In this resourceful page, you will find an in-depth exploration of the Command Line Interface (CLI) commands for Fortinet’s FORTIGATE network security appliances. Whether you are a network administrator, security professional, or someone seeking to bolster their understanding of FORTIGATE’s CLI capabilities, this page is your go-to source for essential command insights.
Fortinet
command list ! Furthermore, care must be taken at the time to use Shell commands!Use commands to navigate through the CLI hierarchy, similar to navigating through directories in a file system. Common commands include:
config
: Enter configuration mode.edit
: Enter a specific configuration section.show
: Display configuration or status information.get
: Get specific configuration settings.set/unset
: Set a field / Reset a field to the default value.next
: Save current entry (edit X) and return to table.prev
: Move to the previous configuration section.end
: Exit configuration mode.tree
: Display the command tree for the current config section.abort
: Exit commands without saving the fields (ctrl+C).delete
: Remove a table from the current object.Use commands to configure various settings on the Fortigate device. For example:
config system interface
: Configure network interfaces.config firewall policy
: Set up firewall policies.config system admin
: Manage administrator accounts.config vpn ipsec phase1-interface
: Configure IPsec VPN settings.config system global
: Configure global settings.Use commands to monitor the device’s status and performance. For example:
get system status
: Display system status.get system performance status
: Show performance statistics.get router info routing-table
: View the routing table.diagnose hardware sysinfo
: Get hardware information.exec shutdown/reboot
: Shutdown the device/reboot.execute ping(-options)
: Ping something (can add options).execute ssh <user>@<ip>
: SSH to another server.get sys arp (| grep x.x)
: Show the arp table (filtered by x.x).show | grep -f something
: Find where “something” is used (cases-sensitive, can use -i to be case insensitive).After making changes, use the end
command followed by execute backup config <filename>
to save the configuration to a file.
Type exit
or press Ctrl + D
to exit the CLI and return to the regular prompt.
Always log out of the CLI using the exit
command or by closing the terminal window.
show/get system interface
Show interfaces status. Use get to retrieve dynamic information
(such as PPPoE IP)1 config sys interface
2 edit <port>
3 set ip x.x.x.x/y
4 set allow ssh ping https
5 end
diag hard dev nic <port>
Show interfaces statistics
diag netlink device list
Show interfaces statistics (errors)
get hardware nic <inerface name>
Hardware info of the interface: MAC address, state (up/down), duplex (full, half), Rx/Tx packets, drops.
diagnose hardware deviceinfo nic <nic name>
Same as above.
get sys interface
transceiver List all SFP/SFP+ transceivers installed with info on: vendor name, serial number, temperature, voltage consumed, and, most important - Transmit (TX) and Receive (RX) signal power in dBm.
get hardware npu np6 port-list
Show on which interfaces the NPU offloading is enabled.
diagnose npu np6lite port-list
Same as above but for NP6-lite.
fnsysctl ifconfig <interface name>
Gives the same info as Linux ifconfig. The only way to see the actual MTU of the interface.
fnsysctl cat /proc/net/dev
Similar to netstat shows errors on the interfaces, drops, packets sent/received.
diagnose ip address list
Show IP addresses configured on all the Fortigate interfaces.
diagnose sys gre list
Show configured GRE tunnles and their state.
diag debug application pppoed -1
dia debug application pppoe -1
dia debug applicaiton ppp -1
Enable all ADSL/PPPoE-related debug.
execute interface pppoe-reconnect
Force ADSL re-connection.
diagnose sys waninfo
Show WAN interface info: public IP address of the WAN interface, guessed geo location of this IP, and whetehr this IP address is in FortiGuard black list.