fortigate cli 50
If you can't read please download the document
TRANSCRIPT
-
FortiOS CLI Reference for FortiOS 5.0
-
FortiOS CLI Reference for FortiOS 5.0
April 14, 2014
01-506-99686-20140414
Copyright 2014 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other resultsmay vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. Fortinet disclaims in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
Technical Documentation docs.fortinet.com
Knowledge Base kb.fortinet.com
Customer Service & Support support.fortinet.com
Training Services training.fortinet.com
FortiGuard fortiguard.com
Document Feedback [email protected]
-
fp-sensitivity........................................................................................................... 86sensor .................................................................................................................... 87
settings .................................................................................................................. 91Contents
Introduction..................................................................................................... 19How this guide is organized............................................................................. 19Availability of commands and options............................................................. 19
Managing Firmware with the FortiGate BIOS.............................................. 20Accessing the BIOS............................................................................................... 20
Navigating the menu........................................................................................ 20
Loading firmware ................................................................................................... 21Configuring TFTP parameters.......................................................................... 21Initiating TFTP firmware transfer...................................................................... 22
Booting the backup firmware ................................................................................ 22
Whats new...................................................................................................... 23
alertemail......................................................................................................... 54setting .................................................................................................................... 55
antivirus........................................................................................................... 59heuristic ................................................................................................................. 60
mms-checksum ..................................................................................................... 61
notification ............................................................................................................. 62
profile ..................................................................................................................... 63config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp |
smtps | nntp | im} ........................................................................................... 64config nac-quar................................................................................................ 65
quarantine .............................................................................................................. 66
service.................................................................................................................... 69
settings .................................................................................................................. 70
application....................................................................................................... 71custom ................................................................................................................... 72
list .......................................................................................................................... 73
name ...................................................................................................................... 77
client-reputation ............................................................................................. 78profile ..................................................................................................................... 79
dlp .................................................................................................................... 81filepattern ............................................................................................................... 82
fp-doc-source ........................................................................................................ 84Page 3
-
endpoint-control............................................................................................. 92forticlient-registration-sync.................................................................................... 93
profile ..................................................................................................................... 94
settings .................................................................................................................. 99
firewall ........................................................................................................... 101address, address6 ............................................................................................... 102
addrgrp, addrgrp6 ............................................................................................... 105
auth-portal ........................................................................................................... 106
carrier-endpoint-bwl ............................................................................................ 107
carrier-endpoint-ip-filter....................................................................................... 109
central-nat............................................................................................................ 110
deep-inspection-options ..................................................................................... 111config ftps ...................................................................................................... 112config https .................................................................................................... 113config imaps .................................................................................................. 113config pop3s .................................................................................................. 114config smtps .................................................................................................. 114config ssl........................................................................................................ 115config ssl-server............................................................................................. 115
dnstranslation ...................................................................................................... 117
DoS-policy, DoS-policy6 ..................................................................................... 118
gtp........................................................................................................................ 120
identity-based-route ............................................................................................ 136
interface-policy .................................................................................................... 137
interface-policy6 .................................................................................................. 139
ipmacbinding setting ........................................................................................... 141
ipmacbinding table .............................................................................................. 142
ippool, ippool6 ..................................................................................................... 143
ip-translation........................................................................................................ 145
ipv6-eh-filter......................................................................................................... 146
ldb-monitor .......................................................................................................... 147
local-in-policy, local-in-policy6............................................................................ 149
mms-profile.......................................................................................................... 150config dupe {mm1 | mm4}.............................................................................. 157config flood {mm1 | mm4}.............................................................................. 159config log ....................................................................................................... 160config notification {alert-dupe-1 | alert-flood-1 | mm1 | mm3 | mm4 | mm7}. 160config notif-msisdn ........................................................................................ 164
multicast-address ................................................................................................ 165
multicast-policy ................................................................................................... 167
policy, policy6 ...................................................................................................... 169config identity-based-policy .......................................................................... 186Fortinet Technologies Inc. Page 4 FortiOS - CLI Reference for FortiOS 5.0
-
policy46, policy64 ................................................................................................ 188
profile-group ........................................................................................................ 190
profile-protocol-options....................................................................................... 192config http...................................................................................................... 194config ftp........................................................................................................ 195config dns ...................................................................................................... 196config imap .................................................................................................... 196config mapi .................................................................................................... 197config pop3.................................................................................................... 197config smtp .................................................................................................... 198config nntp ..................................................................................................... 199config im ........................................................................................................ 200config mail-signature ..................................................................................... 200
