Fortigate Cli 52

FortiOS CLI Reference for FortiOS 5.2

FortiOS CLI Reference for FortiOS 5.2

May 14, 2015

01-522-99686-20150514

Copyright 2015 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

Technical Documentation docs.fortinet.com

Knowledge Base kb.fortinet.com

Customer Service & Support support.fortinet.com

Training Services training.fortinet.com

FortiGuard fortiguard.com

Document Feedback [email protected]

ContentsIntroduction..................................................................................................... 20

How this guide is organized............................................................................. 20Availability of commands and options ............................................................. 20

Managing Firmware with the FortiGate BIOS.............................................. 21Accessing the BIOS............................................................................................... 21

Navigating the menu ........................................................................................ 21

Loading firmware ................................................................................................... 22Configuring TFTP parameters.......................................................................... 22Initiating TFTP firmware transfer ...................................................................... 23

Booting the backup firmware ................................................................................ 23

Whats new...................................................................................................... 24

alertemail......................................................................................................... 38setting .................................................................................................................... 39

antivirus........................................................................................................... 43heuristic ................................................................................................................. 44

mms-checksum ..................................................................................................... 45

notification ............................................................................................................. 46

profile ..................................................................................................................... 47config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp |

smtps | nntp}.................................................................................................. 48config nac-quar................................................................................................ 49

quarantine .............................................................................................................. 50

settings .................................................................................................................. 53

application....................................................................................................... 54custom ................................................................................................................... 55

list........................................................................................................................... 56

name ...................................................................................................................... 59

dlp .................................................................................................................... 60filepattern ............................................................................................................... 61

fp-doc-source ........................................................................................................ 63

fp-sensitivity........................................................................................................... 65

sensor .................................................................................................................... 66

settings .................................................................................................................. 68

endpoint-control............................................................................................. 69forticlient-registration-sync.................................................................................... 70

profile ..................................................................................................................... 71

settings .................................................................................................................. 76Fortinet Technologies Inc. Page 3 FortiOS - CLI Reference for FortiOS 5.2

extender-controller ........................................................................................ 77extender ................................................................................................................. 78

firewall ............................................................................................................. 80address, address6 ................................................................................................. 81

addrgrp, addrgrp6 ................................................................................................. 84

auth-portal ............................................................................................................. 85

carrier-endpoint-bwl .............................................................................................. 86

carrier-endpoint-ip-filter......................................................................................... 88

central-nat.............................................................................................................. 89

dnstranslation ........................................................................................................ 90

DoS-policy, DoS-policy6 ....................................................................................... 91

explicit-proxy-policy .............................................................................................. 93

gtp........................................................................................................................ 100

identity-based-route ............................................................................................ 116

interface-policy .................................................................................................... 117

interface-policy6 .................................................................................................. 119

ipmacbinding setting ........................................................................................... 121

ipmacbinding table .............................................................................................. 122

ippool, ippool6 ..................................................................................................... 123

ip-translation ........................................................................................................ 125

ipv6-eh-filter......................................................................................................... 126

ldb-monitor .......................................................................................................... 127

local-in-policy, local-in-policy6............................................................................ 129

mms-profile.......................................................................................................... 130config dupe {mm1 | mm4}.............................................................................. 137config flood {mm1 | mm4}.............................................................................. 139config log ....................................................................................................... 140config notification {alert-dupe-1 | alert-flood-1 | mm1 | mm3 | mm4 | mm7}. 140config notif-msisdn ........................................................................................ 144

multicast-address ................................................................................................ 145

multicast-policy.................................................................................................... 147

policy, policy6 ...................................................................................................... 149

policy46, policy64 ................................................................................................ 162

profile-group ........................................................................................................ 165

profile-protocol-options....................................................................................... 167config http...................................................................................................... 169config ftp ........................................................................................................ 171config dns ...................................................................................................... 172config imap .................................................................................................... 173config mapi .................................................................................................... 174config pop3.................................................................................................... 174config smtp .................................................................................................... 175Fortinet Technologies Inc. Page 4 FortiOS - CLI Reference for FortiOS 5.2

config nntp ..................................................................................................... 177config mail-signature ..................................................................................... 178

schedule onetime................................................................................................. 179

schedule recurring ............................................................................................... 180

