If you can't read please download the document
Upload
duongkien
View
247
Download
5
Embed Size (px)
Citation preview
FortiOS CLI Reference for FortiOS 5.2
FortiOS CLI Reference for FortiOS 5.2
March 5, 2018
01-526-99686-20180305
Copyright 2018 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
Technical Documentation docs.fortinet.com
Knowledge Base kb.fortinet.com
Customer Service & Support support.fortinet.com
Training Services training.fortinet.com
FortiGuard fortiguard.com
Document Feedback [email protected]
http://docs.fortinet.comhttp://kb.fortinet.comhttps://support.fortinet.comhttp://training.fortinet.comhttp://www.fortiguard.com/mailto:[email protected]?Subject=Technical%20Documentation%20Feedback
ContentsIntroduction..................................................................................................... 19
How this guide is organized............................................................................. 19Availability of commands and options............................................................. 19
Managing Firmware with the FortiGate BIOS.............................................. 20Accessing the BIOS............................................................................................... 20
Navigating the menu........................................................................................ 20
Loading firmware ................................................................................................... 21Configuring TFTP parameters.......................................................................... 21Initiating TFTP firmware transfer...................................................................... 22
Booting the backup firmware ................................................................................ 22
Whats new...................................................................................................... 23
alertemail......................................................................................................... 37setting .................................................................................................................... 38
antivirus........................................................................................................... 42heuristic ................................................................................................................. 43
mms-checksum ..................................................................................................... 44
notification ............................................................................................................. 45
profile ..................................................................................................................... 46config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp |
smtps | nntp}.................................................................................................. 47config nac-quar................................................................................................ 48
quarantine .............................................................................................................. 49
settings .................................................................................................................. 52
application....................................................................................................... 53custom ................................................................................................................... 54
list .......................................................................................................................... 55
name ...................................................................................................................... 59
dlp .................................................................................................................... 60filepattern ............................................................................................................... 61
fp-doc-source ........................................................................................................ 63
fp-sensitivity........................................................................................................... 65
sensor .................................................................................................................... 66
settings .................................................................................................................. 69
endpoint-control............................................................................................. 70forticlient-registration-sync.................................................................................... 71
profile ..................................................................................................................... 72
settings .................................................................................................................. 77
Fortinet Technologies Inc. Page 3 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
extender-controller ........................................................................................ 78extender................................................................................................................. 79
firewall ............................................................................................................. 81address, address6 ................................................................................................. 82
addrgrp, addrgrp6 ................................................................................................. 85
auth-portal ............................................................................................................. 86
carrier-endpoint-bwl .............................................................................................. 87
carrier-endpoint-ip-filter......................................................................................... 89
central-nat.............................................................................................................. 90
dnstranslation ........................................................................................................ 91
DoS-policy, DoS-policy6 ....................................................................................... 92
explicit-proxy-policy .............................................................................................. 94
gtp........................................................................................................................ 101
identity-based-route ............................................................................................ 117
interface-policy .................................................................................................... 118
interface-policy6 .................................................................................................. 120
ipmacbinding setting ........................................................................................... 122
ipmacbinding table .............................................................................................. 123
ippool, ippool6 ..................................................................................................... 124
ip-translation........................................................................................................ 126
ipv6-eh-filter......................................................................................................... 127
ldb-monitor .......................................................................................................... 128
local-in-policy, local-in-policy6............................................................................ 130
mms-profile.......................................................................................................... 131config dupe {mm1 | mm4}.............................................................................. 138config flood {mm1 | mm4}.............................................................................. 140config log ....................................................................................................... 141config notification {alert-dupe-1 | alert-flood-1 | mm1 | mm3 | mm4 | mm7}. 141config notif-msisdn ........................................................................................ 145
multicast-address ................................................................................................ 146
multicast-policy ................................................................................................... 148
policy, policy6 ...................................................................................................... 150
policy46, policy64 ................................................................................................ 163
profile-group ........................................................................................................ 166
profile-protocol-options....................................................................................... 168config http...................................................................................................... 170config ftp........................................................................................................ 172config dns ...................................................................................................... 173config imap .................................................................................................... 174config mapi .................................................................................................... 175config pop3.................................................................................................... 175config smtp .................................................................................................... 176
Fortinet Technologies Inc. Page 4 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
config nntp ..................................................................................................... 178config mail-signature ..................................................................................... 179
schedule onetime................................................................................................. 180
schedule recurring ............................................................................................... 181
schedule group .................................................................................................... 182
service category................................................................................................... 183
service custom..................................................................................................... 184
service group ....................................................................................................... 188
shaper per-ip-shaper ........................................................................................... 189
shaper traffic-shaper ........................................................................................... 191
