FortiOS CLI Reference for FortiOS 5.2
FortiOS CLI Reference for FortiOS 5.2
August 13, 2015
01-522-99686-20150514
Copyright 2015 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
Technical Documentation docs.fortinet.com
Knowledge Base kb.fortinet.com
Customer Service & Support support.fortinet.com
Training Services training.fortinet.com
FortiGuard fortiguard.com
Document Feedback [email protected]
http://docs.fortinet.comhttp://kb.fortinet.comhttps://support.fortinet.comhttp://training.fortinet.comhttp://www.fortiguard.com/mailto:[email protected]?Subject=Technical%20Documentation%20Feedback
ContentsIntroduction..................................................................................................... 20
How this guide is organized............................................................................. 20Availability of commands and options ............................................................. 20
Managing Firmware with the FortiGate BIOS.............................................. 21Accessing the BIOS............................................................................................... 21
Navigating the menu ........................................................................................ 21
Loading firmware ................................................................................................... 22Configuring TFTP parameters.......................................................................... 22Initiating TFTP firmware transfer ...................................................................... 23
Booting the backup firmware ................................................................................ 23
Whats new...................................................................................................... 24
alertemail......................................................................................................... 38setting .................................................................................................................... 39
antivirus........................................................................................................... 43heuristic ................................................................................................................. 44
mms-checksum ..................................................................................................... 45
notification ............................................................................................................. 46
profile ..................................................................................................................... 47config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp |
smtps | nntp}.................................................................................................. 48config nac-quar................................................................................................ 49
quarantine .............................................................................................................. 50
settings .................................................................................................................. 53
application....................................................................................................... 54custom ................................................................................................................... 55
list........................................................................................................................... 56
name ...................................................................................................................... 59
dlp .................................................................................................................... 60filepattern ............................................................................................................... 61
fp-doc-source ........................................................................................................ 63
fp-sensitivity........................................................................................................... 65
sensor .................................................................................................................... 66
settings .................................................................................................................. 68
endpoint-control............................................................................................. 69forticlient-registration-sync.................................................................................... 70
profile ..................................................................................................................... 71
settings .................................................................................................................. 76
Fortinet Technologies Inc. Page 3 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
extender-controller ........................................................................................ 77extender ................................................................................................................. 78
firewall ............................................................................................................. 80address, address6 ................................................................................................. 81
addrgrp, addrgrp6 ................................................................................................. 84
auth-portal ............................................................................................................. 85
carrier-endpoint-bwl .............................................................................................. 86
carrier-endpoint-ip-filter......................................................................................... 88
central-nat.............................................................................................................. 89
dnstranslation ........................................................................................................ 90
DoS-policy, DoS-policy6 ....................................................................................... 91
explicit-proxy-policy .............................................................................................. 93
gtp........................................................................................................................ 100
identity-based-route ............................................................................................ 116
interface-policy .................................................................................................... 117
interface-policy6 .................................................................................................. 119
ipmacbinding setting ........................................................................................... 121
ipmacbinding table .............................................................................................. 122
ippool, ippool6 ..................................................................................................... 123
ip-translation ........................................................................................................ 125
ipv6-eh-filter......................................................................................................... 126
ldb-monitor .......................................................................................................... 127
local-in-policy, local-in-policy6............................................................................ 129
mms-profile.......................................................................................................... 130config dupe {mm1 | mm4}.............................................................................. 137config flood {mm1 | mm4}.............................................................................. 139config log ....................................................................................................... 140config notification {alert-dupe-1 | alert-flood-1 | mm1 | mm3 | mm4 | mm7}. 140config notif-msisdn ........................................................................................ 144
multicast-address ................................................................................................ 145
multicast-policy.................................................................................................... 147
policy, policy6 ...................................................................................................... 149
policy46, policy64 ................................................................................................ 162
profile-group ........................................................................................................ 165
profile-protocol-options....................................................................................... 167config http...................................................................................................... 169config ftp ........................................................................................................ 171config dns ...................................................................................................... 172config imap .................................................................................................... 173config mapi .................................................................................................... 174config pop3.................................................................................................... 174config smtp .................................................................................................... 175
Fortinet Technologies Inc. Page 4 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
config nntp ..................................................................................................... 177config mail-signature ..................................................................................... 178
schedule onetime................................................................................................. 179
schedule recurring ............................................................................................... 180
schedule group .................................................................................................... 181
service category................................................................................................... 182
service custom..................................................................................................... 183
service group ....................................................................................................... 187
shaper per-ip-shaper ........................................................................................... 188
shaper traffic-shaper............................................................................................ 190
sniffer ................................................................................................................... 191