schedule group .................................................................................................... 181

service category................................................................................................... 182

service custom..................................................................................................... 183

service group ....................................................................................................... 187

shaper per-ip-shaper ........................................................................................... 188

shaper traffic-shaper............................................................................................ 190

sniffer ................................................................................................................... 191

ssl setting............................................................................................................. 194

ssl-ssh-profile ...................................................................................................... 195config {ftps | https | imaps | pop3s | smtps}................................................... 196config ssh....................................................................................................... 197config ssl ........................................................................................................ 197config ssl-exempt .......................................................................................... 198config ssl-server............................................................................................. 198

ttl-policy ............................................................................................................... 200

vip ........................................................................................................................ 201

vip46 .................................................................................................................... 221

vip6 ...................................................................................................................... 223

vip64 .................................................................................................................... 225

vipgrp ................................................................................................................... 227

vipgrp46............................................................................................................... 228

vipgrp64............................................................................................................... 229

ftp-proxy........................................................................................................ 230explicit.................................................................................................................. 231

gui .................................................................................................................. 232console ................................................................................................................ 233

icap ................................................................................................................ 234profile ................................................................................................................... 235

server ................................................................................................................... 236

ips................................................................................................................... 237custom ................................................................................................................. 238

decoder................................................................................................................ 239

global ................................................................................................................... 240

rule ....................................................................................................................... 242

sensor .................................................................................................................. 243

setting .................................................................................................................. 248Fortinet Technologies Inc. Page 5 FortiOS - CLI Reference for FortiOS 5.2

log .................................................................................................................. 249custom-field ......................................................................................................... 250

disk filter............................................................................................................... 251

disk setting........................................................................................................... 253

eventfilter ............................................................................................................. 257

fortianalyzer filter.................................................................................................. 258

{fortianalyzer | syslogd} override-filter ................................................................. 260

fortianalyzer override-setting ............................................................................... 261

fortianalyzer setting.............................................................................................. 262

fortiguard filter...................................................................................................... 265

fortiguard setting.................................................................................................. 267

gui-display ........................................................................................................... 268

memory filter ........................................................................................................ 269

memory setting .................................................................................................... 271

memory global-setting......................................................................................... 272

setting .................................................................................................................. 273

syslogd filter......................................................................................................... 275

syslogd override-setting ...................................................................................... 277

{syslogd | syslogd2 | syslogd3} setting................................................................ 279

threat-weight........................................................................................................ 281

webtrends filter .................................................................................................... 283

webtrends setting ................................................................................................ 285

netscan.......................................................................................................... 286assets................................................................................................................... 287

settings ................................................................................................................ 289

pbx ................................................................................................................. 291dialplan................................................................................................................. 292

did ........................................................................................................................ 294

extension.............................................................................................................. 295

global ................................................................................................................... 297

ringgrp.................................................................................................................. 299

voice-menu .......................................................................................................... 300

sip-trunk............................................................................................................... 301

report ............................................................................................................. 303chart ..................................................................................................................... 304

dataset ................................................................................................................. 309

layout ................................................................................................................... 310

setting .................................................................................................................. 315

style...................................................................................................................... 316

summary .............................................................................................................. 320Fortinet Technologies Inc. Page 6 FortiOS - CLI Reference for FortiOS 5.2

theme ................................................................................................................... 321

router ............................................................................................................. 324access-list, access-list6....................................................................................... 325

aspath-list ............................................................................................................ 327

auth-path ............................................................................................................. 328

bfd........................................................................................................................ 329

bgp....................................................................................................................... 330config router bgp ........................................................................................... 334config admin-distance ................................................................................... 338config aggregate-address, config aggregate-address6 ................................ 338config neighbor .............................................................................................. 339config network, config network6 ................................................................... 348config redistribute, config redistribute6 ......................................................... 349

community-list ..................................................................................................... 351

isis........................................................................................................................ 353config isis-interface........................................................................................ 357config isis-net................................................................................................. 358config redistribute {bgp | connected | ospf | rip | static} ................................ 358config summary-address ............................................................................... 359

key-chain ............................................................................................................. 360

multicast .............................................................................................................. 362Sparse mode.................................................................................................. 362Dense mode................................................................................................... 363config router multicast ................................................................................... 366config interface .............................................................................................. 367config pim-sm-global..................................................................................... 370