schedule onetime................................................................................................. 201
schedule recurring ............................................................................................... 202
schedule group .................................................................................................... 203
service category................................................................................................... 204
service custom..................................................................................................... 205
service group ....................................................................................................... 209
shaper per-ip-shaper ........................................................................................... 210
shaper traffic-shaper ........................................................................................... 212
sniffer ................................................................................................................... 213
sniff-interface-policy ............................................................................................ 216
sniff-interface-policy6 .......................................................................................... 219
ssl setting............................................................................................................. 222
ttl-policy ............................................................................................................... 223
vip ........................................................................................................................ 224
vip46 .................................................................................................................... 244
vip6 ...................................................................................................................... 246
vip64 .................................................................................................................... 248
vipgrp................................................................................................................... 250
vipgrp46............................................................................................................... 251
vipgrp64............................................................................................................... 252
ftp-proxy........................................................................................................ 253explicit.................................................................................................................. 254
gui .................................................................................................................. 255console ................................................................................................................ 256
icap ................................................................................................................ 257profile ................................................................................................................... 258
server ................................................................................................................... 259Fortinet Technologies Inc. Page 5 FortiOS - CLI Reference for FortiOS 5.0
-
imp2p............................................................................................................. 260aim-user............................................................................................................... 261
icq-user................................................................................................................ 262
msn-user.............................................................................................................. 263
old-version ........................................................................................................... 264
policy ................................................................................................................... 265
yahoo-user........................................................................................................... 266
ips .................................................................................................................. 267custom ................................................................................................................. 268
decoder................................................................................................................ 269
global ................................................................................................................... 270
rule ....................................................................................................................... 272
sensor .................................................................................................................. 273
setting .................................................................................................................. 278
log .................................................................................................................. 279custom-field......................................................................................................... 280
{disk | fortianalyzer | fortianalyzer2 | fortianalyzer3 | memory | syslogd | syslogd2 | syslogd3 | webtrends | fortiguard} filter ............................................................. 281
disk setting........................................................................................................... 285
eventfilter ............................................................................................................. 290
{fortianalyzer | syslogd} override-filter ................................................................. 291
fortianalyzer override-setting ............................................................................... 292
{fortianalyzer | fortianalyzer2 | fortianalyzer3} setting .......................................... 293
fortiguard setting.................................................................................................. 296
gui-display ........................................................................................................... 297
memory setting .................................................................................................... 298
memory global-setting......................................................................................... 299
setting .................................................................................................................. 300
syslogd override-setting ...................................................................................... 302
{syslogd | syslogd2 | syslogd3} setting................................................................ 304
webtrends setting ................................................................................................ 306
netscan.......................................................................................................... 307assets................................................................................................................... 308
settings ................................................................................................................ 310
pbx ................................................................................................................. 312dialplan ................................................................................................................ 313
did ........................................................................................................................ 315
extension ............................................................................................................. 316
global ................................................................................................................... 318
ringgrp.................................................................................................................. 320Fortinet Technologies Inc. Page 6 FortiOS - CLI Reference for FortiOS 5.0
-
voice-menu .......................................................................................................... 321
sip-trunk............................................................................................................... 322
report ............................................................................................................. 324chart..................................................................................................................... 325
dataset ................................................................................................................. 330
layout ................................................................................................................... 331
style...................................................................................................................... 336
summary .............................................................................................................. 340
theme................................................................................................................... 341
router ............................................................................................................. 344access-list, access-list6 ...................................................................................... 345
aspath-list ............................................................................................................ 347
auth-path ............................................................................................................. 348
bfd........................................................................................................................ 349
bgp....................................................................................................................... 350config router bgp ........................................................................................... 354config admin-distance ................................................................................... 357config aggregate-address, config aggregate-address6 ................................ 358config neighbor .............................................................................................. 359config network, config network6 ................................................................... 368config redistribute, config redistribute6......................................................... 369
community-list ..................................................................................................... 370
gwdetect .............................................................................................................. 372
isis........................................................................................................................ 373config isis-interface........................................................................................ 377config isis-net................................................................................................. 378config redistribute {bgp | connected | ospf | rip | static} ................................ 378config summary-address ............................................................................... 379
