Download pdf - CLI Reference for FortiOS 5 - BENEICKE EDV · 2017-02-08 · Fortinet Technologies Inc. Page 3 FortiOS™ - CLI Reference for FortiOS 5.2 Contents Introduction..... 19 How this guide

FortiOS™ CLI Reference for FortiOS 5.2

FortiOS™ CLI Reference for FortiOS 5.2

July 12, 2016

01-526-99686-20160712

Copyright© 2016 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

Technical Documentation docs.fortinet.com

Knowledge Base kb.fortinet.com

Customer Service & Support support.fortinet.com

Training Services training.fortinet.com

FortiGuard fortiguard.com

Document Feedback [email protected]

http://docs.fortinet.comhttp://kb.fortinet.comhttps://support.fortinet.comhttp://training.fortinet.comhttp://www.fortiguard.com/mailto:[email protected]?Subject=Technical%20Documentation%20Feedback

ContentsIntroduction..................................................................................................... 19

How this guide is organized............................................................................. 19Availability of commands and options............................................................. 19

Managing Firmware with the FortiGate BIOS.............................................. 20Accessing the BIOS............................................................................................... 20

Navigating the menu........................................................................................ 20

Loading firmware ................................................................................................... 21Configuring TFTP parameters.......................................................................... 21Initiating TFTP firmware transfer...................................................................... 22

Booting the backup firmware ................................................................................ 22

What’s new...................................................................................................... 23

alertemail......................................................................................................... 37setting .................................................................................................................... 38

antivirus........................................................................................................... 42heuristic ................................................................................................................. 43

mms-checksum ..................................................................................................... 44

notification ............................................................................................................. 45

profile ..................................................................................................................... 46config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp |

smtps | nntp}.................................................................................................. 47config nac-quar................................................................................................ 48

quarantine .............................................................................................................. 49

settings .................................................................................................................. 52

application....................................................................................................... 53custom ................................................................................................................... 54

list .......................................................................................................................... 55

name ...................................................................................................................... 59

dlp .................................................................................................................... 60filepattern ............................................................................................................... 61

fp-doc-source ........................................................................................................ 63

fp-sensitivity........................................................................................................... 65

sensor .................................................................................................................... 66

settings .................................................................................................................. 69

endpoint-control............................................................................................. 70forticlient-registration-sync.................................................................................... 71

profile ..................................................................................................................... 72

settings .................................................................................................................. 77

Fortinet Technologies Inc. Page 3 FortiOS™ - CLI Reference for FortiOS 5.2

http://www.fortinet.com/

extender-controller ........................................................................................ 78extender................................................................................................................. 79

firewall ............................................................................................................. 81address, address6 ................................................................................................. 82

addrgrp, addrgrp6 ................................................................................................. 85

auth-portal ............................................................................................................. 86

carrier-endpoint-bwl .............................................................................................. 87

carrier-endpoint-ip-filter......................................................................................... 89

central-nat.............................................................................................................. 90

dnstranslation ........................................................................................................ 91

DoS-policy, DoS-policy6 ....................................................................................... 92

explicit-proxy-policy .............................................................................................. 94

gtp........................................................................................................................ 101

identity-based-route ............................................................................................ 117

interface-policy .................................................................................................... 118

interface-policy6 .................................................................................................. 120

ipmacbinding setting ........................................................................................... 122

ipmacbinding table .............................................................................................. 123

ippool, ippool6 ..................................................................................................... 124

ip-translation........................................................................................................ 126

ipv6-eh-filter......................................................................................................... 127

ldb-monitor .......................................................................................................... 128

local-in-policy, local-in-policy6............................................................................ 130

mms-profile.......................................................................................................... 131config dupe {mm1 | mm4}.............................................................................. 138config flood {mm1 | mm4}.............................................................................. 140config log ....................................................................................................... 141config notification {alert-dupe-1 | alert-flood-1 | mm1 | mm3 | mm4 | mm7}. 141config notif-msisdn ........................................................................................ 145

multicast-address ................................................................................................ 146

