FortiGate CLI Reference - BENEICKE EDV … · Fortinet Technologies Inc. Page 5 FortiOS™ - CLI Reference for FortiOS 5.0 policy46, policy64..... 186

FortiOS™ CLI Reference for FortiOS 5.0

FortiOS™ CLI Reference for FortiOS 5.0

August 31, 2016

01-509-99686-20160831

Copyright© 2016 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

Technical Documentation docs.fortinet.com

Knowledge Base kb.fortinet.com

Customer Service & Support support.fortinet.com

Training Services training.fortinet.com

FortiGuard fortiguard.com

Document Feedback [email protected]

http://docs.fortinet.comhttp://kb.fortinet.comhttps://support.fortinet.comhttp://training.fortinet.comhttp://www.fortiguard.com/mailto:[email protected]?Subject=Technical%20Documentation%20Feedback

Contents

Introduction..................................................................................................... 19How this guide is organized............................................................................. 19Availability of commands and options............................................................. 19

Managing Firmware with the FortiGate BIOS.............................................. 20Accessing the BIOS............................................................................................... 20

Navigating the menu........................................................................................ 20

Loading firmware ................................................................................................... 21Configuring TFTP parameters.......................................................................... 21Initiating TFTP firmware transfer...................................................................... 22

Booting the backup firmware ................................................................................ 22

What’s new...................................................................................................... 23

alertemail......................................................................................................... 55setting .................................................................................................................... 56

antivirus........................................................................................................... 60heuristic ................................................................................................................. 61

mms-checksum ..................................................................................................... 62

notification ............................................................................................................. 63

profile ..................................................................................................................... 64config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp |

smtps | nntp | im} ........................................................................................... 65config nac-quar................................................................................................ 66

quarantine .............................................................................................................. 67

service.................................................................................................................... 70

settings .................................................................................................................. 71

application....................................................................................................... 72custom ................................................................................................................... 73

list .......................................................................................................................... 74

name ...................................................................................................................... 78

client-reputation ............................................................................................. 79profile ..................................................................................................................... 80

dlp .................................................................................................................... 82filepattern ............................................................................................................... 83

fp-doc-source ........................................................................................................ 85

fp-sensitivity........................................................................................................... 87

sensor .................................................................................................................... 88

settings .................................................................................................................. 90

Page 3

endpoint-control............................................................................................. 91forticlient-registration-sync.................................................................................... 92

profile ..................................................................................................................... 93

settings .................................................................................................................. 98

firewall ............................................................................................................. 99address, address6 ............................................................................................... 100

addrgrp, addrgrp6 ............................................................................................... 103

auth-portal ........................................................................................................... 104

carrier-endpoint-bwl ............................................................................................ 105

carrier-endpoint-ip-filter....................................................................................... 107

central-nat............................................................................................................ 108

deep-inspection-options ..................................................................................... 109config ftps ...................................................................................................... 110config https .................................................................................................... 111config imaps .................................................................................................. 111config pop3s .................................................................................................. 112config smtps .................................................................................................. 112config ssl........................................................................................................ 113config ssl-server............................................................................................. 113

dnstranslation ...................................................................................................... 115

DoS-policy, DoS-policy6 ..................................................................................... 116

gtp........................................................................................................................ 118

identity-based-route ............................................................................................ 134

interface-policy .................................................................................................... 135

interface-policy6 .................................................................................................. 137

ipmacbinding setting ........................................................................................... 139

ipmacbinding table .............................................................................................. 140

ippool, ippool6 ..................................................................................................... 141

ip-translation........................................................................................................ 143

ipv6-eh-filter......................................................................................................... 144

ldb-monitor .......................................................................................................... 145

local-in-policy, local-in-policy6............................................................................ 147

mms-profile.......................................................................................................... 148config dupe {mm1 | mm4}.............................................................................. 155config flood {mm1 | mm4}.............................................................................. 157config log ....................................................................................................... 158config notification {alert-dupe-1 | alert-flood-1 | mm1 | mm3 | mm4 | mm7}. 158config notif-msisdn ........................................................................................ 162

multicast-address ................................................................................................ 163

multicast-policy ................................................................................................... 165

policy, policy6 ...................................................................................................... 167config identity-based-policy .......................................................................... 184