key-chain ............................................................................................................. 380
multicast .............................................................................................................. 382Sparse mode.................................................................................................. 382Dense mode................................................................................................... 383config router multicast ................................................................................... 385config interface .............................................................................................. 386config pim-sm-global..................................................................................... 389
multicast6 ............................................................................................................ 394
multicast-flow ...................................................................................................... 395
ospf ...................................................................................................................... 396config router ospf........................................................................................... 399config area ..................................................................................................... 401config distribute-list ....................................................................................... 406config neighbor .............................................................................................. 407Fortinet Technologies Inc. Page 7 FortiOS - CLI Reference for FortiOS 5.0
-
config network ............................................................................................... 408config ospf-interface...................................................................................... 408config redistribute .......................................................................................... 412config summary-address ............................................................................... 413
ospf6 .................................................................................................................... 414
policy, policy6 ...................................................................................................... 420
prefix-list, prefix-list6 ........................................................................................... 424
rip......................................................................................................................... 426config router rip.............................................................................................. 427config distance............................................................................................... 429config distribute-list ....................................................................................... 429config interface .............................................................................................. 430config neighbor .............................................................................................. 432config network ............................................................................................... 433config offset-list ............................................................................................. 433config redistribute .......................................................................................... 434
ripng..................................................................................................................... 435config distance............................................................................................... 437
route-map ............................................................................................................ 441Using route maps with BGP .......................................................................... 443
setting .................................................................................................................. 448
static .................................................................................................................... 449
static6 .................................................................................................................. 451
spamfilter ...................................................................................................... 452bwl ....................................................................................................................... 453
bword................................................................................................................... 456
dnsbl .................................................................................................................... 458
fortishield ............................................................................................................. 460
iptrust................................................................................................................... 462
mheader............................................................................................................... 463
options ................................................................................................................. 465
profile ................................................................................................................... 466config {imap | imaps | mapi | pop3 | pop3s | smtp | smtps}........................... 468config {gmail | msn-hotmail | yahoo-mail}...................................................... 469
switch-controller .......................................................................................... 470managed-switch .................................................................................................. 471
vlan ...................................................................................................................... 472
system ........................................................................................................... 4733g-modem custom .............................................................................................. 474
accprofile ............................................................................................................. 475
admin ................................................................................................................... 478
amc ...................................................................................................................... 487Fortinet Technologies Inc. Page 8 FortiOS - CLI Reference for FortiOS 5.0
-
system (continued)arp-table .............................................................................................................. 488
auto-install ........................................................................................................... 489
autoupdate push-update ..................................................................................... 490
autoupdate schedule ........................................................................................... 491
autoupdate tunneling........................................................................................... 492
aux ....................................................................................................................... 493
bug-report............................................................................................................ 494
bypass ................................................................................................................. 495
central-management............................................................................................ 496
console ................................................................................................................ 498
ddns..................................................................................................................... 499
dedicated-mgmt .................................................................................................. 501
dhcp reserved-address........................................................................................ 502
dhcp server .......................................................................................................... 503
dhcp6 server ........................................................................................................ 508
dns ....................................................................................................................... 510
dns-database....................................................................................................... 511
dns-server............................................................................................................ 513
elbc ...................................................................................................................... 514
email-server ......................................................................................................... 515
fips-cc .................................................................................................................. 517
fortiguard ............................................................................................................. 518
fortisandbox......................................................................................................... 523
geoip-override...................................................................................................... 524
gi-gk..................................................................................................................... 525
global ................................................................................................................... 526
gre-tunnel............................................................................................................. 545
ha ......................................................................................................................... 546
interface ............................................................................................................... 557
ipip-tunnel ............................................................................................................ 585
ips-urlfilter-dns..................................................................................................... 586
ipv6-neighbor-cache............................................................................................ 587
ipv6-tunnel ........................................................................................................... 588
mac-address-table .............................................................................................. 589
modem................................................................................................................. 590
monitors............................................................................................................... 594