multicast-policy ................................................................................................... 148

policy, policy6 ...................................................................................................... 150

policy46, policy64 ................................................................................................ 163

profile-group ........................................................................................................ 166

profile-protocol-options....................................................................................... 168config http...................................................................................................... 170config ftp........................................................................................................ 172config dns ...................................................................................................... 173config imap .................................................................................................... 174config mapi .................................................................................................... 175config pop3.................................................................................................... 175config smtp .................................................................................................... 176



config nntp ..................................................................................................... 178config mail-signature ..................................................................................... 179

schedule onetime................................................................................................. 180

schedule recurring ............................................................................................... 181

schedule group .................................................................................................... 182

service category................................................................................................... 183

service custom..................................................................................................... 184

service group ....................................................................................................... 188

shaper per-ip-shaper ........................................................................................... 189

shaper traffic-shaper ........................................................................................... 191

sniffer ................................................................................................................... 192

ssl setting............................................................................................................. 196

ssl-ssh-profile ...................................................................................................... 197config {ftps | https | imaps | pop3s | smtps} .................................................. 198config ssh....................................................................................................... 199config ssl........................................................................................................ 200config ssl-exempt .......................................................................................... 200config ssl-server............................................................................................. 201

ttl-policy ............................................................................................................... 202

vip ........................................................................................................................ 203

vip46 .................................................................................................................... 223

vip6 ...................................................................................................................... 225

vip64 .................................................................................................................... 227

vipgrp................................................................................................................... 229

vipgrp46............................................................................................................... 230

vipgrp64............................................................................................................... 231

ftp-proxy........................................................................................................ 232explicit.................................................................................................................. 233

gui .................................................................................................................. 234console ................................................................................................................ 235

icap ................................................................................................................ 236profile ................................................................................................................... 237

server ................................................................................................................... 238

ips .................................................................................................................. 239custom ................................................................................................................. 240

decoder................................................................................................................ 242

global ................................................................................................................... 243

rule ....................................................................................................................... 245

sensor .................................................................................................................. 246

setting .................................................................................................................. 251



log .................................................................................................................. 252custom-field......................................................................................................... 253

disk filter .............................................................................................................. 254

disk setting........................................................................................................... 256

eventfilter ............................................................................................................. 260

fortianalyzer filter ................................................................................................. 261

{fortianalyzer | syslogd} override-filter ................................................................. 263

fortianalyzer override-setting ............................................................................... 264

fortianalyzer setting.............................................................................................. 265

fortiguard filter ..................................................................................................... 268

fortiguard setting.................................................................................................. 270

gui-display ........................................................................................................... 271

memory filter ........................................................................................................ 272

memory setting .................................................................................................... 274

memory global-setting......................................................................................... 275

setting .................................................................................................................. 276

syslogd filter......................................................................................................... 278

syslogd override-setting ...................................................................................... 280

{syslogd | syslogd2 | syslogd3} setting................................................................ 282

threat-weight........................................................................................................ 284

webtrends filter .................................................................................................... 286

webtrends setting ................................................................................................ 288

netscan.......................................................................................................... 289assets................................................................................................................... 290

settings ................................................................................................................ 292

pbx ................................................................................................................. 294dialplan ................................................................................................................ 295

did ........................................................................................................................ 297

extension ............................................................................................................. 298

global ................................................................................................................... 300

ringgrp.................................................................................................................. 302

voice-menu .......................................................................................................... 303

sip-trunk............................................................................................................... 304

report ............................................................................................................. 306chart..................................................................................................................... 307

dataset ................................................................................................................. 312

layout ................................................................................................................... 313

setting .................................................................................................................. 318

style...................................................................................................................... 319

summary .............................................................................................................. 323



theme................................................................................................................... 324

router ............................................................................................................. 327access-list, access-list6 ...................................................................................... 328

aspath-list ............................................................................................................ 330

auth-path ............................................................................................................. 331

bfd........................................................................................................................ 332