ssl setting............................................................................................................. 194
ssl-ssh-profile ...................................................................................................... 195config {ftps | https | imaps | pop3s | smtps}................................................... 196config ssh....................................................................................................... 197config ssl ........................................................................................................ 197config ssl-exempt .......................................................................................... 198config ssl-server............................................................................................. 198
ttl-policy ............................................................................................................... 200
vip ........................................................................................................................ 201
vip46 .................................................................................................................... 221
vip6 ...................................................................................................................... 223
vip64 .................................................................................................................... 225
vipgrp ................................................................................................................... 227
vipgrp46............................................................................................................... 228
vipgrp64............................................................................................................... 229
ftp-proxy........................................................................................................ 230explicit.................................................................................................................. 231
gui .................................................................................................................. 232console ................................................................................................................ 233
icap ................................................................................................................ 234profile ................................................................................................................... 235
server ................................................................................................................... 236
ips................................................................................................................... 237custom ................................................................................................................. 238
decoder................................................................................................................ 240
global ................................................................................................................... 241
rule ....................................................................................................................... 243
sensor .................................................................................................................. 244
setting .................................................................................................................. 249
Fortinet Technologies Inc. Page 5 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
log .................................................................................................................. 250custom-field ......................................................................................................... 251
disk filter............................................................................................................... 252
disk setting........................................................................................................... 254
eventfilter ............................................................................................................. 258
fortianalyzer filter.................................................................................................. 259
{fortianalyzer | syslogd} override-filter ................................................................. 261
fortianalyzer override-setting ............................................................................... 262
fortianalyzer setting.............................................................................................. 263
fortiguard filter...................................................................................................... 266
fortiguard setting.................................................................................................. 268
gui-display ........................................................................................................... 269
memory filter ........................................................................................................ 270
memory setting .................................................................................................... 272
memory global-setting......................................................................................... 273
setting .................................................................................................................. 274
syslogd filter......................................................................................................... 276
syslogd override-setting ...................................................................................... 278
{syslogd | syslogd2 | syslogd3} setting................................................................ 280
threat-weight........................................................................................................ 282
webtrends filter .................................................................................................... 284
webtrends setting ................................................................................................ 286
netscan.......................................................................................................... 287assets................................................................................................................... 288
settings ................................................................................................................ 290
pbx ................................................................................................................. 292dialplan................................................................................................................. 293
did ........................................................................................................................ 295
extension.............................................................................................................. 296
global ................................................................................................................... 298
ringgrp.................................................................................................................. 300
voice-menu .......................................................................................................... 301
sip-trunk............................................................................................................... 302
report ............................................................................................................. 304chart ..................................................................................................................... 305
dataset ................................................................................................................. 310
layout ................................................................................................................... 311
setting .................................................................................................................. 316
style...................................................................................................................... 317
summary .............................................................................................................. 321
Fortinet Technologies Inc. Page 6 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
theme ................................................................................................................... 322
router ............................................................................................................. 325access-list, access-list6....................................................................................... 326
aspath-list ............................................................................................................ 328
auth-path ............................................................................................................. 329
bfd........................................................................................................................ 330
bgp....................................................................................................................... 331config router bgp ........................................................................................... 335config admin-distance ................................................................................... 339config aggregate-address, config aggregate-address6 ................................ 339config neighbor .............................................................................................. 340config network, config network6 ................................................................... 349config redistribute, config redistribute6 ......................................................... 350
community-list ..................................................................................................... 352
isis........................................................................................................................ 354config isis-interface........................................................................................ 358config isis-net................................................................................................. 359config redistribute {bgp | connected | ospf | rip | static} ................................ 359config summary-address ............................................................................... 360
key-chain ............................................................................................................. 361