nat64 .................................................................................................................... 596
network-visibility .................................................................................................. 597
npu....................................................................................................................... 598Fortinet Technologies Inc. Page 9 FortiOS - CLI Reference for FortiOS 5.0
-
system (continued)ntp........................................................................................................................ 599
object-tag ............................................................................................................ 600
password-policy .................................................................................................. 601
port-pair ............................................................................................................... 602
probe-response ................................................................................................... 603
proxy-arp ............................................................................................................. 604
pstn ...................................................................................................................... 605
replacemsg admin ............................................................................................... 607
replacemsg alertmail............................................................................................ 608
replacemsg auth .................................................................................................. 610
replacemsg device-detection-portal.................................................................... 614
replacemsg ec ..................................................................................................... 615
replacemsg fortiguard-wf .................................................................................... 617
replacemsg ftp..................................................................................................... 619
replacemsg http................................................................................................... 621
replacemsg im ..................................................................................................... 624
replacemsg mail................................................................................................... 626
replacemsg mm1 ................................................................................................. 629
replacemsg mm3 ................................................................................................. 632
replacemsg mm4 ................................................................................................. 634
replacemsg mm7 ................................................................................................. 636
replacemsg-group ............................................................................................... 639
replacemsg-group ............................................................................................... 641
replacemsg-image ............................................................................................... 644
replacemsg nac-quar........................................................................................... 645
replacemsg nntp .................................................................................................. 647
replacemsg spam ................................................................................................ 649
replacemsg sslvpn............................................................................................... 652
replacemsg traffic-quota ..................................................................................... 653
replacemsg utm ................................................................................................... 654
replacemsg webproxy ......................................................................................... 656
resource-limits ..................................................................................................... 657
server-probe ........................................................................................................ 659
session-helper ..................................................................................................... 660
session-sync........................................................................................................ 662
session-ttl ............................................................................................................ 665
settings ................................................................................................................ 667
sit-tunnel .............................................................................................................. 673
sflow..................................................................................................................... 674Fortinet Technologies Inc. Page 10 FortiOS - CLI Reference for FortiOS 5.0
-
system (continued)sms-server ........................................................................................................... 675
snmp community ................................................................................................. 676
snmp sysinfo........................................................................................................ 680
snmp user ............................................................................................................ 682
sp ......................................................................................................................... 685
storage................................................................................................................. 687
stp ........................................................................................................................ 688
switch-interface ................................................................................................... 689
tos-based-priority ................................................................................................ 691
vdom-dns............................................................................................................. 692
vdom-link ............................................................................................................. 693
vdom-property ..................................................................................................... 694
vdom-radius-server ............................................................................................. 697
vdom-sflow .......................................................................................................... 698
virtual-switch........................................................................................................ 699
wccp .................................................................................................................... 700
zone ..................................................................................................................... 703
user ................................................................................................................ 704Configuring users for authentication.................................................................... 705
Configuring users for password authentication............................................. 705Configuring peers for certificate authentication............................................. 705
ban....................................................................................................................... 706
device .................................................................................................................. 709
device-access-list................................................................................................ 710
device-category ................................................................................................... 711
device-group........................................................................................................ 712
fortitoken.............................................................................................................. 713
fsso ...................................................................................................................... 714
fsso-polling .......................................................................................................... 716
group.................................................................................................................... 718
ldap ...................................................................................................................... 722
local ..................................................................................................................... 725
password-policy .................................................................................................. 727
peer...................................................................................................................... 728
peergrp ................................................................................................................ 730
radius ................................................................................................................... 731
setting .................................................................................................................. 736
tacacs+ ................................................................................................................ 738Fortinet Technologies Inc. Page 11 FortiOS - CLI Reference for FortiOS 5.0
-
voip ................................................................................................................ 739profile ................................................................................................................... 740
config sip ....................................................................................................... 742config sccp .................................................................................................... 751
vpn ................................................................................................................. 752certificate ca ........................................................................................................ 753
certificate crl ........................................................................................................ 754
certificate local..................................................................................................... 756
certificate ocsp-server ......................................................................................... 758
certificate remote................................................................................................. 759
certificate setting ................................................................................................. 760
ipsec concentrator ............................................................................................... 761