bgp....................................................................................................................... 333config router bgp ........................................................................................... 337config admin-distance ................................................................................... 341config aggregate-address, config aggregate-address6 ................................ 341config neighbor .............................................................................................. 342config network, config network6 ................................................................... 351config redistribute, config redistribute6......................................................... 352

community-list ..................................................................................................... 354

isis........................................................................................................................ 356config isis-interface........................................................................................ 360config isis-net................................................................................................. 361config redistribute {bgp | connected | ospf | rip | static} ................................ 361config summary-address ............................................................................... 362

key-chain ............................................................................................................. 363

multicast .............................................................................................................. 365Sparse mode.................................................................................................. 365Dense mode................................................................................................... 366config router multicast ................................................................................... 369config interface .............................................................................................. 370config pim-sm-global..................................................................................... 373

multicast6 ............................................................................................................ 378

multicast-flow ...................................................................................................... 379

ospf ...................................................................................................................... 380config router ospf........................................................................................... 383config area ..................................................................................................... 385config distribute-list ....................................................................................... 390config neighbor .............................................................................................. 391config network ............................................................................................... 392config ospf-interface...................................................................................... 393config redistribute .......................................................................................... 396config summary-address ............................................................................... 397

ospf6 .................................................................................................................... 398

policy, policy6 ...................................................................................................... 404

prefix-list, prefix-list6 ........................................................................................... 408

rip......................................................................................................................... 410config router rip.............................................................................................. 411config distance............................................................................................... 413



config distribute-list ....................................................................................... 413config interface .............................................................................................. 414config neighbor .............................................................................................. 416config network ............................................................................................... 417config offset-list ............................................................................................. 417config redistribute .......................................................................................... 418

ripng..................................................................................................................... 419config distance............................................................................................... 421

route-map ............................................................................................................ 425Using route maps with BGP .......................................................................... 427

setting .................................................................................................................. 432

static .................................................................................................................... 433

static6 .................................................................................................................. 435

spamfilter ...................................................................................................... 436bwl ....................................................................................................................... 437

bword................................................................................................................... 440

dnsbl .................................................................................................................... 442

fortishield ............................................................................................................. 444

iptrust................................................................................................................... 446

mheader............................................................................................................... 447

options ................................................................................................................. 449

profile ................................................................................................................... 450config {imap | imaps | mapi | pop3 | pop3s | smtp | smtps}........................... 452config {gmail | msn-hotmail | yahoo-mail}...................................................... 453

switch-controller .......................................................................................... 454managed-switch .................................................................................................. 455

vlan ...................................................................................................................... 456

system ........................................................................................................... 4573g-modem custom .............................................................................................. 459

accprofile ............................................................................................................. 460

admin ................................................................................................................... 463

amc ...................................................................................................................... 472

arp-table .............................................................................................................. 473

auto-install ........................................................................................................... 474

autoupdate push-update ..................................................................................... 475

autoupdate schedule ........................................................................................... 476

autoupdate tunneling........................................................................................... 477

aux ....................................................................................................................... 478

bypass ................................................................................................................. 479

central-management............................................................................................ 480

console ................................................................................................................ 482



custom-language................................................................................................. 483

ddns..................................................................................................................... 484

dedicated-mgmt .................................................................................................. 486

dhcp reserved-address........................................................................................ 487

dhcp server .......................................................................................................... 488

dhcp6 server ........................................................................................................ 493

dns ....................................................................................................................... 495

dns-database....................................................................................................... 496

dns-server............................................................................................................ 499

dscp-based-priority ............................................................................................. 500

elbc ...................................................................................................................... 501

email-server ......................................................................................................... 502

fips-cc .................................................................................................................. 503

fortiguard ............................................................................................................. 504

fortisandbox......................................................................................................... 508

geoip-override...................................................................................................... 509

gi-gk..................................................................................................................... 510

global ................................................................................................................... 511

gre-tunnel............................................................................................................. 532

ha ......................................................................................................................... 533

interface ............................................................................................................... 545

ipip-tunnel ............................................................................................................ 573