sniffer ................................................................................................................... 192
ssl setting............................................................................................................. 196
ssl-ssh-profile ...................................................................................................... 197config {ftps | https | imaps | pop3s | smtps} .................................................. 198config ssh....................................................................................................... 199config ssl........................................................................................................ 200config ssl-exempt .......................................................................................... 200config ssl-server............................................................................................. 201
ttl-policy ............................................................................................................... 202
vip ........................................................................................................................ 203
vip46 .................................................................................................................... 223
vip6 ...................................................................................................................... 225
vip64 .................................................................................................................... 227
vipgrp................................................................................................................... 229
vipgrp46............................................................................................................... 230
vipgrp64............................................................................................................... 231
ftp-proxy........................................................................................................ 232explicit.................................................................................................................. 233
gui .................................................................................................................. 234console ................................................................................................................ 235
icap ................................................................................................................ 236profile ................................................................................................................... 237
server ................................................................................................................... 238
ips .................................................................................................................. 239custom ................................................................................................................. 240
decoder................................................................................................................ 242
global ................................................................................................................... 243
rule ....................................................................................................................... 245
sensor .................................................................................................................. 246
setting .................................................................................................................. 251
Fortinet Technologies Inc. Page 5 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
log .................................................................................................................. 252custom-field......................................................................................................... 253
disk filter .............................................................................................................. 254
disk setting........................................................................................................... 256
eventfilter ............................................................................................................. 260
fortianalyzer filter ................................................................................................. 261
{fortianalyzer | syslogd} override-filter ................................................................. 263
fortianalyzer override-setting ............................................................................... 264
fortianalyzer setting.............................................................................................. 265
fortiguard filter ..................................................................................................... 268
fortiguard setting.................................................................................................. 270
gui-display ........................................................................................................... 271
memory filter ........................................................................................................ 272
memory setting .................................................................................................... 274
memory global-setting......................................................................................... 275
setting .................................................................................................................. 276
syslogd filter......................................................................................................... 278
syslogd override-setting ...................................................................................... 280
{syslogd | syslogd2 | syslogd3} setting................................................................ 282
threat-weight........................................................................................................ 284
webtrends filter .................................................................................................... 286
webtrends setting ................................................................................................ 288
netscan.......................................................................................................... 289assets................................................................................................................... 290
settings ................................................................................................................ 292
pbx ................................................................................................................. 294dialplan ................................................................................................................ 295
did ........................................................................................................................ 297
extension ............................................................................................................. 298
global ................................................................................................................... 300
ringgrp.................................................................................................................. 302
voice-menu .......................................................................................................... 303
sip-trunk............................................................................................................... 304
report ............................................................................................................. 306chart..................................................................................................................... 307
dataset ................................................................................................................. 312
layout ................................................................................................................... 313
setting .................................................................................................................. 318
style...................................................................................................................... 319
summary .............................................................................................................. 323
Fortinet Technologies Inc. Page 6 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
theme................................................................................................................... 324
router ............................................................................................................. 327access-list, access-list6 ...................................................................................... 328
aspath-list ............................................................................................................ 330
auth-path ............................................................................................................. 331
bfd........................................................................................................................ 332
bgp....................................................................................................................... 333config router bgp ........................................................................................... 337config admin-distance ................................................................................... 341config aggregate-address, config aggregate-address6 ................................ 341config neighbor .............................................................................................. 342config network, config network6 ................................................................... 351config redistribute, config redistribute6......................................................... 352
community-list ..................................................................................................... 354
isis........................................................................................................................ 356config isis-interface........................................................................................ 360config isis-net................................................................................................. 361config redistribute {bgp | connected | ospf | rip | static} ................................ 361config summary-address ............................................................................... 362
key-chain ............................................................................................................. 363
