FortiOS™ - dewaele.orgdewaele.org/~robbe/fortigate-cli-52.pdfHow this guide is organized ... Managing Firmware with the FortiGate BIOS ... config admin-distance

FortiOS CLI Reference for FortiOS 5.2

FortiOS CLI Reference for FortiOS 5.2

August 13, 2015

01-522-99686-20150514

Copyright 2015 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

Technical Documentation docs.fortinet.com

Knowledge Base kb.fortinet.com

Customer Service & Support support.fortinet.com

Training Services training.fortinet.com

FortiGuard fortiguard.com

Document Feedback [email protected]

http://docs.fortinet.comhttp://kb.fortinet.comhttps://support.fortinet.comhttp://training.fortinet.comhttp://www.fortiguard.com/mailto:[email protected]?Subject=Technical%20Documentation%20Feedback

ContentsIntroduction..................................................................................................... 20

How this guide is organized............................................................................. 20Availability of commands and options ............................................................. 20

Managing Firmware with the FortiGate BIOS.............................................. 21Accessing the BIOS............................................................................................... 21

Navigating the menu ........................................................................................ 21

Loading firmware ................................................................................................... 22Configuring TFTP parameters.......................................................................... 22Initiating TFTP firmware transfer ...................................................................... 23

Booting the backup firmware ................................................................................ 23

Whats new...................................................................................................... 24

alertemail......................................................................................................... 38setting .................................................................................................................... 39

antivirus........................................................................................................... 43heuristic ................................................................................................................. 44

mms-checksum ..................................................................................................... 45

notification ............................................................................................................. 46

profile ..................................................................................................................... 47config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp |

smtps | nntp}.................................................................................................. 48config nac-quar................................................................................................ 49

quarantine .............................................................................................................. 50

settings .................................................................................................................. 53

application....................................................................................................... 54custom ................................................................................................................... 55

list........................................................................................................................... 56

name ...................................................................................................................... 59

dlp .................................................................................................................... 60filepattern ............................................................................................................... 61

fp-doc-source ........................................................................................................ 63

fp-sensitivity........................................................................................................... 65

sensor .................................................................................................................... 66

settings .................................................................................................................. 68

endpoint-control............................................................................................. 69forticlient-registration-sync.................................................................................... 70

profile ..................................................................................................................... 71

settings .................................................................................................................. 76

Fortinet Technologies Inc. Page 3 FortiOS - CLI Reference for FortiOS 5.2

http://www.fortinet.com/

extender-controller ........................................................................................ 77extender ................................................................................................................. 78

firewall ............................................................................................................. 80address, address6 ................................................................................................. 81

addrgrp, addrgrp6 ................................................................................................. 84

auth-portal ............................................................................................................. 85

carrier-endpoint-bwl .............................................................................................. 86

carrier-endpoint-ip-filter......................................................................................... 88

central-nat.............................................................................................................. 89

dnstranslation ........................................................................................................ 90

DoS-policy, DoS-policy6 ....................................................................................... 91

explicit-proxy-policy .............................................................................................. 93

gtp........................................................................................................................ 100

identity-based-route ............................................................................................ 116

interface-policy .................................................................................................... 117

interface-policy6 .................................................................................................. 119

ipmacbinding setting ........................................................................................... 121

ipmacbinding table .............................................................................................. 122

ippool, ippool6 ..................................................................................................... 123

ip-translation ........................................................................................................ 125

ipv6-eh-filter......................................................................................................... 126

ldb-monitor .......................................................................................................... 127

local-in-policy, local-in-policy6............................................................................ 129

mms-profile.......................................................................................................... 130config dupe {mm1 | mm4}.............................................................................. 137config flood {mm1 | mm4}.............................................................................. 139config log ....................................................................................................... 140config notification {alert-dupe-1 | alert-flood-1 | mm1 | mm3 | mm4 | mm7}. 140config notif-msisdn ........................................................................................ 144

multicast-address ................................................................................................ 145

multicast-policy.................................................................................................... 147

policy, policy6 ...................................................................................................... 149