ipsec forticlient..................................................................................................... 762
ipsec manualkey .................................................................................................. 763
ipsec manualkey-interface................................................................................... 766
ipsec phase1........................................................................................................ 769
ipsec phase1-interface ........................................................................................ 778
ipsec phase2........................................................................................................ 792
ipsec phase2-interface ........................................................................................ 799
l2tp ....................................................................................................................... 808
pptp ..................................................................................................................... 810
ssl settings ........................................................................................................... 812
ssl web host-check-software............................................................................... 816
ssl web portal....................................................................................................... 818
ssl web realm....................................................................................................... 827
ssl web user......................................................................................................... 828
ssl web virtual-desktop-app-list .......................................................................... 830
wanopt........................................................................................................... 831auth-group ........................................................................................................... 832
peer...................................................................................................................... 833
profile ................................................................................................................... 834
settings ................................................................................................................ 838
ssl-server ............................................................................................................. 839
storage................................................................................................................. 842
webcache ............................................................................................................ 843config cache-exemption-list .......................................................................... 845
webfilter......................................................................................................... 846content................................................................................................................. 847
content-header .................................................................................................... 849
fortiguard ............................................................................................................. 850Fortinet Technologies Inc. Page 12 FortiOS - CLI Reference for FortiOS 5.0
-
ftgd-local-cat ....................................................................................................... 852
ftgd-local-rating ................................................................................................... 853
ftgd-warning ........................................................................................................ 854
ips-urlfilter-cache-setting..................................................................................... 856
ips-urlfilter-setting................................................................................................ 857
override ................................................................................................................ 858
override-user........................................................................................................ 859
profile ................................................................................................................... 861config ftgd-wf................................................................................................. 865config override ............................................................................................... 867config quota ................................................................................................... 867config web ..................................................................................................... 868
search-engine ...................................................................................................... 869
urlfilter .................................................................................................................. 870
web-proxy ..................................................................................................... 872explicit.................................................................................................................. 873
forward-server ..................................................................................................... 877
forward-server-group........................................................................................... 878
global ................................................................................................................... 879
url-match.............................................................................................................. 881
wireless-controller ....................................................................................... 882ap-status.............................................................................................................. 883
global ................................................................................................................... 884
setting .................................................................................................................. 885
timers ................................................................................................................... 886
vap ....................................................................................................................... 887
wids-profile .......................................................................................................... 891
wtp ....................................................................................................................... 893
wtp-profile............................................................................................................ 897
execute .......................................................................................................... 902backup ................................................................................................................. 903
batch.................................................................................................................... 906
bypass-mode....................................................................................................... 907
carrier-license ...................................................................................................... 908
central-mgmt ....................................................................................................... 909
cfg reload............................................................................................................. 910
cfg save ............................................................................................................... 911
clear system arp table ......................................................................................... 912
cli check-template-status .................................................................................... 913
cli status-msg-only .............................................................................................. 914Fortinet Technologies Inc. Page 13 FortiOS - CLI Reference for FortiOS 5.0
-
execute (continued)client-reputation................................................................................................... 915
date...................................................................................................................... 916
disk ...................................................................................................................... 917
disk raid ............................................................................................................... 918
dhcp lease-clear .................................................................................................. 919
dhcp lease-list ..................................................................................................... 920
disconnect-admin-session .................................................................................. 921
enter..................................................................................................................... 922
erase-disk ............................................................................................................ 923
factoryreset .......................................................................................................... 924
factoryreset2........................................................................................................ 925
formatlogdisk ....................................................................................................... 926
forticarrier-license ................................................................................................ 927
forticlient .............................................................................................................. 928
fortiguard-log ....................................................................................................... 929
fortisandbox test-connectivity ............................................................................. 930
fortitoken.............................................................................................................. 931
fortitoken-mobile.................................................................................................. 932
fsso refresh .......................................................................................................... 933
ha disconnect ...................................................................................................... 934
ha ignore-hardware-revision................................................................................ 935
ha manage ........................................................................................................... 936
ha synchronize..................................................................................................... 937
interface dhcpclient-renew .................................................................................. 938