Fortinet Technologies Inc. Page 4 FortiOS™ - CLI Reference for FortiOS 5.0

http://www.fortinet.com/

policy46, policy64 ................................................................................................ 186

profile-group ........................................................................................................ 188

profile-protocol-options....................................................................................... 190config http...................................................................................................... 192config ftp........................................................................................................ 193config dns ...................................................................................................... 194config imap .................................................................................................... 194config mapi .................................................................................................... 195config pop3.................................................................................................... 195config smtp .................................................................................................... 196config nntp ..................................................................................................... 197config im ........................................................................................................ 198config mail-signature ..................................................................................... 198

schedule onetime................................................................................................. 199

schedule recurring ............................................................................................... 200

schedule group .................................................................................................... 201

service category................................................................................................... 202

service custom..................................................................................................... 203

service group ....................................................................................................... 207

shaper per-ip-shaper ........................................................................................... 208

shaper traffic-shaper ........................................................................................... 210

sniffer ................................................................................................................... 211

sniff-interface-policy ............................................................................................ 214

sniff-interface-policy6 .......................................................................................... 217

ssl setting............................................................................................................. 220

ttl-policy ............................................................................................................... 221

vip ........................................................................................................................ 222

vip46 .................................................................................................................... 242

vip6 ...................................................................................................................... 244

vip64 .................................................................................................................... 246

vipgrp................................................................................................................... 248

vipgrp46............................................................................................................... 249

vipgrp64............................................................................................................... 250

ftp-proxy........................................................................................................ 251explicit.................................................................................................................. 252

gui .................................................................................................................. 253console ................................................................................................................ 254

icap ................................................................................................................ 255profile ................................................................................................................... 256

server ................................................................................................................... 257



imp2p............................................................................................................. 258aim-user............................................................................................................... 259

icq-user................................................................................................................ 260

msn-user.............................................................................................................. 261

old-version ........................................................................................................... 262

policy ................................................................................................................... 263

yahoo-user........................................................................................................... 264

ips .................................................................................................................. 265custom ................................................................................................................. 266

decoder................................................................................................................ 267

global ................................................................................................................... 268

rule ....................................................................................................................... 270

sensor .................................................................................................................. 271

setting .................................................................................................................. 276

log .................................................................................................................. 277custom-field......................................................................................................... 278

{disk | fortianalyzer | fortianalyzer2 | fortianalyzer3 | memory | syslogd | syslogd2 | syslogd3 | webtrends | fortiguard} filter ............................................................. 279

disk setting........................................................................................................... 283

eventfilter ............................................................................................................. 287

{fortianalyzer | syslogd} override-filter ................................................................. 288

fortianalyzer override-setting ............................................................................... 289

{fortianalyzer | fortianalyzer2 | fortianalyzer3} setting .......................................... 290

fortiguard setting.................................................................................................. 293

gui-display ........................................................................................................... 294

memory setting .................................................................................................... 295

memory global-setting......................................................................................... 296

setting .................................................................................................................. 297

syslogd override-setting ...................................................................................... 299

{syslogd | syslogd2 | syslogd3} setting................................................................ 301

webtrends setting ................................................................................................ 303

netscan.......................................................................................................... 304assets................................................................................................................... 305

settings ................................................................................................................ 307

pbx ................................................................................................................. 309dialplan ................................................................................................................ 310

did ........................................................................................................................ 312

extension ............................................................................................................. 313

global ................................................................................................................... 315

ringgrp.................................................................................................................. 317



voice-menu .......................................................................................................... 318

sip-trunk............................................................................................................... 319

report ............................................................................................................. 321chart..................................................................................................................... 322

dataset ................................................................................................................. 327

layout ................................................................................................................... 328

style...................................................................................................................... 333

summary .............................................................................................................. 337

theme................................................................................................................... 338

router ............................................................................................................. 341access-list, access-list6 ...................................................................................... 342

aspath-list ............................................................................................................ 344

auth-path ............................................................................................................. 345

bfd........................................................................................................................ 346