ips-urlfilter-dns..................................................................................................... 574

ipv6-neighbor-cache............................................................................................ 575

ipv6-tunnel ........................................................................................................... 576

link-monitor.......................................................................................................... 577

lte-modem ........................................................................................................... 579

mac-address-table .............................................................................................. 580

modem................................................................................................................. 581

monitors............................................................................................................... 586

nat64 .................................................................................................................... 588

netflow ................................................................................................................. 589

network-visibility .................................................................................................. 590

np6....................................................................................................................... 591

npu....................................................................................................................... 595

ntp........................................................................................................................ 596

object-tag ............................................................................................................ 597

password-policy .................................................................................................. 598

physical-switch .................................................................................................... 599

port-pair ............................................................................................................... 600



probe-response ................................................................................................... 601

proxy-arp ............................................................................................................. 602

pstn ...................................................................................................................... 603

replacemsg admin ............................................................................................... 605

replacemsg alertmail............................................................................................ 606

replacemsg auth .................................................................................................. 608

replacemsg device-detection-portal.................................................................... 612

replacemsg ec ..................................................................................................... 613

replacemsg fortiguard-wf .................................................................................... 615

replacemsg ftp..................................................................................................... 617

replacemsg http................................................................................................... 619

replacemsg im ..................................................................................................... 622

replacemsg mail................................................................................................... 624

replacemsg mm1 ................................................................................................. 627

replacemsg mm3 ................................................................................................. 630

replacemsg mm4 ................................................................................................. 632

replacemsg mm7 ................................................................................................. 634

replacemsg-group ............................................................................................... 637

replacemsg-group ............................................................................................... 639

replacemsg-image ............................................................................................... 642

replacemsg nac-quar........................................................................................... 643

replacemsg nntp .................................................................................................. 645

replacemsg spam ................................................................................................ 647

replacemsg sslvpn............................................................................................... 650

replacemsg traffic-quota ..................................................................................... 651

replacemsg utm ................................................................................................... 652

replacemsg webproxy ......................................................................................... 654

resource-limits ..................................................................................................... 655

session-helper ..................................................................................................... 657

session-sync........................................................................................................ 659

session-ttl ............................................................................................................ 662

settings ................................................................................................................ 664

sit-tunnel .............................................................................................................. 671

sflow..................................................................................................................... 672

sms-server ........................................................................................................... 673

snmp community ................................................................................................. 674

snmp sysinfo........................................................................................................ 678

snmp user ............................................................................................................ 680

sp ......................................................................................................................... 683

storage................................................................................................................. 685



stp ........................................................................................................................ 686

switch-interface ................................................................................................... 687

tos-based-priority ................................................................................................ 689

vdom-dns............................................................................................................. 690

vdom-link ............................................................................................................. 691

vdom-property ..................................................................................................... 692

vdom-radius-server ............................................................................................. 695

vdom-sflow .......................................................................................................... 696

virtual-switch........................................................................................................ 697

virtual-wan-link .................................................................................................... 698

wccp .................................................................................................................... 701

zone ..................................................................................................................... 704

user ................................................................................................................ 705Configuring users for authentication.................................................................... 706

Configuring users for password authentication............................................. 706Configuring peers for certificate authentication............................................. 706

ban....................................................................................................................... 707

device .................................................................................................................. 710

device-access-list................................................................................................ 711

device-category ................................................................................................... 712

device-group........................................................................................................ 713

fortitoken.............................................................................................................. 714

fsso ...................................................................................................................... 715

fsso-polling .......................................................................................................... 717

group.................................................................................................................... 719

ldap ...................................................................................................................... 723

local ..................................................................................................................... 726

password-policy .................................................................................................. 728

peer...................................................................................................................... 729

peergrp ................................................................................................................ 731

pop3..................................................................................................................... 732

radius ................................................................................................................... 733

security-exempt-list ............................................................................................. 738

setting .................................................................................................................. 739

tacacs+ ................................................................................................................ 741

voip ................................................................................................................ 742profile ................................................................................................................... 743