interface pppoe-reconnect .................................................................................. 939
log client-reputation-report.................................................................................. 940
log convert-oldlogs.............................................................................................. 941
log delete-all ........................................................................................................ 942
log delete-oldlogs ................................................................................................ 943
log delete-rolled................................................................................................... 944
log display............................................................................................................ 945
log filter ................................................................................................................ 946
log fortianalyzer test-connectivity........................................................................ 947
log list................................................................................................................... 948
log rebuild-sqldb.................................................................................................. 949
log recreate-sqldb ............................................................................................... 950
log-report reset .................................................................................................... 951
log roll .................................................................................................................. 952
log upload-progress ............................................................................................ 953Fortinet Technologies Inc. Page 14 FortiOS - CLI Reference for FortiOS 5.0
-
execute (continued)modem dial .......................................................................................................... 954
modem hangup.................................................................................................... 955
modem trigger ..................................................................................................... 956
mrouter clear........................................................................................................ 957
netscan ................................................................................................................ 958
pbx....................................................................................................................... 959
ping ...................................................................................................................... 961
ping-options, ping6-options ................................................................................ 962
ping6 .................................................................................................................... 964
policy-packet-capture delete-all.......................................................................... 965
reboot .................................................................................................................. 966
report ................................................................................................................... 967
report-config reset ............................................................................................... 968
restore.................................................................................................................. 969
revision................................................................................................................. 973
router clear bfd session ....................................................................................... 974
router clear bgp ................................................................................................... 975
router clear ospf process..................................................................................... 976
router restart ........................................................................................................ 977
send-fds-statistics ............................................................................................... 978
set system session filter ...................................................................................... 979
set-next-reboot.................................................................................................... 981
sfp-mode-sgmii ................................................................................................... 982
shutdown ............................................................................................................. 983
ssh ....................................................................................................................... 984
sync-session........................................................................................................ 985
tac report ............................................................................................................. 986
telnet .................................................................................................................... 987
time ...................................................................................................................... 988
traceroute............................................................................................................. 989
tracert6................................................................................................................. 990
update-ase........................................................................................................... 991
update-av............................................................................................................. 992
update-geo-ip ...................................................................................................... 993
update-ips............................................................................................................ 994
update-now.......................................................................................................... 995
update-src-vis...................................................................................................... 996
upd-vd-license..................................................................................................... 997
upload.................................................................................................................. 998Fortinet Technologies Inc. Page 15 FortiOS - CLI Reference for FortiOS 5.0
-
execute (continued)usb-device ........................................................................................................... 999
usb-disk ............................................................................................................. 1000
vpn certificate ca ............................................................................................... 1001
vpn certificate crl ............................................................................................... 1002
vpn certificate local............................................................................................ 1003
vpn certificate remote ........................................................................................ 1006
vpn ipsec tunnel down....................................................................................... 1007
vpn ipsec tunnel up ........................................................................................... 1008
vpn sslvpn del-all ............................................................................................... 1009
vpn sslvpn del-tunnel......................................................................................... 1010
vpn sslvpn del-web............................................................................................ 1011
vpn sslvpn list .................................................................................................... 1012
webfilter quota-reset.......................................................................................... 1013
wireless-controller delete-wtp-image ................................................................ 1014
wireless-controller list-wtp-image ..................................................................... 1015
wireless-controller reset-wtp ............................................................................. 1016
wireless-controller restart-acd........................................................................... 1017
wireless-controller restart-wtpd......................................................................... 1018
wireless-controller upload-wtp-image............................................................... 1019
get ................................................................................................................ 1020endpoint-control app-detect ............................................................................. 1021
firewall dnstranslation ........................................................................................ 1023
firewall iprope appctrl ........................................................................................ 1024
firewall iprope list ............................................................................................... 1025
firewall proute, proute6...................................................................................... 1026
firewall service custom ...................................................................................... 1027
firewall shaper.................................................................................................... 1028
grep.................................................................................................................... 1029
gui console status.............................................................................................. 1030
gui topology status ............................................................................................ 1031
hardware cpu..................................................................................................... 1032
hardware memory.............................................................................................. 1034
hardware nic ...................................................................................................... 1035
hardware npu..................................................................................................... 1036
hardware status ................................................................................................. 1039
ips decoder status ............................................................................................. 1040
ips rule status..................................................................................................... 1041
ips session ......................................................................................................... 1042
ipsec tunnel........................................................................................................ 1043Fortinet Technologies Inc. Page 16 FortiOS - CLI Reference for FortiOS 5.0
-