policy46, policy64 ................................................................................................ 162

profile-group ........................................................................................................ 165

profile-protocol-options....................................................................................... 167config http...................................................................................................... 169config ftp ........................................................................................................ 171config dns ...................................................................................................... 172config imap .................................................................................................... 173config mapi .................................................................................................... 174config pop3.................................................................................................... 174config smtp .................................................................................................... 175



config nntp ..................................................................................................... 177config mail-signature ..................................................................................... 178

schedule onetime................................................................................................. 179

schedule recurring ............................................................................................... 180

schedule group .................................................................................................... 181

service category................................................................................................... 182

service custom..................................................................................................... 183

service group ....................................................................................................... 187

shaper per-ip-shaper ........................................................................................... 188

shaper traffic-shaper............................................................................................ 190

sniffer ................................................................................................................... 191

ssl setting............................................................................................................. 194

ssl-ssh-profile ...................................................................................................... 195config {ftps | https | imaps | pop3s | smtps}................................................... 196config ssh....................................................................................................... 197config ssl ........................................................................................................ 197config ssl-exempt .......................................................................................... 198config ssl-server............................................................................................. 198

ttl-policy ............................................................................................................... 200

vip ........................................................................................................................ 201

vip46 .................................................................................................................... 221

vip6 ...................................................................................................................... 223

vip64 .................................................................................................................... 225

vipgrp ................................................................................................................... 227

vipgrp46............................................................................................................... 228

vipgrp64............................................................................................................... 229

ftp-proxy........................................................................................................ 230explicit.................................................................................................................. 231

gui .................................................................................................................. 232console ................................................................................................................ 233

icap ................................................................................................................ 234profile ................................................................................................................... 235

server ................................................................................................................... 236

ips................................................................................................................... 237custom ................................................................................................................. 238

decoder................................................................................................................ 240

global ................................................................................................................... 241

rule ....................................................................................................................... 243

sensor .................................................................................................................. 244

setting .................................................................................................................. 249



log .................................................................................................................. 250custom-field ......................................................................................................... 251

disk filter............................................................................................................... 252

disk setting........................................................................................................... 254

eventfilter ............................................................................................................. 258

fortianalyzer filter.................................................................................................. 259

{fortianalyzer | syslogd} override-filter ................................................................. 261

fortianalyzer override-setting ............................................................................... 262

fortianalyzer setting.............................................................................................. 263

fortiguard filter...................................................................................................... 266

fortiguard setting.................................................................................................. 268

gui-display ........................................................................................................... 269

memory filter ........................................................................................................ 270

memory setting .................................................................................................... 272

memory global-setting......................................................................................... 273

setting .................................................................................................................. 274

syslogd filter......................................................................................................... 276

syslogd override-setting ...................................................................................... 278

{syslogd | syslogd2 | syslogd3} setting................................................................ 280

threat-weight........................................................................................................ 282

webtrends filter .................................................................................................... 284

webtrends setting ................................................................................................ 286

netscan.......................................................................................................... 287assets................................................................................................................... 288

settings ................................................................................................................ 290

pbx ................................................................................................................. 292dialplan................................................................................................................. 293

did ........................................................................................................................ 295

extension.............................................................................................................. 296

global ................................................................................................................... 298

ringgrp.................................................................................................................. 300

voice-menu .......................................................................................................... 301

sip-trunk............................................................................................................... 302

report ............................................................................................................. 304chart ..................................................................................................................... 305

dataset ................................................................................................................. 310

layout ................................................................................................................... 311

setting .................................................................................................................. 316

style...................................................................................................................... 317

summary .............................................................................................................. 321



theme ................................................................................................................... 322

router ............................................................................................................. 325access-list, access-list6....................................................................................... 326

aspath-list ............................................................................................................ 328

auth-path ............................................................................................................. 329

bfd........................................................................................................................ 330

bgp....................................................................................................................... 331config router bgp ........................................................................................... 335config admin-distance ................................................................................... 339config aggregate-address, config aggregate-address6 ................................ 339config neighbor .............................................................................................. 340config network, config network6 ................................................................... 349config redistribute, config redistribute6 ......................................................... 350