config sip ....................................................................................................... 745config sccp .................................................................................................... 754



vpn ................................................................................................................. 755certificate ca ........................................................................................................ 756

certificate crl ........................................................................................................ 757

certificate local..................................................................................................... 759

certificate ocsp-server ......................................................................................... 761

certificate remote................................................................................................. 762

certificate setting ................................................................................................. 763

ipsec concentrator ............................................................................................... 764

ipsec forticlient..................................................................................................... 765

ipsec manualkey .................................................................................................. 766

ipsec manualkey-interface................................................................................... 769

ipsec phase1........................................................................................................ 772

ipsec phase1-interface ........................................................................................ 782

ipsec phase2........................................................................................................ 797

ipsec phase2-interface ........................................................................................ 804

l2tp ....................................................................................................................... 813

pptp ..................................................................................................................... 815

ssl settings ........................................................................................................... 817

ssl web host-check-software............................................................................... 822

ssl web portal....................................................................................................... 824

ssl web realm....................................................................................................... 832

ssl web user-bookmark ....................................................................................... 833

ssl web virtual-desktop-app-list .......................................................................... 836

wanopt........................................................................................................... 837auth-group ........................................................................................................... 838

peer...................................................................................................................... 839

profile ................................................................................................................... 840

settings ................................................................................................................ 844

ssl-server ............................................................................................................. 845

storage................................................................................................................. 848

webcache ............................................................................................................ 849

webfilter......................................................................................................... 852content................................................................................................................. 853

content-header .................................................................................................... 855

fortiguard ............................................................................................................. 856

ftgd-local-cat ....................................................................................................... 858

ftgd-local-rating ................................................................................................... 859

ftgd-warning ........................................................................................................ 860

ips-urlfilter-cache-setting..................................................................................... 862

ips-urlfilter-setting................................................................................................ 863



override ................................................................................................................ 864

override-user........................................................................................................ 865

profile ................................................................................................................... 867config ftgd-wf................................................................................................. 871config override ............................................................................................... 872config quota ................................................................................................... 873config web ..................................................................................................... 873

search-engine ...................................................................................................... 874

urlfilter .................................................................................................................. 875

web-proxy ..................................................................................................... 877explicit.................................................................................................................. 878

forward-server ..................................................................................................... 882

forward-server-group........................................................................................... 883

global ................................................................................................................... 884

profile ................................................................................................................... 886

url-match.............................................................................................................. 887

wireless-controller ....................................................................................... 888ap-status.............................................................................................................. 889

global ................................................................................................................... 890

setting .................................................................................................................. 891

timers ................................................................................................................... 892

vap ....................................................................................................................... 893

wids-profile .......................................................................................................... 898

wtp ....................................................................................................................... 901

wtp-profile............................................................................................................ 905

execute .......................................................................................................... 912backup ................................................................................................................. 914

batch.................................................................................................................... 918

bypass-mode....................................................................................................... 919

carrier-license ...................................................................................................... 920

central-mgmt ....................................................................................................... 921

cfg reload............................................................................................................. 922

cfg save ............................................................................................................... 923

clear system arp table ......................................................................................... 924

cli check-template-status .................................................................................... 925

cli status-msg-only .............................................................................................. 926

client-reputation................................................................................................... 927

date...................................................................................................................... 928

disk ...................................................................................................................... 929

disk raid ............................................................................................................... 930



disk scan.............................................................................................................. 931

dhcp lease-clear .................................................................................................. 932

dhcp lease-list ..................................................................................................... 933

disconnect-admin-session .................................................................................. 934

enter..................................................................................................................... 935

erase-disk ............................................................................................................ 936

factoryreset .......................................................................................................... 937

factoryreset2........................................................................................................ 938

formatlogdisk ....................................................................................................... 939

forticarrier-license ................................................................................................ 940

forticlient .............................................................................................................. 941

