fortigate cli 52
DESCRIPTION
Fortigate Cli 52TRANSCRIPT
-
FortiOS CLI Reference for FortiOS 5.2
-
FortiOS CLI Reference for FortiOS 5.2
May 14, 2015
01-522-99686-20150514
Copyright 2015 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
Technical Documentation docs.fortinet.com
Knowledge Base kb.fortinet.com
Customer Service & Support support.fortinet.com
Training Services training.fortinet.com
FortiGuard fortiguard.com
Document Feedback [email protected]
-
ContentsIntroduction..................................................................................................... 20
How this guide is organized............................................................................. 20Availability of commands and options ............................................................. 20
Managing Firmware with the FortiGate BIOS.............................................. 21Accessing the BIOS............................................................................................... 21
Navigating the menu ........................................................................................ 21
Loading firmware ................................................................................................... 22Configuring TFTP parameters.......................................................................... 22Initiating TFTP firmware transfer ...................................................................... 23
Booting the backup firmware ................................................................................ 23
Whats new...................................................................................................... 24
alertemail......................................................................................................... 38setting .................................................................................................................... 39
antivirus........................................................................................................... 43heuristic ................................................................................................................. 44
mms-checksum ..................................................................................................... 45
notification ............................................................................................................. 46
profile ..................................................................................................................... 47config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp |
smtps | nntp}.................................................................................................. 48config nac-quar................................................................................................ 49
quarantine .............................................................................................................. 50
settings .................................................................................................................. 53
application....................................................................................................... 54custom ................................................................................................................... 55
list........................................................................................................................... 56
name ...................................................................................................................... 59
dlp .................................................................................................................... 60filepattern ............................................................................................................... 61
fp-doc-source ........................................................................................................ 63
fp-sensitivity........................................................................................................... 65
sensor .................................................................................................................... 66
settings .................................................................................................................. 68
endpoint-control............................................................................................. 69forticlient-registration-sync.................................................................................... 70
profile ..................................................................................................................... 71
settings .................................................................................................................. 76Fortinet Technologies Inc. Page 3 FortiOS - CLI Reference for FortiOS 5.2
-
extender-controller ........................................................................................ 77extender ................................................................................................................. 78
firewall ............................................................................................................. 80address, address6 ................................................................................................. 81
addrgrp, addrgrp6 ................................................................................................. 84
auth-portal ............................................................................................................. 85
carrier-endpoint-bwl .............................................................................................. 86
carrier-endpoint-ip-filter......................................................................................... 88
central-nat.............................................................................................................. 89
dnstranslation ........................................................................................................ 90
DoS-policy, DoS-policy6 ....................................................................................... 91
explicit-proxy-policy .............................................................................................. 93
gtp........................................................................................................................ 100
identity-based-route ............................................................................................ 116
interface-policy .................................................................................................... 117
interface-policy6 .................................................................................................. 119
ipmacbinding setting ........................................................................................... 121
ipmacbinding table .............................................................................................. 122
ippool, ippool6 ..................................................................................................... 123
ip-translation ........................................................................................................ 125
ipv6-eh-filter......................................................................................................... 126
ldb-monitor .......................................................................................................... 127
local-in-policy, local-in-policy6............................................................................ 129
mms-profile.......................................................................................................... 130config dupe {mm1 | mm4}.............................................................................. 137config flood {mm1 | mm4}.............................................................................. 139config log ....................................................................................................... 140config notification {alert-dupe-1 | alert-flood-1 | mm1 | mm3 | mm4 | mm7}. 140config notif-msisdn ........................................................................................ 144
multicast-address ................................................................................................ 145
multicast-policy.................................................................................................... 147
policy, policy6 ...................................................................................................... 149
policy46, policy64 ................................................................................................ 162
profile-group ........................................................................................................ 165
profile-protocol-options....................................................................................... 167config http...................................................................................................... 169config ftp ........................................................................................................ 171config dns ...................................................................................................... 172config imap .................................................................................................... 173config mapi .................................................................................................... 174config pop3.................................................................................................... 174config smtp .................................................................................................... 175Fortinet Technologies Inc. Page 4 FortiOS - CLI Reference for FortiOS 5.2
-
config nntp ..................................................................................................... 177config mail-signature ..................................................................................... 178
schedule onetime................................................................................................. 179
schedule recurring ............................................................................................... 180
schedule group .................................................................................................... 181
service category................................................................................................... 182
service custom..................................................................................................... 183
service group ....................................................................................................... 187
shaper per-ip-shaper ........................................................................................... 188
shaper traffic-shaper............................................................................................ 190
sniffer ................................................................................................................... 191