multicast .............................................................................................................. 365Sparse mode.................................................................................................. 365Dense mode................................................................................................... 366config router multicast ................................................................................... 369config interface .............................................................................................. 370config pim-sm-global..................................................................................... 373
multicast6 ............................................................................................................ 378
multicast-flow ...................................................................................................... 379
ospf ...................................................................................................................... 380config router ospf........................................................................................... 383config area ..................................................................................................... 385config distribute-list ....................................................................................... 390config neighbor .............................................................................................. 391config network ............................................................................................... 392config ospf-interface...................................................................................... 393config redistribute .......................................................................................... 396config summary-address ............................................................................... 397
ospf6 .................................................................................................................... 398
policy, policy6 ...................................................................................................... 404
prefix-list, prefix-list6 ........................................................................................... 408
rip......................................................................................................................... 410config router rip.............................................................................................. 411config distance............................................................................................... 413
Fortinet Technologies Inc. Page 7 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
config distribute-list ....................................................................................... 413config interface .............................................................................................. 414config neighbor .............................................................................................. 416config network ............................................................................................... 417config offset-list ............................................................................................. 417config redistribute .......................................................................................... 418
ripng..................................................................................................................... 419config distance............................................................................................... 421
route-map ............................................................................................................ 425Using route maps with BGP .......................................................................... 427
setting .................................................................................................................. 432
static .................................................................................................................... 433
static6 .................................................................................................................. 435
spamfilter ...................................................................................................... 436bwl ....................................................................................................................... 437
bword................................................................................................................... 440
dnsbl .................................................................................................................... 442
fortishield ............................................................................................................. 444
iptrust................................................................................................................... 446
mheader............................................................................................................... 447
options ................................................................................................................. 449
profile ................................................................................................................... 450config {imap | imaps | mapi | pop3 | pop3s | smtp | smtps}........................... 452config {gmail | msn-hotmail | yahoo-mail}...................................................... 453
switch-controller .......................................................................................... 454managed-switch .................................................................................................. 455
vlan ...................................................................................................................... 456
system ........................................................................................................... 4573g-modem custom .............................................................................................. 459
accprofile ............................................................................................................. 460
admin ................................................................................................................... 463
amc ...................................................................................................................... 472
arp-table .............................................................................................................. 473
auto-install ........................................................................................................... 474
autoupdate push-update ..................................................................................... 475
autoupdate schedule ........................................................................................... 476
autoupdate tunneling........................................................................................... 477
aux ....................................................................................................................... 478
bypass ................................................................................................................. 479
central-management............................................................................................ 480
console ................................................................................................................ 482
Fortinet Technologies Inc. Page 8 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
custom-language................................................................................................. 483
ddns..................................................................................................................... 484
dedicated-mgmt .................................................................................................. 486
dhcp reserved-address........................................................................................ 487
dhcp server .......................................................................................................... 488
dhcp6 server ........................................................................................................ 493
dns ....................................................................................................................... 495
dns-database....................................................................................................... 496
dns-server............................................................................................................ 499
dscp-based-priority ............................................................................................. 500
elbc ...................................................................................................................... 501
email-server ......................................................................................................... 502
fips-cc .................................................................................................................. 503
fortiguard ............................................................................................................. 504
fortisandbox......................................................................................................... 508
geoip-override...................................................................................................... 509
gi-gk..................................................................................................................... 510
global ................................................................................................................... 511
gre-tunnel............................................................................................................. 532
ha ......................................................................................................................... 533
interface ............................................................................................................... 545
ipip-tunnel ............................................................................................................ 573
ips-urlfilter-dns..................................................................................................... 574
ipv6-neighbor-cache............................................................................................ 575
ipv6-tunnel ........................................................................................................... 576
link-monitor.......................................................................................................... 577
lte-modem ........................................................................................................... 579
mac-address-table .............................................................................................. 580
modem................................................................................................................. 581
monitors............................................................................................................... 586