multicast6 ............................................................................................................ 375

multicast-flow ...................................................................................................... 376

ospf ...................................................................................................................... 377config router ospf........................................................................................... 380config area ..................................................................................................... 382config distribute-list ....................................................................................... 387config neighbor .............................................................................................. 388config network ............................................................................................... 389config ospf-interface...................................................................................... 390config redistribute .......................................................................................... 393config summary-address ............................................................................... 394

ospf6 .................................................................................................................... 395

policy, policy6 ...................................................................................................... 401

prefix-list, prefix-list6 ........................................................................................... 405

rip ......................................................................................................................... 407config router rip.............................................................................................. 408config distance............................................................................................... 410Fortinet Technologies Inc. Page 7 FortiOS - CLI Reference for FortiOS 5.2

config distribute-list ....................................................................................... 410config interface .............................................................................................. 411config neighbor .............................................................................................. 413config network ............................................................................................... 414config offset-list ............................................................................................. 414config redistribute .......................................................................................... 415

ripng..................................................................................................................... 416config distance............................................................................................... 418

route-map ............................................................................................................ 422Using route maps with BGP .......................................................................... 424

setting .................................................................................................................. 429

static .................................................................................................................... 430

static6 .................................................................................................................. 432

spamfilter ...................................................................................................... 433bwl ....................................................................................................................... 434

bword................................................................................................................... 437

dnsbl .................................................................................................................... 439

fortishield ............................................................................................................. 441

iptrust................................................................................................................... 443

mheader............................................................................................................... 444

options ................................................................................................................. 446

profile ................................................................................................................... 447config {imap | imaps | mapi | pop3 | pop3s | smtp | smtps} ........................... 449config {gmail | msn-hotmail | yahoo-mail}...................................................... 450

switch-controller .......................................................................................... 451managed-switch .................................................................................................. 452

vlan....................................................................................................................... 453

system ........................................................................................................... 4543g-modem custom .............................................................................................. 456

accprofile ............................................................................................................. 457

admin ................................................................................................................... 460

amc ...................................................................................................................... 469

arp-table .............................................................................................................. 470

auto-install ........................................................................................................... 471

autoupdate push-update ..................................................................................... 472

autoupdate schedule ........................................................................................... 473

autoupdate tunneling ........................................................................................... 474

aux ....................................................................................................................... 475

bypass ................................................................................................................. 476

central-management............................................................................................ 477

console ................................................................................................................ 479Fortinet Technologies Inc. Page 8 FortiOS - CLI Reference for FortiOS 5.2

custom-language................................................................................................. 480

ddns ..................................................................................................................... 481

dedicated-mgmt .................................................................................................. 483

dhcp reserved-address........................................................................................ 484

dhcp server .......................................................................................................... 485

dhcp6 server ........................................................................................................ 491

dns ....................................................................................................................... 493

dns-database....................................................................................................... 494

dns-server............................................................................................................ 497

dscp-based-priority ............................................................................................. 498

elbc ...................................................................................................................... 499

email-server ......................................................................................................... 500

fips-cc .................................................................................................................. 501

fortiguard ............................................................................................................. 502

fortisandbox......................................................................................................... 506

geoip-override...................................................................................................... 507

gi-gk..................................................................................................................... 508

global ................................................................................................................... 509

gre-tunnel............................................................................................................. 530

ha ......................................................................................................................... 531

interface ............................................................................................................... 543

ipip-tunnel ............................................................................................................ 570

ips-urlfilter-dns..................................................................................................... 571

ipv6-neighbor-cache............................................................................................ 572

ipv6-tunnel ........................................................................................................... 573

link-monitor.......................................................................................................... 574

lte-modem............................................................................................................ 575

mac-address-table .............................................................................................. 576

modem................................................................................................................. 577

monitors ............................................................................................................... 582

nat64 .................................................................................................................... 584

netflow ................................................................................................................. 585

network-visibility .................................................................................................. 586

np6....................................................................................................................... 587

npu....................................................................................................................... 591

ntp........................................................................................................................ 592

object-tag............................................................................................................. 593

password-policy .................................................................................................. 594

physical-switch .................................................................................................... 595