ssl setting............................................................................................................. 194
ssl-ssh-profile ...................................................................................................... 195config {ftps | https | imaps | pop3s | smtps}................................................... 196config ssh....................................................................................................... 197config ssl ........................................................................................................ 197config ssl-exempt .......................................................................................... 198config ssl-server............................................................................................. 198
ttl-policy ............................................................................................................... 200
vip ........................................................................................................................ 201
vip46 .................................................................................................................... 221
vip6 ...................................................................................................................... 223
vip64 .................................................................................................................... 225
vipgrp ................................................................................................................... 227
vipgrp46............................................................................................................... 228
vipgrp64............................................................................................................... 229
ftp-proxy........................................................................................................ 230explicit.................................................................................................................. 231
gui .................................................................................................................. 232console ................................................................................................................ 233
icap ................................................................................................................ 234profile ................................................................................................................... 235
server ................................................................................................................... 236
ips................................................................................................................... 237custom ................................................................................................................. 238
decoder................................................................................................................ 239
global ................................................................................................................... 240
rule ....................................................................................................................... 242
sensor .................................................................................................................. 243
setting .................................................................................................................. 248Fortinet Technologies Inc. Page 5 FortiOS - CLI Reference for FortiOS 5.2
-
log .................................................................................................................. 249custom-field ......................................................................................................... 250
disk filter............................................................................................................... 251
disk setting........................................................................................................... 253
eventfilter ............................................................................................................. 257
fortianalyzer filter.................................................................................................. 258
{fortianalyzer | syslogd} override-filter ................................................................. 260
fortianalyzer override-setting ............................................................................... 261
fortianalyzer setting.............................................................................................. 262
fortiguard filter...................................................................................................... 265
fortiguard setting.................................................................................................. 267
gui-display ........................................................................................................... 268
memory filter ........................................................................................................ 269
memory setting .................................................................................................... 271
memory global-setting......................................................................................... 272
setting .................................................................................................................. 273
syslogd filter......................................................................................................... 275
syslogd override-setting ...................................................................................... 277
{syslogd | syslogd2 | syslogd3} setting................................................................ 279
threat-weight........................................................................................................ 281
webtrends filter .................................................................................................... 283
webtrends setting ................................................................................................ 285
netscan.......................................................................................................... 286assets................................................................................................................... 287
settings ................................................................................................................ 289
pbx ................................................................................................................. 291dialplan................................................................................................................. 292
did ........................................................................................................................ 294
extension.............................................................................................................. 295
global ................................................................................................................... 297
ringgrp.................................................................................................................. 299
voice-menu .......................................................................................................... 300
sip-trunk............................................................................................................... 301
report ............................................................................................................. 303chart ..................................................................................................................... 304
dataset ................................................................................................................. 309
layout ................................................................................................................... 310
setting .................................................................................................................. 315
style...................................................................................................................... 316
summary .............................................................................................................. 320Fortinet Technologies Inc. Page 6 FortiOS - CLI Reference for FortiOS 5.2
-
theme ................................................................................................................... 321
router ............................................................................................................. 324access-list, access-list6....................................................................................... 325
aspath-list ............................................................................................................ 327
auth-path ............................................................................................................. 328
bfd........................................................................................................................ 329
bgp....................................................................................................................... 330config router bgp ........................................................................................... 334config admin-distance ................................................................................... 338config aggregate-address, config aggregate-address6 ................................ 338config neighbor .............................................................................................. 339config network, config network6 ................................................................... 348config redistribute, config redistribute6 ......................................................... 349
community-list ..................................................................................................... 351
isis........................................................................................................................ 353config isis-interface........................................................................................ 357config isis-net................................................................................................. 358config redistribute {bgp | connected | ospf | rip | static} ................................ 358config summary-address ............................................................................... 359
key-chain ............................................................................................................. 360
multicast .............................................................................................................. 362Sparse mode.................................................................................................. 362Dense mode................................................................................................... 363config router multicast ................................................................................... 366config interface .............................................................................................. 367config pim-sm-global..................................................................................... 370