community-list ..................................................................................................... 352

isis........................................................................................................................ 354config isis-interface........................................................................................ 358config isis-net................................................................................................. 359config redistribute {bgp | connected | ospf | rip | static} ................................ 359config summary-address ............................................................................... 360

key-chain ............................................................................................................. 361

multicast .............................................................................................................. 363Sparse mode.................................................................................................. 363Dense mode................................................................................................... 364config router multicast ................................................................................... 367config interface .............................................................................................. 368config pim-sm-global..................................................................................... 371

multicast6 ............................................................................................................ 376

multicast-flow ...................................................................................................... 377

ospf ...................................................................................................................... 378config router ospf........................................................................................... 381config area ..................................................................................................... 383config distribute-list ....................................................................................... 388config neighbor .............................................................................................. 389config network ............................................................................................... 390config ospf-interface...................................................................................... 391config redistribute .......................................................................................... 394config summary-address ............................................................................... 395

ospf6 .................................................................................................................... 396

policy, policy6 ...................................................................................................... 402

prefix-list, prefix-list6 ........................................................................................... 406

rip ......................................................................................................................... 408config router rip.............................................................................................. 409config distance............................................................................................... 411



config distribute-list ....................................................................................... 411config interface .............................................................................................. 412config neighbor .............................................................................................. 414config network ............................................................................................... 415config offset-list ............................................................................................. 415config redistribute .......................................................................................... 416

ripng..................................................................................................................... 417config distance............................................................................................... 419

route-map ............................................................................................................ 423Using route maps with BGP .......................................................................... 425

setting .................................................................................................................. 430

static .................................................................................................................... 431

static6 .................................................................................................................. 433

spamfilter ...................................................................................................... 434bwl ....................................................................................................................... 435

bword................................................................................................................... 438

dnsbl .................................................................................................................... 440

fortishield ............................................................................................................. 442

iptrust................................................................................................................... 444

mheader............................................................................................................... 445

options ................................................................................................................. 447

profile ................................................................................................................... 448config {imap | imaps | mapi | pop3 | pop3s | smtp | smtps} ........................... 450config {gmail | msn-hotmail | yahoo-mail}...................................................... 451

switch-controller .......................................................................................... 452managed-switch .................................................................................................. 453

vlan....................................................................................................................... 454

system ........................................................................................................... 4553g-modem custom .............................................................................................. 457

accprofile ............................................................................................................. 458

admin ................................................................................................................... 461

amc ...................................................................................................................... 470

arp-table .............................................................................................................. 471

auto-install ........................................................................................................... 472

autoupdate push-update ..................................................................................... 473

autoupdate schedule ........................................................................................... 474

autoupdate tunneling ........................................................................................... 475

aux ....................................................................................................................... 476

bypass ................................................................................................................. 477

central-management............................................................................................ 478

console ................................................................................................................ 480



custom-language................................................................................................. 481

ddns ..................................................................................................................... 482

dedicated-mgmt .................................................................................................. 484

dhcp reserved-address........................................................................................ 485

dhcp server .......................................................................................................... 486

dhcp6 server ........................................................................................................ 491

dns ....................................................................................................................... 493

dns-database....................................................................................................... 494

dns-server............................................................................................................ 497

dscp-based-priority ............................................................................................. 498

elbc ...................................................................................................................... 499

email-server ......................................................................................................... 500

fips-cc .................................................................................................................. 501

fortiguard ............................................................................................................. 502

fortisandbox......................................................................................................... 506

geoip-override...................................................................................................... 507

gi-gk..................................................................................................................... 508

global ................................................................................................................... 509

gre-tunnel............................................................................................................. 530

ha ......................................................................................................................... 531

interface ............................................................................................................... 543

ipip-tunnel ............................................................................................................ 570

ips-urlfilter-dns..................................................................................................... 571

ipv6-neighbor-cache............................................................................................ 572