nat64 .................................................................................................................... 588
netflow ................................................................................................................. 589
network-visibility .................................................................................................. 590
np6....................................................................................................................... 591
npu....................................................................................................................... 595
ntp........................................................................................................................ 596
object-tag ............................................................................................................ 597
password-policy .................................................................................................. 598
physical-switch .................................................................................................... 599
port-pair ............................................................................................................... 600
Fortinet Technologies Inc. Page 9 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
probe-response ................................................................................................... 601
proxy-arp ............................................................................................................. 602
pstn ...................................................................................................................... 603
replacemsg admin ............................................................................................... 605
replacemsg alertmail............................................................................................ 606
replacemsg auth .................................................................................................. 608
replacemsg device-detection-portal.................................................................... 612
replacemsg ec ..................................................................................................... 613
replacemsg fortiguard-wf .................................................................................... 615
replacemsg ftp..................................................................................................... 617
replacemsg http................................................................................................... 619
replacemsg im ..................................................................................................... 622
replacemsg mail................................................................................................... 624
replacemsg mm1 ................................................................................................. 627
replacemsg mm3 ................................................................................................. 630
replacemsg mm4 ................................................................................................. 632
replacemsg mm7 ................................................................................................. 634
replacemsg-group ............................................................................................... 637
replacemsg-group ............................................................................................... 639
replacemsg-image ............................................................................................... 642
replacemsg nac-quar........................................................................................... 643
replacemsg nntp .................................................................................................. 645
replacemsg spam ................................................................................................ 647
replacemsg sslvpn............................................................................................... 650
replacemsg traffic-quota ..................................................................................... 651
replacemsg utm ................................................................................................... 652
replacemsg webproxy ......................................................................................... 654
resource-limits ..................................................................................................... 655
session-helper ..................................................................................................... 657
session-sync........................................................................................................ 659
session-ttl ............................................................................................................ 662
settings ................................................................................................................ 664
sit-tunnel .............................................................................................................. 671
sflow..................................................................................................................... 672
sms-server ........................................................................................................... 673
snmp community ................................................................................................. 674
snmp sysinfo........................................................................................................ 678
snmp user ............................................................................................................ 680
sp ......................................................................................................................... 683
storage................................................................................................................. 685
Fortinet Technologies Inc. Page 10 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
stp ........................................................................................................................ 686
switch-interface ................................................................................................... 687
tos-based-priority ................................................................................................ 689
vdom-dns............................................................................................................. 690
vdom-link ............................................................................................................. 691
vdom-property ..................................................................................................... 692
vdom-radius-server ............................................................................................. 695
vdom-sflow .......................................................................................................... 696
virtual-switch........................................................................................................ 697
virtual-wan-link .................................................................................................... 698
wccp .................................................................................................................... 701
zone ..................................................................................................................... 704
user ................................................................................................................ 705Configuring users for authentication.................................................................... 706
Configuring users for password authentication............................................. 706Configuring peers for certificate authentication............................................. 706
ban....................................................................................................................... 707
device .................................................................................................................. 710
device-access-list................................................................................................ 711
device-category ................................................................................................... 712
device-group........................................................................................................ 713
fortitoken.............................................................................................................. 714
fsso ...................................................................................................................... 715
fsso-polling .......................................................................................................... 717
group.................................................................................................................... 719
ldap ...................................................................................................................... 723
local ..................................................................................................................... 726
password-policy .................................................................................................. 728
peer...................................................................................................................... 729
peergrp ................................................................................................................ 731
pop3..................................................................................................................... 732
radius ................................................................................................................... 733
security-exempt-list ............................................................................................. 738
setting .................................................................................................................. 739
tacacs+ ................................................................................................................ 741
voip ................................................................................................................ 742profile ................................................................................................................... 743
config sip ....................................................................................................... 745config sccp .................................................................................................... 754
Fortinet Technologies Inc. Page 11 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
vpn ................................................................................................................. 755certificate ca ........................................................................................................ 756
certificate crl ........................................................................................................ 757