FortiClient-NAC.................................................................................................... 942

fortiguard-log ....................................................................................................... 943

fortitoken.............................................................................................................. 944

fortitoken-mobile.................................................................................................. 945

fsso refresh .......................................................................................................... 946

ha disconnect ...................................................................................................... 947

ha ignore-hardware-revision................................................................................ 948

ha manage ........................................................................................................... 949

ha synchronize..................................................................................................... 950

interface dhcpclient-renew .................................................................................. 951

interface pppoe-reconnect .................................................................................. 952

log backup ........................................................................................................... 953

log client-reputation-report.................................................................................. 954

log convert-oldlogs.............................................................................................. 955

log delete-all ........................................................................................................ 956

log delete-oldlogs ................................................................................................ 957

log detail .............................................................................................................. 958

log display............................................................................................................ 959

log downgrade-log............................................................................................... 960

log filter ................................................................................................................ 961

log fortianalyzer test-connectivity........................................................................ 962

log list................................................................................................................... 963

log rebuild-sqldb.................................................................................................. 964

log recreate-sqldb ............................................................................................... 965

log-report reset .................................................................................................... 966

log restore............................................................................................................ 967

log roll .................................................................................................................. 968

log shift-time........................................................................................................ 969

log upload-progress ............................................................................................ 970



modem dial .......................................................................................................... 971

modem hangup.................................................................................................... 972

modem trigger ..................................................................................................... 973

mrouter clear........................................................................................................ 974

netscan ................................................................................................................ 975

pbx....................................................................................................................... 976

ping ...................................................................................................................... 978

ping-options, ping6-options ................................................................................ 979

ping6 .................................................................................................................... 981

policy-packet-capture delete-all.......................................................................... 982

reboot .................................................................................................................. 983

report ................................................................................................................... 984

report-config reset ............................................................................................... 985

restore.................................................................................................................. 986

revision................................................................................................................. 990

router clear bfd session ....................................................................................... 991

router clear bgp ................................................................................................... 992

router clear ospf process..................................................................................... 993

router restart ........................................................................................................ 994

send-fds-statistics ............................................................................................... 995

sensor .................................................................................................................. 996

set system session filter ...................................................................................... 997

set-next-reboot.................................................................................................... 999

sfp-mode-sgmii ................................................................................................. 1000

shutdown ........................................................................................................... 1001

ssh ..................................................................................................................... 1002

sync-session...................................................................................................... 1003

system custom-language import ....................................................................... 1004

system fortisandbox test-connectivity............................................................... 1005

tac report ........................................................................................................... 1006

telnet .................................................................................................................. 1007

time .................................................................................................................... 1008

traceroute........................................................................................................... 1009

tracert6............................................................................................................... 1010

update-av........................................................................................................... 1011

update-geo-ip .................................................................................................... 1012

update-ips.......................................................................................................... 1013

update-list.......................................................................................................... 1014

update-now........................................................................................................ 1015

update-src-vis.................................................................................................... 1016



upd-vd-license................................................................................................... 1017

upload................................................................................................................ 1018

usb-device ......................................................................................................... 1019

usb-disk ............................................................................................................. 1020

vpn certificate ca ............................................................................................... 1021

vpn certificate crl ............................................................................................... 1022

vpn certificate local export ................................................................................ 1023

vpn certificate local generate............................................................................. 1024

vpn certificate local import ................................................................................ 1026

vpn certificate remote ........................................................................................ 1027

vpn ipsec tunnel down....................................................................................... 1028

vpn ipsec tunnel up ........................................................................................... 1029

vpn sslvpn del-all ............................................................................................... 1030

vpn sslvpn del-tunnel......................................................................................... 1031

vpn sslvpn del-web............................................................................................ 1032

vpn sslvpn list .................................................................................................... 1033

webfilter quota-reset.......................................................................................... 1034

wireless-controller delete-wtp-image ................................................................ 1035

wireless-controller list-wtp-image ..................................................................... 1036

wireless-controller reset-wtp ............................................................................. 1037

wireless-controller restart-acd........................................................................... 1038

wireless-controller restart-wtpd......................................................................... 1039

wireless-controller upload-wtp-image............................................................... 1040