bgp....................................................................................................................... 347config router bgp ........................................................................................... 351config admin-distance ................................................................................... 354config aggregate-address, config aggregate-address6 ................................ 355config neighbor .............................................................................................. 356config network, config network6 ................................................................... 365config redistribute, config redistribute6......................................................... 366

community-list ..................................................................................................... 367

gwdetect .............................................................................................................. 369

isis........................................................................................................................ 370config isis-interface........................................................................................ 374config isis-net................................................................................................. 375config redistribute {bgp | connected | ospf | rip | static} ................................ 375config summary-address ............................................................................... 376

key-chain ............................................................................................................. 377

multicast .............................................................................................................. 379Sparse mode.................................................................................................. 379Dense mode................................................................................................... 380config router multicast ................................................................................... 382config interface .............................................................................................. 383config pim-sm-global..................................................................................... 386

multicast6 ............................................................................................................ 391

multicast-flow ...................................................................................................... 392

ospf ...................................................................................................................... 393config router ospf........................................................................................... 396config area ..................................................................................................... 398config distribute-list ....................................................................................... 403config neighbor .............................................................................................. 404



config network ............................................................................................... 405config ospf-interface...................................................................................... 405config redistribute .......................................................................................... 409config summary-address ............................................................................... 410

ospf6 .................................................................................................................... 411

policy, policy6 ...................................................................................................... 417

prefix-list, prefix-list6 ........................................................................................... 421

rip......................................................................................................................... 423config router rip.............................................................................................. 424config distance............................................................................................... 426config distribute-list ....................................................................................... 426config interface .............................................................................................. 427config neighbor .............................................................................................. 429config network ............................................................................................... 430config offset-list ............................................................................................. 430config redistribute .......................................................................................... 431

ripng..................................................................................................................... 432config distance............................................................................................... 434

route-map ............................................................................................................ 438Using route maps with BGP .......................................................................... 440

setting .................................................................................................................. 445

static .................................................................................................................... 446

static6 .................................................................................................................. 448

spamfilter ...................................................................................................... 449bwl ....................................................................................................................... 450

bword................................................................................................................... 453

dnsbl .................................................................................................................... 455

fortishield ............................................................................................................. 457

iptrust................................................................................................................... 459

mheader............................................................................................................... 460

options ................................................................................................................. 462

profile ................................................................................................................... 463config {imap | imaps | mapi | pop3 | pop3s | smtp | smtps}........................... 465config {gmail | msn-hotmail | yahoo-mail}...................................................... 466

switch-controller .......................................................................................... 467managed-switch .................................................................................................. 468

vlan ...................................................................................................................... 469

system ........................................................................................................... 4703g-modem custom .............................................................................................. 472

accprofile ............................................................................................................. 473

admin ................................................................................................................... 476

amc ...................................................................................................................... 485



arp-table .............................................................................................................. 486

auto-install ........................................................................................................... 487

autoupdate push-update ..................................................................................... 488

autoupdate schedule ........................................................................................... 489

autoupdate tunneling........................................................................................... 490

aux ....................................................................................................................... 491

bug-report............................................................................................................ 492

bypass ................................................................................................................. 493

central-management............................................................................................ 494

console ................................................................................................................ 496

ddns..................................................................................................................... 497

dedicated-mgmt .................................................................................................. 499

dhcp reserved-address........................................................................................ 500

dhcp server .......................................................................................................... 501

dhcp6 server ........................................................................................................ 506

dns ....................................................................................................................... 508

dns-database....................................................................................................... 509

dns-server............................................................................................................ 512

elbc ...................................................................................................................... 513

email-server ......................................................................................................... 514

fips-cc .................................................................................................................. 515

fortiguard ............................................................................................................. 516

fortisandbox......................................................................................................... 520

geoip-override...................................................................................................... 521

gi-gk..................................................................................................................... 522

global ................................................................................................................... 523

gre-tunnel............................................................................................................. 542

ha ......................................................................................................................... 543

interface ............................................................................................................... 555

ipip-tunnel ............................................................................................................ 583

ips-urlfilter-dns..................................................................................................... 584

ipv6-neighbor-cache............................................................................................ 585