certificate local..................................................................................................... 759
certificate ocsp-server ......................................................................................... 761
certificate remote................................................................................................. 762
certificate setting ................................................................................................. 763
ipsec concentrator ............................................................................................... 764
ipsec forticlient..................................................................................................... 765
ipsec manualkey .................................................................................................. 766
ipsec manualkey-interface................................................................................... 769
ipsec phase1........................................................................................................ 772
ipsec phase1-interface ........................................................................................ 782
ipsec phase2........................................................................................................ 797
ipsec phase2-interface ........................................................................................ 804
l2tp ....................................................................................................................... 813
pptp ..................................................................................................................... 815
ssl settings ........................................................................................................... 817
ssl web host-check-software............................................................................... 822
ssl web portal....................................................................................................... 824
ssl web realm....................................................................................................... 832
ssl web user-bookmark ....................................................................................... 833
ssl web virtual-desktop-app-list .......................................................................... 836
wanopt........................................................................................................... 837auth-group ........................................................................................................... 838
peer...................................................................................................................... 839
profile ................................................................................................................... 840
settings ................................................................................................................ 844
ssl-server ............................................................................................................. 845
storage................................................................................................................. 848
webcache ............................................................................................................ 849
webfilter......................................................................................................... 852content................................................................................................................. 853
content-header .................................................................................................... 855
fortiguard ............................................................................................................. 856
ftgd-local-cat ....................................................................................................... 858
ftgd-local-rating ................................................................................................... 859
ftgd-warning ........................................................................................................ 860
ips-urlfilter-cache-setting..................................................................................... 862
ips-urlfilter-setting................................................................................................ 863
Fortinet Technologies Inc. Page 12 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
override ................................................................................................................ 864
override-user........................................................................................................ 865
profile ................................................................................................................... 867config ftgd-wf................................................................................................. 871config override ............................................................................................... 872config quota ................................................................................................... 873config web ..................................................................................................... 873
search-engine ...................................................................................................... 874
urlfilter .................................................................................................................. 875
web-proxy ..................................................................................................... 877explicit.................................................................................................................. 878
forward-server ..................................................................................................... 882
forward-server-group........................................................................................... 883
global ................................................................................................................... 884
profile ................................................................................................................... 886
url-match.............................................................................................................. 887
wireless-controller ....................................................................................... 888ap-status.............................................................................................................. 889
global ................................................................................................................... 890
setting .................................................................................................................. 891
timers ................................................................................................................... 892
vap ....................................................................................................................... 893
wids-profile .......................................................................................................... 898
wtp ....................................................................................................................... 901
wtp-profile............................................................................................................ 905
execute .......................................................................................................... 912backup ................................................................................................................. 914
batch.................................................................................................................... 918
bypass-mode....................................................................................................... 919
carrier-license ...................................................................................................... 920
central-mgmt ....................................................................................................... 921
cfg reload............................................................................................................. 922
cfg save ............................................................................................................... 923
clear system arp table ......................................................................................... 924
cli check-template-status .................................................................................... 925
cli status-msg-only .............................................................................................. 926
client-reputation................................................................................................... 927
date...................................................................................................................... 928
disk ...................................................................................................................... 929
disk raid ............................................................................................................... 930
Fortinet Technologies Inc. Page 13 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
disk scan.............................................................................................................. 931
dhcp lease-clear .................................................................................................. 932
dhcp lease-list ..................................................................................................... 933
disconnect-admin-session .................................................................................. 934
enter..................................................................................................................... 935
erase-disk ............................................................................................................ 936
factoryreset .......................................................................................................... 937
factoryreset2........................................................................................................ 938
formatlogdisk ....................................................................................................... 939
forticarrier-license ................................................................................................ 940
forticlient .............................................................................................................. 941
FortiClient-NAC.................................................................................................... 942
fortiguard-log ....................................................................................................... 943
fortitoken.............................................................................................................. 944