get ................................................................................................................ 1041endpoint-control app-detect ............................................................................. 1042

extender modem-status .................................................................................... 1044

extender sys-info ............................................................................................... 1046

firewall dnstranslation ........................................................................................ 1047

firewall iprope appctrl ........................................................................................ 1048

firewall iprope list ............................................................................................... 1049

firewall proute, proute6...................................................................................... 1050

firewall service custom ...................................................................................... 1051

firewall shaper.................................................................................................... 1052

grep.................................................................................................................... 1053

gui console status.............................................................................................. 1054

hardware cpu..................................................................................................... 1055

hardware memory.............................................................................................. 1057

hardware nic ...................................................................................................... 1058

hardware npu..................................................................................................... 1059

hardware status ................................................................................................. 1062



ips decoder status ............................................................................................. 1063

ips rule status..................................................................................................... 1064

ips session ......................................................................................................... 1065

ipsec tunnel........................................................................................................ 1066

ips view-map ..................................................................................................... 1067

mgmt-data status .............................................................................................. 1068

netscan settings................................................................................................. 1069

pbx branch-office .............................................................................................. 1070

pbx dialplan ....................................................................................................... 1071

pbx did............................................................................................................... 1072

pbx extension .................................................................................................... 1073

pbx ftgd-voice-pkg ............................................................................................ 1074

pbx global .......................................................................................................... 1075

pbx ringgrp ........................................................................................................ 1076

pbx sip-trunk...................................................................................................... 1077

pbx voice-menu ................................................................................................. 1078

router info bfd neighbor ..................................................................................... 1079

router info bgp ................................................................................................... 1080

router info isis .................................................................................................... 1083

router info kernel................................................................................................ 1084

router info multicast ........................................................................................... 1085

router info ospf .................................................................................................. 1087

router info protocols .......................................................................................... 1089

router info rip ..................................................................................................... 1090

router info routing-table .................................................................................... 1091

router info vrrp ................................................................................................... 1092

router info6 bgp ................................................................................................. 1093

router info6 interface.......................................................................................... 1094

router info6 kernel.............................................................................................. 1095

router info6 ospf ................................................................................................ 1096

router info6 protocols ........................................................................................ 1097

router info6 rip ................................................................................................... 1098

router info6 routing-table ................................................................................... 1099

system admin list ............................................................................................... 1100

system admin status.......................................................................................... 1101

system arp ......................................................................................................... 1102

system auto-update........................................................................................... 1103

system central-management ............................................................................. 1104

system checksum.............................................................................................. 1105

system cmdb status .......................................................................................... 1106



system fortianalyzer-connectivity ...................................................................... 1107

system fortiguard-log-service status ................................................................. 1108

system fortiguard-service status ....................................................................... 1109

system ha-nonsync-csum ................................................................................. 1110

system ha status................................................................................................ 1111

system info admin ssh ....................................................................................... 1114

system info admin status................................................................................... 1115

system interface physical .................................................................................. 1116

system mgmt-csum........................................................................................... 1117

system performance firewall.............................................................................. 1118

system performance status ............................................................................... 1119

system performance top.................................................................................... 1120

system session list............................................................................................. 1121

system session status ....................................................................................... 1122

system session-helper-info list .......................................................................... 1123

system session-info ........................................................................................... 1124

system source-ip ............................................................................................... 1125

system startup-error-log.................................................................................... 1126

system status..................................................................................................... 1127

test ..................................................................................................................... 1128

user adgrp.......................................................................................................... 1130

vpn ike gateway ................................................................................................. 1131

vpn ipsec tunnel details ..................................................................................... 1132

vpn ipsec tunnel name....................................................................................... 1133

vpn ipsec stats crypto ....................................................................................... 1134

vpn ipsec stats tunnel........................................................................................ 1135

vpn ssl monitor .................................................................................................. 1136

vpn status l2tp ................................................................................................... 1137

vpn status pptp.................................................................................................. 1138

vpn status ssl ..................................................................................................... 1139

webfilter ftgd-statistics ...................................................................................... 1140

webfilter status .................................................................................................. 1142

wireless-controller client-info............................................................................. 1143

wireless-controller rf-analysis ............................................................................ 1144

wireless-controller scan..................................................................................... 1145

wireless-controller status................................................................................... 1146

wireless-controller vap-status ........................................................................... 1147

wireless-controller wlchanlistlic ......................................................................... 1148

wireless-controller wtp-status ........................................................................... 1151

tree............................................................................................................... 1153