multicast6 ............................................................................................................ 375
multicast-flow ...................................................................................................... 376
ospf ...................................................................................................................... 377config router ospf........................................................................................... 380config area ..................................................................................................... 382config distribute-list ....................................................................................... 387config neighbor .............................................................................................. 388config network ............................................................................................... 389config ospf-interface...................................................................................... 390config redistribute .......................................................................................... 393config summary-address ............................................................................... 394
ospf6 .................................................................................................................... 395
policy, policy6 ...................................................................................................... 401
prefix-list, prefix-list6 ........................................................................................... 405
rip ......................................................................................................................... 407config router rip.............................................................................................. 408config distance............................................................................................... 410Fortinet Technologies Inc. Page 7 FortiOS - CLI Reference for FortiOS 5.2
-
config distribute-list ....................................................................................... 410config interface .............................................................................................. 411config neighbor .............................................................................................. 413config network ............................................................................................... 414config offset-list ............................................................................................. 414config redistribute .......................................................................................... 415
ripng..................................................................................................................... 416config distance............................................................................................... 418
route-map ............................................................................................................ 422Using route maps with BGP .......................................................................... 424
setting .................................................................................................................. 429
static .................................................................................................................... 430
static6 .................................................................................................................. 432
spamfilter ...................................................................................................... 433bwl ....................................................................................................................... 434
bword................................................................................................................... 437
dnsbl .................................................................................................................... 439
fortishield ............................................................................................................. 441
iptrust................................................................................................................... 443
mheader............................................................................................................... 444
options ................................................................................................................. 446
profile ................................................................................................................... 447config {imap | imaps | mapi | pop3 | pop3s | smtp | smtps} ........................... 449config {gmail | msn-hotmail | yahoo-mail}...................................................... 450
switch-controller .......................................................................................... 451managed-switch .................................................................................................. 452
vlan....................................................................................................................... 453
system ........................................................................................................... 4543g-modem custom .............................................................................................. 456
accprofile ............................................................................................................. 457
admin ................................................................................................................... 460
amc ...................................................................................................................... 469
arp-table .............................................................................................................. 470
auto-install ........................................................................................................... 471
autoupdate push-update ..................................................................................... 472
autoupdate schedule ........................................................................................... 473
autoupdate tunneling ........................................................................................... 474
aux ....................................................................................................................... 475
bypass ................................................................................................................. 476
central-management............................................................................................ 477
console ................................................................................................................ 479Fortinet Technologies Inc. Page 8 FortiOS - CLI Reference for FortiOS 5.2
-
custom-language................................................................................................. 480
ddns ..................................................................................................................... 481
dedicated-mgmt .................................................................................................. 483
dhcp reserved-address........................................................................................ 484
dhcp server .......................................................................................................... 485
dhcp6 server ........................................................................................................ 491
dns ....................................................................................................................... 493
dns-database....................................................................................................... 494
dns-server............................................................................................................ 497
dscp-based-priority ............................................................................................. 498
elbc ...................................................................................................................... 499
email-server ......................................................................................................... 500
fips-cc .................................................................................................................. 501
fortiguard ............................................................................................................. 502
fortisandbox......................................................................................................... 506
geoip-override...................................................................................................... 507
gi-gk..................................................................................................................... 508
global ................................................................................................................... 509
gre-tunnel............................................................................................................. 530
ha ......................................................................................................................... 531
interface ............................................................................................................... 543
ipip-tunnel ............................................................................................................ 570
ips-urlfilter-dns..................................................................................................... 571
ipv6-neighbor-cache............................................................................................ 572
ipv6-tunnel ........................................................................................................... 573
link-monitor.......................................................................................................... 574
lte-modem............................................................................................................ 575
mac-address-table .............................................................................................. 576
modem................................................................................................................. 577
monitors ............................................................................................................... 582
nat64 .................................................................................................................... 584
netflow ................................................................................................................. 585