fortitoken-mobile.................................................................................................. 945
fsso refresh .......................................................................................................... 946
ha disconnect ...................................................................................................... 947
ha ignore-hardware-revision................................................................................ 948
ha manage ........................................................................................................... 949
ha synchronize..................................................................................................... 950
interface dhcpclient-renew .................................................................................. 951
interface pppoe-reconnect .................................................................................. 952
log backup ........................................................................................................... 953
log client-reputation-report.................................................................................. 954
log convert-oldlogs.............................................................................................. 955
log delete-all ........................................................................................................ 956
log delete-oldlogs ................................................................................................ 957
log detail .............................................................................................................. 958
log display............................................................................................................ 959
log downgrade-log............................................................................................... 960
log filter ................................................................................................................ 961
log fortianalyzer test-connectivity........................................................................ 962
log list................................................................................................................... 963
log rebuild-sqldb.................................................................................................. 964
log recreate-sqldb ............................................................................................... 965
log-report reset .................................................................................................... 966
log restore............................................................................................................ 967
log roll .................................................................................................................. 968
log shift-time........................................................................................................ 969
log upload-progress ............................................................................................ 970
Fortinet Technologies Inc. Page 14 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
modem dial .......................................................................................................... 971
modem hangup.................................................................................................... 972
modem trigger ..................................................................................................... 973
mrouter clear........................................................................................................ 974
netscan ................................................................................................................ 975
pbx....................................................................................................................... 976
ping ...................................................................................................................... 978
ping-options, ping6-options ................................................................................ 979
ping6 .................................................................................................................... 981
policy-packet-capture delete-all.......................................................................... 982
reboot .................................................................................................................. 983
report ................................................................................................................... 984
report-config reset ............................................................................................... 985
restore.................................................................................................................. 986
revision................................................................................................................. 990
router clear bfd session ....................................................................................... 991
router clear bgp ................................................................................................... 992
router clear ospf process..................................................................................... 993
router restart ........................................................................................................ 994
send-fds-statistics ............................................................................................... 995
sensor .................................................................................................................. 996
set system session filter ...................................................................................... 997
set-next-reboot.................................................................................................... 999
sfp-mode-sgmii ................................................................................................. 1000
shutdown ........................................................................................................... 1001
ssh ..................................................................................................................... 1002
sync-session...................................................................................................... 1003
system custom-language import ....................................................................... 1004
system fortisandbox test-connectivity............................................................... 1005
tac report ........................................................................................................... 1006
telnet .................................................................................................................. 1007
time .................................................................................................................... 1008
traceroute........................................................................................................... 1009
tracert6............................................................................................................... 1010
update-av........................................................................................................... 1011
update-geo-ip .................................................................................................... 1012
update-ips.......................................................................................................... 1013
update-list.......................................................................................................... 1014
update-now........................................................................................................ 1015
update-src-vis.................................................................................................... 1016
Fortinet Technologies Inc. Page 15 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
upd-vd-license................................................................................................... 1017
upload................................................................................................................ 1018
usb-device ......................................................................................................... 1019
usb-disk ............................................................................................................. 1020
vpn certificate ca ............................................................................................... 1021
vpn certificate crl ............................................................................................... 1022
vpn certificate local export ................................................................................ 1023
vpn certificate local generate............................................................................. 1024
vpn certificate local import ................................................................................ 1026
vpn certificate remote ........................................................................................ 1027
vpn ipsec tunnel down....................................................................................... 1028
vpn ipsec tunnel up ........................................................................................... 1029
vpn sslvpn del-all ............................................................................................... 1030
vpn sslvpn del-tunnel......................................................................................... 1031
vpn sslvpn del-web............................................................................................ 1032
vpn sslvpn list .................................................................................................... 1033
webfilter quota-reset.......................................................................................... 1034
wireless-controller delete-wtp-image ................................................................ 1035
wireless-controller list-wtp-image ..................................................................... 1036
wireless-controller reset-wtp ............................................................................. 1037
wireless-controller restart-acd........................................................................... 1038
wireless-controller restart-wtpd......................................................................... 1039
wireless-controller upload-wtp-image............................................................... 1040
get ................................................................................................................ 1041endpoint-control app-detect ............................................................................. 1042
extender modem-status .................................................................................... 1044
extender sys-info ............................................................................................... 1046