multicast .............................................................................................................. 363Sparse mode.................................................................................................. 363Dense mode................................................................................................... 364config router multicast ................................................................................... 367config interface .............................................................................................. 368config pim-sm-global..................................................................................... 371
multicast6 ............................................................................................................ 376
multicast-flow ...................................................................................................... 377
ospf ...................................................................................................................... 378config router ospf........................................................................................... 381config area ..................................................................................................... 383config distribute-list ....................................................................................... 388config neighbor .............................................................................................. 389config network ............................................................................................... 390config ospf-interface...................................................................................... 391config redistribute .......................................................................................... 394config summary-address ............................................................................... 395
ospf6 .................................................................................................................... 396
policy, policy6 ...................................................................................................... 402
prefix-list, prefix-list6 ........................................................................................... 406
rip ......................................................................................................................... 408config router rip.............................................................................................. 409config distance............................................................................................... 411
Fortinet Technologies Inc. Page 7 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
config distribute-list ....................................................................................... 411config interface .............................................................................................. 412config neighbor .............................................................................................. 414config network ............................................................................................... 415config offset-list ............................................................................................. 415config redistribute .......................................................................................... 416
ripng..................................................................................................................... 417config distance............................................................................................... 419
route-map ............................................................................................................ 423Using route maps with BGP .......................................................................... 425
setting .................................................................................................................. 430
static .................................................................................................................... 431
static6 .................................................................................................................. 433
spamfilter ...................................................................................................... 434bwl ....................................................................................................................... 435
bword................................................................................................................... 438
dnsbl .................................................................................................................... 440
fortishield ............................................................................................................. 442
iptrust................................................................................................................... 444
mheader............................................................................................................... 445
options ................................................................................................................. 447
profile ................................................................................................................... 448config {imap | imaps | mapi | pop3 | pop3s | smtp | smtps} ........................... 450config {gmail | msn-hotmail | yahoo-mail}...................................................... 451
switch-controller .......................................................................................... 452managed-switch .................................................................................................. 453
vlan....................................................................................................................... 454
system ........................................................................................................... 4553g-modem custom .............................................................................................. 457
accprofile ............................................................................................................. 458
admin ................................................................................................................... 461
amc ...................................................................................................................... 470
arp-table .............................................................................................................. 471
auto-install ........................................................................................................... 472
autoupdate push-update ..................................................................................... 473
autoupdate schedule ........................................................................................... 474
autoupdate tunneling ........................................................................................... 475
aux ....................................................................................................................... 476
bypass ................................................................................................................. 477
central-management............................................................................................ 478
console ................................................................................................................ 480
Fortinet Technologies Inc. Page 8 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
custom-language................................................................................................. 481
ddns ..................................................................................................................... 482
dedicated-mgmt .................................................................................................. 484
dhcp reserved-address........................................................................................ 485
dhcp server .......................................................................................................... 486
dhcp6 server ........................................................................................................ 491
dns ....................................................................................................................... 493
dns-database....................................................................................................... 494
dns-server............................................................................................................ 497
dscp-based-priority ............................................................................................. 498
elbc ...................................................................................................................... 499
email-server ......................................................................................................... 500
fips-cc .................................................................................................................. 501
fortiguard ............................................................................................................. 502
fortisandbox......................................................................................................... 506
geoip-override...................................................................................................... 507
gi-gk..................................................................................................................... 508
global ................................................................................................................... 509
gre-tunnel............................................................................................................. 530
ha ......................................................................................................................... 531
interface ............................................................................................................... 543
ipip-tunnel ............................................................................................................ 570
ips-urlfilter-dns..................................................................................................... 571
ipv6-neighbor-cache............................................................................................ 572
ipv6-tunnel ........................................................................................................... 573
link-monitor.......................................................................................................... 574
lte-modem............................................................................................................ 576
mac-address-table .............................................................................................. 577
modem................................................................................................................. 578
monitors ............................................................................................................... 583
nat64 .................................................................................................................... 585
netflow ................................................................................................................. 586