network-visibility .................................................................................................. 586
np6....................................................................................................................... 587
npu....................................................................................................................... 591
ntp........................................................................................................................ 592
object-tag............................................................................................................. 593
password-policy .................................................................................................. 594
physical-switch .................................................................................................... 595
port-pair ............................................................................................................... 596Fortinet Technologies Inc. Page 9 FortiOS - CLI Reference for FortiOS 5.2
-
probe-response ................................................................................................... 597
proxy-arp ............................................................................................................. 598
pstn ...................................................................................................................... 599
replacemsg admin ............................................................................................... 601
replacemsg alertmail............................................................................................ 602
replacemsg auth .................................................................................................. 604
replacemsg device-detection-portal.................................................................... 608
replacemsg ec ..................................................................................................... 609
replacemsg fortiguard-wf .................................................................................... 611
replacemsg ftp ..................................................................................................... 613
replacemsg http................................................................................................... 615
replacemsg im ..................................................................................................... 618
replacemsg mail................................................................................................... 620
replacemsg mm1 ................................................................................................. 623
replacemsg mm3 ................................................................................................. 626
replacemsg mm4 ................................................................................................. 628
replacemsg mm7 ................................................................................................. 630
replacemsg-group ............................................................................................... 633
replacemsg-group ............................................................................................... 635
replacemsg-image ............................................................................................... 638
replacemsg nac-quar........................................................................................... 639
replacemsg nntp .................................................................................................. 641
replacemsg spam ................................................................................................ 643
replacemsg sslvpn ............................................................................................... 646
replacemsg traffic-quota ..................................................................................... 647
replacemsg utm ................................................................................................... 648
replacemsg webproxy ......................................................................................... 650
resource-limits ..................................................................................................... 651
session-helper ..................................................................................................... 653
session-sync ........................................................................................................ 655
session-ttl ............................................................................................................ 658
settings ................................................................................................................ 660
sit-tunnel .............................................................................................................. 667
sflow..................................................................................................................... 668
sms-server ........................................................................................................... 669
snmp community ................................................................................................. 670
snmp sysinfo........................................................................................................ 674
snmp user ............................................................................................................ 676
sp ......................................................................................................................... 679
storage................................................................................................................. 681Fortinet Technologies Inc. Page 10 FortiOS - CLI Reference for FortiOS 5.2
-
stp ........................................................................................................................ 682
switch-interface ................................................................................................... 683
tos-based-priority ................................................................................................ 685
vdom-dns............................................................................................................. 686
vdom-link ............................................................................................................. 687
vdom-property ..................................................................................................... 688
vdom-radius-server ............................................................................................. 691
vdom-sflow .......................................................................................................... 692
virtual-switch........................................................................................................ 693
virtual-wan-link .................................................................................................... 694
wccp .................................................................................................................... 697
zone ..................................................................................................................... 700
user ................................................................................................................ 701Configuring users for authentication.................................................................... 702
Configuring users for password authentication............................................. 702Configuring peers for certificate authentication............................................. 702
ban ....................................................................................................................... 703
device................................................................................................................... 706
device-access-list ................................................................................................ 707
device-category ................................................................................................... 708
device-group........................................................................................................ 709
fortitoken.............................................................................................................. 710
fsso ...................................................................................................................... 711
fsso-polling .......................................................................................................... 713
group.................................................................................................................... 715
ldap ...................................................................................................................... 719
local...................................................................................................................... 722
password-policy .................................................................................................. 724
peer...................................................................................................................... 725
peergrp ................................................................................................................ 727
pop3..................................................................................................................... 728
radius ................................................................................................................... 729
security-exempt-list ............................................................................................. 734
setting .................................................................................................................. 735
tacacs+ ................................................................................................................ 737
voip ................................................................................................................ 738profile ................................................................................................................... 739
config sip........................................................................................................ 741config sccp .................................................................................................... 750Fortinet Technologies Inc. Page 11 FortiOS - CLI Reference for FortiOS 5.2
-
vpn ................................................................................................................. 751certificate ca ........................................................................................................ 752
certificate crl ........................................................................................................ 753
certificate local..................................................................................................... 755