firewall dnstranslation ........................................................................................ 1047
firewall iprope appctrl ........................................................................................ 1048
firewall iprope list ............................................................................................... 1049
firewall proute, proute6...................................................................................... 1050
firewall service custom ...................................................................................... 1051
firewall shaper.................................................................................................... 1052
grep.................................................................................................................... 1053
gui console status.............................................................................................. 1054
hardware cpu..................................................................................................... 1055
hardware memory.............................................................................................. 1057
hardware nic ...................................................................................................... 1058
hardware npu..................................................................................................... 1059
hardware status ................................................................................................. 1062
Fortinet Technologies Inc. Page 16 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
ips decoder status ............................................................................................. 1063
ips rule status..................................................................................................... 1064
ips session ......................................................................................................... 1065
ipsec tunnel........................................................................................................ 1066
ips view-map ..................................................................................................... 1067
mgmt-data status .............................................................................................. 1068
netscan settings................................................................................................. 1069
pbx branch-office .............................................................................................. 1070
pbx dialplan ....................................................................................................... 1071
pbx did............................................................................................................... 1072
pbx extension .................................................................................................... 1073
pbx ftgd-voice-pkg ............................................................................................ 1074
pbx global .......................................................................................................... 1075
pbx ringgrp ........................................................................................................ 1076
pbx sip-trunk...................................................................................................... 1077
pbx voice-menu ................................................................................................. 1078
router info bfd neighbor ..................................................................................... 1079
router info bgp ................................................................................................... 1080
router info isis .................................................................................................... 1083
router info kernel................................................................................................ 1084
router info multicast ........................................................................................... 1085
router info ospf .................................................................................................. 1087
router info protocols .......................................................................................... 1089
router info rip ..................................................................................................... 1090
router info routing-table .................................................................................... 1091
router info vrrp ................................................................................................... 1092
router info6 bgp ................................................................................................. 1093
router info6 interface.......................................................................................... 1094
router info6 kernel.............................................................................................. 1095
router info6 ospf ................................................................................................ 1096
router info6 protocols ........................................................................................ 1097
router info6 rip ................................................................................................... 1098
router info6 routing-table ................................................................................... 1099
system admin list ............................................................................................... 1100
system admin status.......................................................................................... 1101
system arp ......................................................................................................... 1102
system auto-update........................................................................................... 1103
system central-management ............................................................................. 1104
system checksum.............................................................................................. 1105
system cmdb status .......................................................................................... 1106
Fortinet Technologies Inc. Page 17 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
system fortianalyzer-connectivity ...................................................................... 1107
system fortiguard-log-service status ................................................................. 1108
system fortiguard-service status ....................................................................... 1109
system ha-nonsync-csum ................................................................................. 1110
system ha status................................................................................................ 1111
system info admin ssh ....................................................................................... 1114
system info admin status................................................................................... 1115
system interface physical .................................................................................. 1116
system mgmt-csum........................................................................................... 1117
system performance firewall.............................................................................. 1118
system performance status ............................................................................... 1119
system performance top.................................................................................... 1120
system session list............................................................................................. 1121
system session status ....................................................................................... 1122
system session-helper-info list .......................................................................... 1123
system session-info ........................................................................................... 1124
system source-ip ............................................................................................... 1125
system startup-error-log.................................................................................... 1126
system status..................................................................................................... 1127
test ..................................................................................................................... 1128
user adgrp.......................................................................................................... 1130
vpn ike gateway ................................................................................................. 1131
vpn ipsec tunnel details ..................................................................................... 1132
vpn ipsec tunnel name....................................................................................... 1133
vpn ipsec stats crypto ....................................................................................... 1134
vpn ipsec stats tunnel........................................................................................ 1135
vpn ssl monitor .................................................................................................. 1136
vpn status l2tp ................................................................................................... 1137
vpn status pptp.................................................................................................. 1138
vpn status ssl ..................................................................................................... 1139
webfilter ftgd-statistics ...................................................................................... 1140
webfilter status .................................................................................................. 1142
wireless-controller client-info............................................................................. 1143
wireless-controller rf-analysis ............................................................................ 1144
wireless-controller scan..................................................................................... 1145
wireless-controller status................................................................................... 1146
wireless-controller vap-status ........................................................................... 1147
wireless-controller wlchanlistlic ......................................................................... 1148
wireless-controller wtp-status ........................................................................... 1151
tree............................................................................................................... 1153
Fortinet Technologies Inc. Page 18 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
Introduction
This document describes FortiOS 5.2 CLI commands used to configure and manage a FortiGate unit from the command line interface (CLI).