network-visibility .................................................................................................. 587
np6....................................................................................................................... 588
npu....................................................................................................................... 592
ntp........................................................................................................................ 593
object-tag............................................................................................................. 594
password-policy .................................................................................................. 595
physical-switch .................................................................................................... 596
port-pair ............................................................................................................... 597
Fortinet Technologies Inc. Page 9 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
probe-response ................................................................................................... 598
proxy-arp ............................................................................................................. 599
pstn ...................................................................................................................... 600
replacemsg admin ............................................................................................... 602
replacemsg alertmail............................................................................................ 603
replacemsg auth .................................................................................................. 605
replacemsg device-detection-portal.................................................................... 609
replacemsg ec ..................................................................................................... 610
replacemsg fortiguard-wf .................................................................................... 612
replacemsg ftp ..................................................................................................... 614
replacemsg http................................................................................................... 616
replacemsg im ..................................................................................................... 619
replacemsg mail................................................................................................... 621
replacemsg mm1 ................................................................................................. 624
replacemsg mm3 ................................................................................................. 627
replacemsg mm4 ................................................................................................. 629
replacemsg mm7 ................................................................................................. 631
replacemsg-group ............................................................................................... 634
replacemsg-group ............................................................................................... 636
replacemsg-image ............................................................................................... 639
replacemsg nac-quar........................................................................................... 640
replacemsg nntp .................................................................................................. 642
replacemsg spam ................................................................................................ 644
replacemsg sslvpn ............................................................................................... 647
replacemsg traffic-quota ..................................................................................... 648
replacemsg utm ................................................................................................... 649
replacemsg webproxy ......................................................................................... 651
resource-limits ..................................................................................................... 652
session-helper ..................................................................................................... 654
session-sync ........................................................................................................ 656
session-ttl ............................................................................................................ 659
settings ................................................................................................................ 661
sit-tunnel .............................................................................................................. 668
sflow..................................................................................................................... 669
sms-server ........................................................................................................... 670
snmp community ................................................................................................. 671
snmp sysinfo........................................................................................................ 675
snmp user ............................................................................................................ 677
sp ......................................................................................................................... 680
storage................................................................................................................. 682
Fortinet Technologies Inc. Page 10 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
stp ........................................................................................................................ 683
switch-interface ................................................................................................... 684
tos-based-priority ................................................................................................ 686
vdom-dns............................................................................................................. 687
vdom-link ............................................................................................................. 688
vdom-property ..................................................................................................... 689
vdom-radius-server ............................................................................................. 692
vdom-sflow .......................................................................................................... 693
virtual-switch........................................................................................................ 694
virtual-wan-link .................................................................................................... 695
wccp .................................................................................................................... 698
zone ..................................................................................................................... 701
user ................................................................................................................ 702Configuring users for authentication.................................................................... 703
Configuring users for password authentication............................................. 703Configuring peers for certificate authentication............................................. 703
ban ....................................................................................................................... 704
device................................................................................................................... 707
device-access-list ................................................................................................ 708
device-category ................................................................................................... 709
device-group........................................................................................................ 710
fortitoken.............................................................................................................. 711
fsso ...................................................................................................................... 712
fsso-polling .......................................................................................................... 714
group.................................................................................................................... 716
ldap ...................................................................................................................... 720
local...................................................................................................................... 723
password-policy .................................................................................................. 725
peer...................................................................................................................... 726
peergrp ................................................................................................................ 728
pop3..................................................................................................................... 729
radius ................................................................................................................... 730
security-exempt-list ............................................................................................. 735
setting .................................................................................................................. 736
tacacs+ ................................................................................................................ 738
voip ................................................................................................................ 739profile ................................................................................................................... 740
config sip........................................................................................................ 742config sccp .................................................................................................... 751
Fortinet Technologies Inc. Page 11 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
vpn ................................................................................................................. 752certificate ca ........................................................................................................ 753
certificate crl ........................................................................................................ 754
certificate local..................................................................................................... 756