ipv6-tunnel ........................................................................................................... 586

mac-address-table .............................................................................................. 587

modem................................................................................................................. 588

monitors............................................................................................................... 592

nat64 .................................................................................................................... 594

network-visibility .................................................................................................. 595

np6....................................................................................................................... 596

npu....................................................................................................................... 600



ntp........................................................................................................................ 601

object-tag ............................................................................................................ 602

password-policy .................................................................................................. 603

physical-switch .................................................................................................... 604

port-pair ............................................................................................................... 605

probe-response ................................................................................................... 606

proxy-arp ............................................................................................................. 607

pstn ...................................................................................................................... 608

replacemsg admin ............................................................................................... 610

replacemsg alertmail............................................................................................ 611

replacemsg auth .................................................................................................. 613

replacemsg device-detection-portal.................................................................... 617

replacemsg ec ..................................................................................................... 618

replacemsg fortiguard-wf .................................................................................... 620

replacemsg ftp..................................................................................................... 622

replacemsg http................................................................................................... 624

replacemsg im ..................................................................................................... 627

replacemsg mail................................................................................................... 629

replacemsg mm1 ................................................................................................. 632

replacemsg mm3 ................................................................................................. 635

replacemsg mm4 ................................................................................................. 637

replacemsg mm7 ................................................................................................. 639

replacemsg-group ............................................................................................... 642

replacemsg-group ............................................................................................... 644

replacemsg-image ............................................................................................... 647

replacemsg nac-quar........................................................................................... 648

replacemsg nntp .................................................................................................. 650

replacemsg spam ................................................................................................ 652

replacemsg sslvpn............................................................................................... 655

replacemsg traffic-quota ..................................................................................... 656

replacemsg utm ................................................................................................... 657

replacemsg webproxy ......................................................................................... 659

resource-limits ..................................................................................................... 660

server-probe ........................................................................................................ 662

session-helper ..................................................................................................... 663

session-sync........................................................................................................ 665

session-ttl ............................................................................................................ 668

settings ................................................................................................................ 670

sit-tunnel .............................................................................................................. 677

sflow..................................................................................................................... 678



sms-server ........................................................................................................... 679

snmp community ................................................................................................. 680

snmp sysinfo........................................................................................................ 684

snmp user ............................................................................................................ 686

sp ......................................................................................................................... 689

storage................................................................................................................. 691

stp ........................................................................................................................ 692

switch-interface ................................................................................................... 693

tos-based-priority ................................................................................................ 695

vdom-dns............................................................................................................. 696

vdom-link ............................................................................................................. 697

vdom-property ..................................................................................................... 698

vdom-radius-server ............................................................................................. 701

vdom-sflow .......................................................................................................... 702

virtual-switch........................................................................................................ 703

wccp .................................................................................................................... 704

zone ..................................................................................................................... 707

user ................................................................................................................ 708Configuring users for authentication.................................................................... 709

Configuring users for password authentication............................................. 709Configuring peers for certificate authentication............................................. 709

ban....................................................................................................................... 710

device .................................................................................................................. 713

device-access-list................................................................................................ 714

device-category ................................................................................................... 715

device-group........................................................................................................ 716

fortitoken.............................................................................................................. 717

fsso ...................................................................................................................... 718

fsso-polling .......................................................................................................... 720

group.................................................................................................................... 722

ldap ...................................................................................................................... 726

local ..................................................................................................................... 729

password-policy .................................................................................................. 731

peer...................................................................................................................... 732

peergrp ................................................................................................................ 734

radius ................................................................................................................... 735

setting .................................................................................................................. 740

tacacs+ ................................................................................................................ 742

voip ................................................................................................................ 743profile ................................................................................................................... 744



config sip ....................................................................................................... 746config sccp .................................................................................................... 755

vpn ................................................................................................................. 756certificate ca ........................................................................................................ 757

certificate crl ........................................................................................................ 758

certificate local..................................................................................................... 760

certificate ocsp-server ......................................................................................... 762

certificate remote................................................................................................. 763

certificate setting ................................................................................................. 764

ipsec concentrator ............................................................................................... 765