certificate ocsp-server ......................................................................................... 757
certificate remote ................................................................................................. 758
certificate setting ................................................................................................. 759
ipsec concentrator ............................................................................................... 760
ipsec forticlient..................................................................................................... 761
ipsec manualkey .................................................................................................. 762
ipsec manualkey-interface................................................................................... 765
ipsec phase1........................................................................................................ 768
ipsec phase1-interface ........................................................................................ 778
ipsec phase2........................................................................................................ 793
ipsec phase2-interface ........................................................................................ 800
l2tp ....................................................................................................................... 809
pptp...................................................................................................................... 811
ssl settings ........................................................................................................... 813
ssl web host-check-software............................................................................... 819
ssl web portal....................................................................................................... 821
ssl web realm....................................................................................................... 829
ssl web user-bookmark ....................................................................................... 830
ssl web virtual-desktop-app-list .......................................................................... 833
wanopt........................................................................................................... 834auth-group ........................................................................................................... 835
peer...................................................................................................................... 836
profile ................................................................................................................... 837
settings ................................................................................................................ 841
ssl-server ............................................................................................................. 842
storage................................................................................................................. 845
webcache............................................................................................................. 846
webfilter......................................................................................................... 849content................................................................................................................. 850
content-header .................................................................................................... 852
fortiguard ............................................................................................................. 853
ftgd-local-cat ....................................................................................................... 855
ftgd-local-rating ................................................................................................... 856
ftgd-warning......................................................................................................... 857
ips-urlfilter-cache-setting..................................................................................... 859
ips-urlfilter-setting................................................................................................ 860Fortinet Technologies Inc. Page 12 FortiOS - CLI Reference for FortiOS 5.2
-
override ................................................................................................................ 861
override-user........................................................................................................ 862
profile ................................................................................................................... 864config ftgd-wf................................................................................................. 868config override ............................................................................................... 870config quota ................................................................................................... 870config web ..................................................................................................... 871
search-engine ...................................................................................................... 872
urlfilter .................................................................................................................. 873
web-proxy ..................................................................................................... 875explicit.................................................................................................................. 876
forward-server ..................................................................................................... 880
forward-server-group........................................................................................... 881
global ................................................................................................................... 882
profile ................................................................................................................... 884
url-match.............................................................................................................. 885
wireless-controller ....................................................................................... 886ap-status.............................................................................................................. 887
global ................................................................................................................... 888
setting .................................................................................................................. 889
timers ................................................................................................................... 890
vap ....................................................................................................................... 891
wids-profile .......................................................................................................... 896
wtp ....................................................................................................................... 899
wtp-profile............................................................................................................ 903
execute .......................................................................................................... 910backup ................................................................................................................. 912
batch.................................................................................................................... 916
bypass-mode....................................................................................................... 917
carrier-license ...................................................................................................... 918
central-mgmt ....................................................................................................... 919
cfg reload............................................................................................................. 920
cfg save................................................................................................................ 921
clear system arp table.......................................................................................... 922
cli check-template-status .................................................................................... 923
cli status-msg-only .............................................................................................. 924
client-reputation................................................................................................... 925
date ...................................................................................................................... 926
disk ...................................................................................................................... 927
disk raid ............................................................................................................... 928Fortinet Technologies Inc. Page 13 FortiOS - CLI Reference for FortiOS 5.2
-
disk scan.............................................................................................................. 929
dhcp lease-clear .................................................................................................. 930
dhcp lease-list...................................................................................................... 931
disconnect-admin-session .................................................................................. 932
enter..................................................................................................................... 933
erase-disk ............................................................................................................ 934
factoryreset .......................................................................................................... 935
factoryreset2 ........................................................................................................ 936
formatlogdisk ....................................................................................................... 937
forticarrier-license ................................................................................................ 938
forticlient .............................................................................................................. 939
FortiClient-NAC.................................................................................................... 940
fortiguard-log ....................................................................................................... 941
fortitoken.............................................................................................................. 942
fortitoken-mobile.................................................................................................. 943
fsso refresh .......................................................................................................... 944