certificate ocsp-server ......................................................................................... 758
certificate remote ................................................................................................. 759
certificate setting ................................................................................................. 760
ipsec concentrator ............................................................................................... 761
ipsec forticlient..................................................................................................... 762
ipsec manualkey .................................................................................................. 763
ipsec manualkey-interface................................................................................... 766
ipsec phase1........................................................................................................ 769
ipsec phase1-interface ........................................................................................ 779
ipsec phase2........................................................................................................ 794
ipsec phase2-interface ........................................................................................ 801
l2tp ....................................................................................................................... 810
pptp...................................................................................................................... 812
ssl settings ........................................................................................................... 814
ssl web host-check-software............................................................................... 820
ssl web portal....................................................................................................... 822
ssl web realm....................................................................................................... 830
ssl web user-bookmark ....................................................................................... 831
ssl web virtual-desktop-app-list .......................................................................... 834
wanopt........................................................................................................... 835auth-group ........................................................................................................... 836
peer...................................................................................................................... 837
profile ................................................................................................................... 838
settings ................................................................................................................ 842
ssl-server ............................................................................................................. 843
storage................................................................................................................. 846
webcache............................................................................................................. 847
webfilter......................................................................................................... 850content................................................................................................................. 851
content-header .................................................................................................... 853
fortiguard ............................................................................................................. 854
ftgd-local-cat ....................................................................................................... 856
ftgd-local-rating ................................................................................................... 857
ftgd-warning......................................................................................................... 858
ips-urlfilter-cache-setting..................................................................................... 860
ips-urlfilter-setting................................................................................................ 861
Fortinet Technologies Inc. Page 12 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
override ................................................................................................................ 862
override-user........................................................................................................ 863
profile ................................................................................................................... 865config ftgd-wf................................................................................................. 869config override ............................................................................................... 871config quota ................................................................................................... 871config web ..................................................................................................... 872
search-engine ...................................................................................................... 873
urlfilter .................................................................................................................. 874
web-proxy ..................................................................................................... 876explicit.................................................................................................................. 877
forward-server ..................................................................................................... 881
forward-server-group........................................................................................... 882
global ................................................................................................................... 883
profile ................................................................................................................... 885
url-match.............................................................................................................. 886
wireless-controller ....................................................................................... 887ap-status.............................................................................................................. 888
global ................................................................................................................... 889
setting .................................................................................................................. 890
timers ................................................................................................................... 891
vap ....................................................................................................................... 892
wids-profile .......................................................................................................... 897
wtp ....................................................................................................................... 900
wtp-profile............................................................................................................ 904
execute .......................................................................................................... 911backup ................................................................................................................. 913
batch.................................................................................................................... 917
bypass-mode....................................................................................................... 918
carrier-license ...................................................................................................... 919
central-mgmt ....................................................................................................... 920
cfg reload............................................................................................................. 921
cfg save................................................................................................................ 922
clear system arp table.......................................................................................... 923
cli check-template-status .................................................................................... 924
cli status-msg-only .............................................................................................. 925
client-reputation................................................................................................... 926
date ...................................................................................................................... 927
disk ...................................................................................................................... 928
disk raid ............................................................................................................... 929
Fortinet Technologies Inc. Page 13 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
disk scan.............................................................................................................. 930
dhcp lease-clear .................................................................................................. 931
dhcp lease-list...................................................................................................... 932
disconnect-admin-session .................................................................................. 933
enter..................................................................................................................... 934
erase-disk ............................................................................................................ 935
factoryreset .......................................................................................................... 936
factoryreset2 ........................................................................................................ 937
formatlogdisk ....................................................................................................... 938
forticarrier-license ................................................................................................ 939
forticlient .............................................................................................................. 940
FortiClient-NAC.................................................................................................... 941
fortiguard-log ....................................................................................................... 942
fortitoken.............................................................................................................. 943
fortitoken-mobile.................................................................................................. 944
fsso refresh .......................................................................................................... 945