port-pair ............................................................................................................... 596Fortinet Technologies Inc. Page 9 FortiOS - CLI Reference for FortiOS 5.2

probe-response ................................................................................................... 597

proxy-arp ............................................................................................................. 598

pstn ...................................................................................................................... 599

replacemsg admin ............................................................................................... 601

replacemsg alertmail............................................................................................ 602

replacemsg auth .................................................................................................. 604

replacemsg device-detection-portal.................................................................... 608

replacemsg ec ..................................................................................................... 609

replacemsg fortiguard-wf .................................................................................... 611

replacemsg ftp ..................................................................................................... 613

replacemsg http................................................................................................... 615

replacemsg im ..................................................................................................... 618

replacemsg mail................................................................................................... 620

replacemsg mm1 ................................................................................................. 623

replacemsg mm3 ................................................................................................. 626

replacemsg mm4 ................................................................................................. 628

replacemsg mm7 ................................................................................................. 630

replacemsg-group ............................................................................................... 633

replacemsg-group ............................................................................................... 635

replacemsg-image ............................................................................................... 638

replacemsg nac-quar........................................................................................... 639

replacemsg nntp .................................................................................................. 641

replacemsg spam ................................................................................................ 643

replacemsg sslvpn ............................................................................................... 646

replacemsg traffic-quota ..................................................................................... 647

replacemsg utm ................................................................................................... 648

replacemsg webproxy ......................................................................................... 650

resource-limits ..................................................................................................... 651

session-helper ..................................................................................................... 653

session-sync ........................................................................................................ 655

session-ttl ............................................................................................................ 658

settings ................................................................................................................ 660

sit-tunnel .............................................................................................................. 667

sflow..................................................................................................................... 668

sms-server ........................................................................................................... 669

snmp community ................................................................................................. 670

snmp sysinfo........................................................................................................ 674

snmp user ............................................................................................................ 676

sp ......................................................................................................................... 679

storage................................................................................................................. 681Fortinet Technologies Inc. Page 10 FortiOS - CLI Reference for FortiOS 5.2

stp ........................................................................................................................ 682

switch-interface ................................................................................................... 683

tos-based-priority ................................................................................................ 685

vdom-dns............................................................................................................. 686

vdom-link ............................................................................................................. 687

vdom-property ..................................................................................................... 688

vdom-radius-server ............................................................................................. 691

vdom-sflow .......................................................................................................... 692

virtual-switch........................................................................................................ 693

virtual-wan-link .................................................................................................... 694

wccp .................................................................................................................... 697

zone ..................................................................................................................... 700

user ................................................................................................................ 701Configuring users for authentication.................................................................... 702

Configuring users for password authentication............................................. 702Configuring peers for certificate authentication............................................. 702

ban ....................................................................................................................... 703

device................................................................................................................... 706

device-access-list ................................................................................................ 707

device-category ................................................................................................... 708

device-group........................................................................................................ 709

fortitoken.............................................................................................................. 710

fsso ...................................................................................................................... 711

fsso-polling .......................................................................................................... 713

group.................................................................................................................... 715

ldap ...................................................................................................................... 719

local...................................................................................................................... 722

password-policy .................................................................................................. 724

peer...................................................................................................................... 725

peergrp ................................................................................................................ 727

pop3..................................................................................................................... 728

radius ................................................................................................................... 729

security-exempt-list ............................................................................................. 734

setting .................................................................................................................. 735

tacacs+ ................................................................................................................ 737

voip ................................................................................................................ 738profile ................................................................................................................... 739

config sip........................................................................................................ 741config sccp .................................................................................................... 750Fortinet Technologies Inc. Page 11 FortiOS - CLI Reference for FortiOS 5.2

vpn ................................................................................................................. 751certificate ca ........................................................................................................ 752

certificate crl ........................................................................................................ 753

certificate local..................................................................................................... 755

certificate ocsp-server ......................................................................................... 757

certificate remote ................................................................................................. 758

certificate setting ................................................................................................. 759

ipsec concentrator ............................................................................................... 760

ipsec forticlient..................................................................................................... 761

ipsec manualkey .................................................................................................. 762

ipsec manualkey-interface................................................................................... 765

ipsec phase1........................................................................................................ 768

ipsec phase1-interface ........................................................................................ 778

ipsec phase2........................................................................................................ 793