ipsec forticlient..................................................................................................... 766

ipsec manualkey .................................................................................................. 767

ipsec manualkey-interface................................................................................... 770

ipsec phase1........................................................................................................ 773

ipsec phase1-interface ........................................................................................ 782

ipsec phase2........................................................................................................ 796

ipsec phase2-interface ........................................................................................ 803

l2tp ....................................................................................................................... 812

pptp ..................................................................................................................... 814

ssl settings ........................................................................................................... 816

ssl web host-check-software............................................................................... 820

ssl web portal....................................................................................................... 822

ssl web realm....................................................................................................... 831

ssl web user......................................................................................................... 832

ssl web virtual-desktop-app-list .......................................................................... 834

wanopt........................................................................................................... 835auth-group ........................................................................................................... 836

peer...................................................................................................................... 837

profile ................................................................................................................... 838

settings ................................................................................................................ 842

ssl-server ............................................................................................................. 843

storage................................................................................................................. 846

webcache ............................................................................................................ 847

webfilter......................................................................................................... 850content................................................................................................................. 851

content-header .................................................................................................... 853

fortiguard ............................................................................................................. 854

ftgd-local-cat ....................................................................................................... 856

ftgd-local-rating ................................................................................................... 857

ftgd-warning ........................................................................................................ 858



ips-urlfilter-cache-setting..................................................................................... 860

ips-urlfilter-setting................................................................................................ 861

override ................................................................................................................ 862

override-user........................................................................................................ 863

profile ................................................................................................................... 865config ftgd-wf................................................................................................. 869config override ............................................................................................... 871config quota ................................................................................................... 871config web ..................................................................................................... 872

search-engine ...................................................................................................... 873

urlfilter .................................................................................................................. 874

web-proxy ..................................................................................................... 876explicit.................................................................................................................. 877

forward-server ..................................................................................................... 881

forward-server-group........................................................................................... 882

global ................................................................................................................... 883

url-match.............................................................................................................. 885

wireless-controller ....................................................................................... 886ap-status.............................................................................................................. 887

global ................................................................................................................... 888

setting .................................................................................................................. 889

timers ................................................................................................................... 890

vap ....................................................................................................................... 891

wids-profile .......................................................................................................... 895

wtp ....................................................................................................................... 897

wtp-profile............................................................................................................ 901

execute .......................................................................................................... 906backup ................................................................................................................. 907

batch.................................................................................................................... 910

bypass-mode....................................................................................................... 911

carrier-license ...................................................................................................... 912

central-mgmt ....................................................................................................... 913

cfg reload............................................................................................................. 914

cfg save ............................................................................................................... 915

clear system arp table ......................................................................................... 916

cli check-template-status .................................................................................... 917

cli status-msg-only .............................................................................................. 918

client-reputation................................................................................................... 919

date...................................................................................................................... 920

disk ...................................................................................................................... 921



disk raid ............................................................................................................... 922

dhcp lease-clear .................................................................................................. 923

dhcp lease-list ..................................................................................................... 924

disconnect-admin-session .................................................................................. 925

enter..................................................................................................................... 926

erase-disk ............................................................................................................ 927

factoryreset .......................................................................................................... 928

factoryreset2........................................................................................................ 929

formatlogdisk ....................................................................................................... 930

forticarrier-license ................................................................................................ 931

forticlient .............................................................................................................. 932

fortiguard-log ....................................................................................................... 933

fortisandbox test-connectivity ............................................................................. 934

fortitoken.............................................................................................................. 935

fortitoken-mobile.................................................................................................. 936

fsso refresh .......................................................................................................... 937

ha disconnect ...................................................................................................... 938

ha ignore-hardware-revision................................................................................ 939

ha manage ........................................................................................................... 940

ha synchronize..................................................................................................... 941

interface dhcpclient-renew .................................................................................. 942

interface pppoe-reconnect .................................................................................. 943

log client-reputation-report.................................................................................. 944

log convert-oldlogs.............................................................................................. 945

log delete-all ........................................................................................................ 946

log delete-oldlogs ................................................................................................ 947

log display............................................................................................................ 948