ipv6-tunnel ........................................................................................................... 573

link-monitor.......................................................................................................... 574

lte-modem............................................................................................................ 576

mac-address-table .............................................................................................. 577

modem................................................................................................................. 578

monitors ............................................................................................................... 583

nat64 .................................................................................................................... 585

netflow ................................................................................................................. 586

network-visibility .................................................................................................. 587

np6....................................................................................................................... 588

npu....................................................................................................................... 592

ntp........................................................................................................................ 593

object-tag............................................................................................................. 594

password-policy .................................................................................................. 595

physical-switch .................................................................................................... 596

port-pair ............................................................................................................... 597



probe-response ................................................................................................... 598

proxy-arp ............................................................................................................. 599

pstn ...................................................................................................................... 600

replacemsg admin ............................................................................................... 602

replacemsg alertmail............................................................................................ 603

replacemsg auth .................................................................................................. 605

replacemsg device-detection-portal.................................................................... 609

replacemsg ec ..................................................................................................... 610

replacemsg fortiguard-wf .................................................................................... 612

replacemsg ftp ..................................................................................................... 614

replacemsg http................................................................................................... 616

replacemsg im ..................................................................................................... 619

replacemsg mail................................................................................................... 621

replacemsg mm1 ................................................................................................. 624

replacemsg mm3 ................................................................................................. 627

replacemsg mm4 ................................................................................................. 629

replacemsg mm7 ................................................................................................. 631

replacemsg-group ............................................................................................... 634

replacemsg-group ............................................................................................... 636

replacemsg-image ............................................................................................... 639

replacemsg nac-quar........................................................................................... 640

replacemsg nntp .................................................................................................. 642

replacemsg spam ................................................................................................ 644

replacemsg sslvpn ............................................................................................... 647

replacemsg traffic-quota ..................................................................................... 648

replacemsg utm ................................................................................................... 649

replacemsg webproxy ......................................................................................... 651

resource-limits ..................................................................................................... 652

session-helper ..................................................................................................... 654

session-sync ........................................................................................................ 656

session-ttl ............................................................................................................ 659

settings ................................................................................................................ 661

sit-tunnel .............................................................................................................. 668

sflow..................................................................................................................... 669

sms-server ........................................................................................................... 670

snmp community ................................................................................................. 671

snmp sysinfo........................................................................................................ 675

snmp user ............................................................................................................ 677

sp ......................................................................................................................... 680

storage................................................................................................................. 682



stp ........................................................................................................................ 683

switch-interface ................................................................................................... 684

tos-based-priority ................................................................................................ 686

vdom-dns............................................................................................................. 687

vdom-link ............................................................................................................. 688

vdom-property ..................................................................................................... 689

vdom-radius-server ............................................................................................. 692

vdom-sflow .......................................................................................................... 693

virtual-switch........................................................................................................ 694

virtual-wan-link .................................................................................................... 695

wccp .................................................................................................................... 698

zone ..................................................................................................................... 701

user ................................................................................................................ 702Configuring users for authentication.................................................................... 703

Configuring users for password authentication............................................. 703Configuring peers for certificate authentication............................................. 703

ban ....................................................................................................................... 704

device................................................................................................................... 707

device-access-list ................................................................................................ 708

device-category ................................................................................................... 709

device-group........................................................................................................ 710

fortitoken.............................................................................................................. 711

fsso ...................................................................................................................... 712

fsso-polling .......................................................................................................... 714

group.................................................................................................................... 716

ldap ...................................................................................................................... 720

local...................................................................................................................... 723

password-policy .................................................................................................. 725

peer...................................................................................................................... 726

peergrp ................................................................................................................ 728

pop3..................................................................................................................... 729

radius ................................................................................................................... 730

security-exempt-list ............................................................................................. 735

setting .................................................................................................................. 736

tacacs+ ................................................................................................................ 738

voip ................................................................................................................ 739profile ................................................................................................................... 740

config sip........................................................................................................ 742config sccp .................................................................................................... 751



vpn ................................................................................................................. 752certificate ca ........................................................................................................ 753