get (continued)ips view-map ..................................................................................................... 1044
mgmt-data status .............................................................................................. 1045
netscan settings................................................................................................. 1046
pbx branch-office .............................................................................................. 1047
pbx dialplan ....................................................................................................... 1048
pbx did............................................................................................................... 1049
pbx extension .................................................................................................... 1050
pbx ftgd-voice-pkg ............................................................................................ 1051
pbx global .......................................................................................................... 1052
pbx ringgrp ........................................................................................................ 1053
pbx sip-trunk...................................................................................................... 1054
pbx voice-menu ................................................................................................. 1055
report database schema.................................................................................... 1056
router info bfd neighbor ..................................................................................... 1057
router info bgp ................................................................................................... 1058
router info gwdetect........................................................................................... 1061
router info isis .................................................................................................... 1062
router info kernel................................................................................................ 1063
router info multicast ........................................................................................... 1064
router info ospf .................................................................................................. 1066
router info protocols .......................................................................................... 1068
router info rip ..................................................................................................... 1069
router info routing-table .................................................................................... 1070
router info vrrp ................................................................................................... 1071
router info6 bgp ................................................................................................. 1072
router info6 interface.......................................................................................... 1073
router info6 kernel.............................................................................................. 1074
router info6 ospf ................................................................................................ 1075
router info6 protocols ........................................................................................ 1076
router info6 rip ................................................................................................... 1077
router info6 routing-table ................................................................................... 1078
system admin list ............................................................................................... 1079
system admin status.......................................................................................... 1080
system arp ......................................................................................................... 1081
system auto-update........................................................................................... 1082
system central-management ............................................................................. 1083
system checksum.............................................................................................. 1084
system cmdb status .......................................................................................... 1085
system fortianalyzer-connectivity ...................................................................... 1086Fortinet Technologies Inc. Page 17 FortiOS - CLI Reference for FortiOS 5.0
-
get (continued)system fortiguard-log-service status ................................................................. 1087
system fortiguard-service status ....................................................................... 1088
system ha-nonsync-csum ................................................................................. 1089
system ha status................................................................................................ 1090
system info admin ssh ....................................................................................... 1093
system info admin status................................................................................... 1094
system interface physical .................................................................................. 1095
system mgmt-csum........................................................................................... 1096
system performance firewall.............................................................................. 1097
system performance status ............................................................................... 1098
system performance top.................................................................................... 1099
system session list............................................................................................. 1100
system session status ....................................................................................... 1101
system session-helper-info list .......................................................................... 1102
system session-info ........................................................................................... 1103
system source-ip ............................................................................................... 1104
system startup-error-log.................................................................................... 1105
system status..................................................................................................... 1106
test ..................................................................................................................... 1107
user adgrp.......................................................................................................... 1109
vpn ike gateway ................................................................................................. 1110
vpn ipsec tunnel details ..................................................................................... 1111
vpn ipsec tunnel name....................................................................................... 1112
vpn ipsec stats crypto ....................................................................................... 1113
vpn ipsec stats tunnel........................................................................................ 1114
vpn ssl monitor .................................................................................................. 1115
vpn status l2tp ................................................................................................... 1116
vpn status pptp.................................................................................................. 1117
vpn status ssl ..................................................................................................... 1118
webfilter ftgd-statistics ...................................................................................... 1119
webfilter status .................................................................................................. 1121
wireless-controller rf-analysis ............................................................................ 1122
wireless-controller scan..................................................................................... 1123
wireless-controller status................................................................................... 1124
wireless-controller vap-status ........................................................................... 1125
wireless-controller wlchanlistlic ......................................................................... 1126
wireless-controller wtp-status ........................................................................... 1129
tree............................................................................................................... 1131Fortinet Technologies Inc. Page 18 FortiOS - CLI Reference for FortiOS 5.0
-
Introduction
This document describes FortiOS 5.0 CLI commands used to configure and manage a FortiGate unit from the command line interface (CLI).
How this guide is organized
Most of the chapters in this document describe the commands for each configuration branch of the FortiOS CLI. The command branches and commands are in alphabetical order.
This document also contains the following sections:
Managing Firmware with the FortiGate BIOS describes how to change firmware at the console during FortiGate unit boot-up.
Whats new describes changes to the 5.0 CLI.
config chapters describe the config commands.
execute describes execute commands.
get describes get commands.
tree describes the tree command.
Availability of commands and options
Some FortiOS CLI commands and options are not available on all FortiGate units. The CLI displays an error message if you attempt to enter a command or option that is not available. You can use the question mark ? to verify the commands and options that are available.
Commands and options may not be available for the following reasons:
FortiGate model. All commands are not available on all FortiGate models. For example, low end FortiGate models do not support the aggregate interface type option of the config system interface command.
Hardware configuration. For example, some AMC module commands are only available when an AMC module is installed.
FortiOS Carrier, FortiGate Voice, FortiWiFi etc. Commands for extended functionality are not available on all FortiGate models. The CLI Reference includes commands only available for FortiWiFi units, FortiOS Carrier, and FortiGate Voice unitsPage 19
-
which you can enter simply by pressing Return. For example,
Enter image download port number [WAN1]:In most menus, typing H re-lists the menu options and typing Q returns to the previous menu.Managing Firmware with the FortiGate BIOS
FortiGate units are shipped with firmware installed. Usually firmware upgrades are performed through the web-based manager or by using the CLI execute restore command. From the console, you can also interrupt the FortiGate units boot-up process to load firmware using the BIOS firmware that is a permanent part of the unit.