ha disconnect ...................................................................................................... 945
ha ignore-hardware-revision................................................................................ 946
ha manage ........................................................................................................... 947
ha synchronize..................................................................................................... 948
interface dhcpclient-renew .................................................................................. 949
interface pppoe-reconnect .................................................................................. 950
log backup ........................................................................................................... 951
log client-reputation-report.................................................................................. 952
log convert-oldlogs .............................................................................................. 953
log delete-all ........................................................................................................ 954
log delete-oldlogs ................................................................................................ 955
log detail .............................................................................................................. 956
log display............................................................................................................ 957
log downgrade-log............................................................................................... 958
log filter ................................................................................................................ 959
log fortianalyzer test-connectivity........................................................................ 960
log list................................................................................................................... 961
log rebuild-sqldb.................................................................................................. 962
log recreate-sqldb................................................................................................ 963
log-report reset .................................................................................................... 964
log restore............................................................................................................ 965
log roll .................................................................................................................. 966
log shift-time ........................................................................................................ 967
log upload-progress ............................................................................................ 968Fortinet Technologies Inc. Page 14 FortiOS - CLI Reference for FortiOS 5.2
-
modem dial .......................................................................................................... 969
modem hangup.................................................................................................... 970
modem trigger ..................................................................................................... 971
mrouter clear........................................................................................................ 972
netscan ................................................................................................................ 973
pbx....................................................................................................................... 974
ping ...................................................................................................................... 976
ping-options, ping6-options ................................................................................ 977
ping6 .................................................................................................................... 979
policy-packet-capture delete-all.......................................................................... 980
reboot................................................................................................................... 981
report ................................................................................................................... 982
report-config reset ............................................................................................... 983
restore.................................................................................................................. 984
revision................................................................................................................. 988
router clear bfd session ....................................................................................... 989
router clear bgp ................................................................................................... 990
router clear ospf process..................................................................................... 991
router restart ........................................................................................................ 992
send-fds-statistics ............................................................................................... 993
sensor .................................................................................................................. 994
set system session filter....................................................................................... 995
set-next-reboot .................................................................................................... 997
sfp-mode-sgmii.................................................................................................... 998
shutdown ............................................................................................................. 999
ssh ..................................................................................................................... 1000
sync-session ...................................................................................................... 1001
system custom-language import ....................................................................... 1002
system fortisandbox test-connectivity............................................................... 1003
tac report ........................................................................................................... 1004
telnet .................................................................................................................. 1005
time .................................................................................................................... 1006
traceroute........................................................................................................... 1007
tracert6............................................................................................................... 1008
update-av........................................................................................................... 1009
update-geo-ip .................................................................................................... 1010
update-ips.......................................................................................................... 1011
update-list .......................................................................................................... 1012
update-now........................................................................................................ 1013
update-src-vis.................................................................................................... 1014Fortinet Technologies Inc. Page 15 FortiOS - CLI Reference for FortiOS 5.2
-
upd-vd-license................................................................................................... 1015
upload ................................................................................................................ 1016
usb-device ......................................................................................................... 1017
usb-disk ............................................................................................................. 1018
vpn certificate ca ............................................................................................... 1019
vpn certificate crl ............................................................................................... 1020
vpn certificate local export ................................................................................ 1021
vpn certificate local generate............................................................................. 1022
vpn certificate local import ................................................................................ 1024
vpn certificate remote ........................................................................................ 1025
vpn ipsec tunnel down....................................................................................... 1026
vpn ipsec tunnel up............................................................................................ 1027
vpn sslvpn del-all ............................................................................................... 1028
vpn sslvpn del-tunnel......................................................................................... 1029
vpn sslvpn del-web............................................................................................ 1030
vpn sslvpn list .................................................................................................... 1031
webfilter quota-reset.......................................................................................... 1032
wireless-controller delete-wtp-image ................................................................ 1033
wireless-controller list-wtp-image ..................................................................... 1034
wireless-controller reset-wtp ............................................................................. 1035
wireless-controller restart-acd........................................................................... 1036
wireless-controller restart-wtpd......................................................................... 1037
wireless-controller upload-wtp-image............................................................... 1038
get ................................................................................................................ 1039endpoint-control app-detect ............................................................................. 1040
extender modem-status .................................................................................... 1042
extender sys-info ............................................................................................... 1044
firewall dnstranslation ........................................................................................ 1045
firewall iprope appctrl ........................................................................................ 1046