certificate crl ........................................................................................................ 754

certificate local..................................................................................................... 756

certificate ocsp-server ......................................................................................... 758

certificate remote ................................................................................................. 759

certificate setting ................................................................................................. 760

ipsec concentrator ............................................................................................... 761

ipsec forticlient..................................................................................................... 762

ipsec manualkey .................................................................................................. 763

ipsec manualkey-interface................................................................................... 766

ipsec phase1........................................................................................................ 769

ipsec phase1-interface ........................................................................................ 779

ipsec phase2........................................................................................................ 794

ipsec phase2-interface ........................................................................................ 801

l2tp ....................................................................................................................... 810

pptp...................................................................................................................... 812

ssl settings ........................................................................................................... 814

ssl web host-check-software............................................................................... 820

ssl web portal....................................................................................................... 822

ssl web realm....................................................................................................... 830

ssl web user-bookmark ....................................................................................... 831

ssl web virtual-desktop-app-list .......................................................................... 834

wanopt........................................................................................................... 835auth-group ........................................................................................................... 836

peer...................................................................................................................... 837

profile ................................................................................................................... 838

settings ................................................................................................................ 842

ssl-server ............................................................................................................. 843

storage................................................................................................................. 846

webcache............................................................................................................. 847

webfilter......................................................................................................... 850content................................................................................................................. 851

content-header .................................................................................................... 853

fortiguard ............................................................................................................. 854

ftgd-local-cat ....................................................................................................... 856

ftgd-local-rating ................................................................................................... 857

ftgd-warning......................................................................................................... 858

ips-urlfilter-cache-setting..................................................................................... 860

ips-urlfilter-setting................................................................................................ 861



override ................................................................................................................ 862

override-user........................................................................................................ 863

profile ................................................................................................................... 865config ftgd-wf................................................................................................. 869config override ............................................................................................... 871config quota ................................................................................................... 871config web ..................................................................................................... 872

search-engine ...................................................................................................... 873

urlfilter .................................................................................................................. 874

web-proxy ..................................................................................................... 876explicit.................................................................................................................. 877

forward-server ..................................................................................................... 881

forward-server-group........................................................................................... 882

global ................................................................................................................... 883

profile ................................................................................................................... 885

url-match.............................................................................................................. 886

wireless-controller ....................................................................................... 887ap-status.............................................................................................................. 888

global ................................................................................................................... 889

setting .................................................................................................................. 890

timers ................................................................................................................... 891

vap ....................................................................................................................... 892

wids-profile .......................................................................................................... 897

wtp ....................................................................................................................... 900

wtp-profile............................................................................................................ 904

execute .......................................................................................................... 911backup ................................................................................................................. 913

batch.................................................................................................................... 917

bypass-mode....................................................................................................... 918

carrier-license ...................................................................................................... 919

central-mgmt ....................................................................................................... 920

cfg reload............................................................................................................. 921

cfg save................................................................................................................ 922

clear system arp table.......................................................................................... 923

cli check-template-status .................................................................................... 924

cli status-msg-only .............................................................................................. 925

client-reputation................................................................................................... 926

date ...................................................................................................................... 927

disk ...................................................................................................................... 928

disk raid ............................................................................................................... 929



disk scan.............................................................................................................. 930

dhcp lease-clear .................................................................................................. 931

dhcp lease-list...................................................................................................... 932

disconnect-admin-session .................................................................................. 933

enter..................................................................................................................... 934

erase-disk ............................................................................................................ 935

factoryreset .......................................................................................................... 936

factoryreset2 ........................................................................................................ 937

formatlogdisk ....................................................................................................... 938

forticarrier-license ................................................................................................ 939

forticlient .............................................................................................................. 940