Using the BIOS, you can:
view system information
format the boot device
load firmware and reboot (see Loading firmware on page 21)
reboot the FortiGate unit from the backup firmware, which then becomes the default firmware (see Booting the backup firmware on page 22)
Accessing the BIOS
The BIOS menu is available only through direct connection to the FortiGate units Console port. During boot-up, Press any key appears briefly. If you press any keyboard key at this time, boot-up is suspended and the BIOS menu appears. If you are too late, the boot-up process continues as usual.
Navigating the menu
The main BIOS menu looks like this:
[C]: Configure TFTP parameters[R]: Review TFTP paramters[T]: Initiate TFTP firmware transfer[F]: Format boot device[Q]: Quit menu and continue to boot[I]: System Information[B]: Boot with backup firmare and set as default[Q]: Quit menu and continue to boot[H]: Display this list of options
Enter C,R,T,F,I,B,Q,or H:Typing the bracketed letter selects the option. Input is case-sensitive. Most options present a submenu. An option value in square brackets at the end of the Enter line is the default value Page 20
-
Loading firmware
The BIOS can download firmware from a TFTP server that is reachable from a FortiGate unit network interface. You need to know the IP address of the server and the name of the firmware file to download.
The downloaded firmware can be saved as either the default or backup firmware. It is also possible to boot the downloaded firmware without saving it.
Configuring TFTP parameters
Starting from the main BIOS menu
[C]: Configure TFTP parameters.
Selecting the VLAN (if VLANs are used)
[V]: Set local VLAN ID.
Choose port and whether to use DHCP
[P]: Set firmware download port.The options listed depend on the FortiGate model. Choose the network interface through which the TFTP server can be reached. For example:
[0]: Any of port 1 - 7[1]: WAN1[2]: WAN2Enter image download port number [WAN1]:
[D]: Set DHCP mode.Please select DHCP setting[1]: Enable DHCP[2]: Disable DHCP
If there is a DHCP server on the network, select [1]. This simplifies configuration. Otherwise, select [2].
Non-DHCP steps
[I]: Set local IP address.Enter local IP address [192.168.1.188]:
This is a temporary IP address for the FortiGate unit network interface. Use a unique address on the same subnet to which the network interface connects. [S]: Set local subnet mask.
Enter local subnet mask [255.255.252.0]:[G]: Set local gateway.
The local gateway IP address is needed if the TFTP server is on a different subnet than the one to which the FortiGate unit is connected.
TFTP and filename
[T]: Set remote TFTP server IP address.Enter remote TFTP server IP address [192.168.1.145]:
[F]: Set firmware file name.Enter firmware file name [image.out]:
Enter [Q] to return to the main menu.Fortinet Technologies Inc. Page 21 FortiOS - CLI Reference for FortiOS 5.0
-
Initiating TFTP firmware transfer
Starting from the main BIOS menu
[T]: Initiate TFTP firmware transfer.Please connect TFTP server to Ethernet port 'WAN1'.
MAC: 00:09:0f:b5:55:28
Connect to tftp server 192.168.1.145 ...
##########################################################Image Received.Checking image... OKSave as Default firmware/Backup firmware/Run image withoutsaving:[D/B/R]?
After you choose any option, the FortiGate unit reboots. If you choose [D] or [B], there is first a pause while the firmware is copied:
Programming the boot device now.................................................................................................................................
Booting the backup firmware
You can reboot the FortiGate unit from the backup firmware, which then becomes the default firmware.
Starting from the main BIOS menu
[B]: Boot with backup firmware and set as default.If the boot device contains backup firmware, the FortiGate unit reboots. Otherwise the unit responds:
Failed to mount filesystem. . .Mount back up partition failed.Back up image open failed.Press Y or y to boot default image.Fortinet Technologies Inc. Page 22 FortiOS - CLI Reference for FortiOS 5.0
-
DNS, HTTP, ICMP, SSL. config entriesedit
set popularity New field. Sets application popularity levels. Whats new
As the FortiOS Handbook has developed, the FortiGate CLI Reference for FortiOS 5.0 has become a dictionary of FortiOS CLI commands defining each command and its options, ranges, defaults a