log filter ................................................................................................................ 949

log fortianalyzer test-connectivity........................................................................ 950

log list................................................................................................................... 951

log rebuild-sqldb.................................................................................................. 952

log recreate-sqldb ............................................................................................... 953

log-report reset .................................................................................................... 954

log roll .................................................................................................................. 955

log upload-progress ............................................................................................ 956

modem dial .......................................................................................................... 957

modem hangup.................................................................................................... 958

modem trigger ..................................................................................................... 959

mrouter clear........................................................................................................ 960

netscan ................................................................................................................ 961



pbx....................................................................................................................... 962

ping ...................................................................................................................... 964

ping-options, ping6-options ................................................................................ 965

ping6 .................................................................................................................... 967

policy-packet-capture delete-all.......................................................................... 968

reboot .................................................................................................................. 969

report ................................................................................................................... 970

report-config reset ............................................................................................... 971

restore.................................................................................................................. 972

revision................................................................................................................. 976

router clear bfd session ....................................................................................... 977

router clear bgp ................................................................................................... 978

router clear ospf process..................................................................................... 979

router restart ........................................................................................................ 980

send-fds-statistics ............................................................................................... 981

set system session filter ...................................................................................... 982

set-next-reboot.................................................................................................... 984

sfp-mode-sgmii ................................................................................................... 985

shutdown ............................................................................................................. 986

ssh ....................................................................................................................... 987

sync-session........................................................................................................ 988

tac report ............................................................................................................. 989

telnet .................................................................................................................... 990

time ...................................................................................................................... 991

traceroute............................................................................................................. 992

tracert6................................................................................................................. 993

update-ase........................................................................................................... 994

update-av............................................................................................................. 995

update-geo-ip ...................................................................................................... 996

update-ips............................................................................................................ 997

update-now.......................................................................................................... 998

update-src-vis...................................................................................................... 999

upd-vd-license................................................................................................... 1000

upload................................................................................................................ 1001

usb-device ......................................................................................................... 1002

usb-disk ............................................................................................................. 1003

vpn certificate ca ............................................................................................... 1004

vpn certificate crl ............................................................................................... 1005

vpn certificate local............................................................................................ 1006

vpn certificate remote ........................................................................................ 1009



vpn ipsec tunnel down....................................................................................... 1010

vpn ipsec tunnel up ........................................................................................... 1011

vpn sslvpn del-all ............................................................................................... 1012

vpn sslvpn del-tunnel......................................................................................... 1013

vpn sslvpn del-web............................................................................................ 1014

vpn sslvpn list .................................................................................................... 1015

webfilter quota-reset.......................................................................................... 1016

wireless-controller delete-wtp-image ................................................................ 1017

wireless-controller list-wtp-image ..................................................................... 1018

wireless-controller reset-wtp ............................................................................. 1019

wireless-controller restart-acd........................................................................... 1020

wireless-controller restart-wtpd......................................................................... 1021

wireless-controller upload-wtp-image............................................................... 1022

get ................................................................................................................ 1023endpoint-control app-detect ............................................................................. 1024

firewall dnstranslation ........................................................................................ 1026

firewall iprope appctrl ........................................................................................ 1027

firewall iprope list ............................................................................................... 1028

firewall proute, proute6...................................................................................... 1029

firewall service custom ...................................................................................... 1030

firewall shaper.................................................................................................... 1031

grep.................................................................................................................... 1032

gui console status.............................................................................................. 1033

gui topology status ............................................................................................ 1034

hardware cpu..................................................................................................... 1035

hardware memory.............................................................................................. 1037

hardware nic ...................................................................................................... 1038

hardware npu..................................................................................................... 1039

hardware status ................................................................................................. 1042

ips decoder status ............................................................................................. 1043

ips rule status..................................................................................................... 1044

ips session ......................................................................................................... 1045

ipsec tunnel........................................................................................................ 1046

ips view-map ..................................................................................................... 1047

mgmt-data status .............................................................................................. 1048

netscan settings................................................................................................. 1049

pbx branch-office .............................................................................................. 1050

pbx dialplan ....................................................................................................... 1051

pbx did............................................................................................................... 1052