ha disconnect ...................................................................................................... 946
ha ignore-hardware-revision................................................................................ 947
ha manage ........................................................................................................... 948
ha synchronize..................................................................................................... 949
interface dhcpclient-renew .................................................................................. 950
interface pppoe-reconnect .................................................................................. 951
log backup ........................................................................................................... 952
log client-reputation-report.................................................................................. 953
log convert-oldlogs .............................................................................................. 954
log delete-all ........................................................................................................ 955
log delete-oldlogs ................................................................................................ 956
log detail .............................................................................................................. 957
log display............................................................................................................ 958
log downgrade-log............................................................................................... 959
log filter ................................................................................................................ 960
log fortianalyzer test-connectivity........................................................................ 961
log list................................................................................................................... 962
log rebuild-sqldb.................................................................................................. 963
log recreate-sqldb................................................................................................ 964
log-report reset .................................................................................................... 965
log restore............................................................................................................ 966
log roll .................................................................................................................. 967
log shift-time ........................................................................................................ 968
log upload-progress ............................................................................................ 969
Fortinet Technologies Inc. Page 14 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
modem dial .......................................................................................................... 970
modem hangup.................................................................................................... 971
modem trigger ..................................................................................................... 972
mrouter clear........................................................................................................ 973
netscan ................................................................................................................ 974
pbx....................................................................................................................... 975
ping ...................................................................................................................... 977
ping-options, ping6-options ................................................................................ 978
ping6 .................................................................................................................... 980
policy-packet-capture delete-all.......................................................................... 981
reboot................................................................................................................... 982
report ................................................................................................................... 983
report-config reset ............................................................................................... 984
restore.................................................................................................................. 985
revision................................................................................................................. 989
router clear bfd session ....................................................................................... 990
router clear bgp ................................................................................................... 991
router clear ospf process..................................................................................... 992
router restart ........................................................................................................ 993
send-fds-statistics ............................................................................................... 994
sensor .................................................................................................................. 995
set system session filter....................................................................................... 996
set-next-reboot .................................................................................................... 998
sfp-mode-sgmii.................................................................................................... 999
shutdown ........................................................................................................... 1000
ssh ..................................................................................................................... 1001
sync-session ...................................................................................................... 1002
system custom-language import ....................................................................... 1003
system fortisandbox test-connectivity............................................................... 1004
tac report ........................................................................................................... 1005
telnet .................................................................................................................. 1006
time .................................................................................................................... 1007
traceroute........................................................................................................... 1008
tracert6............................................................................................................... 1009
update-av........................................................................................................... 1010
update-geo-ip .................................................................................................... 1011
update-ips.......................................................................................................... 1012
update-list .......................................................................................................... 1013
update-now........................................................................................................ 1014
update-src-vis.................................................................................................... 1015
Fortinet Technologies Inc. Page 15 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
upd-vd-license................................................................................................... 1016
upload ................................................................................................................ 1017
usb-device ......................................................................................................... 1018
usb-disk ............................................................................................................. 1019
vpn certificate ca ............................................................................................... 1020
vpn certificate crl ............................................................................................... 1021
vpn certificate local export ................................................................................ 1022
vpn certificate local generate............................................................................. 1023
vpn certificate local import ................................................................................ 1025
vpn certificate remote ........................................................................................ 1026
vpn ipsec tunnel down....................................................................................... 1027
vpn ipsec tunnel up............................................................................................ 1028
vpn sslvpn del-all ............................................................................................... 1029
vpn sslvpn del-tunnel......................................................................................... 1030
vpn sslvpn del-web............................................................................................ 1031
vpn sslvpn list .................................................................................................... 1032
webfilter quota-reset.......................................................................................... 1033
wireless-controller delete-wtp-image ................................................................ 1034
wireless-controller list-wtp-image ..................................................................... 1035
wireless-controller reset-wtp ............................................................................. 1036
wireless-controller restart-acd........................................................................... 1037
wireless-controller restart-wtpd......................................................................... 1038
wireless-controller upload-wtp-image............................................................... 1039
get ................................................................................................................ 1040endpoint-control app-detect ............................................................................. 1041
extender modem-status .................................................................................... 1043
extender sys-info ............................................................................................... 1045
firewall dnstranslation ........................................................................................ 1046
firewall iprope appctrl ........................................................................................ 1047