FortiClient-NAC.................................................................................................... 941

fortiguard-log ....................................................................................................... 942

fortitoken.............................................................................................................. 943

fortitoken-mobile.................................................................................................. 944

fsso refresh .......................................................................................................... 945

ha disconnect ...................................................................................................... 946

ha ignore-hardware-revision................................................................................ 947

ha manage ........................................................................................................... 948

ha synchronize..................................................................................................... 949

interface dhcpclient-renew .................................................................................. 950

interface pppoe-reconnect .................................................................................. 951

log backup ........................................................................................................... 952

log client-reputation-report.................................................................................. 953

log convert-oldlogs .............................................................................................. 954

log delete-all ........................................................................................................ 955

log delete-oldlogs ................................................................................................ 956

log detail .............................................................................................................. 957

log display............................................................................................................ 958

log downgrade-log............................................................................................... 959

log filter ................................................................................................................ 960

log fortianalyzer test-connectivity........................................................................ 961

log list................................................................................................................... 962

log rebuild-sqldb.................................................................................................. 963

log recreate-sqldb................................................................................................ 964

log-report reset .................................................................................................... 965

log restore............................................................................................................ 966

log roll .................................................................................................................. 967

log shift-time ........................................................................................................ 968

log upload-progress ............................................................................................ 969



modem dial .......................................................................................................... 970

modem hangup.................................................................................................... 971

modem trigger ..................................................................................................... 972

mrouter clear........................................................................................................ 973

netscan ................................................................................................................ 974

pbx....................................................................................................................... 975

ping ...................................................................................................................... 977

ping-options, ping6-options ................................................................................ 978

ping6 .................................................................................................................... 980

policy-packet-capture delete-all.......................................................................... 981

reboot................................................................................................................... 982

report ................................................................................................................... 983

report-config reset ............................................................................................... 984

restore.................................................................................................................. 985

revision................................................................................................................. 989

router clear bfd session ....................................................................................... 990

router clear bgp ................................................................................................... 991

router clear ospf process..................................................................................... 992

router restart ........................................................................................................ 993

send-fds-statistics ............................................................................................... 994

sensor .................................................................................................................. 995

set system session filter....................................................................................... 996

set-next-reboot .................................................................................................... 998

sfp-mode-sgmii.................................................................................................... 999

shutdown ........................................................................................................... 1000

ssh ..................................................................................................................... 1001

sync-session ...................................................................................................... 1002

system custom-language import ....................................................................... 1003

system fortisandbox test-connectivity............................................................... 1004

tac report ........................................................................................................... 1005

telnet .................................................................................................................. 1006

time .................................................................................................................... 1007

traceroute........................................................................................................... 1008

tracert6............................................................................................................... 1009

update-av........................................................................................................... 1010

update-geo-ip .................................................................................................... 1011

update-ips.......................................................................................................... 1012

update-list .......................................................................................................... 1013

update-now........................................................................................................ 1014

update-src-vis.................................................................................................... 1015



upd-vd-license................................................................................................... 1016

upload ................................................................................................................ 1017

usb-device ......................................................................................................... 1018

usb-disk ............................................................................................................. 1019

vpn certificate ca ............................................................................................... 1020

vpn certificate crl ............................................................................................... 1021

vpn certificate local export ................................................................................ 1022

vpn certificate local generate............................................................................. 1023

vpn certificate local import ................................................................................ 1025

vpn certificate remote ........................................................................................ 1026

vpn ipsec tunnel down....................................................................................... 1027

vpn ipsec tunnel up............................................................................................ 1028

vpn sslvpn del-all ............................................................................................... 1029

vpn sslvpn del-tunnel......................................................................................... 1030

vpn sslvpn del-web............................................................................................ 1031

vpn sslvpn list .................................................................................................... 1032

webfilter quota-reset.......................................................................................... 1033

wireless-controller delete-wtp-image ................................................................ 1034

wireless-controller list-wtp-image ..................................................................... 1035

wireless-controller reset-wtp ............................................................................. 1036

wireless-controller restart-acd........................................................................... 1037

wireless-controller restart-wtpd......................................................................... 1038

wireless-controller upload-wtp-image............................................................... 1039

get ................................................................................................................ 1040endpoint-control app-detect ............................................................................. 1041

extender modem-status .................................................................................... 1043

extender sys-info ............................................................................................... 1045