pbx extension .................................................................................................... 1053



pbx ftgd-voice-pkg ............................................................................................ 1054

pbx global .......................................................................................................... 1055

pbx ringgrp ........................................................................................................ 1056

pbx sip-trunk...................................................................................................... 1057

pbx voice-menu ................................................................................................. 1058

report database schema.................................................................................... 1059

router info bfd neighbor ..................................................................................... 1060

router info bgp ................................................................................................... 1061

router info gwdetect........................................................................................... 1064

router info isis .................................................................................................... 1065

router info kernel................................................................................................ 1066

router info multicast ........................................................................................... 1067

router info ospf .................................................................................................. 1069

router info protocols .......................................................................................... 1071

router info rip ..................................................................................................... 1072

router info routing-table .................................................................................... 1073

router info vrrp ................................................................................................... 1074

router info6 bgp ................................................................................................. 1075

router info6 interface.......................................................................................... 1076

router info6 kernel.............................................................................................. 1077

router info6 ospf ................................................................................................ 1078

router info6 protocols ........................................................................................ 1079

router info6 rip ................................................................................................... 1080

router info6 routing-table ................................................................................... 1081

system admin list ............................................................................................... 1082

system admin status.......................................................................................... 1083

system arp ......................................................................................................... 1084

system auto-update........................................................................................... 1085

system central-management ............................................................................. 1086

system checksum.............................................................................................. 1087

system cmdb status .......................................................................................... 1088

system fortianalyzer-connectivity ...................................................................... 1089

system fortiguard-log-service status ................................................................. 1090

system fortiguard-service status ....................................................................... 1091

system ha-nonsync-csum ................................................................................. 1092

system ha status................................................................................................ 1093

system info admin ssh ....................................................................................... 1096

system info admin status................................................................................... 1097

system interface physical .................................................................................. 1098

system mgmt-csum........................................................................................... 1099



system performance firewall.............................................................................. 1100

system performance status ............................................................................... 1101

system performance top.................................................................................... 1102

system session list............................................................................................. 1103

system session status ....................................................................................... 1104

system session-helper-info list .......................................................................... 1105

system session-info ........................................................................................... 1106

system source-ip ............................................................................................... 1107

system startup-error-log.................................................................................... 1108

system status..................................................................................................... 1109

test ..................................................................................................................... 1110

user adgrp.......................................................................................................... 1112

vpn ike gateway ................................................................................................. 1113

vpn ipsec tunnel details ..................................................................................... 1114

vpn ipsec tunnel name....................................................................................... 1115

vpn ipsec stats crypto ....................................................................................... 1116

vpn ipsec stats tunnel........................................................................................ 1117

vpn ssl monitor .................................................................................................. 1118

vpn status l2tp ................................................................................................... 1119

vpn status pptp.................................................................................................. 1120

vpn status ssl ..................................................................................................... 1121

webfilter ftgd-statistics ...................................................................................... 1122

webfilter status .................................................................................................. 1124

wireless-controller rf-analysis ............................................................................ 1125

wireless-controller scan..................................................................................... 1126

wireless-controller status................................................................................... 1127

wireless-controller vap-status ........................................................................... 1128

wireless-controller wlchanlistlic ......................................................................... 1129

wireless-controller wtp-status ........................................................................... 1132

tree............................................................................................................... 1134



Introduction

This document describes FortiOS™ 5.0 CLI commands used to configure and manage a FortiGate unit from the command line interface (CLI).

How this guide is organized

Most of the chapters in this document describe the commands for each configuration branch of the FortiOS™ CLI. The command branches and commands are in alphabetical order.

This document also contains the following sections:

Managing Firmware with the FortiGate BIOS describes how to change firmware at the console during FortiGate unit boot-up.

What’s new describes changes to the 5.0 CLI.

config chapters describe the config commands.

execute describes execute commands.

get describes get commands.

tree describes the tree command.

Availability of commands and options

Some FortiOS™ CLI commands and options are not available on all FortiGate units. The CLI displays an error message if you attempt to enter a command or option that is not available. You can use the question mark ‘?’ to verify the commands and options that are available.