Introduction

This document describes FortiOS™ 5.2 CLI commands used to configure and manage a FortiGate unit from the command line interface (CLI).

How this guide is organized

Most of the chapters in this document describe the commands for each configuration branch of the FortiOS™ CLI. The command branches and commands are in alphabetical order.

This document also contains the following sections:

Managing Firmware with the FortiGate BIOS describes how to change firmware at the console during FortiGate unit boot-up.

What’s new describes changes to the 5.2 CLI.

config chapters describe the config commands.

execute describes execute commands.

get describes get commands.

tree describes the tree command.

Availability of commands and options

Some FortiOS™ CLI commands and options are not available on all FortiGate units. The CLI displays an error message if you attempt to enter a command or option that is not available. You can use the question mark ‘?’ to verify the commands and options that are available.

Commands and options may not be available for the following reasons:

• FortiGate model. All commands are not available on all FortiGate models. For example, low end FortiGate models do not support the aggregate interface type option of the config system interface command.

• Hardware configuration. For example, some AMC module commands are only available when an AMC module is installed.

• FortiOS Carrier, FortiGate Voice, FortiWiFi etc. Commands for extended functionality are not available on all FortiGate models. The CLI Reference includes commands only available for FortiWiFi units, FortiOS Carrier, and FortiGate Voice units

Page 19

Managing Firmware with the FortiGate BIOS

FortiGate units are shipped with firmware installed. Usually firmware upgrades are performed through the web-based manager or by using the CLI execute restore command. From the console, you can also interrupt the FortiGate unit’s boot-up process to load firmware using the BIOS firmware that is a permanent part of the unit.

Using the BIOS, you can:

• view system information

• format the boot device

• load firmware and reboot (see “Loading firmware” on page 21)

• reboot the FortiGate unit from the backup firmware, which then becomes the default firmware (see “Booting the backup firmware” on page 22)

Accessing the BIOS

The BIOS menu is available only through direct connection to the FortiGate unit’s Console port. During boot-up, “Press any key” appears briefly. If you press any keyboard key at this time, boot-up is suspended and the BIOS menu appears. If you are too late, the boot-up process continues as usual.

Navigating the menu

The main BIOS menu looks like this:

[C]: Configure TFTP parameters

[R]: Review TFTP paramters

[T]: Initiate TFTP firmware transfer

[F]: Format boot device

[Q]: Quit menu and continue to boot

[I]: System Information

[B]: Boot with backup firmare and set as default

[Q]: Quit menu and continue to boot

[H]: Display this list of options

Enter C,R,T,F,I,B,Q,or H:

Typing the bracketed letter selects the option. Input is case-sensitive. Most options present a submenu. An option value in square brackets at the end of the “Enter” line is the default value which you can enter simply by pressing Return. For example,

Enter image download port number [WAN1]:

In most menus, typing H re-lists the menu options and typing Q returns to the previous menu.

Page 20

Loading firmware

The BIOS can download firmware from a TFTP server that is reachable from a FortiGate unit network interface. You need to know the IP address of the server and the name of the firmware file to download.

The downloaded firmware can be saved as either the default or backup firmware. It is also possible to boot the downloaded firmware without saving it.

Configuring TFTP parameters

Starting from the main BIOS menu

[C]: Configure TFTP parameters.

Selecting the VLAN (if VLANs are used)

[V]: Set local VLAN ID.

Choose port and whether to use DHCP

[P]: Set firmware download port.

The options listed depend on the FortiGate model. Choose the network interface through