How this guide is organized
Most of the chapters in this document describe the commands for each configuration branch of the FortiOS CLI. The command branches and commands are in alphabetical order.
This document also contains the following sections:
Managing Firmware with the FortiGate BIOS describes how to change firmware at the console during FortiGate unit boot-up.
Whats new describes changes to the 5.2 CLI.
config chapters describe the config commands.
execute describes execute commands.
get describes get commands.
tree describes the tree command.
Availability of commands and options
Some FortiOS CLI commands and options are not available on all FortiGate units. The CLI displays an error message if you attempt to enter a command or option that is not available. You can use the question mark ? to verify the commands and options that are available.
Commands and options may not be available for the following reasons:
FortiGate model. All commands are not available on all FortiGate models. For example, low end FortiGate models do not support the aggregate interface type option of the config system interface command.
Hardware configuration. For example, some AMC module commands are only available when an AMC module is installed.
FortiOS Carrier, FortiGate Voice, FortiWiFi etc. Commands for extended functionality are not available on all FortiGate models. The CLI Reference includes commands only available for FortiWiFi units, FortiOS Carrier, and FortiGate Voice units
Page 19
Managing Firmware with the FortiGate BIOS
FortiGate units are shipped with firmware installed. Usually firmware upgrades are performed through the web-based manager or by using the CLI execute restore command. From the console, you can also interrupt the FortiGate units boot-up process to load firmware using the BIOS firmware that is a permanent part of the unit.
Using the BIOS, you can:
view system information
format the boot device
load firmware and reboot (see Loading firmware on page 21)
reboot the FortiGate unit from the backup firmware, which then becomes the default firmware (see Booting the backup firmware on page 22)
Accessing the BIOS
The BIOS menu is available only through direct connection to the FortiGate units Console port. During boot-up, Press any key appears briefly. If you press any keyboard key at this time, boot-up is suspended and the BIOS menu appears. If you are too late, the boot-up process continues as usual.
Navigating the menu
The main BIOS menu looks like this:
[C]: Configure TFTP parameters
[R]: Review TFTP paramters
[T]: Initiate TFTP firmware transfer
[F]: Format boot device
[Q]: Quit menu and continue to boot
[I]: System Information
[B]: Boot with backup firmare and set as default
[Q]: Quit menu and continue to boot
[H]: Display this list of options
Enter C,R,T,F,I,B,Q,or H:
Typing the bracketed letter selects the option. Input is case-sensitive. Most options present a submenu. An option value in square brackets at the end of the Enter line is the default value which you can enter simply by pressing Return. For example,
Enter image download port number [WAN1]:
In most menus, typing H re-lists the menu options and typing Q returns to the previous menu.
Page 20
Loading firmware
The BIOS can download firmware from a TFTP server that is reachable from a FortiGate unit network interface. You need to know the IP address of the server and the name of the firmware file to download.
The downloaded firmware can be saved as either the default or backup firmware. It is also possible to boot the downloaded firmware without saving it.
Configuring TFTP parameters
Starting from the main BIOS menu
[C]: Configure TFTP parameters.
Selecting the VLAN (if VLANs are used)
[V]: Set local VLAN ID.
Choose port and whether to use DHCP
[P]: Set firmware download port.
The options listed depend on the FortiGate model. Choose the network interface through which the TFTP server can be reached. For example:
[0]: Any of port 1 - 7
[1]: WAN1
[2]: WAN2
Enter image download port number [WAN1]:
[D]: Set DHCP mode.
Please select DHCP setting
[1]: Enable DHCP
[2]: Disable DHCP
If there is