Commands and options may not be available for the following reasons:

• FortiGate model. All commands are not available on all FortiGate models. For example, low end FortiGate models do not support the aggregate interface type option of the config system interface command.

• Hardware configuration. For example, some AMC module commands are only available when an AMC module is installed.

• FortiOS Carrier, FortiGate Voice, FortiWiFi etc. Commands for extended functionality are not available on all FortiGate models. The CLI Reference includes commands only available for FortiWiFi units, FortiOS Carrier, and FortiGate Voice units

Page 19

Managing Firmware with the FortiGate BIOS

FortiGate units are shipped with firmware installed. Usually firmware upgrades are performed through the web-based manager or by using the CLI execute restore command. From the console, you can also interrupt the FortiGate unit’s boot-up process to load firmware using the BIOS firmware that is a permanent part of the unit.

Using the BIOS, you can:

• view system information

• format the boot device

• load firmware and reboot (see “Loading firmware” on page 21)

• reboot the FortiGate unit from the backup firmware, which then becomes the default firmware (see “Booting the backup firmware” on page 22)

Accessing the BIOS

The BIOS menu is available only through direct connection to the FortiGate unit’s Console port. During boot-up, “Press any key” appears briefly. If you press any keyboard key at this time, boot-up is suspended and the BIOS menu appears. If you are too late, the boot-up process continues as usual.

Navigating the menu

The main BIOS menu looks like this:

[C]: Configure TFTP parameters

[R]: Review TFTP paramters

[T]: Initiate TFTP firmware transfer

[F]: Format boot device

[Q]: Quit menu and continue to boot

[I]: System Information

[B]: Boot with backup firmare and set as default

[Q]: Quit menu and continue to boot

[H]: Display this list of options

Enter C,R,T,F,I,B,Q,or H:

Typing the bracketed letter selects the option. Input is case-sensitive. Most options present a submenu. An option value in square brackets at the end of the “Enter” line is the default value which you can enter simply by pressing Return. For example,

Enter image download port number [WAN1]:

In most menus, typing H re-lists the menu options and typing Q returns to the previous menu.

Page 20

Loading firmware

The BIOS can download firmware from a TFTP server that is reachable from a FortiGate unit network interface. You need to know the IP address of the server and the name of the firmware file to download.

The downloaded firmware can be saved as either the default or backup firmware. It is also possible to boot the downloaded firmware without saving it.

Configuring TFTP parameters

Starting from the main BIOS menu

[C]: Configure TFTP parameters.

Selecting the VLAN (if VLANs are used)

[V]: Set local VLAN ID.

Choose port and whether to use DHCP

[P]: Set firmware download port.

The options listed depend on the FortiGate model. Choose the network interface through which the TFTP server can be reached. For example:

[0]: Any of port 1 - 7

[1]: WAN1

[2]: WAN2

Enter image download port number [WAN1]:

[D]: Set DHCP mode.

Please select DHCP setting

[1]: Enable DHCP

[2]: Disable DHCP

If there is a DHCP server on the network, select [1]. This simplifies configuration. Otherwise, select [2].

Non-DHCP steps

[I]: Set local IP address.

Enter local IP address [192.168.1.188]:

This is a temporary IP address for the FortiGate unit network interface. Use a unique address on the same subnet to which the network interface connects. [S]: Set local subnet mask.

Enter local subnet mask [255.255.252.0]:

[G]: Set local gateway.

The local gateway IP address is needed if the TFTP server is on a different subnet than the one to which the FortiGate unit is connected.

TFTP and filename

[T]: Set remote TFTP server IP address.

Enter remote TFTP server IP address [192.168.1.145]:

[F]: Set firmware file name.

Enter firmware file name [image.out]:

Enter [Q] to return to the main menu.



Initiating TFTP firmware transfer

Starting from the main BIOS menu

[T]: Initiate TFTP firmware transfer.

Please connect TFTP server to Ethernet port 'WAN1'.

MAC: 00

Documents

FortiGate CLI Reference - BENEICKE EDV … · Fortinet Technologies Inc. Page 5 FortiOS™ - CLI Reference for FortiOS 5.0 policy46, policy64..... 186