firewall iprope list ............................................................................................... 1047
firewall proute, proute6...................................................................................... 1048
firewall service custom ...................................................................................... 1049
firewall shaper.................................................................................................... 1050
grep.................................................................................................................... 1051
gui console status.............................................................................................. 1052
gui topology status ............................................................................................ 1053
hardware cpu..................................................................................................... 1054
hardware memory.............................................................................................. 1056
hardware nic ...................................................................................................... 1057
hardware npu..................................................................................................... 1058Fortinet Technologies Inc. Page 16 FortiOS - CLI Reference for FortiOS 5.2
-
hardware status ................................................................................................. 1061
ips decoder status ............................................................................................. 1062
ips rule status..................................................................................................... 1063
ips session ......................................................................................................... 1064
ipsec tunnel........................................................................................................ 1065
ips view-map...................................................................................................... 1066
mgmt-data status .............................................................................................. 1067
netscan settings................................................................................................. 1068
pbx branch-office .............................................................................................. 1069
pbx dialplan ....................................................................................................... 1070
pbx did............................................................................................................... 1071
pbx extension .................................................................................................... 1072
pbx ftgd-voice-pkg ............................................................................................ 1073
pbx global .......................................................................................................... 1074
pbx ringgrp ........................................................................................................ 1075
pbx sip-trunk...................................................................................................... 1076
pbx voice-menu ................................................................................................. 1077
router info bfd neighbor ..................................................................................... 1078
router info bgp ................................................................................................... 1079
router info isis .................................................................................................... 1082
router info kernel ................................................................................................ 1083
router info multicast ........................................................................................... 1084
router info ospf................................................................................................... 1086
router info protocols .......................................................................................... 1088
router info rip ..................................................................................................... 1089
router info routing-table .................................................................................... 1090
router info vrrp ................................................................................................... 1091
router info6 bgp ................................................................................................. 1092
router info6 interface.......................................................................................... 1093
router info6 kernel .............................................................................................. 1094
router info6 ospf................................................................................................. 1095
router info6 protocols ........................................................................................ 1096
router info6 rip ................................................................................................... 1097
router info6 routing-table ................................................................................... 1098
system admin list ............................................................................................... 1099
system admin status.......................................................................................... 1100
system arp ......................................................................................................... 1101
system auto-update........................................................................................... 1102
system central-management ............................................................................. 1103
system checksum.............................................................................................. 1104Fortinet Technologies Inc. Page 17 FortiOS - CLI Reference for FortiOS 5.2
-
system cmdb status .......................................................................................... 1105
system fortianalyzer-connectivity ...................................................................... 1106
system fortiguard-log-service status ................................................................. 1107
system fortiguard-service status ....................................................................... 1108
system ha-nonsync-csum ................................................................................. 1109
system ha status................................................................................................ 1110
system info admin ssh ....................................................................................... 1113
system info admin status................................................................................... 1114
system interface physical .................................................................................. 1115
system mgmt-csum........................................................................................... 1116
system performance firewall .............................................................................. 1117
system performance status ............................................................................... 1118
system performance top.................................................................................... 1119
system session list............................................................................................. 1120
system session status........................................................................................ 1121
system session-helper-info list .......................................................................... 1122
system session-info ........................................................................................... 1123
system source-ip ............................................................................................... 1124
system startup-error-log.................................................................................... 1125
system status..................................................................................................... 1126
test ..................................................................................................................... 1127
user adgrp.......................................................................................................... 1129
vpn ike gateway ................................................................................................. 1130
vpn ipsec tunnel details ..................................................................................... 1131
vpn ipsec tunnel name....................................................................................... 1132
vpn ipsec stats crypto ....................................................................................... 1133
vpn ipsec stats tunnel ........................................................................................ 1134
vpn ssl monitor .................................................................................................. 1135
vpn status l2tp ................................................................................................... 1136
vpn status pptp.................................................................................................. 1137
vpn status ssl ..................................................................................................... 1138
webfilter ftgd-statistics ...................................................................................... 1139
webfilter status................................................................................................... 1141
wireless-controller client-info............................................................................. 1142
wireless-controller rf-analysis ............................................................................ 1143
wireless-controller scan..................................................................................... 1144
wireless-controller status................................................................................... 1145
wireless-controller vap-status ........................................................................... 1146
wireless-controller wlchanlistlic ......................................................................... 1147
wireless-controller wtp-status ........................................................................... 1150Fortinet Technologies Inc. Page 18 FortiOS - CLI Reference for FortiOS 5.2
-
tree............................................................................................................... 1152Fortinet Technologies Inc. Page 19 FortiOS - CLI Reference for FortiOS 5.2
-
Introduction
This document describes FortiOS 5.2 CLI commands used to configure and manage a FortiGate unit from the command line interface (CLI).