ipsec phase2-interface ........................................................................................ 800

l2tp ....................................................................................................................... 809

pptp...................................................................................................................... 811

ssl settings ........................................................................................................... 813

ssl web host-check-software............................................................................... 819

ssl web portal....................................................................................................... 821

ssl web realm....................................................................................................... 829

ssl web user-bookmark ....................................................................................... 830

ssl web virtual-desktop-app-list .......................................................................... 833

wanopt........................................................................................................... 834auth-group ........................................................................................................... 835

peer...................................................................................................................... 836

profile ................................................................................................................... 837

settings ................................................................................................................ 841

ssl-server ............................................................................................................. 842

storage................................................................................................................. 845

webcache............................................................................................................. 846

webfilter......................................................................................................... 849content................................................................................................................. 850

content-header .................................................................................................... 852

fortiguard ............................................................................................................. 853

ftgd-local-cat ....................................................................................................... 855

ftgd-local-rating ................................................................................................... 856

ftgd-warning......................................................................................................... 857

ips-urlfilter-cache-setting..................................................................................... 859

ips-urlfilter-setting................................................................................................ 860Fortinet Technologies Inc. Page 12 FortiOS - CLI Reference for FortiOS 5.2

override ................................................................................................................ 861

override-user........................................................................................................ 862

profile ................................................................................................................... 864config ftgd-wf................................................................................................. 868config override ............................................................................................... 870config quota ................................................................................................... 870config web ..................................................................................................... 871

search-engine ...................................................................................................... 872

urlfilter .................................................................................................................. 873

web-proxy ..................................................................................................... 875explicit.................................................................................................................. 876

forward-server ..................................................................................................... 880

forward-server-group........................................................................................... 881

global ................................................................................................................... 882

profile ................................................................................................................... 884

url-match.............................................................................................................. 885

wireless-controller ....................................................................................... 886ap-status.............................................................................................................. 887

global ................................................................................................................... 888

setting .................................................................................................................. 889

timers ................................................................................................................... 890

vap ....................................................................................................................... 891

wids-profile .......................................................................................................... 896

wtp ....................................................................................................................... 899

wtp-profile............................................................................................................ 903

execute .......................................................................................................... 910backup ................................................................................................................. 912

batch.................................................................................................................... 916

bypass-mode....................................................................................................... 917

carrier-license ...................................................................................................... 918

central-mgmt ....................................................................................................... 919

cfg reload............................................................................................................. 920

cfg save................................................................................................................ 921

clear system arp table.......................................................................................... 922

cli check-template-status .................................................................................... 923

cli status-msg-only .............................................................................................. 924

client-reputation................................................................................................... 925

date ...................................................................................................................... 926

disk ...................................................................................................................... 927

disk raid ............................................................................................................... 928Fortinet Technologies Inc. Page 13 FortiOS - CLI Reference for FortiOS 5.2

disk scan.............................................................................................................. 929

dhcp lease-clear .................................................................................................. 930

dhcp lease-list...................................................................................................... 931

disconnect-admin-session .................................................................................. 932

enter..................................................................................................................... 933

erase-disk ............................................................................................................ 934

factoryreset .......................................................................................................... 935

factoryreset2 ........................................................................................................ 936

formatlogdisk ....................................................................................................... 937

forticarrier-license ................................................................................................ 938

forticlient .............................................................................................................. 939

FortiClient-NAC.................................................................................................... 940

fortiguard-log ....................................................................................................... 941

fortitoken.............................................................................................................. 942

fortitoken-mobile.................................................................................................. 943

fsso refresh .......................................................................................................... 944

ha disconnect ...................................................................................................... 945

ha ignore-hardware-revision................................................................................ 946

ha manage ........................................................................................................... 947

ha synchronize..................................................................................................... 948

interface dhcpclient-renew .................................................................................. 949

interface pppoe-reconnect .................................................................................. 950

log backup ........................................................................................................... 951

log client-reputation-report.................................................................................. 952

log convert-oldlogs .............................................................................................. 953

log delete-all ........................................................................................................ 954

log delete-oldlogs ................................................................................................ 955

log detail .............................................................................................................. 956

log display............................................................................................................ 957

log downgrade-log............................................................................................... 958

log filter ................................................................................................................ 959

