware is copied:
Programming the boot device now.
................................................................
................................................................
Booting the backup firmware
You can reboot the FortiGate unit from the backup firmware, which then becomes the default firmware.
Starting from the main BIOS menu
[B]: Boot with backup firmware and set as default.
If the boot device contains backup firmware, the FortiGate unit reboots. Otherwise the unit responds:
Failed to mount filesystem. . .
Mount back up partition failed.
Back up image open failed.
Press Y or y to boot default image.Fortinet Technologies Inc. Page 22