firewall iprope list ............................................................................................... 1048
firewall proute, proute6...................................................................................... 1049
firewall service custom ...................................................................................... 1050
firewall shaper.................................................................................................... 1051
grep.................................................................................................................... 1052
gui console status.............................................................................................. 1053
gui topology status ............................................................................................ 1054
hardware cpu..................................................................................................... 1055
hardware memory.............................................................................................. 1057
hardware nic ...................................................................................................... 1058
hardware npu..................................................................................................... 1059
Fortinet Technologies Inc. Page 16 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
hardware status ................................................................................................. 1062
ips decoder status ............................................................................................. 1063
ips rule status..................................................................................................... 1064
ips session ......................................................................................................... 1065
ipsec tunnel........................................................................................................ 1066
ips view-map...................................................................................................... 1067
mgmt-data status .............................................................................................. 1068
netscan settings................................................................................................. 1069
pbx branch-office .............................................................................................. 1070
pbx dialplan ....................................................................................................... 1071
pbx did............................................................................................................... 1072
pbx extension .................................................................................................... 1073
pbx ftgd-voice-pkg ............................................................................................ 1074
pbx global .......................................................................................................... 1075
pbx ringgrp ........................................................................................................ 1076
pbx sip-trunk...................................................................................................... 1077
pbx voice-menu ................................................................................................. 1078
router info bfd neighbor ..................................................................................... 1079
router info bgp ................................................................................................... 1080
router info isis .................................................................................................... 1083
router info kernel ................................................................................................ 1084
router info multicast ........................................................................................... 1085
router info ospf................................................................................................... 1087
router info protocols .......................................................................................... 1089
router info rip ..................................................................................................... 1090
router info routing-table .................................................................................... 1091
router info vrrp ................................................................................................... 1092
router info6 bgp ................................................................................................. 1093
router info6 interface.......................................................................................... 1094
router info6 kernel .............................................................................................. 1095
router info6 ospf................................................................................................. 1096
router info6 protocols ........................................................................................ 1097
router info6 rip ................................................................................................... 1098
router info6 routing-table ................................................................................... 1099
system admin list ............................................................................................... 1100
system admin status.......................................................................................... 1101
system arp ......................................................................................................... 1102
system auto-update........................................................................................... 1103
system central-management ............................................................................. 1104
system checksum.............................................................................................. 1105
Fortinet Technologies Inc. Page 17 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
system cmdb status .......................................................................................... 1106
system fortianalyzer-connectivity ...................................................................... 1107
system fortiguard-log-service status ................................................................. 1108
system fortiguard-service status ....................................................................... 1109
system ha-nonsync-csum ................................................................................. 1110
system ha status................................................................................................ 1111
system info admin ssh ....................................................................................... 1114
system info admin status................................................................................... 1115
system interface physical .................................................................................. 1116
system mgmt-csum........................................................................................... 1117
system performance firewall .............................................................................. 1118
system performance status ............................................................................... 1119
system performance top.................................................................................... 1120
system session list............................................................................................. 1121
system session status........................................................................................ 1122
system session-helper-info list .......................................................................... 1123
system session-info ........................................................................................... 1124
system source-ip ............................................................................................... 1125
system startup-error-log.................................................................................... 1126
system status..................................................................................................... 1127
test ..................................................................................................................... 1128
user adgrp.......................................................................................................... 1130
vpn ike gateway ................................................................................................. 1131
vpn ipsec tunnel details ..................................................................................... 1132
vpn ipsec tunnel name....................................................................................... 1133
vpn ipsec stats crypto ....................................................................................... 1134
vpn ipsec stats tunnel ........................................................................................ 1135
vpn ssl monitor .................................................................................................. 1136
vpn status l2tp ................................................................................................... 1137
vpn status pptp.................................................................................................. 1138
vpn status ssl ..................................................................................................... 1139
webfilter ftgd-statistics ...................................................................................... 1140
webfilter status................................................................................................... 1142
wireless-controller client-info............................................................................. 1143
wireless-controller rf-analysis ............................................................................ 1144
wireless-controller scan..................................................................................... 1145
wireless-controller status................................................................................... 1146
wireless-controller vap-status ........................................................................... 1147
wireless-controller wlchanlistlic ......................................................................... 1148
wireless-controller wtp-status ........................................................................... 1151
Fortinet Technologies Inc. Page 18 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
tree............................................................................................................... 1153
Fortinet Technologies Inc. Page 19 FortiOS - CLI Reference for FortiOS 5.2
http://www.fortinet.com/
Introduction
This document describes FortiOS 5.2 CLI commands used to configure and manage a FortiGate unit from the command line interface (CLI).