log fortianalyzer test-connectivity........................................................................ 960

log list................................................................................................................... 961

log rebuild-sqldb.................................................................................................. 962

log recreate-sqldb................................................................................................ 963

log-report reset .................................................................................................... 964

log restore............................................................................................................ 965

log roll .................................................................................................................. 966

log shift-time ........................................................................................................ 967

log upload-progress ............................................................................................ 968Fortinet Technologies Inc. Page 14 FortiOS - CLI Reference for FortiOS 5.2

modem dial .......................................................................................................... 969

modem hangup.................................................................................................... 970

modem trigger ..................................................................................................... 971

mrouter clear........................................................................................................ 972

netscan ................................................................................................................ 973

pbx....................................................................................................................... 974

ping ...................................................................................................................... 976

ping-options, ping6-options ................................................................................ 977

ping6 .................................................................................................................... 979

policy-packet-capture delete-all.......................................................................... 980

reboot................................................................................................................... 981

report ................................................................................................................... 982

report-config reset ............................................................................................... 983

restore.................................................................................................................. 984

revision................................................................................................................. 988

router clear bfd session ....................................................................................... 989

router clear bgp ................................................................................................... 990

router clear ospf process..................................................................................... 991

router restart ........................................................................................................ 992

send-fds-statistics ............................................................................................... 993

sensor .................................................................................................................. 994

set system session filter....................................................................................... 995

set-next-reboot .................................................................................................... 997

sfp-mode-sgmii.................................................................................................... 998

shutdown ............................................................................................................. 999

ssh ..................................................................................................................... 1000

sync-session ...................................................................................................... 1001

system custom-language import ....................................................................... 1002

system fortisandbox test-connectivity............................................................... 1003

tac report ........................................................................................................... 1004

telnet .................................................................................................................. 1005

time .................................................................................................................... 1006

traceroute........................................................................................................... 1007

tracert6............................................................................................................... 1008

update-av........................................................................................................... 1009

update-geo-ip .................................................................................................... 1010

update-ips.......................................................................................................... 1011

update-list .......................................................................................................... 1012

update-now........................................................................................................ 1013

update-src-vis.................................................................................................... 1014Fortinet Technologies Inc. Page 15 FortiOS - CLI Reference for FortiOS 5.2

upd-vd-license................................................................................................... 1015

upload ................................................................................................................ 1016

usb-device ......................................................................................................... 1017

usb-disk ............................................................................................................. 1018

vpn certificate ca ............................................................................................... 1019

vpn certificate crl ............................................................................................... 1020

vpn certificate local export ................................................................................ 1021

vpn certificate local generate............................................................................. 1022

vpn certificate local import ................................................................................ 1024

vpn certificate remote ........................................................................................ 1025

vpn ipsec tunnel down....................................................................................... 1026

vpn ipsec tunnel up............................................................................................ 1027

vpn sslvpn del-all ............................................................................................... 1028

vpn sslvpn del-tunnel......................................................................................... 1029

vpn sslvpn del-web............................................................................................ 1030

vpn sslvpn list .................................................................................................... 1031

webfilter quota-reset.......................................................................................... 1032

wireless-controller delete-wtp-image ................................................................ 1033

wireless-controller list-wtp-image ..................................................................... 1034

wireless-controller reset-wtp ............................................................................. 1035

wireless-controller restart-acd........................................................................... 1036

wireless-controller restart-wtpd......................................................................... 1037

wireless-controller upload-wtp-image............................................................... 1038

get ................................................................................................................ 1039endpoint-control app-detect ............................................................................. 1040

extender modem-status .................................................................................... 1042

extender sys-info ............................................................................................... 1044

firewall dnstranslation ........................................................................................ 1045

firewall iprope appctrl ........................................................................................ 1046

firewall iprope list ............................................................................................... 1047

firewall proute, proute6...................................................................................... 1048

firewall service custom ...................................................................................... 1049

firewall shaper.................................................................................................... 1050

grep.................................................................................................................... 1051

gui console status.............................................................................................. 1052

gui topology status ............................................................................................ 1053

hardware cpu..................................................................................................... 1054

hardware memory.............................................................................................. 1056

hardware nic ...................................................................................................... 1057