firewall dnstranslation ........................................................................................ 1046

firewall iprope appctrl ........................................................................................ 1047

firewall iprope list ............................................................................................... 1048

firewall proute, proute6...................................................................................... 1049

firewall service custom ...................................................................................... 1050

firewall shaper.................................................................................................... 1051

grep.................................................................................................................... 1052

gui console status.............................................................................................. 1053

gui topology status ............................................................................................ 1054

hardware cpu..................................................................................................... 1055

hardware memory.............................................................................................. 1057

hardware nic ...................................................................................................... 1058

hardware npu..................................................................................................... 1059



hardware status ................................................................................................. 1062

ips decoder status ............................................................................................. 1063

ips rule status..................................................................................................... 1064

ips session ......................................................................................................... 1065

ipsec tunnel........................................................................................................ 1066

ips view-map...................................................................................................... 1067

mgmt-data status .............................................................................................. 1068

netscan settings................................................................................................. 1069

pbx branch-office .............................................................................................. 1070

pbx dialplan ....................................................................................................... 1071

pbx did............................................................................................................... 1072

pbx extension .................................................................................................... 1073

pbx ftgd-voice-pkg ............................................................................................ 1074

pbx global .......................................................................................................... 1075

pbx ringgrp ........................................................................................................ 1076

pbx sip-trunk...................................................................................................... 1077

pbx voice-menu ................................................................................................. 1078

router info bfd neighbor ..................................................................................... 1079

router info bgp ................................................................................................... 1080

router info isis .................................................................................................... 1083

router info kernel ................................................................................................ 1084

router info multicast ........................................................................................... 1085

router info ospf................................................................................................... 1087

router info protocols .......................................................................................... 1089

router info rip ..................................................................................................... 1090

router info routing-table .................................................................................... 1091

router info vrrp ................................................................................................... 1092

router info6 bgp ................................................................................................. 1093

router info6 interface.......................................................................................... 1094

router info6 kernel .............................................................................................. 1095

router info6 ospf................................................................................................. 1096

router info6 protocols ........................................................................................ 1097

router info6 rip ................................................................................................... 1098

router info6 routing-table ................................................................................... 1099

system admin list ............................................................................................... 1100

system admin status.......................................................................................... 1101

system arp ......................................................................................................... 1102

system auto-update........................................................................................... 1103

system central-management ............................................................................. 1104

system checksum.............................................................................................. 1105



system cmdb status .......................................................................................... 1106

system fortianalyzer-connectivity ...................................................................... 1107

system fortiguard-log-service status ................................................................. 1108

system fortiguard-service status ....................................................................... 1109

system ha-nonsync-csum ................................................................................. 1110

system ha status................................................................................................ 1111

system info admin ssh ....................................................................................... 1114

system info admin status................................................................................... 1115

system interface physical .................................................................................. 1116

system mgmt-csum........................................................................................... 1117

system performance firewall .............................................................................. 1118

system performance status ............................................................................... 1119

system performance top.................................................................................... 1120

system session list............................................................................................. 1121

system session status........................................................................................ 1122

system session-helper-info list .......................................................................... 1123

system session-info ........................................................................................... 1124

system source-ip ............................................................................................... 1125

system startup-error-log.................................................................................... 1126

system status..................................................................................................... 1127

test ..................................................................................................................... 1128

user adgrp.......................................................................................................... 1130

vpn ike gateway ................................................................................................. 1131

vpn ipsec tunnel details ..................................................................................... 1132

vpn ipsec tunnel name....................................................................................... 1133

vpn ipsec stats crypto ....................................................................................... 1134

vpn ipsec stats tunnel ........................................................................................ 1135

vpn ssl monitor .................................................................................................. 1136

vpn status l2tp ................................................................................................... 1137

vpn status pptp.................................................................................................. 1138

vpn status ssl ..................................................................................................... 1139

webfilter ftgd-statistics ...................................................................................... 1140

webfilter status................................................................................................... 1142

wireless-controller client-info............................................................................. 1143

wireless-controller rf-analysis ............................................................................ 1144

wireless-controller scan..................................................................................... 1145

wireless-controller status................................................................................... 1146

wireless-controller vap-status ........................................................................... 1147

wireless-controller wlchanlistlic ......................................................................... 1148

wireless-controller wtp-status ........................................................................... 1151



tree............................................................................................................... 1153



Introduction

This document describes FortiOS 5.2 CLI commands used to configure and manage a FortiGate unit from the command line interface (CLI).