How this guide is organized
Most of the chapters in this document describe the commands for each configuration branch of the FortiOS CLI. The command branches and commands are in alphabetical order.
This document also contains the following sections:
Managing Firmware with the FortiGate BIOS describes how to change firmware at the console during FortiGate unit boot-up.
Whats new describes changes to the 5.2 CLI.
config chapters describe the config commands.
execute describes execute commands.
get describes get commands.
tree describes the tree command.
Availability of commands and options
Some FortiOS CLI commands and options are not available on all FortiGate units. The CLI displays an error message if you attempt to enter a command or option that is not available. You can use the question mark ? to verify the commands and options that are available.
Commands and options may not be available for the following reasons:
FortiGate model. All commands are not available on all FortiGate models. For example, low end FortiGate models do not support the aggregate interface type option of the config system interface command.
Hardware configuration. For example, some AMC module commands are only available when an AMC module is installed.
FortiOS Carrier, FortiGate Voice, FortiWiFi etc. Commands for extended functionality are not available on all FortiGate models. The CLI Reference includes commands only available for FortiWiFi units, FortiOS Carrier, and FortiGate Voice unitsPage 20
-
which you can enter simply by pressing Return. For example,
Enter image download port number [WAN1]:In most menus, typing H re-lists the menu options and typing Q returns to the previous menu.Managing Firmware with the FortiGate BIOS
FortiGate units are shipped with firmware installed. Usually firmware upgrades are performed through the web-based manager or by using the CLI execute restore command. From the console, you can also interrupt the FortiGate units boot-up process to load firmware using the BIOS firmware that is a permanent part of the unit.
Using the BIOS, you can:
view system information
format the boot device
load firmware and reboot (see Loading firmware on page 22)
reboot the FortiGate unit from the backup firmware, which then becomes the default firmware (see Booting the backup firmware on page 23)
Accessing the BIOS
The BIOS menu is available only through direct connection to the FortiGate units Console port. During boot-up, Press any key appears briefly. If you press any keyboard key at this time, boot-up is suspended and the BIOS menu appears. If you are too late, the boot-up process continues as usual.
Navigating the menu
The main BIOS menu looks like this:
[C]: Configure TFTP parameters[R]: Review TFTP paramters[T]: Initiate TFTP firmware transfer[F]: Format boot device[Q]: Quit menu and continue to boot[I]: System Information[B]: Boot with backup firmare and set as default[Q]: Quit menu and continue to boot[H]: Display this list of options
Enter C,R,T,F,I,B,Q,or H:Typing the bracketed letter selects the option. Input is case-sensitive. Most options present a submenu. An option value in square brackets at the end of the Enter line is the default value Page 21
-
Loading firmware
The BIOS can download firmware from a TFTP server that is reachable from a FortiGate unit network interface. You need to know the IP address of the server and the name of the firmware file to download.
The downloaded firmware can be saved as either the default or backup firmware. It is also possible to boot the downloaded firmware without saving it.
Configuring TFTP parameters
Starting from the main BIOS menu
[C]: Configure TFTP parameters.
Selecting the VLAN (if VLANs are used)
[V]: Set local VLAN ID.
Choose port and whether to use DHCP
[P]: Set firmware download port.The options listed depend on the FortiGate model. Choose the network interface through which the TFTP server can be reached. For example:
[0]: Any of port 1 - 7[1]: WAN1[2]: WAN2Enter image download port number [WAN1]:
[D]: Set DHCP mode.Please select DHCP setting[1]: Enable DHCP[2]: Disable DHCP
If there is a DHCP server on the network, select [1]. This simplifies configuration. Otherwise, select [2].
Non-DHCP steps
[I]: Set local IP address.Enter local IP address [192.168.1.188]:
This is a temporary IP address for the FortiGate unit network interface. Use a unique address on the same subnet to which the network interface connects. [S]: Set local subnet mask.
Enter local subnet mask [255.255.252.0]:[G]: Set local gateway.
The local gateway IP address is needed if the TFTP server is on a different subnet than the one to which the FortiGate unit is connected.
TFTP and filename
[T]: Set remote TFTP server IP address.Enter remote TFTP server IP address [192.168.1.145]:
[F]: Set firmwa