How this guide is organized
Most of the chapters in this document describe the commands for each configuration branch of the FortiOS CLI. The command branches and commands are in alphabetical order.
This document also contains the following sections:
Managing Firmware with the FortiGate BIOS describes how to change firmware at the console during FortiGate unit boot-up.
Whats new describes changes to the 5.2 CLI.
config chapters describe the config commands.
execute describes execute commands.
get describes get commands.
tree describes the tree command.
Availability of commands and options
Some FortiOS CLI commands and options are not available on all FortiGate units. The CLI displays an error message if you attempt to enter a command or option that is not available. You can use the question mark ? to verify the commands and options that are available.
Commands and options may not be available for the following reasons:
FortiGate model. All commands are not available on all FortiGate models. For example, low end FortiGate models do not support the aggregate interface type option of the config system interface command.
Hardware configuration. For example, some AMC module commands are only available when an AMC module is installed.
FortiOS Carrier, FortiGate Voice, FortiWiFi etc. Commands for extended functionality are not available on all FortiGate models. The CLI Reference includes commands only available for FortiWiFi units, FortiOS Carrier, and FortiGate Voice units
Page 20
Managing Firmware with the FortiGate BIOS
FortiGate units are shipped with firmware installed. Usually firmware upgrades are performed through the web-based manager or by using the CLI execute restore command. From the console, you can also interrupt the FortiGate units boot-up process to load firmware using the BIOS firmware that is a permanent part of the unit.
Using the BIOS, you can:
view system information
format the boot device
load firmware and reboot (see Loading firmware on page 22)
reboot the FortiGate unit from the backup firmware, which then becomes the default firmware (see Booting the backup firmware on page 23)
Accessing the BIOS
The BIOS menu is available only through direct connection to the FortiGate units Console port. During boot-up, Press any key appears briefly. If you press any keyboard key at this time, boot-up is suspended and the BIOS menu appears. If you are too late, the boot-up process continues as usual.
Navigating the menu
The main BIOS menu looks like this:
[C]: Configure TFTP parameters[R]: Review TFTP paramters[T]: Initiate TFTP firmware transfer[F]: Format boot device[Q]: Quit menu and continue to boot[I]: System Information[B]: Boot with backup firmare and set as default[Q]: Quit menu and continue to boot[H]: Display this list of options
Enter C,R,T,F,I,B,Q,or H:
Typing the bracketed letter selects the option. Input is case-sensitive. Most options present a submenu. An option value in square brackets at the end of the Enter line is the default value which you can enter simply by pressing Return. For example,
Enter image download port number [WAN1]:
In most menus, typing H re-lists the menu options and typing Q returns to the previous menu.
Page 21
Loading firmware
The BIOS can download firmware from a TFTP server that is reachable from a FortiGate unit network interface. You need to know the IP address of the server and the name of the firmware file to download.
The downloaded firmware can be saved as either the default or backup firmware. It is also possible to boot the downloaded firmware without saving it.
Configuring TFTP parameters
Starting from the main BIOS menu
[C]: Configure TFTP parameters.
Selecting the VLAN (if VLANs are used)
[V]: Set local VLAN ID.
Choose port and whether to use DHCP
[P]: Set firmware download port.
The options listed depend on the FortiGate model. Choose the network interface through which the TFTP server can be reached. For example:
[0]: Any of port 1 - 7[1]: W