hardware npu..................................................................................................... 1058Fortinet Technologies Inc. Page 16 FortiOS - CLI Reference for FortiOS 5.2

hardware status ................................................................................................. 1061

ips decoder status ............................................................................................. 1062

ips rule status..................................................................................................... 1063

ips session ......................................................................................................... 1064

ipsec tunnel........................................................................................................ 1065

ips view-map...................................................................................................... 1066

mgmt-data status .............................................................................................. 1067

netscan settings................................................................................................. 1068

pbx branch-office .............................................................................................. 1069

pbx dialplan ....................................................................................................... 1070

pbx did............................................................................................................... 1071

pbx extension .................................................................................................... 1072

pbx ftgd-voice-pkg ............................................................................................ 1073

pbx global .......................................................................................................... 1074

pbx ringgrp ........................................................................................................ 1075

pbx sip-trunk...................................................................................................... 1076

pbx voice-menu ................................................................................................. 1077

router info bfd neighbor ..................................................................................... 1078

router info bgp ................................................................................................... 1079

router info isis .................................................................................................... 1082

router info kernel ................................................................................................ 1083

router info multicast ........................................................................................... 1084

router info ospf................................................................................................... 1086

router info protocols .......................................................................................... 1088

router info rip ..................................................................................................... 1089

router info routing-table .................................................................................... 1090

router info vrrp ................................................................................................... 1091

router info6 bgp ................................................................................................. 1092

router info6 interface.......................................................................................... 1093

router info6 kernel .............................................................................................. 1094

router info6 ospf................................................................................................. 1095

router info6 protocols ........................................................................................ 1096

router info6 rip ................................................................................................... 1097

router info6 routing-table ................................................................................... 1098

system admin list ............................................................................................... 1099

system admin status.......................................................................................... 1100

system arp ......................................................................................................... 1101

system auto-update........................................................................................... 1102

system central-management ............................................................................. 1103

system checksum.............................................................................................. 1104Fortinet Technologies Inc. Page 17 FortiOS - CLI Reference for FortiOS 5.2

system cmdb status .......................................................................................... 1105

system fortianalyzer-connectivity ...................................................................... 1106

system fortiguard-log-service status ................................................................. 1107

system fortiguard-service status ....................................................................... 1108

system ha-nonsync-csum ................................................................................. 1109

system ha status................................................................................................ 1110

system info admin ssh ....................................................................................... 1113

system info admin status................................................................................... 1114

system interface physical .................................................................................. 1115

system mgmt-csum........................................................................................... 1116

system performance firewall .............................................................................. 1117

system performance status ............................................................................... 1118

system performance top.................................................................................... 1119

system session list............................................................................................. 1120

system session status........................................................................................ 1121

system session-helper-info list .......................................................................... 1122

system session-info ........................................................................................... 1123

system source-ip ............................................................................................... 1124

system startup-error-log.................................................................................... 1125

system status..................................................................................................... 1126

test ..................................................................................................................... 1127

user adgrp.......................................................................................................... 1129

vpn ike gateway ................................................................................................. 1130

vpn ipsec tunnel details ..................................................................................... 1131

vpn ipsec tunnel name....................................................................................... 1132

vpn ipsec stats crypto ....................................................................................... 1133

vpn ipsec stats tunnel ........................................................................................ 1134

vpn ssl monitor .................................................................................................. 1135

vpn status l2tp ................................................................................................... 1136

vpn status pptp.................................................................................................. 1137

vpn status ssl ..................................................................................................... 1138

webfilter ftgd-statistics ...................................................................................... 1139

webfilter status................................................................................................... 1141

wireless-controller client-info............................................................................. 1142

wireless-controller rf-analysis ............................................................................ 1143

wireless-controller scan..................................................................................... 1144

wireless-controller status................................................................................... 1145

wireless-controller vap-status ........................................................................... 1146

wireless-controller wlchanlistlic ......................................................................... 1147

wireless-controller wtp-status ........................................................................... 1150Fortinet Technologies Inc. Page 18 FortiOS - CLI Reference for FortiOS 5.2

tree............................................................................................................... 1152Fortinet Technologies Inc. Page 19 FortiOS - CLI Reference for FortiOS 5.2

Introduction

This document describes FortiOS 5.2 CLI commands used to configure and manage a FortiGate unit from the command line interface (CLI).