How this guide is organized

Most of the chapters in this document describe the commands for each configuration branch of the FortiOS CLI. The command branches and commands are in alphabetical order.

This document also contains the following sections:

Managing Firmware with the FortiGate BIOS describes how to change firmware at the console during FortiGate unit boot-up.

Whats new describes changes to the 5.2 CLI.

config chapters describe the config commands.

execute describes execute commands.

get describes get commands.

tree describes the tree command.

Availability of commands and options

Some FortiOS CLI commands and options are not available on all FortiGate units. The CLI displays an error message if you attempt to enter a command or option that is not available. You can use the question mark ? to verify the commands and options that are available.

Commands and options may not be available for the following reasons:

FortiGate model. All commands are not available on all FortiGate models. For example, low end FortiGate models do not support the aggregate interface type option of the config system interface command.

Hardware configuration. For example, some AMC module commands are only available when an AMC module is installed.

FortiOS Carrier, FortiGate Voice, FortiWiFi etc. Commands for extended functionality are not available on all FortiGate models. The CLI Reference includes commands only available for FortiWiFi units, FortiOS Carrier, and FortiGate Voice units

Page 20

Managing Firmware with the FortiGate BIOS

FortiGate units are shipped with firmware installed. Usually firmware upgrades are performed through the web-based manager or by using the CLI execute restore command. From the console, you can also interrupt the FortiGate units boot-up process to load firmware using the BIOS firmware that is a permanent part of the unit.

Using the BIOS, you can:

view system information

format the boot device

load firmware and reboot (see Loading firmware on page 22)

reboot the FortiGate unit from the backup firmware, which then becomes the default firmware (see Booting the backup firmware on page 23)

Accessing the BIOS

The BIOS menu is available only through direct connection to the FortiGate units Console port. During boot-up, Press any key appears briefly. If you press any keyboard key at this time, boot-up is suspended and the BIOS menu appears. If you are too late, the boot-up process continues as usual.

Navigating the menu

The main BIOS menu looks like this:

[C]: Configure TFTP parameters[R]: Review TFTP paramters[T]: Initiate TFTP firmware transfer[F]: Format boot device[Q]: Quit menu and continue to boot[I]: System Information[B]: Boot with backup firmare and set as default[Q]: Quit menu and continue to boot[H]: Display this list of options

Enter C,R,T,F,I,B,Q,or H:

Typing the bracketed letter selects the option. Input is case-sensitive. Most options present a submenu. An option value in square brackets at the end of the Enter line is the default value which you can enter simply by pressing Return. For example,

Enter image download port number [WAN1]:

In most menus, typing H re-lists the menu options and typing Q returns to the previous menu.

Page 21

Loading firmware

The BIOS can download firmware from a TFTP server that is reachable from a FortiGate unit network interface. You need to know the IP address of the server and the name of the firmware file to download.

The downloaded firmware can be saved as either the default or backup firmware. It is also possible to boot the downloaded firmware without saving it.

Configuring TFTP parameters

Starting from the main BIOS menu

[C]: Configure TFTP parameters.

Selecting the VLAN (if VLANs are used)

[V]: Set local VLAN ID.

Choose port and whether to use DHCP

[P]: Set firmware download port.

The options listed depend on the FortiGate model. Choose the network interface through which the TFTP server can be reached. For example:

[0]: Any of port 1 - 7[1]: W

Documents

FortiOS™ - dewaele.orgdewaele.org/~robbe/fortigate-cli-52.pdfHow this guide is organized ... Managing Firmware with the FortiGate BIOS ... config admin-distance