How this guide is organized

Most of the chapters in this document describe the commands for each configuration branch of the FortiOS CLI. The command branches and commands are in alphabetical order.

This document also contains the following sections:

Managing Firmware with the FortiGate BIOS describes how to change firmware at the console during FortiGate unit boot-up.

Whats new describes changes to the 5.2 CLI.

config chapters describe the config commands.

execute describes execute commands.

get describes get commands.

tree describes the tree command.

Availability of commands and options

Some FortiOS CLI commands and options are not available on all FortiGate units. The CLI displays an error message if you attempt to enter a command or option that is not available. You can use the question mark ? to verify the commands and options that are available.

Commands and options may not be available for the following reasons:

FortiGate model. All commands are not available on all FortiGate models. For example, low end FortiGate models do not support the aggregate interface type option of the config system interface command.

Hardware configuration. For example, some AMC module commands are only available when an AMC module is installed.

FortiOS Carrier, FortiGate Voice, FortiWiFi etc. Commands for extended functionality are not available on all FortiGate models. The CLI Reference includes commands only available for FortiWiFi units, FortiOS Carrier, and FortiGate Voice unitsPage 20

which you can enter simply by pressing Return. For example,

Enter image download port number [WAN1]:In most menus, typing H re-lists the menu options and typing Q returns to the previous menu.Managing Firmware with the FortiGate BIOS

FortiGate units are shipped with firmware installed. Usually firmware upgrades are performed through the web-based manager or by using the CLI execute restore command. From the console, you can also interrupt the FortiGate units boot-up process to load firmware using the BIOS firmware that is a permanent part of the unit.

Using the BIOS, you can:

view system information

format the boot device

load firmware and reboot (see Loading firmware on page 22)

reboot the FortiGate unit from the backup firmware, which then becomes the default firmware (see Booting the backup firmware on page 23)

Accessing the BIOS

The BIOS menu is available only through direct connection to the FortiGate units Console port. During boot-up, Press any key appears briefly. If you press any keyboard key at this time, boot-up is suspended and the BIOS menu appears. If you are too late, the boot-up process continues as usual.

Navigating the menu

The main BIOS menu looks like this:

[C]: Configure TFTP parameters[R]: Review TFTP paramters[T]: Initiate TFTP firmware transfer[F]: Format boot device[Q]: Quit menu and continue to boot[I]: System Information[B]: Boot with backup firmare and set as default[Q]: Quit menu and continue to boot[H]: Display this list of options

Enter C,R,T,F,I,B,Q,or H:Typing the bracketed letter selects the option. Input is case-sensitive. Most options present a submenu. An option value in square brackets at the end of the Enter line is the default value Page 21

Loading firmware

The BIOS can download firmware from a TFTP server that is reachable from a FortiGate unit network interface. You need to know the IP address of the server and the name of the firmware file to download.

The downloaded firmware can be saved as either the default or backup firmware. It is also possible to boot the downloaded firmware without saving it.

Configuring TFTP parameters

Starting from the main BIOS menu

[C]: Configure TFTP parameters.

Selecting the VLAN (if VLANs are used)

[V]: Set local VLAN ID.

Choose port and whether to use DHCP

[P]: Set firmware download port.The options listed depend on the FortiGate model. Choose the network interface through which the TFTP server can be reached. For example:

[0]: Any of port 1 - 7[1]: WAN1[2]: WAN2Enter image download port number [WAN1]:

[D]: Set DHCP mode.Please select DHCP setting[1]: Enable DHCP[2]: Disable DHCP

If there is a DHCP server on the network, select [1]. This simplifies configuration. Otherwise, select [2].

Non-DHCP steps

[I]: Set local IP address.Enter local IP address [192.168.1.188]:

This is a temporary IP address for the FortiGate unit network interface. Use a unique address on the same subnet to which the network interface connects. [S]: Set local subnet mask.

Enter local subnet mask [255.255.252.0]:[G]: Set local gateway.

The local gateway IP address is needed if the TFTP server is on a different subnet than the one to which the FortiGate unit is connected.

TFTP and filename

[T]: Set remote TFTP server IP address.Enter remote TFTP server IP address [192.168.1.145]:

[F]: Set firmwa

Documents

Fortigate Cli 52